Effective date: 20 June 2025 (last revised: 20 June 2025)
This Privacy Policy explains how Oxprep Pte. Ltd. ("Oxprep", "we", "our", "us") collects, uses, discloses and protects your personal data when you visit www.oxprep.com and/or join our wait‑list mailing list. It is designed to satisfy the most stringent data‑protection regimes that apply to us, including:
By providing personal data to Oxprep you agree to the practices described below.
Sheerwan O'Shea‑Nejad — privacy@oxprep.com | +65 8846 2250
| Region | Representative | Address | |
|---|---|---|---|
| EU/EEA | DataRep | The Cube, Monahan Road, Cork, T12 H1XY, Ireland | digitalrequest@datarep.com |
| UK | DataRep | 107–111 Fleet Street, London, EC4A 2AB, UK | digitalrequest@datarep.com |
| CH | DataRep | Leutschenbachstrasse 95, Zurich, 8050, Switzerland | digitalrequest@datarep.com |
ICO Registration (UK): ZB905167 (valid until 28 May 2026)
| Channel | Data item | Source |
|---|---|---|
| Wait‑list form (Step 1) | Email address; optional name | Direct from you |
| Optional profile form (Step 2) | Role, school name, country/region, intended subject | Direct from you (optional) |
| Marketing emails | Open/click metrics (tracking pixel), IP address, user‑agent | Generated automatically |
| Website server logs | IP address, browser headers, request URL | Collected automatically |
| HubSpot cookies (forms, chat, analytics) | IP address, pages visited, form submissions, session info, browser, device type | Collected automatically |
| Google Analytics (GA4) | Page views, session duration, referral URL, IP address (anonymised), browser, OS, device type | Collected automatically |
| Geolocation service | IP address (country-level geolocation only, local CSV file) | Collected automatically |
We do not knowingly collect special‑category data (GDPR Art 9).
| Purpose | PDPA basis | EU/UK legal basis |
|---|---|---|
| Send product news, study resources, early‑access invitations | Express consent | Consent — GDPR Art 6 (1)(a) (double opt‑in) |
| Tailor content using optional profile details | Express consent | Consent — Art 6 (1)(a) |
| Measure email engagement & remove inactive addresses | Express consent | Consent — Art 6 (1)(a) |
| Operate and secure the website (logs, cookies) | Deemed consent for security | Legitimate interests — Art 6 (1)(f) |
| Geolocate country for form/banner regionalisation | Deemed consent | Legitimate interests — Art 6 (1)(f) |
| Improve website experience and performance (Google Analytics) | Express consent (via cookie banner) | Consent — Art 6 (1)(a) |
| Optimise forms, chat, and marketing (HubSpot cookies) | Express consent (via cookie banner) | Consent — Art 6 (1)(a) |
| Fulfil legal obligations | Statutory exception | Legal obligation — Art 6 (1)(c) |
We never sell personal data. Transfers are limited to:
| Recipient | Function | Location | Safeguard |
|---|---|---|---|
| HubSpot Inc. | Email list management, form/chat analytics, cookie tracking | USA | 2021 SCCs & PIPL SCC annex |
| Google LLC | Google Sheets analytics | USA | 2021 SCCs & PIPL SCC annex |
| Google LLC (Analytics) | Website traffic measurement | USA | 2021 SCCs & IP anonymisation |
| Replit Inc. (Google Cloud) | Website hosting & logs | USA | 2021 SCCs & PIPL SCC annex |
| Regulators/courts | Legal requirement only | – | – |
All personal data is stored in Singapore and the United States. Transfers outside the EU/UK are protected by the EU & UK Standard Contractual Clauses 2021/914 plus encryption, MFA and role‑based access. Transfers from other jurisdictions use equivalent contractual safeguards or explicit consent (see §13).
| Data set | Retention rule |
|---|---|
| Mailing‑list records (incl. engagement logs) | Delete 24 months after last open/click or immediately on unsubscribe |
| Optional profile details | Same as linked email record |
| Server logs | Raw logs 30 days → anonymised stats 12 months |
| Consent records | 6 years to defend legal claims |
We use Google Analytics (GA4) and HubSpot cookies to understand how visitors interact with our website and to enhance features like form tracking and live chat. These may collect information such as IP address, session data, form submission status, browser details and device type.
In line with EU/UK cookie law, these are non‑essential cookies and are only set with your consent via our cookie banner. You may withdraw consent at any time using our Cookie Settings.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
_ga | Tracks unique users (Google) | 2 years | Analytics |
_gid | Tracks user sessions (Google) | 24 hours | Analytics |
_gat | Throttles requests (Google) | 1 minute | Analytics |
hubspotutk | Tracks form submissions and sessions | 6 months | Marketing |
__hssc | Tracks session count (HubSpot) | 30 minutes | Analytics |
__hssrc | Session restart detection (HubSpot) | Session | Analytics |
__hstc | Main visitor tracking cookie (HubSpot) | 6 months | Analytics |
| Region | Rights |
|---|---|
| Singapore (PDPA) | Access, Correction, Withdrawal of consent, Complaint to PDPC |
| EU/UK GDPR | Access, Rectification, Erasure, Restriction, Portability, Objection, Complaint to a supervisory authority |
Email privacy@oxprep.com to exercise any right. EU, UK or Swiss residents may also contact our representative, DataRep, listed in Section 12. We respond within 30 days (1 month under GDPR).
You may unsubscribe via the link in any marketing email.
Our website is not directed to children under 13. If we discover we have collected data from a child without parental consent, we will delete it promptly.
We may update this Policy periodically. Material changes will be flagged on the website or by email; the "Effective date" will always reflect the latest version.
If you have any questions or concerns about your personal data, or if you would like to exercise your rights under applicable privacy laws, you may contact:
Oxprep Pte. Ltd.
20 Collyer Quay, #11‑05, Singapore 049319
E‑mail: privacy@oxprep.com
If you are based in the EU/EEA, UK or Switzerland, you may also contact our GDPR representative, DataRep, who acts on our behalf regarding data protection matters in those regions:
These addresses are for exercising data rights only. For general enquiries, please use privacy@oxprep.com.
Egypt (Law 151/2020) — You have rights of access, correction and deletion. Cross‑border transfer occurs with your explicit consent.
Indonesia (PDP Law 27/2022) — Indonesian residents may access, correct, delete or withdraw consent at any time by contacting privacy@oxprep.com.
Japan (APPI) — Your data is stored in Singapore and the United States under contractual safeguards. You may access, correct or delete your data at any time.
Mainland‑China (PIPL) — By submitting the form you give explicit consent to transfer your data to Singapore and the United States. You may request access, copy, correction or deletion via privacy@oxprep.com. Our person in charge of personal‑information protection is Sheerwan O'Shea‑Nejad.
Philippines (Data‑Privacy Act 2012) — You have rights of access, correction, blocking/erasure and portability. Data is stored in Singapore/USA under contractual safeguards.
South Korea (PIPA) — Your data is stored in Singapore/USA under contractual safeguards. You may access, correct or delete it at any time.
Thailand (PDPA) — You have rights of access, rectification, erasure, portability and objection. Contact privacy@oxprep.com.
United Arab Emirates (Federal PDPL) — You may access, correct, erase or port your data and withdraw consent at any time.
Vietnam (PDP Decree 13/2023) — We maintain a transfer‑impact assessment for Vietnamese data and can provide a summary on request.
Other jurisdictions — You have comparable rights of access, correction, deletion and portability under your local law. Oxprep does not sell or share your information for advertising. Contact privacy@oxprep.com to exercise any right.
© 2025 OxPrep. All rights reserved.Privacy Policy