Privacy Policy – Atomic.io

Last updated Aug 2022

Your privacy

Atomic is a software as a service product implementation system provided by Atomic.io Limited (New Zealand Company Number 4917919) (“us”, “we”) at atomic.io (“Atomic”).

We do our best to protect your privacy, and to treat your personal information as required by the New Zealand Privacy Act 2020. We want to make sure that you understand how your personal information is used so please read this Privacy Policy carefully.

Application of this Privacy Policy

This Privacy Policy applies:

  • to all personal information that you submit through Atomic or to us directly, and any personal information that may be retrieved through your use of Atomic.
  • if you are:
    • an end user who uses our services via our customer (referred to in this Privacy Policy as “end user”);
    • if you are an Authorized User who uses our platform on behalf of our customer (referred to in this Privacy Policy as “authorized user”); and
    • if you are a visitor to our website (referred to in this Privacy Policy as “website visitor”).

By accessing or using Atomic, you consent to the collection, use, disclosure, storage and processing of your personal information in accordance with this Privacy Policy. If you don’t agree to this policy, you must not use Atomic.

What information we collect about you and why we have it

  • Atomic collects information about authorized users, end users (with their information processed on the instructions of our customer), and website visitors.
  • Where we collect personal information about you, you are under no obligation to provide us with any such information. However, if you choose to withhold requested information, we may not be able to provide you with certain services or functionality.
  • We may use cookies to collect this information. Cookies are small pieces of information that are stored in a browser-related file on your computer’s hard drive when you use Atomic.
  • You can stop the collection of your information by permanently deleting your account and by ceasing to use our services. However, under New Zealand law, we may retain personal information for as long as is required for the purposes described in clause 4 below.
  • We may use third-party services, to obtain information about you (for example your company and country) and publicly available information about you, such as your job title.

Authorised User

We collect personal information about you when you create an account and when you access and use Atomic. In particular we will collect:

  • your company/personal name;
  • your contact details;
  • payment related information;
  • information about how Atomic is used (for example, traffic volumes, time spent on pages);
  • your IP address and/or other device identifying data; and
  • other information required to provide a service you requested.

End users

  • We collect metadata, that is not able to be used to identify an individual.
  • If we are notified by our customer to delete an end users data, we will complete this within one month.

Website visitors

  • We collect personal information about you when you access our website. In particular we will collect:
    • Navigation data (for example, pages visited, time spent on pages); and
    • your IP address and/or other device identifying data;

General Data Protection Regulation 

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: 

  • Your consent. You are able to remove your consent at any time. 
  • We have a contractual obligation.
  • We have a legal obligation.
  • We have a vital interest.
  • We have a legitimate interest.

What we do with the information we collect

  • We collect personal information, and may share such personal information with other entities (such as service providers).
  • We may sell data that we collect in an aggregated format. This data will not identify you personally. We may share and sell anonymous aggregated data with third parties, including service providers, our affiliates, agents and current and prospective business partners.
  • We may choose to sell our business. In these types of transactions, your information is typically one of the business assets transferred to the third party purchaser. You acknowledge and agree that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal information as set out in this Privacy Policy.
  • You may receive emails for product announcements, promotions, educational materials, and events.
  • You can request this information at any time by contacting us using the details at the end of this Privacy Policy. We will respond to these requests within one month.
  • We use third party sub-processors to process data. You can see who these sub-processors are and what we use them for at Atomic Subprocessors.
  • You can unsubscribe from any communications from us by following the instructions on any communications sent to you. You can also exercise this right at any time by contacting us using the details at the end of this Privacy Policy.

What information we collect about you

We will use the personal information we collect to:

Authorised User

  • provide our services (including retaining your data and content when you temporarily suspend your account);
  • identify you when you sign-in to your account and verify that your account is not being used by others;
  • carry out research and analysis so we can better understand and serve you;
  • personalise content, advertisements or links relevant to your geographic area or device-type;
  • gather broad anonymous demographic data (such as the number of visitors from a geographic area);
  • communicate with you in relation to Atomic and any other services we provide from time to time;
  • enforce compliance with our Terms;
  • verify and carry out financial transactions in relation to payments and subscriptions you make through Atomic; and
  • co-operate with any government, industry or regulatory authorities.

End users

  • carry out research and analysis so we can better understand and serve you;
  • personalise content relevant to you, your geographic area or device-type; and
  • gather broad anonymous demographic data (such as the number of visitors from a geographic area).

Website visitors

  • carry out research and analysis so we can better understand and serve you;
  • personalise content, advertisements or links relevant to your geographic area or device-type;
  • gather broad anonymous demographic data (such as the number of visitors from a geographic area);
  • communicate with you in relation to Atomic and any other services we provide from time to time.

Storage and security of information

You should be aware that information transmitted over the internet is inherently insecure. We will take all reasonable steps to securely store any personal information collected through Atomic. This information may (for the avoidance of doubt) be transferred and stored on servers outside of New Zealand.

Any information sent through Atomic is passed through a secure server using encryption technology. All personal information stored by us is protected through secure passwords, user log-ons and other security procedures. Atomic adhered to good international security standards for the protection of data and systems.

In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information we hold. However, we will not be held responsible for events arising from unauthorised access of your personal information.

You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used on Atomic. Please notify us immediately if there is any unauthorised use of your account by any other internet user or any other breach of security.

In the event Atomic discovers, is notified of, or reasonably suspects a Privacy Incident, Atomic will promptly notify each customer’s Team Owner of:

  • the date of discovery and date range of unauthorized activity;
  • a description of the nature of the incident including a description of the categories and approximate number of Data Subjects, as well as the categories and the approximate number of records containing Personal Data affected by the Privacy Incident;
  • the name and contact details of the individual(s) in charge of Atomic’s response to the Privacy Incident;
  • Atomic’s assessment, developed through reasonable diligence, of the likely consequences of the Privacy Incident with respect to the affected Personal Data and Data Subjects; and
  • a description of the measures taken or proposed to be taken by the customer to address the personal data breach/Privacy Incident, including, where appropriate, measures to mitigate its possible adverse effects.

Retention of your information

We will only hold your personal information for as long as permitted by New Zealand law. You have the right under the Privacy Act 2020 to access and/or correct your personal information held by us. You can do this by contacting us using the details below.

More information about cancelling a paid subscription, permanently deleting or temporarily deactivating your Account can be found in our Terms of Use.

Cross-Border Transfers

We share data both internally within Atomic, and externally with our subprocessors described in this Notice. When we do this your Personal Data may be transferred, stored or processed in the United States where our data hosting provider’s servers are located, or other countries outside of the European Economic Area or the country where you live. These transfers are necessary to provide our services.

Changes to our Privacy Policy

We may amend or update this Privacy Policy from time to time, with or without notice to you, to better reflect changes to laws, regulatory requirements and/or enhancements to our services. You agree to be bound by the Privacy Policy that is in effect at the time you use Atomic. Revised versions will be effective immediately once posted on our website.

Contact us

If you have any questions about this Privacy Policy, the practices of Atomic, or if you would like to request access to, or correction of, or deletion of, your personal information, you can contact us in the following ways:

  • Email: support@atomic.io
  • Post: ATTN: Data Protection Officer
    Atomic.io Limited, 89 Otaki Street, Miramar, Wellington, 6022, New Zealand.

More information about privacy

This Privacy Policy is governed by New Zealand law. For more information about privacy issues in New Zealand and protecting your privacy, visit the New Zealand Privacy Commissioner’s website: www.privacy.org.nz.

How to Complain

Office of the Privacy Commissioner | Complaining to the Privacy Commissioner