ATOM Ltd may change this policy from time to time by updating this page. You should review this page regularly to ensure you are happy with any changes. This policy is valid from 21stMay 2018.
From the 25thof May 2018 a new UK privacy law is being introduced; GDPR (General Data Protection Regulation). It protects users from unauthorised data collection by requiring explicit consent. Individuals providing information/data need to be aware how it is being used and give their permission before any action is taken. GDPR also stipulates that users may request access to their data and have it removed if they wish.
GDPR – The basics
We hold your Personal Data (identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, queries)under secure conditions using the following software which is or will be by 25 May 2018, GDPR compliant:
• Xero (Beautiful accounting software)
• WorkflowMax (a Xero product)
• Sage 50 payroll
We are using the grounds of Legitimate Interest to maintain contact with our existing pre-May 25th2018 CRM (Customer relationship management) database. All new clients will be asked to positively opt-in after this date.
As required, we will inform contacts of a data breach within a 72-hour window of becoming aware of the occurrence of a data breach.
Right to Access
ATOM Ltd will provide confirmation as to whether or not personal data concerning you is being processed by us, where the data is being stored and for what purpose. Furthermore, we shall provide a copy of the personal data, usually free of charge, in writing.
Right to be forgotten
The right to be forgotten entitles you to obtain from the controller the erasure of any personal data without undue delay and to stop any further distribution of the data.
Once we delete all your records, we will not be able to monitor your name should you then reappear via a request for a quote or other information.
GDPR introduces data portability; the right for a data subject to receive the personal data concerning them, which has previously been provided in a ‘commonly used and machine-readable format’, and to have the right to transmit that data to another company or organisation. It’s really about ‘transferring’ data between suppliers, e.g. allowing a customer to switch bank or insurance provider easily, without having to set everything up from scratch. Although we are not involved in this type of information sharing, we will only pass your information on for delivery purposes.
Marketing Platforms & Activities
Our marketing platforms and activities are compliant with GDPR going forward.
ATOM uses Mailchimp for almost all of our client email marketing communications.
Our Mailchimp signup forms collect the email address, IP address and timestamp. They are set to require ‘double opt in’ which emails the user to confirm they would indeed like to join the mailing list. When data is collected via a MailChimp sign up form, the relevant permission, data is then stored within our Mailchimp list and is compliant with the new record keeping regulations. At the point of information collection, we will make it clear to users how and where we will be storing your information and how we will be using it.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing us at: firstname.lastname@example.org