Privacy and Cookies

Privacy and cookies

This page explains how OATS Ltd uses cookies, and how we use and protect any information that you give to us when you use this website. We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy statement.

OATS Ltd complies with our obligations under the General Data Protection Regulation 2018 (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We may change this policy from time to time by updating this page, so please check it occasionally to ensure that you’re happy with any changes. This policy is effective from 21st May 2018.

Why is data processing necessary?

We need to store customer personal data to enable us to run our business effectively and meet our contractual obligations to customers who place orders with us. Storing customer names, addresses, email addresses, telephone numbers and payment details including bank details; ensures that we can meet our contractual obligations to process customer orders for print and online subscription products, take payment and ensure delivery of the product(s) to you. Where you have ordered a subscription product, we will also need to communicate with you to determine whether you wish to renew that subscription. We may also need to communicate with you about your product order for a variety of possible reasons such as delays, cancellations or low stock as well as responding or investigating any queries or complaints that you may have, so we have a legitimate business for processing your personal data to allow us to do this.We also need to store personal data to comply with legal and regulatory compliance activities such as accounting and audit procedures.

Where you as an individual have expressly consented to receive marketing information and newsletters from us, we will never share your information with third parties with the exception of our own business suppliers that we may use for the operation of our IT systems such as e-commerce marketing software for managing email marketing.

We may use the information to improve our products and services.We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided. From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail and we may use the information to customise the website according to your interests.You will be able to withdraw your consent to receiving this information at any time.

We are the sole owners of personal information collected on our websites. We only have access to information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

Meaning of Legitimate Interest, Performance of a Contract, Compliance with Legal & Regulatory obligations and Consent.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to. Consent is where you as an individual have expressly consented to receive information from us.

What information we collect from our websites

This may arise from you filling in order forms or marketing information on our websites,,,, or by entering competitions, completing marketing research surveys, sending information via post or corresponding with our employees by phone, email, electronically, in person or otherwise.  It is likely to include your name, address, email, telephone number, delivery address, billing address, credit card or bank details for orders. It may also include your birthday and subject topics of interest for marketing purposes.

With regard to each of your visit to our websites, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

A cookie is a small amount of data sent from our server and stored on your browser or your computer’s hard drive if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use cookies and other such devices to compile anonymous, aggregated statistics that allow us to understand how users use our sites and to help us improve the structure of our sites (we cannot identify you personally in this way). We use cookies and other such devices to allow us to understand who has seen which pages on our sites, to determine how frequently particular pages are visited, to determine the most popular areas of our sites and generally in order to monitor usage of our sites. This helps us to provide you with a good experience when you browse our sites and also allows us to improve it.

Some of the cookies we use are essential for parts of our sites to operate and are already set. These are strictly necessary for the services that we offer and without them the website cannot operate as intended. You can find more information about the individual cookies we use and the purposes for which we use them in the link at the end of this document.


We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We are the sole owners of personal information collected on our websites. We only have access to information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing or by clicking the unsubscribe link which appears at the base of our email newsletters and flyers.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting, but only if you tell us that you wish this to happen.

Your personal data will be stored for as long as is required for the purposes for which we process it. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

In the event of customer orders, even if you ask us to delete our records, we may still need to retain some information such as copies of sales invoices for the statutory time limits to meet our regulatory and compliance requirements.

Your Rights

Under the General Data Protection Regulation 2018, you have a number of rights with regard to your personal data.

Right of Subject Access

You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided below.

We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved, at which point, we shall have a total of 3 months to comply with this request.

In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.

Right of Rectification

In the event that your data is incorrect; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided below. We shall not charge a fee for your data to be rectified.

Right of Objection

You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided below.

Right of Erasure

You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law. If you have grounds to request that we delete your data (and you wish to do so) please contact the Data Protection Officer at the address provided below, however please bear in mind that erasure may not be possible If your data is needed to comply with statutory requirements. We shall not charge a fee for your data to be deleted from our databases.

If you have any queries with regards to the data or the processing of your data, please contact the Data Protection Officer at our registered address:

Group Company Secretary, Sparkford, Yeovil, Somerset, BA22 7JJ or email

Additional information about cookies

Most internet browsers are automatically set up to accept cookies, but you can set your browser to refuse a cookie or ask your browser to show you where a cookie has been set up. Certain services are only activated by the presence of a cookie and, if you choose to refuse cookies, particular features or parts of our sites may not be available to you. For further information about cookies, including how to refuse cookies, please visit the Interactive Advertising Bureau UK’s website,

Cookies used by our website is powered by WordPress, the well-known content management system that runs over 60 million other websites worldwide. The WordPress system and several of its plug-ins use cookies in order to enable our website to function properly.

We use Google Analytics to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. The cookies set by Google Analytics are:

• _utma Contains a random number. Expires after 2 years.
• _utmb Contains a random number and expires after 30 minutes.
• _utmc Contains a random number. Expires at the end of your session.
• _utmz Contains a random number details of the referring website. Expires after 6 months.

To opt out of being tracked by Google Analytics across all websites visit