Atlas Verum Limited respects the personal data of every person who visits this website, contacts us, engages us, or whose data we process during the course of our work. This notice tells you what data we collect, why we process it, how long we keep it, who we share it with, and the rights you have over your data.
Atlas Verum Limited is a company incorporated in England and Wales (Company Number 17203202). Our registered office is 71-75 Shelton Street, Covent Garden, London WC2H 9JQ. For data-protection enquiries, please write to enquiries@atlasverum.co.uk or to the registered office. We are the data controller for personal data we collect through this website and for personal data we hold in connection with our own business operations. Where we process personal data on behalf of a client engagement, the client is the data controller and Atlas Verum is the data processor; in that case our handling is governed by the engagement letter and the associated Data Processing Addendum.
When you visit atlasverum.co.uk, our hosting provider (Cloudflare) records standard server logs including IP address, user agent, request URL, and timestamp. These logs are used to operate the website, protect against abuse, and generate aggregated usage statistics. Logs are retained for no longer than 30 days. We do not use behavioural advertising cookies, and we do not share visitor logs with third-party analytics providers.
When you complete an enquiry, take our readiness diagnostic, or email us directly, we collect: your name, your professional contact information, the company you represent if you have provided it, and the substance of your enquiry. We process this information to respond to your enquiry, to assess fit for an engagement, and where applicable to enter and perform a contract with you. The lawful basis is legitimate interest in responding to commercial enquiries, and where the enquiry leads to a contract, performance of a contract.
When we engage with you, or assess engagement with you, we collect identification and verification information sufficient to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("MLR 2017"). This may include identity documents, address verification, beneficial-ownership information, and sanctions and Politically Exposed Persons screening records. We also collect engagement information including scope, contractual terms, billing details, and any personal data necessary to deliver the engagement. The lawful basis is legal obligation for the AML information and performance of a contract for the engagement information.
During an engagement we may process personal data of your employees, directors, beneficial owners, customers, or other individuals whose information forms part of the work we are doing for you. In that case the engagement letter and the Data Processing Addendum apply; your organisation is the data controller; Atlas Verum is the data processor; we act on your documented instructions.
This website uses functional cookies only. We do not use behavioural advertising cookies, social-media tracking pixels, or third-party analytics that profile you across the web. The functional cookies we use are limited to a session cookie set by Cloudflare for security and a local-browser-only storage used by the readiness diagnostic to remember your answers during your visit; this storage is cleared when you close your browser tab and is never sent to our servers unless you explicitly choose to share your diagnostic result with us.
| Category | Retention |
|---|---|
| Website server logs | 30 days |
| Enquiry correspondence not leading to an engagement | 24 months from last contact |
| Engagement records (AML, KYC, engagement letters, deliverables, correspondence) | 5 years from end of business relationship per MLR 2017 |
| Tax-relevant records | 6 years from the end of the relevant accounting period per HMRC |
| Companies House statutory records | As long as the company exists |
We share personal data only with the following categories of recipient:
We do not sell personal data. We do not share personal data for behavioural advertising. We do not transfer personal data to any sub-processor that does not have a data-protection regime materially equivalent to UK GDPR. A current list of our sub-processors is available on request.
Some of our sub-processors are located outside the United Kingdom. Where this is the case, transfers are protected by one or more of the following mechanisms: an adequacy decision under UK GDPR Article 45; the UK International Data Transfer Agreement; Standard Contractual Clauses with the UK addendum; or another mechanism approved by the UK Information Commissioner. The current transfer-mechanism position for each sub-processor is available on request.
Under UK GDPR you have the following rights, and where the data we hold about you was supplied by an engagement client (rather than directly by you to us), the client is the controller and the relevant rights are exercised through the client.
Write to enquiries@atlasverum.co.uk or to the registered office above. We will respond within one calendar month of receiving a verified request. We may need to verify your identity before responding, in which case we will let you know what verification we need.
This website and Atlas Verum's services are not directed to children. We do not knowingly collect personal data from children under 18.
We may update this notice from time to time. Where the change is material, we will post a notice on atlasverum.co.uk and notify clients directly where the change affects them. The version line below tells you when the current version came into effect.
For any data-protection question, write to enquiries@atlasverum.co.uk. For UK Information Commissioner's Office complaints, see ico.org.uk.