Atrum Global Limited - Privacy Policy

Atrum Global Limited (collectively "we", “us” or “our”) are committed to protecting and respecting your privacy and to keeping personal data secure. This policy sets out who we are, the basis on which we collect and process personal data, your rights under data protection law, and how to contact us if you need to. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purposes of the UK General Data Protection Regulation (“GDPR”) and complementary UK legislation, we are the data controller for any personal information gathered by this website or by other sources.  Our registered company number is 10634780, our FCA firm reference number is 805715 and our registered address is 17 Hill Street, London, England, W1J 5LJ.

How we collect and use information

We may collect and process data about you for the following reasons:

Visitors to the website – if you visit the Atrum website, we (and the third party that runs the website on our behalf) may collect information relating to your visit including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access. We do not make any attempt to find out the identities of those visiting our website. 

Persons making enquiries about Atrum – if you contact us with an enquiry, we will keep a record of that correspondence and the limited personal contact details that you provide, should we need to respond to your enquiry now, or in the future. Details of the correspondence will be retained in accordance with company law and the record keeping requirements of other regulations that Atrum or, if relevant its FCA-authorised manager, is subject to.

Visitors to our buildings – in order to protect the security of our buildings, staff, tenants and visitors, it is in our legitimate interest to record security footage within our buildings and in the direct surroundings of our buildings.  CCTV security footage is deleted after 30 days and is only shared with third parties if a lawful request is made by a legitimate body, for example by the Metropolitan Police.

Attendees of events – we collect information from individuals who join us on events. This data is typically limited to identification/passport number (only if travelling to a location which requires this information in advance) and date of birth. This data is collected on the basis of our legitimate interests to allow for the attendance of events. We may also collect health information related to physical limitations (for activity planning) and food intolerances or allergens.

People we do business with/have contractual relationships with – we hold personal data in respect of persons with whom we have business relationships, or potential business relationships. This data is typically limited to basic personal information such as name, email address, telephone number, as well as details related to the nature of the business relationship – however, depending on our relationship with you we may also collect and process your health data. Information is processed in accordance with any contractual agreement in place or in the legitimate interests of our business activities.  Where we deem it necessary for legal reasons or to protect our legitimate interests, we may conduct due diligence on organisations or individuals with whom we enter into business arrangements, including on individuals within organisations. Information is retained depending on the nature of the activity, for example, in accordance with any regulatory or legal obligations that we are subject to, or in the legitimate interests of our ongoing business activities.  In accordance with regulatory requirements, the telephone lines of our staff that are authorised to place investment trades with our broker counterparties are recorded and kept for seven years.

Third party contact details – if you are a contact of an individual that we do business with, we may process your information. Information we process includes name, email address, telephone number, and birthdays. We receive this information about you from the individuals we do business with when we provide services to them. This data is processed on the basis of our legitimate interests for running our business, including setting up appointments with you and our business partner or deleting any duplicate details in their address books.

Our staff – we hold personal data in respect of our employees, directors, contractors and other persons who work with us from time-to-time. We have a separate staff privacy policy in place.  If a person wishing to work with us sends us their details, for example through a recruitment process, we will do our best to gain their consent to hold onto their details for future roles with us, or we will aim to delete the records once the recruitment process has concluded, unless we need to keep it for compliance purposes.

For a full breakdown of information we collect and the applicable lawful basis for processing, please see the table at the end of this policy.

Lawful basis for processing

Under the GDPR there must be a lawful basis for processing your personal data.  As outlined above, we will only do so for the purpose of running our business, fulfilling contractual obligations, fulfilling our obligations to shareholders or to provide information to shareholders, providing information to potential business partners or other interested parties making reasonable enquiries.  In terms of the GDPR, we will be processing either on the lawful basis of fulfilling a contractual obligation, or the lawful basis of being in our, or your, legitimate interests.  Finally, we may process on the lawful basis of fulfilling a legal obligation if this is applicable. We set out the lawful basis for each purpose we use your personal data at the end of this privacy policy.

For any personal data processed due to the lawful basis of consent, you have the right to withdraw that consent at any time by contacting us through the details provided in the 'Contact Us' section below. You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section below.

Our promotional updates and communications

Where permitted in our legitimate interests or with your prior consent where required by law, we may contact you about our business and services. If you have previously joined us on events we may periodically also contact you in relation to other events which may be of interest to you. If you don't want to hear from us, please contact info@atrumgroup.com and we can remove you from our email list.

Who we do share information with

We will only share your personal data with other third parties where it is necessary for the purposes outlined above and in accordance with the relevant lawful basis for processing.  Examples of the third parties that may process personal data on our behalf are: our professional advisers, our auditors, the companies that help us administer this website, and the companies we use to allow us to do business with you.  Third parties that process data on our behalf are also subject to the requirements of the GDPR and owe us a contractual obligation to only use your personal data for the applicable purpose and to keep your data secure.

We may also disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of Atrum, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Finally, in the event that we sell or buy any business or assets, we may disclose personal data to the prospective seller or buyer of such business or assets.  If we are acquired by a third party, personal data will be one of the transferred assets.

How information is kept secure

We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.  Where personal data is held electronically, we store information on our secure servers and employ security procedures and features to try to prevent unauthorised access.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data in our possession, we cannot guarantee the security of data when being transmitted - any transmission of your personal data to us at our site or via email or other transmission method is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or the content of such sites.

How long we keep your information

We retain personal data for as long as we have a relationship with you (or where you are a third party contact of one of our business partners, as long we have a relationship with them) in order to meet our contractual obligations to you or our legitimate interests and for six years after that to identify any issues and resolve any legal proceedings.

Transfers of data outside of the UK

Personal data that we collect from you may be transferred to or stored at a destination outside the UK or processed by staff operating outside the UK who work for us or for one of our suppliers. We may do this:

• In order to store it.
• In order to enable us to provide goods or services to and fulfil our contract with you or the company your work for. This includes order fulfilment, processing of payment details, and the provision of support services.
• Where we are legally required to do so.
• In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Data transfers outside the UK will only be carried out if suitable safeguards are in place, including:

• if the organisation or country has data protection measures that have been deemed equivalent to those in the UK; and
• where adequate safeguards in place to ensure equivalent treatment of your personal data.

We may transfer your personal information to our service providers (HubSpot and Microsoft) in Europe, as transfers can take place between UK and Europe on the basis of the UK's adequacy regulations. By submitting your personal data, you agree to this transfer, storing or processing for the purpose indicated, provided one of the conditions above is met.

Your individual rights

The GDPR gives you rights in respect of your personal data under certain circumstances, including:

• to be provided with a copy of your personal data held by us;
• to request the rectification or erasure of your personal data held by us;
• to request that we restrict the processing of your personal data (while we verify or investigate any concerns around the information contained in this policy, for example);

to object to the further processing of your personal data, including the right to object to marketing;

• the right to withdraw your consent (where we are relying on your consent to process your personal data); and
• to request that your provided personal data be moved to a third party.

You can exercise your rights at any time by getting in touch through our 'Contact Us' details below.

The Information Commissioner's Office (ICO) is the UK's supervisory body and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints you have around our processing of personal data.

Changes to our privacy policy

We may revise our privacy policy in the future by amending this page. This policy was last updated on 25th August 2023.

Contact Us

If you need to contact us about this policy, or any of your individual rights, our full details are:

Atrum Global Limited, 17 Hill Street, London W1J 5LJ, info@atrumgroup.com

Purpose and lawful basis for processing of personal data

This table sets out:

• What personal data we process
• What we use that data for
• The lawful basis for the processing

It forms part of, and should be read alongside, our privacy policy.