PRIVACY
Privacy.
Last updated: 2026-05-11
Atomic Solutions is the trading name of Zandla Ltd. This page explains what personal data we collect about you, why we collect it, who we share it with, and what you can ask us to do about it. It is written to comply with UK GDPR Articles 13 and 14.
Who we are
Zandla Ltd ("we", "us", "our") is a UK private limited company registered in England and Wales. We are the data controller for the personal data described below.
- Company number
- 16061709
- Registered office
- 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
- ICO registration
- C1910537
- Contact
- privacy@atomicsolutions.uk
What personal data we collect
We collect the minimum needed to run our business. Each row below names the data, why we hold it, and the lawful basis under UK GDPR Article 6.
| What | Why | Lawful basis |
|---|---|---|
| Client contact details | Deliver consulting and software work, communicate about projects, issue invoices. | Contractual necessity (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)). |
| Prospect details | Respond to enquiries, send quotes, manage our sales pipeline. | Legitimate interests (Art. 6(1)(f)). |
| Supplier contact details | Manage supplier relationships and pay invoices. | Legitimate interests (Art. 6(1)(f)). |
| Website visitor data | Server logs (IP, user-agent, request paths) used to diagnose problems and detect abuse. | Legitimate interests (Art. 6(1)(f)). If we add analytics cookies later, we will ask for consent. |
| Director and officer data | Companies House and HMRC require this for statutory filings. | Legal obligation (Art. 6(1)(c)). |
We do not collect special category data (Art. 9) or criminal offence data (Art. 10) in the normal course of business. We do not sell personal data and we do not use it for automated decision-making or profiling.
How we collect it
- Directly from you when you email us, fill in a contact form, or share details during an engagement.
- From your employer when a client or prospect gives us their staff's contact details for project work.
- From our website via server logs when you visit atomicsolutions.uk.
- From public sources such as Companies House, LinkedIn, and business directories during outbound research.
Who we share it with
We share personal data with the processors and recipients below, only to the extent needed to do the work.
| Recipient | Why | Safeguard |
|---|---|---|
| Google (Workspace) | Email and document storage. | Google's UK GDPR Data Processing Addendum. |
| Intuit (QuickBooks Online) | Bookkeeping and invoicing. Client names and addresses appear on invoices. | Intuit DPA. |
| Supabase | Database hosting for our internal client-management system. | Supabase DPA; hosted on AWS in the EU. |
| Anthropic (Claude) | AI-assisted drafting and analysis. See the section below for limits we put on this. | Training opt-out enabled on all Zandla accounts. |
| HMRC and Companies House | Statutory filings. | Legal obligation. |
| Professional advisors | Solicitors and accountants where engaged. | Professional duty of confidentiality. |
International transfers
Some of the processors above operate outside the United Kingdom:
- Anthropic processes data in the United States under Standard Contractual Clauses. Our internal usage policy bars us from pasting bulk personal data into prompts.
- Intuit may process data in the United States under its DPA.
Every other processor is configured to use UK or EEA data centres where the service offers a choice.
How we use AI
We use Anthropic's Claude to assist with drafting, analysis, and software development. Our internal policy prohibits pasting bulk personal data into prompts, using Claude to make automated decisions about individuals, and sharing credentials or environment files with it. Training opt-out is on across all accounts.
How long we keep it
| Category | Retention | Reason |
|---|---|---|
| Client contact details | Duration of relationship + 6 years | UK limitation period for contract claims. |
| Prospect details | 2 years from last contact | Legitimate interest expires without an active relationship. |
| Supplier contact details | Duration of relationship + 6 years | UK limitation period. |
| Financial records (invoices, receipts) | 6 years from end of accounting period | Companies Act 2006 s.386 and HMRC requirements. |
| Server logs | 90 days | Operational diagnostics only. |
| Director statutory data | Permanent while the company exists | Companies Act 2006 requirement. |
Your rights
Under UK GDPR you can ask us to:
- Access (Art. 15)
- Get a copy of the personal data we hold about you.
- Rectification (Art. 16)
- Correct anything inaccurate.
- Erasure (Art. 17)
- Delete your data, subject to records we are legally required to keep.
- Restriction (Art. 18)
- Limit how we use your data while a complaint is being resolved.
- Portability (Art. 20)
- Receive your data in a structured, machine-readable format.
- Object (Art. 21)
- Object to processing we do under legitimate interests. We will stop unless we can show compelling legitimate grounds.
To exercise any of these, email privacy@atomicsolutions.uk. We will respond within one calendar month (Art. 12(3)).
Cookies
atomicsolutions.uk does not set analytics or advertising cookies. The site uses only the strictly necessary session cookies needed for it to work. If we add analytics later, we will update this page and ask for consent before any non-essential cookies are set.
Children's data
Our services are aimed at businesses. We do not knowingly collect personal data from anyone under 18. If you think a child has shared data with us, email privacy@atomicsolutions.uk and we will delete it.
Changes to this policy
We update this page when the way we handle data changes. The "last updated" date at the top reflects the most recent revision. For changes that materially affect how we use your data, we will contact affected individuals directly where we can.
Contact and complaints
For any data protection question, email privacy@atomicsolutions.uk.
If you are not happy with how we have handled your data, you can complain to the Information Commissioner's Office:
- Website
- ico.org.uk/make-a-complaint
- Helpline
- 0303 123 1113
- Post
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would prefer the chance to put things right first — please contact us before going to the ICO.