Atrum | Privacy Policy

Atrum Global Limited - Privacy Policy

Atrum Global Limited (collectively "we", “us” or “our”) are committed to protecting and respecting your privacy and to keeping personal data secure. This policy sets out who we are, the basis on which we collect and process personal data, your rights under data protection law, and how to contact us if you need to. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purposes of the UK General Data Protection Regulation (“GDPR”) and complementary UK legislation, we are the data controller for any personal information gathered by this website or by other sources. Our registered company number is 10634780, our FCA firm reference number is 805715 and our registered address is 17 Hill Street, London, England, W1J 5LJ.

How we collect and use information

We may collect and process data about you for the following reasons:

Visitors to the website – if you visit the Atrum website, we (and the third party that runs the website on our behalf) may collect information relating to your visit including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access. We do not make any attempt to find out the identities of those visiting our website.

Persons making enquiries about Atrum – if you contact us with an enquiry, we will keep a record of that correspondence and the limited personal contact details that you provide, should we need to respond to your enquiry now, or in the future. Details of the correspondence will be retained in accordance with company law and the record keeping requirements of other regulations that Atrum or, if relevant its FCA-authorised manager, is subject to.

Visitors to our buildings – in order to protect the security of our buildings, staff, tenants and visitors, it is in our legitimate interest to record security footage within our buildings and in the direct surroundings of our buildings. CCTV security footage is deleted after 30 days and is only shared with third parties if a lawful request is made by a legitimate body, for example by the Metropolitan Police.

Attendees of events – we collect information from individuals who join us on events. This data is typically limited to identification/passport number (only if travelling to a location which requires this information in advance) and date of birth. This data is collected on the basis of our legitimate interests to allow for the attendance of events. We may also collect health information related to physical limitations (for activity planning) and food intolerances or allergens.

People we do business with/have contractual relationships with – we hold personal data in respect of persons with whom we have business relationships, or potential business relationships. This data is typically limited to basic personal information such as name, email address, telephone number, as well as details related to the nature of the business relationship – however, depending on our relationship with you we may also collect and process your health data. Information is processed in accordance with any contractual agreement in place or in the legitimate interests of our business activities. Where we deem it necessary for legal reasons or to protect our legitimate interests, we may conduct due diligence on organisations or individuals with whom we enter into business arrangements, including on individuals within organisations. Information is retained depending on the nature of the activity, for example, in accordance with any regulatory or legal obligations that we are subject to, or in the legitimate interests of our ongoing business activities. In accordance with regulatory requirements, the telephone lines of our staff that are authorised to place investment trades with our broker counterparties are recorded and kept for seven years.

Third party contact details – if you are a contact of an individual that we do business with, we may process your information. Information we process includes name, email address, telephone number, and birthdays. We receive this information about you from the individuals we do business with when we provide services to them. This data is processed on the basis of our legitimate interests for running our business, including setting up appointments with you and our business partner or deleting any duplicate details in their address books.

Our staff – we hold personal data in respect of our employees, directors, contractors and other persons who work with us from time-to-time. We have a separate staff privacy policy in place. If a person wishing to work with us sends us their details, for example through a recruitment process, we will do our best to gain their consent to hold onto their details for future roles with us, or we will aim to delete the records once the recruitment process has concluded, unless we need to keep it for compliance purposes.

For a full breakdown of information we collect and the applicable lawful basis for processing, please see the table at the end of this policy.

Lawful basis for processing

Under the GDPR there must be a lawful basis for processing your personal data. As outlined above, we will only do so for the purpose of running our business, fulfilling contractual obligations, fulfilling our obligations to shareholders or to provide information to shareholders, providing information to potential business partners or other interested parties making reasonable enquiries. In terms of the GDPR, we will be processing either on the lawful basis of fulfilling a contractual obligation, or the lawful basis of being in our, or your, legitimate interests. Finally, we may process on the lawful basis of fulfilling a legal obligation if this is applicable. We set out the lawful basis for each purpose we use your personal data at the end of this privacy policy.

For any personal data processed due to the lawful basis of consent, you have the right to withdraw that consent at any time by contacting us through the details provided in the 'Contact Us' section below. You can also change your marketing preferences at any time as described in 'Our promotional updates and communications' section below.

Our promotional updates and communications

Where permitted in our legitimate interests or with your prior consent where required by law, we may contact you about our business and services. If you have previously joined us on events we may periodically also contact you in relation to other events which may be of interest to you. If you don't want to hear from us, please contact info@atrumgroup.com and we can remove you from our email list.

Who we do share information with

We will only share your personal data with other third parties where it is necessary for the purposes outlined above and in accordance with the relevant lawful basis for processing. Examples of the third parties that may process personal data on our behalf are: our professional advisers, our auditors, the companies that help us administer this website, and the companies we use to allow us to do business with you. Third parties that process data on our behalf are also subject to the requirements of the GDPR and owe us a contractual obligation to only use your personal data for the applicable purpose and to keep your data secure.

We may also disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of Atrum, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Finally, in the event that we sell or buy any business or assets, we may disclose personal data to the prospective seller or buyer of such business or assets. If we are acquired by a third party, personal data will be one of the transferred assets.

How information is kept secure

We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where personal data is held electronically, we store information on our secure servers and employ security procedures and features to try to prevent unauthorised access.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data in our possession, we cannot guarantee the security of data when being transmitted - any transmission of your personal data to us at our site or via email or other transmission method is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or the content of such sites.

How long we keep your information

We retain personal data for as long as we have a relationship with you (or where you are a third party contact of one of our business partners, as long we have a relationship with them) in order to meet our contractual obligations to you or our legitimate interests and for six years after that to identify any issues and resolve any legal proceedings.

Transfers of data outside of the UK

Personal data that we collect from you may be transferred to or stored at a destination outside the UK or processed by staff operating outside the UK who work for us or for one of our suppliers. We may do this:

In order to store it.
In order to enable us to provide goods or services to and fulfil our contract with you or the company your work for. This includes order fulfilment, processing of payment details, and the provision of support services.
Where we are legally required to do so.
In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

Data transfers outside the UK will only be carried out if suitable safeguards are in place, including:

if the organisation or country has data protection measures that have been deemed equivalent to those in the UK; and
where adequate safeguards in place to ensure equivalent treatment of your personal data.

We may transfer your personal information to our service providers (HubSpot and Microsoft) in Europe, as transfers can take place between UK and Europe on the basis of the UK's adequacy regulations. By submitting your personal data, you agree to this transfer, storing or processing for the purpose indicated, provided one of the conditions above is met.

Your individual rights

The GDPR gives you rights in respect of your personal data under certain circumstances, including:

to be provided with a copy of your personal data held by us;
to request the rectification or erasure of your personal data held by us;
to request that we restrict the processing of your personal data (while we verify or investigate any concerns around the information contained in this policy, for example); to object to the further processing of your personal data, including the right to object to marketing;
the right to withdraw your consent (where we are relying on your consent to process your personal data); and
to request that your provided personal data be moved to a third party.
You can exercise your rights at any time by getting in touch through our 'Contact Us' details below.

The Information Commissioner's Office (ICO) is the UK's supervisory body and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints you have around our processing of personal data.

Our use of cookies and other similar technologies
Our website uses cookies to collect and store certain information. These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that computer or device to interact with websites and online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content.

Our website uses cookies and similar technologies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.

Most web browsers automatically accept cookies and similar technologies, but if you prefer, you can change your browser to prevent that and your help screen or manual will tell you how to do this. However, you may not be able to take full advantage of our website if you do so.

A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser. Others are used to remember you when you return to the site and will last for longer.

We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use.

We use the following types of cookies:

- Strictly necessary cookies. These are cookies that are required for the operation of our website and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us for our legitimate interests of improving the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your region).

Further details regarding the specific cookies we use are as follows:

• Custom Cookies: we use a custom functionality cookie to identify repeat visits and prevent introductory animations from appearing too often. This cookie lasts for 10 days.
• Hubspot Cookies: we use Hubspot cookies for several purposes including identifying repeat visits, remembering whether you have already accepted or declined cookies previously, and remembering log-ins to any password protected pages (if in use). We also use Hubspot analytics cookies to track the identities of website visitors, track visitor sessions, and track new sessions. In terms of duration, Hubspot cookies can last from between the end of a session to up to two years depending on the cookie. You can learn more information about Hubspot cookies, including their purpose and duration, here.

Disabling cookies
The effect of disabling cookies depends on which cookies you disable but, in general, the website may not operate properly if all cookies are switched off.

The ability to disable cookies will be readily available in your browser or device settings. If you would like to know how, search your browser's help menu or search the internet for 'how to block cookies'. You will also be able to delete any cookies stored on your device, whenever you wish.

Where you have not set your permissions, we may also separately prompt you regarding our use of cookies on the Site.

Changes to our privacy policy

We may revise our privacy policy in the future by amending this page. This policy was last updated on 25th August 2023.

Contact Us

If you need to contact us about this policy, or any of your individual rights, our full details are:

Atrum Global Limited, 17 Hill Street, London W1J 5LJ, info@atrumgroup.com

Purpose and lawful basis for processing of personal data

This table sets out:

What personal data we process
What we use that data for
The lawful basis for the processing

It forms part of, and should be read alongside, our privacy policy.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
Collecting information when you visit our website	(a) Technical (b) Usage (c) Marketing and communications	(a) Necessary for our legitimate interests (to keep our website updated, secure and relevant, to develop our business and to inform our marketing strategy)
Keeping records if you contact us with an enquiry	(a) Identity (b) Contact	(a) Necessary for our legitimate interests (to allow us to respond to your enquiry now or in the future) (b) Necessary to comply with a legal obligation
Building security	(a) Image	(a) Necessary for our legitimate interests (security of buildings, staff, and visitors)
To facilitate events	(a) Identity (b) Contact (c) Profile (d) Health (d) Marketing and communications	(a) Necessary for our legitimate interests (facilitating events, gathering required information for travel) (b) Vital interests (health/allergy needs of attendees) (c) Consent
To perform services and manage our relationship with you	(a) Identity (b) Contact (c) Profile (d) Health (if required)	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to perform our business activities for you) (c) Necessary to comply with a legal obligation (d) Consent
Contacting you or arranging appointments on behalf of one of our business partners	(a) Identity (b) Contact (c) Profile	(b) Necessary for our legitimate interests (to arrange appointments or manage the address books of one of our business partners)
Staff management	(a) Identity (b) Contact (c) Profile (d) Health	(a) Performance of our employment contract with you (b) Necessary for our legitimate interests (keeping details if you apply to a role within our business as part of the recruitment process) (c) Necessary to comply with a legal obligation (d) Consent