Website Privacy & Data Policy
1. Introduction
Atlas Agni Taj ("we", "us", "our") is a global enterprise transformation and advisory consultancy with offices in the United Kingdom, the United Arab Emirates, the Kingdom of Saudi Arabia, and India. This Privacy & Data Policy explains how we collect, use, share, and protect personal data when you visit our website at atlasagnitaj.com (the "Website"), contact us, subscribe to our insights, or otherwise interact with us online.
We are committed to handling personal data lawfully, fairly, and transparently, in accordance with the data protection laws applicable in each jurisdiction where we operate, including:
- The UK General Data Protection Regulation and Data Protection Act 2018 (United Kingdom)
- The EU General Data Protection Regulation (GDPR), where we serve clients in the European Economic Area
- UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
- The Personal Data Protection Law of the Kingdom of Saudi Arabia (KSA PDPL)
- The Digital Personal Data Protection Act, 2023 (India DPDP Act)
Where these laws differ, we apply the standard that provides the strongest protection reasonably applicable to your data.
2. Who We Are (Data Controller)
The data controller responsible for personal data collected through this Website is [LEGAL ENTITY NAME], registered at [REGISTERED ADDRESS].
For all privacy enquiries, you can contact us at [PRIVACY CONTACT EMAIL].
Internal Review Quality Directive
Note for internal review: the privacy contact email must not be published until inbound email delivery is confirmed as working. A privacy contact that bounces is itself a compliance failure.
3. Personal Data We Collect
We collect personal data in the following ways when you use the Website:
| Category | Examples | How it is collected |
|---|---|---|
| Identity & contact data | Name, job title, organisation, email address, phone number | Contact forms, enquiry emails, newsletter sign-up, event registrations |
| Professional data | Company, sector, role, nature of enquiry, project context you share with us | Enquiry forms and correspondence |
| Technical data | IP address, browser type and version, device type, operating system, referral source | Automatically, via server logs and analytics |
| Usage data | Pages visited, time on page, navigation paths, downloads of our insights and documents | Analytics cookies and similar technologies |
| Marketing preferences | Subscription status, communication preferences, engagement with our emails | Newsletter sign-up and email interactions |
| Recruitment data | CV, work history, qualifications (if you apply for a role or register interest) | Direct submission by you |
We do not intentionally collect special category data (such as health, religious, or biometric data) through the Website, and we ask that you do not submit such data via our forms.
4. How and Why We Use Your Data
We use personal data only where we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal bases under UK/EU GDPR (equivalent bases apply under the UAE PDPL, KSA PDPL, and India DPDP Act, which are consent-centric; where those laws require consent, we rely on your consent).
| Purpose | Data used | Legal basis (UK/EU GDPR) |
|---|---|---|
| Responding to enquiries and providing information about our services | Identity, contact, professional data | Legitimate interests; steps prior to entering a contract |
| Delivering advisory and transformation services to clients | Identity, contact, professional data | Performance of a contract |
| Sending insights, thought leadership, and marketing communications | Identity, contact, marketing preferences | Consent (opt-in); legitimate interests for existing clients, with opt-out |
| Operating, securing, and improving the Website | Technical, usage data | Legitimate interests |
| Analytics and performance measurement | Technical, usage data | Consent (analytics cookies) |
| Recruitment and talent pooling | Recruitment data | Steps prior to entering a contract; legitimate interests |
| Complying with legal and regulatory obligations | As required | Legal obligation |
5. Cookies and Analytics
The Website uses cookies and similar technologies. Cookies are small text files placed on your device. We use:
- Strictly necessary cookies — required for the Website to function (e.g., security, load balancing). These do not require consent.
- Analytics cookies — we use Google Analytics 4 (GA4) to understand how visitors use the Website. GA4 collects pseudonymised usage data, including truncated IP addresses. Analytics cookies are set only with your consent.
- Functionality cookies — remember your preferences, such as cookie consent choices.
You can withdraw or change your cookie consent at any time via the cookie settings link on the Website, and you can also control cookies through your browser settings. Refusing analytics cookies does not affect your ability to use the Website.
6. Who We Share Data With
We do not sell personal data. We share personal data only with:
- Service providers (processors) — including our website hosting provider (Hostinger), email service providers, analytics providers (Google), and IT support. These providers act on our instructions under contractual data protection obligations.
- Professional advisers — lawyers, accountants, auditors, and insurers where necessary.
- Contractors and delivery partners — carefully selected freelancers and consultants engaged on our behalf, bound by confidentiality and data protection terms.
- Regulators and authorities — where disclosure is required by law, regulation, or court order.
- Business transfers — in the event of a merger, acquisition, or restructuring, subject to appropriate safeguards.
7. International Data Transfers
Because we operate across the United Kingdom, the UAE, Saudi Arabia, and India, personal data may be transferred between our offices and to service providers located outside your home jurisdiction. Where we transfer personal data internationally, we apply appropriate safeguards, which may include:
- UK International Data Transfer Agreements (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
- EU Standard Contractual Clauses (SCCs) for transfers of EEA data
- Transfer mechanisms and adequacy assessments required under the UAE PDPL and KSA PDPL, including regulator-approved contractual clauses where applicable
- Compliance with any transfer restrictions notified under the India DPDP Act
Details of the safeguards applied to a specific transfer are available on request via our privacy contact.
8. How Long We Keep Data
We retain personal data only as long as necessary for the purposes described in this policy, then delete or anonymise it. Our standard retention periods are:
| Data type | Retention period |
|---|---|
| Website enquiries that do not lead to an engagement | 24 months from last contact |
| Client engagement records | Duration of engagement plus 7 years (legal and regulatory requirements) |
| Newsletter subscriptions | Until you unsubscribe, plus a suppression record to honour your opt-out |
| Analytics data (GA4) | 14 months (GA4 standard retention setting) |
| Recruitment data (unsuccessful applications) | 12 months, unless you consent to longer talent-pool retention |
| Server and security logs | Up to 12 months |
9. How We Protect Your Data
We apply technical and organisational measures appropriate to the risk, including encryption of data in transit (TLS/HTTPS), access controls on a need-to-know basis, secure hosting arrangements, and periodic review of our website security posture. No internet transmission is completely secure, but we take reasonable steps to protect personal data against unauthorised access, alteration, disclosure, or destruction, and we maintain procedures for identifying and responding to personal data breaches, including notification to regulators and affected individuals where legally required.
10. Your Rights
Depending on your jurisdiction, you have rights over your personal data. We honour these rights wherever they apply:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification / correction | Ask us to correct inaccurate or incomplete data |
| Erasure / deletion | Ask us to delete your data where there is no lawful basis to retain it |
| Restriction | Ask us to limit how we use your data in certain circumstances |
| Objection | Object to processing based on legitimate interests, including direct marketing |
| Portability | Receive your data in a structured, machine-readable format |
| Withdraw consent | Withdraw consent at any time where processing is based on consent, without affecting prior processing |
| Grievance redressal (India) | Raise a grievance with our designated contact, and escalate to the Data Protection Board of India if unresolved |
| Complain to a regulator | Lodge a complaint with your supervisory authority — the ICO (UK), the UAE Data Office, SDAIA (Saudi Arabia), or the Data Protection Board of India |
To exercise any of these rights, contact us at [PRIVACY CONTACT EMAIL]. We will respond within the timeframe required by applicable law (one month under UK/EU GDPR, subject to extension for complex requests). We may need to verify your identity before acting on a request.
11. Children
The Website is directed at business professionals and is not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Third-Party Links
The Website may link to third-party websites, including social media platforms and industry resources. We are not responsible for the privacy practices of those sites, and we encourage you to review their privacy policies.
13. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. The current version will always be available on the Website with its effective date. Material changes will be highlighted on the Website or notified to subscribers where appropriate.