Atlas Labs Limited (trading as ‘Popp’) Company Number: 13988976 Address: Popp, Wework, 1 Poultry, London, England, EC2R 8EJ

Document: Website Privacy Policy Version Date: 1 May 2025

1. INTRODUCTION

1.1. Introduction and Company Identity

• Welcome to Atlas Labs Limited’s Privacy Policy.
• Atlas Labs Limited ("we", "us", "our") is committed to protecting your privacy and Personal Data in compliance with UK GDPR, the Data Protection Act 2018, and other UK laws.
• This policy explains how we collect, process, and secure your data, outlines your rights, and informs our staff of their obligations.
• Data may be gathered from:
  • Third parties connected to your customers.
  • Potential or existing candidates for job opportunities at our customers' companies.
  • Others the organisation has a relationship with or needs to contact.
• This policy applies to all employees, staff, and Personal Data processed by us.

1.2. Data Controller and Data Protection Officer (DPO)

• Data Controller: Atlas Labs Limited.
• Data Protection Officer (DPO): Responsible for overseeing questions regarding this Privacy Policy.
  • Name: Mo Slaoui
  • Email: [email protected]
  • Postal Address: Popp, Wework, 1 Poultry, London, England, EC2R 8EJ
• You have the right to complain to the Information Commissioner’s Office (ICO) (www.ico.org.uk), but we encourage you to contact us first.

1.3. Data Controller and Processor Responsibilities

• Our employees act as "Processors" handling data on behalf of the Data Controller (Atlas Labs Limited).
• Responsibilities include:
  • Ensuring processing has a legal basis under GDPR.
  • Ensuring authorised Processors are bound by confidentiality.
  • Implementing appropriate security measures.
  • Obtaining Controller authorisation before engaging other Processors.
  • Assisting the Controller with data subject rights requests.
  • Providing information to demonstrate GDPR compliance and allowing audits.
  • Maintaining records of processing activities.
  • Cooperating with supervisory authorities.
  • Appointing a DPO where required, publishing details.
  • Supporting the DPO.
  • Ensuring staff only process data on Controller instructions.
  • Notifying the Controller of Personal Data Breaches without undue delay.

2. LEGAL BASIS FOR DATA COLLECTION

2.1. Scope and Types of Personal Data Collected