Politique de confidentialité

Last updated: April 25, 2026

1. Who We Are

Atomic Digital Agency is a full-service digital agency headquartered in Leicester, United Kingdom, serving businesses across England, Scotland, Wales, and internationally. We design and build websites, mobile applications, and e-commerce platforms; deliver search engine optimisation (SEO), pay-per-click (PPC) advertising, and social media marketing; create brand identities; and provide data analytics consultancy. Learn more about our digital services.

Our registered trading name is Atomic Digital Agency. You can reach us at:

This Privacy Policy applies to the website atomicdigitalagency.co.uk (the "Site"), any subdomains, and our client service interactions. We act as the data controller in respect of personal data we collect about you as a website visitor or prospective/active client.

2. What Personal Data We Collect

We only collect personal data that is necessary for the purposes described in this policy. The categories of data we may collect include:

2.1 Data You Give Us Directly

  • Identification data: your full name, job title, and company name.
  • Contact data: email address, telephone number, and postal address where relevant.
  • Project and business data: information you provide when describing your project requirements, industry, target audience, budget range, desired timeline, and any attached documents or creative briefs.
  • Communication data: the content of emails, form submissions, live-chat messages, and video-call notes exchanged between you and our team.
  • Booking data: date, time, and purpose of a discovery call or meeting you schedule through our booking widget.
  • Payment and billing data: invoicing details such as billing address and VAT number. We do not store card numbers; payments are processed through PCI-compliant third-party providers.

2.2 Data We Collect Automatically

  • Usage data: pages visited, time spent on pages, click paths, referring URL, and search terms used to find our site.
  • Technical data: IP address (anonymised where possible), browser type and version, device type and operating system, screen resolution, and preferred language setting.
  • Cookie and tracking data: identifiers set by first-party and (where consented) third-party cookies. See our Cookie Policy for full details.

2.3 Data From Third Parties

  • Publicly available business information (e.g. LinkedIn profile, Companies House records) used in the normal course of business development.
  • Referral information passed to us by existing clients who recommend our services to you.

We do not purchase marketing lists or source personal data from data brokers.

3. Legal Basis for Processing

Under the UK GDPR and the Data Protection Act 2018, we rely on the following legal bases:

Purpose Legal Basis
Responding to enquiries and providing quotesPre-contractual steps / Legitimate interests
Delivering agreed services and managing client accountsPerformance of a contract
Sending project updates, invoices, and supportPerformance of a contract
Improving our website through analyticsLegitimate interests (or Consent where required)
Marketing our services to existing clientsLegitimate interests
Marketing to prospective clients (direct email)Consent
Complying with legal and regulatory obligationsLegal obligation
Fraud prevention and securityLegitimate interests / Legal obligation

Where we rely on legitimate interests, we have conducted a balancing test and determined that our interests do not override your rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 8).

4. How We Use Your Information

We use your personal data only for legitimate business purposes, specifically:

  • Service delivery: designing, building, testing, and launching digital products (websites, mobile apps, e-commerce stores); running SEO campaigns; managing paid advertising accounts; producing brand assets; and setting up analytics dashboards on your behalf.
  • Communication: responding to enquiries within our published response times; sending project status updates, feedback requests, and milestone notifications; scheduling discovery calls and follow-up meetings.
  • Billing and finance: generating and issuing invoices; processing payments through our payment partners; maintaining financial records as required by HMRC.
  • Website improvement: analysing aggregated usage data to understand which pages are most useful, identify broken links or slow-loading pages, and improve overall user experience.
  • Security: detecting and preventing fraud, spam, abuse, and malicious activity on our website and systems.
  • Legal compliance: retaining records as required by applicable law, responding to court orders or regulatory requests, and enforcing our contractual rights.
  • Marketing (where permitted): sending newsletters, case studies, or service announcements to contacts who have consented or who are existing clients and have not opted out.

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Sharing Your Personal Data

We do not sell, rent, or trade your personal data. We may share it only as follows:

  • Service providers (processors): trusted third-party tools and platforms that process data strictly on our instructions and under data processing agreements, including cloud hosting providers, email delivery services, project management tools, CRM software, and video-conferencing platforms.
  • Payment processors: PCI-DSS-compliant payment gateways that handle transaction data independently under their own privacy policies.
  • Analytics providers: Google Analytics (with IP anonymisation enabled) to measure site performance; data is aggregated and not personally identifiable in our reports.
  • Professional advisers: our solicitors, accountants, and auditors under duties of confidentiality where necessary.
  • Legal authorities: law enforcement agencies, regulatory bodies, or courts where we are required to do so by law or to protect our legal rights.
  • Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity. We will notify you before such a transfer takes effect.

All our third-party processors are located in the UK or European Economic Area, or in countries with an adequacy decision, or are subject to UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs).

6. International Transfers

Our primary operations and data storage are within the United Kingdom. Where we use software services (such as cloud platforms) whose servers may be located outside the UK, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations recognising equivalent protection standards.
  • UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses approved by the ICO.
  • Binding Corporate Rules (BCR) where applicable.

You may request details of the specific safeguards applied to any international transfer by contacting us at the address in Section 1.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal and accounting requirements. Our standard retention periods are:

  • Enquiry and pre-contract data: up to 12 months from last contact if no contract is formed.
  • Client project data and communications: 7 years from the end of the contract (in line with HMRC requirements for financial records).
  • Invoices and payment records: 7 years as required by UK tax law.
  • Marketing consent records: until consent is withdrawn, plus 12 months thereafter as proof of consent.
  • Website analytics data: up to 26 months in aggregated form; raw log data deleted after 90 days.

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data. To exercise any of them, please contact us using the details in Section 1. We will respond within one calendar month (extendable by two further months for complex requests).

  • Right of access (Subject Access Request): obtain a copy of the personal data we hold about you and information about how we use it.
  • Right to rectification: have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten"): request deletion of your data where there is no legitimate reason to continue processing it.
  • Right to restriction: ask us to suspend processing of your data in certain circumstances, for example while accuracy is contested.
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.
  • Right to object: object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: we do not carry out solely automated decisions with legal effect, but you may contact us if you have concerns.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would, however, appreciate the opportunity to address your concerns before you approach the ICO.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:

  • HTTPS/TLS encryption on all web pages and API communications.
  • Access controls and role-based permissions limiting data access to authorised personnel only.
  • Regular software patching and vulnerability scanning.
  • Encrypted storage of sensitive data at rest.
  • Staff training on data protection and information security best practices.
  • Incident response procedures for detecting and responding to data breaches within the 72-hour ICO notification window where required.

No system is entirely immune to breach. If you suspect a security incident, please notify us immediately at info@atomicdigitalagency.co.uk.

10. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without parental consent, please contact us and we will delete the data promptly.

11. Links to Other Websites

Our website may contain links to third-party websites (for example, social media platforms, partner agencies, or tools we recommend). These sites have their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices or content of any third-party site.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify active clients directly by email. Continued use of the Site after an update constitutes acceptance of the revised policy.

13. Contact Us

For any questions, requests, or complaints relating to this Privacy Policy or your personal data, please contact us:

We aim to acknowledge all privacy-related requests within 5 business days and resolve them within the statutory one-month period.

Related Policies

Terms of Service Cookie Policy Contact Us Our Services

Préférences de cookies

Nous utilisons des cookies pour améliorer votre expérience et analyser les performances du site. Vous pouvez accepter ou refuser les cookies non essentiels à tout moment.

Voir la politique des cookies