Introduction
Atom Designs ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect personal data when you visit our website at www.atomdesigns.art or www.atomdesigns.co.uk (the "Site"), purchase from us, work with us as a designer, or otherwise interact with us.
This Privacy Policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.
This Privacy Policy was last updated on 20 May 2026.
1. Who We Are
- 1.1 Atom Designs is the trading name of Acrotex Limited, a company registered in England and Wales with company number 3514327.
- 1.2 For the purposes of UK GDPR, Acrotex Limited (trading as Atom Designs) is the data controller of personal data collected through the Site and through our business relationships.
- 1.3 You can contact us about this Privacy Policy or any data protection matter:
2. Personal Data We Collect
- 2.1 We collect and process the following categories of personal data:
- 2.2 Information you give us directly. This includes:
- (a) Identity data — full name, job title, business name;
- (b) Contact data — email address, telephone number, postal address, business address;
- (c) Financial data — bank account details and other payment information (collected only from clients, freelance designers, and suppliers, and only for the purpose of processing payments);
- (d) Tax-related data — VAT registration number where applicable;
- (e) Communications — the content of emails, messages and correspondence you send us.
- 2.3 Information collected automatically when you use the Site. This includes:
- (a) Technical data — IP address, browser type and version, device type, operating system, time zone setting and approximate location;
- (b) Usage data — information about how you use the Site, including pages visited, time spent, and referring website;
- (c) Cookie data — see clause 7 below.
- 2.4 Information we do NOT collect. We do not knowingly collect special category personal data (such as data relating to health, race, religion, or political opinions). We do not knowingly collect data from children under 16.
3. How and Why We Use Your Personal Data (Lawful Bases)
- 3.1 Under UK GDPR, we may only process your personal data where we have a lawful basis to do so. The lawful bases we rely on are:
- 3.2 Performance of a contract. Where you are a client purchasing artwork, a freelance designer working with us, or a supplier, we process your personal data to perform our contract with you. This includes:
- (a) processing orders, issuing invoices, and delivering files;
- (b) making payments to designers and suppliers;
- (c) providing client support and managing commissioned projects;
- (d) communicating with you about ongoing projects.
- 3.3 Legitimate interests. We process some personal data because we have a legitimate interest in doing so, where such processing does not override your rights. This includes:
- (a) marketing our services to existing and prospective business clients;
- (b) responding to enquiries from prospective clients and designers;
- (c) improving the Site and our services through analysis of usage patterns;
- (d) preventing fraud and protecting our intellectual property and business interests;
- (e) keeping records of business transactions for accounting, tax, and audit purposes.
- 3.4 Legal obligation. We process certain personal data to comply with our legal obligations, including:
- (a) tax and accounting record-keeping (HMRC requires retention of records for at least 6 years);
- (b) responding to lawful requests from public authorities.
- 3.5 Consent. Where we rely on your consent (for example, for non-essential cookies or marketing emails to non-business contacts), you may withdraw your consent at any time without affecting the lawfulness of any processing carried out before withdrawal.
4. Who We Share Your Personal Data With
- 4.1 We share personal data only as necessary to operate our business and in accordance with this Privacy Policy. Categories of recipients include:
- (a) Service providers — IT and hosting providers (including our cloud storage and content delivery services), payment processors, accountants, and professional advisers, all of whom are bound by contractual confidentiality and data protection obligations;
- (b) Designers — where you purchase artwork, we share the necessary information with the relevant freelance designer to enable Atom Designs to perform its agency role and account to the designer for commission;
- (c) Public authorities — where required by law, court order, or to enforce our legal rights.
- 4.2 We do not sell or rent your personal data to any third party. We do not share your personal data with third parties for their own marketing purposes.
5. International Transfers
- 5.1 Some of our service providers and freelance designers are based outside the United Kingdom (including in the United States, Europe, and other countries). Where we transfer your personal data outside the UK, we ensure that an appropriate level of protection is maintained, including by use of:
- (a) transfers to countries that the UK has determined provide an adequate level of data protection;
- (b) the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, where required;
- (c) other appropriate safeguards as required under UK GDPR.
6. How Long We Keep Your Data
- 6.1 We keep personal data only for as long as necessary for the purposes for which it was collected, and to comply with our legal and regulatory obligations:
- (a) Client records (including contact details, transaction records, and correspondence) — for the duration of the business relationship and for at least 6 years after the last transaction, to comply with HMRC record-keeping requirements;
- (b) Designer records — for the duration of the engagement and for at least 6 years after the engagement ends;
- (c) Marketing contacts — until you unsubscribe or until 3 years of inactivity, whichever is sooner;
- (d) Website usage data — typically up to 2 years for analytics purposes;
- (e) Records relating to legal claims or disputes — until the relevant limitation period expires.
- 6.2 Once personal data is no longer needed, we will delete it or anonymise it so it can no longer be associated with you.
7. Cookies
- 7.1 The Site uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a website.
- 7.2 We use the following types of cookies:
- (a) Strictly necessary cookies — essential for the operation of the Site, including maintaining your session and remembering your preferences. These cannot be disabled.
- (b) Analytics cookies — help us understand how visitors use the Site so we can improve them. These are used only with your consent.
- (c) Functional cookies — used to remember your preferences for return visits.
- 7.3 You can manage cookie preferences via your browser settings. You can also withdraw consent to non-essential cookies at any time via the cookie banner on the Site.
8. Artificial Intelligence and Your Data
- 8.1 The Site uses third-party AI services for limited features, including a try-on preview function. We have configured these services with the most restrictive available data privacy controls:
- (a) AI requests are routed through OpenRouter, an enterprise AI routing platform, with Zero Data Retention (ZDR) enforced both globally and on every individual request;
- (b) We do not use any AI service that may train on your data or our designers' artworks;
- (c) We do not use OpenAI, ChatGPT, or any consumer-grade AI service for any function involving artworks or your personal data;
- (d) Personal data is not deliberately submitted to AI services as part of any feature.
- 8.2 Designer artwork uploaded to power try-on previews is processed in transient sessions on ZDR-compliant endpoints with the additional "No Caching" filter applied. This means the artwork is not stored on disk, not retained in memory or cache, not used to train any AI model, or disclosed to any third party beyond the strictly necessary processing required to generate the preview.
- 8.3 We may from time to time change the underlying AI providers used by OpenRouter as the technology evolves, but commit to maintaining the ZDR-only routing policy described in this clause.
9. Data Security
- 9.1 We have put in place appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- (a) encryption of data in transit and at rest where appropriate;
- (b) access controls and authentication for our systems;
- (c) regular review of our security practices;
- (d) use of reputable cloud service providers with strong security credentials.
- 9.2 While we take security seriously, no method of transmission over the internet or method of electronic storage is fully secure. We cannot guarantee absolute security but we use reasonable measures to protect your personal data.
10. Your Rights
- 10.1 Under UK GDPR, you have the following rights in relation to your personal data:
- (a) Right of access — to obtain a copy of the personal data we hold about you;
- (b) Right to rectification — to correct inaccurate or incomplete data;
- (c) Right to erasure — to request deletion of your data, subject to certain exceptions;
- (d) Right to restriction of processing — to limit how we use your data;
- (e) Right to data portability — to receive your data in a structured, machine-readable format;
- (f) Right to object — to processing based on legitimate interests, including direct marketing;
- (g) Right to withdraw consent — where processing is based on consent;
- (h) Right not to be subject to automated decision-making — we do not currently make any decisions about you based solely on automated processing.
- 10.2 To exercise any of these rights, please contact us using the details in clause 1.3. We will respond within one month.
- 10.3 Right to complain. If you are not satisfied with how we handle your personal data, you have the right to complain to the UK Information Commissioner's Office (ICO):
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Helpline: 0303 123 1113 · Website: www.ico.org.uk
11. Changes to This Privacy Policy
- 11.1 We may update this Privacy Policy from time to time. The date at the top of the Policy indicates when it was last revised. Material changes will be communicated via the Site or by email where appropriate.
- 11.2 We encourage you to review this Privacy Policy periodically.
12. Contact Us
- 12.1 For any questions about this Privacy Policy or our data protection practices, please contact us using the details in clause 1.3.