Atlas Labs Limited (trading as ‘Popp’)

Company Number: 13988976

Address: Popp, Wework, 1 Poultry, London, England, EC2R 8EJ

Document: Website Privacy Policy Version Date: 1 May 2025

1. Introduction

1.1. Introduction and Company Identity

• Welcome to Atlas Labs Limited’s Privacy Policy.
• Atlas Labs Limited ("we", "us", "our") is committed to protecting your privacy and Personal Data in compliance with UK GDPR, the Data Protection Act 2018, and other UK laws.
• This policy explains how we collect, process, and secure your data, outlines your rights, and informs our staff of their obligations.
• Data may be gathered from:
  • Third parties connected to your customers.
  • Potential or existing candidates for job opportunities at our customers' companies.
  • Others the organisation has a relationship with or needs to contact.
• This policy applies to all employees, staff, and Personal Data processed by us.

1.2. Data Controller and Data Protection Officer (DPO)

• Data Controller: Atlas Labs Limited.
• Data Protection Officer (DPO): Responsible for overseeing questions regarding this Privacy Policy.
  • Name: Mo Slaoui
  • Email: mo@joinpopp.com
  • Postal Address: Popp, Wework, 1 Poultry, London, England, EC2R 8EJ
• You have the right to complain to the Information Commissioner’s Office (ICO) (www.ico.org.uk), but we encourage you to contact us first.

1.3. Data Controller and Processor Responsibilities

• Our employees act as "Processors" handling data on behalf of the Data Controller (Atlas Labs Limited).
• Responsibilities include:
  • Ensuring processing has a legal basis under GDPR.
  • Ensuring authorised Processors are bound by confidentiality.
  • Implementing appropriate security measures.
  • Obtaining Controller authorisation before engaging other Processors.
  • Assisting the Controller with data subject rights requests.
  • Providing information to demonstrate GDPR compliance and allowing audits.
  • Maintaining records of processing activities.
  • Cooperating with supervisory authorities.
  • Appointing a DPO where required, publishing details.
  • Supporting the DPO.
  • Ensuring staff only process data on Controller instructions.
  • Notifying the Controller of Personal Data Breaches without undue delay.

2. Legal Basis for Data Collection

2.1. Scope and Types of Personal Data Collected

• Personal Data: Information identifying an individual (excludes anonymised data).
• We may collect, use, store, and transfer the following types of data:
  • Profile/Identity Data: First name, last name, gender, date of birth.
  • Contact Data: Phone number, addresses, email addresses.
  • Marketing and Communications Data: Preferences for receiving marketing.
  • Prospective Candidate Data: Publicly available data (e.g., LinkedIn) or data willingly shared (CVs, contact info, messages with our AI), collected responsibly by our clients.
• Aggregated Data: Demographic or usage data (e.g., from candidate conversations) derived from Personal Data but not identifying individuals. If combined to identify you, it's treated as Personal Data. We may share anonymised aggregated data for research/analysis.
• Special Categories: We do not collect Special Categories of Personal Data (race, ethnicity, religion, sexual orientation, political opinions, health data, etc.) or data on criminal convictions.

2.2. Legal Bases for Data Collection

• We rely on the following GDPR justifications:
  • Consent: You explicitly agree (e.g., ticking a box for newsletters).
  • Contractual Obligations: Data needed to fulfil a contract with you.
  • Legal Compliance: Data required by law (e.g., fraud prevention).
  • Legitimate Interest: Data needed for reasonable business operations that don't materially impact your rights (e.g., contact name/address for service delivery).

3. How We Use Your Personal Data

3.1. Purposes for Using Your Personal Data

• We only use your Personal Data when legally permitted.
• The table below outlines data types, activities, and legal bases (refer to section 2.2 for definitions):

Activity

Type of Data

Legal Basis Justification

Lawful Basis Rationale

Processing candidate data shared with our clients during application/screening to help clients analyse and assess candidates.

Profile/Identity Data, Contact Data, Usage Data

Consent, Legitimate Interest, Already Public

Fulfil responsibilities for efficient candidate-client matching, fraud prevention, and ensuring network/information security.

When a customer signs up for marketing communications.

Profile/Identity Data, Contact Data, Marketing and Communications Data

Consent, Legitimate Interest

Legitimate interest in marketing services to existing customers (new features, boost sales). We also seek consent for specific marketing types.

‍

Export to Sheets

• Note: Examples are indicative; actual uses may be broader but always require a legal basis and be for a related purpose.

3.2. Marketing Communications

• You receive marketing if you have an account and opted-in.
• We may suggest relevant goods or services.

3.3. Change of Purpose

• We only use data for the original collection purpose unless a compatible reason arises. Contact the DPO for explanations.
• If an unrelated purpose is needed, we will notify you and explain the legal basis.
• We may process data without knowledge/consent if required/permitted by law.

4. Your Rights and How You Are Protected

4.1. Your Legal Rights Under GDPR

• You have the right to:
  • Be informed: About data processing purposes, retention, sharing (as outlined in this policy).
  • Access: Request a copy of your Personal Data ("data subject access request").
  • Rectification: Request correction of inaccurate/incomplete data (verification may be needed).
  • Erasure: Ask us to delete data if there's no good reason to keep processing it (subject to legal exceptions).
  • Object: Object to processing based on legitimate interests or for direct marketing. We may continue processing if compelling legitimate grounds override your rights (except for direct marketing).
  • Restrict Processing: Request suppression of data use under specific circumstances (e.g., verifying accuracy, unlawful use where erasure isn't desired, data needed for legal claims).
  • Data Portability: Request transfer of your data (provided via consent or contract performance) to you or a third party in a structured, machine-readable format.
• To exercise these rights, contact: sam@joinpopp.com.

4.2. Your Control Over Your Data

• Account Deletion: You can delete your account anytime, which removes it from our systems and related software, deleting stored data.
• Access Information: Log into your account to access associated information.
• Password Security: Protect your password and limit device access to prevent unauthorised account access.
• California Privacy Rights: California residents can request a notice about sharing personal customer information with affiliates/third parties for marketing. Submit written requests to sam@joinpopp.com.

4.3. Data Security Measures

• We implement security measures including secure protocols, database encryption, and security software on company devices.
• Our security infrastructure is managed by Agency https://getagency.com/.
• Access is limited to authorised employees bound by confidentiality.
• Subcontractors are subject to security controls.
• No internet transmission is 100% secure. We strive to protect data, but transmissions are at your own risk. Contact us if you believe your interaction is no longer secure.

4.4. Opting Out of Marketing

• Use unsubscribe links in marketing communications to opt-out anytime.
• Opting out doesn't affect data retained for other purposes (e.g., service interactions).

4.5. Accessing Your Data (Subject Access Requests)

• No fee is usually required to access your data or exercise rights.
• We may refuse requests that are clearly unfounded.
• We may request specific information to verify your identity and right to access.
• We may ask for further information to speed up our response.

5. Your Data and Third Parties

5.1. Sharing Data with Third Parties

• We may share non-Personal Data with third parties.
• We may share Personal Data with subcontractors or affiliates under confidentiality obligations, only for disclosed purposes and per our instructions.
• We may share Personal Data with interested parties during a potential change of control, acquisition, or asset sale/licensing.
• If the company is sold/transferred, data may be assigned to a third party. The acquiring entity's privacy policy might then apply; otherwise, this policy remains in effect.
• We may share Personal Data if legally required or to enforce our terms/policy.

6. Data Retention Period

• We retain Personal Data only as long as reasonably necessary for the collection purposes.
• Data may be kept longer for complaints or potential litigation.

7. Age Restriction

• You must be 16 or older to use Atlas Labs Limited.
• If under 16, you must stop using the service immediately.
• This website is not intended for children, and we do not knowingly collect children's data.

8. International Data Transfers

• Your information may be stored/processed in the US or other countries where Atlas Labs Limited has facilities.
• By using the service, you consent to transferring information (including Personal Data) outside the US.

9. Policy Updates and Acceptance

• This policy is under review; updates will be posted here. This version: 1 August 2023.
• Using Atlas Labs Limited signifies consent to this policy. Continued use implies acceptance of modifications.

10. Interpretation Clause

• "Including" means "including but not limited to".
• Emails should be used only for their stated purpose; unrelated correspondence may be ignored. Responses are not guaranteed and depend on politeness, reasonableness, and whether information is available elsewhere (e.g., FAQs).
• Staff are not authorised to contract, waive rights, or make representations for Atlas Labs Limited via email. Email content contradicting official policy/terms will be overridden by the policy/terms, except for genuine correspondence from the legal department.

11. Related Terms of Use

• Refer to the Terms of Use for terms, disclaimers, and liability limitations: https://www.google.com/search?q=https://www.notion.so/Terms-of-Service-3d33017502c548d5a6dd756da629ad27