Integrity and Data Protection Policy
The following information is a summary of how we collect and manage your personal data in accordance with the Data Protection Ordinance (GDPR).
- The personal data processing that occurs when using any of Atatiki’s services and / or products.
- Personal data processing that happens to suppliers when purchasing
- Any personal data processing in connection with recruitment
Type of personal information we collect
Our main reason for processing your personal information is to enable us to fulfill commitments to you as a customer, prospective customer or supplier.
Atatiki may process the following tasks
When you and / or your company become a customer at Atatiki, we collect your contact information:
- Company address and contact details
- Company number
- Personal name, e-mail address and telephone number.
Information about your services
We also save data about which of our services / products you order and use, and the way you use them.
When you contact our support or sales department, we collect the information you provide us in order to assist you with your case or request.
Here’s how we collect personal information
We collect and process data as follows:
- The data you provide yourself when you become a customer with us.
- When you contact us via email and through calls.
- Created when you use our services – for example, through our case management systems.
- We get from other sources – such as HMRC or Credit Reference Agencies.
Exactly what information we collect about you depends on which of our services you use.
We use this personal data to:
- In order for us to process your data, one of the following legal bases must be met:
- Requirements to complete the agreement with you.
- Requirements to fulfill one of Atatiki’s legal obligations.
- The treatment lies in both your and Atatiki’s interest.
- Consent from you for that particular treatment.
Below you will find information about what we use your data for, and the legal basis for which the treatment is supported.
Duration that personal data is stored
We save personal information as long as there is a documented purpose for the treatment.
- Personal data necessary for accounting purposes are stored for at least 7 years.
- Personal data necessary for the maintenance of customer relationships are stored for 24 months after the active customer relationship has expired.
- Personal data necessary for the maintenance of a prospectus relationship (Company) are stored for 12 months after the last activity.
- In cases where the registrant agrees to e-mail, the e-mail address will be saved until the registrant is unsubscribed.
- Personal data processed in connection with recruitment are stored during the recruitment process.
To whom do we provide personal information
No information is provided to our partners without your approval. We have agreements with all partners and subcontractors. We strive to never share more personal information than absolutely necessary with each partner.
We take appropriate safeguards to ensure that your personal information is handled in accordance with applicable laws regarding safety and privacy. The same requirements apply to our subcontractors.
Upon request, we may be required by law to disclose personal information to, for example, the police.
How to protect your personal information
We use industry standards to safely store, treat and communicate sensitive information such as personal information and passwords. The protection is implemented with systematic, organizational and technical measures to ensure integrity, confidentiality and accessibility.
Atatiki’s staff are bound by confidentiality agreements and only use your information as the task requires.
You decide your personal information
You decide on your own personal information. That is, you decide which tasks you want to leave and what processing of your personal information you approve and you can revoke your consent as you wish.
Personal Data Assistants
In the case that you are a personally responsible customer and Atatiki acts as a Personal Data Counselor, our processing of your customers’ personal data will be governed by a separate Personal Data Entry Agreement.
How we process your personal information when you are no longer a customer
When you terminate your business relationship with us, we will remove all your personal information where there is no longer any purpose for further processing. We also notify any potential partners and subcontractors who processed your data to be deleted from their records.
Among the things that are not removed are:
Data required by the Accounting Act.
30 Portland Place