ATLAS PARTNERS PRIVACY POLICY

 

Last updated: 10 May 2018

 

When we founded Atlas Partners in 2016, we set out our values in order to articulate the kind of company and culture we wanted to create. Openness, empathy and honesty are three of those values, which also shape our attitude to data protection and privacy.

We don’t like unsolicited cold calls. We are creeped out by Instagram adverts appearing in our feeds for something we just talked about. We don’t like that feeling when you get an email out of the blue, from a company you’ve never heard of before. When it comes to your data, we will ‘do as we would like to be done by’.

We believe in transparency and in protecting your data and your privacy. You have legal rights in relation to your personal information that we are strongly committed to upholding. We support and observe the requirements of General Data Protection Regulation (GDPR) and the UK Information Commissioner, with whom we are registered.

This notice sets out what information and data we collect, what we do with it (a.k.a. “data processing”) and what you can do if you want to speak to us about your data (i.e. “your rights” and options).

In particular, it covers:

  • Some important definitions
  • What data we collect
  • How we process and store information, and
  • Your data rights
 

ATLAS PARTNERS IS A DATA CONTROLLER: BUT WHO ARE WE?

Office address:

Atlas Partners Ltd

22 Long Acre

London

WC2E 9LY

Our Data Protection Officer is Edmund Gavaghan

Our Director with responsibility for GDPR is Charles Napier

 

Phone: 020 3745 3320

Email: DataPrivacy@Atlas-Partners.co.uk


SOME IMPORTANT DEFINITIONS

This section explains some of the common legal terms in relation to data privacy and how they relate to Atlas Partners.

This policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We want to be clear and help everyone understand these terms, whether you are a client, freelance friend, supplier or interested reader of our blogs. So, we’ll just have to start with some technical terminology. Brace yourselves and we’ll try to get through it together....

Personal data: Any information relating to an identified or identifiable natural person (aka “data subject”). This means data that could identify you, directly or indirectly, in particular by reference to your name, an identification number, location information, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person. For example, your email, phone number or IP address.

Data subject: Any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. For example, you!

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: Marking stored personal data with the aim of limiting its processing (any of the above) in the future.

Controller or controller responsible for the processing: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For example, us!

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In our case, processors we work with include, Andrew Cross & Co (our accountants), Facebook, LinkedIN, Twitter, Instagram and Mailchimp (for marketing purposes) and Gorkana, Meltwater and DeHavilland (who provide media and political monitoring and database services).

Recipient: Someone we may share personal data with, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU and UK law are not be regarded as recipients. We do share information about our clients with the Official Register of Consultant Lobbyists, but they are not considered a recipient for this reason. From time to time Atlas Partners will share information about journalists and MPs with our clients (recipients) where those data subjects have demonstrated legitimate interest or given explicit consent.

Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

INFORMATION WE COLLECT

This section tells you what kind of information we collect from our website readers, newsletter subscribers, employees and wider stakeholders.

On our website we collect and processes two basic types of information:

  • Personally identifiable information: This is information that personally identifies one individual from another or enables you to be individually contacted (for example, names, e-mail addresses and other contact information entered in the fields provided). This information is voluntarily provided to us by site visitors and is used by us for the purpose of responding to user submissions and fulfilling requests for further information about our services.
  • Aggregate user and tracking information: This information gives us insights on how site visitors use our site. This data is anonymous and does not contain any personally identifiable information. We use this information to ensure that our website, e-mails and marketing efforts continue to appeal to our website visitors and our clients.

You can view our website without giving us any personal data, but if you are interested in hearing more from us about our services, we may ask for your email address. We will not collect or share your data with others without your consent, apart from joint processors and third parties who may help us follow up on a request you have made, all of which is set out in more detail below.

We understand that the safety of your personal information is extremely important to you. As a “data controller”, Atlas Partners has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. As such, please feel free to transfer personal data to us via alternative means, e.g. by telephone (020 3745 3320).

 

Information you voluntarily provide to Atlas Partners

Atlas Partners only collects personally identifiable information that you voluntarily provide, for example, when you sign up for our newsletter or vote on the Moment that Mattered gallery. Examples of such personally identifiable information that you provide to us may include, among other information, your name, physical address and email address.  Under such circumstances you consent to our use/processing of the information you provide consistent with this policy.

 

Newsletter-Tracking

Our newsletter contains a so-called ‘tracking pixel’ or miniature graphic embedded in HTML to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Atlas Partners can see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.

We analyse data collected by those tracking pixels to optimise the shipping of the newsletter, as well as to better adapt the content of future newsletters to our readers’ interests. This information is stored via Mailchimp, our newsletter service provider. At any time you can ask us directly to amend or delete this data, or unsubscribe via the Mailchimp links in each email.

 

Other information we collect/process

Our website uses technologies such as “cookies” to provide visitors with tailored information upon each visit. Cookies are a common part of many commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive as recognition for repeat visits to our site. Every time you visit our website, our server, through cookies, pixels and/or GIF files, collects basic technical information such as your domain name, the address of the last URL visited prior to clicking through to the Site, and your browser and operating system. We may also use third party analytical tools (e.g. Google Analytics) to analyse activities on our website. You do not need to enable cookies to visit our website; however, some parts of the Site and some services may be more difficult or impossible to use if cookies are disabled.  Some cookie files remain on your computer’s hard drive unless and until you manually delete the file. Atlas Partners cookie files do not contain personally identifiable information.

 

Surveys or Voting

From time-to-time we may request personally identifiable information from you via surveys or voting polls. Participation is voluntary and you will have the opportunity to decide whether or not to disclose information. At times, you may have to register to vote or to take part in a survey.

 

Blog comments

Our blog provides the opportunity to like and comment on our recent article. You are not required to provide any personal information when using this functionality but you may choose to do so. We strongly recommend that you DO NOT use your personal information as your user name and DO NOT post any personally identifiable information on line, since such information will be publicly available.  We cannot ensure the security of any information you choose to make public via blog comments. Also, we cannot ensure that parties who have access to such publicly available information will respect your privacy. Please exercise caution when deciding to disclose personal information in these areas.

 

Links to Other Websites

Our Site contains links to other websites. Atlas Partners is not responsible for any websites that it does not own or operate.  You should carefully review the privacy policies and practices of other websites that you link to from the Site, as we cannot control or be responsible for their privacy practices.

 

Members of the Media, Parliament, Social Media Influencers, Subject Matter Experts, Stakeholders

Atlas Partners maintains lists of publicly available information regarding media contacts, journalists, MPs, social media influencers, subject matter experts and other stakeholders and individuals who make their personal and/or professional information and/or opinions publicly available.  These lists are accessed and/or used by Atlas Partners for specific purposes in conducting its own business and in conducting business on behalf of potential and existing clients.  Atlas Partners takes reasonable measures to limit the information processed to be relevant to legitimate business purposes and to minimise any risks to individuals associated with the use of such information. If you are a journalist, MP, expert or influencer, please feel free to contact us to access, update and/or restrict use of such information consistent with EU and UK law by email DataPrivacy@atlas-partners.co.uk.

 

Jobs and Internships

The PR industry is not as diverse as it should be and Atlas Partners is doing what it can to better reflect communities across the UK. To measure the effectiveness of our diversity and inclusion efforts we record some protected characteristic information about candidates and employees.

We have a separate Employee Privacy Notice, which governs information collected by Atlas Partners related to employees and potential employment. Current and former applicants for roles are encouraged to ask about privacy in interviews and can request information held on them from our Data Protection Officer, Ed Gavaghan via DataPrivacy@atlas-partners.co.uk.

In extreme summary, where applicants become employees, their data will be stored in order to process pay, pension, benefits and other employment purposes. For unsuccessful applicants, we may retain data and documents in order to offer future employment opportunities with Atlas Partners. Unless otherwise requested, we will delete their information five years after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure.

 

PROCESSING AND STORING YOUR INFORMATION

This section sets out what we do with the information we hold.

The Way We Use Information

We store the personal information you provide via our website in a secure database in order to provide you with the information, products, and/or services you request and may be used to provide you with additional information about our services we believe may be of interest to you. The information is stored for a time period and in a manner relevant to responding to your request unless you request that it be removed. The information you provide us will be shared with Atlas Partners employees and service providers to the extent necessary to administrate our systems and/or accommodate your request.

For example, if you provide your name, mailing address, telephone and/or email address and request more information about Atlas Partners services, this information will be shared with appropriate Atlas Partners personnel to fulfill your request. This information will not be shared with non-affiliated third parties without your consent.

We use non-identifying and aggregate information about the use of our website to improve the navigation, content, and design of our website. This information may include, for example, the most and least requested pages, analysing traffic regarding specific features, and the number of users from particular countries, among other things.

 

Exceptions

Atlas Partners may preserve and has the right to disclose any information about you or your use of our site without your prior permission if Atlas Partners can, in good faith, justify such action is necessary to: (a) protect and defend the rights, property or safety of Atlas Partners or its clients or their respective partners, employees, affiliates, other users of the Site, or the public; (b) enforce the Terms of Use for the Site; or (c) respond to claims related to your use of the Site. We may also disclose information as we deem necessary to satisfy any applicable law, regulation, legal process or lawful governmental request (including to meet national security or law enforcement requirements) or in the event of a sale or potential sale of Atlas Partners.

We made reference to the following provisions of the GDPR rules, when considering this policy;

  • Consent; Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
  • Contract: If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
  • Legal Obligation: If Atlas Partners is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
  • Vital interests: In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
  • ·Legitimate interests: Finally, processing operations could be based on Article 6(1) lit. f GDPR, for those operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders. European legislation also considers that a legitimate interest could be assumed if the data subject is an Atlas Partners client (Recital 47 Sentence 2 GDPR).

 

Data Security

We understand that the safety of your personal information is extremely important to you. Accordingly, Atlas Partners uses reasonable technological, physical and other measures to keep your information protected from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal information.  Due to the nature of the Internet and related technology, we cannot guarantee the security of your personal information and Atlas Partners expressly disclaims any such obligation.

 

YOUR DATA: YOUR RIGHTS

This section tells you how we will respond to any requests to access, correct, limit or delete your data.

There is nothing worse than a generic, “computer says no” response when you are worried about your data and your privacy. Any ‘Subject Access Requests’ about your data will be dealt with by our Data Protection Officer; Ed Gavaghan and Atlas Director, Charles Napier.

At any time you can ask us to confirm what data we hold on you, how long we will store it for, what we are using it for and who we are sharing it with. You can also ask us to amend, update or delete that data. Where technically possible we will also ask any joint processors and third parties that we share data with to amend, update or delete your information accordingly.

 

Accessing and correcting your information; Limiting or Opting out

  • You can prevent the setting of cookies through our website by means of a corresponding setting of your Internet browser, permanently denying the setting of cookies. Cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
  • Visitors who would like to access, correct, update or delete any personally identifiable information may contact us with a request to do so at DataPrivacy@atlas-partners.co.uk.
  • Similarly, Site users who wish to subscribe or unsubscribe to our marketing communications or limit our use of any personally identifiable information in any way can do so by using the subscribe/unsubscribe options contained in our emails or by sending an email to DataPrivacy@atlas-partners.co.uk.

 

If you request the deletion, modification or limitation of use of your personal information maintained by us we will promptly review your request and respond. If we grant your request, such information may be retained for a period of time in our backup systems as a precaution against system failures. We may also ask for additional information to authenticate the request.

Some information may be retained for longer periods as required by law, contract or auditing requirements. In some circumstances we will not be able to limit use of your personal information without unsubscribing you from communications or deleting your information.

If you have any questions about this policy, please let us know.