Privacy Policy.

1. About this policy

This policy explains how ATELIA LIMITED (Atelia, we, us, our) collects, uses, stores, and shares personal data when you visit our website, use our products, contact us, or otherwise engage with our services. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

If you do not agree with this policy, please do not use our website or services.

2. Who we are

ATELIA LIMITED is a private company limited by shares, registered in England and Wales under company number 17073257, with its registered office at 167-169 Great Portland Street, London, England, W1W 5PF.

We are the data controller for personal data collected through this website and our products, except where stated otherwise.

You can contact our Data Protection Lead, Reema Raisinghani, by emailing privacy@atelia.ai or reema@atelia.ai.

3. Personal data we collect

We collect the following categories of personal data.

3.1 Information you give us directly

• Contact details. Name, email address, company, role, city.
• Profile information. Self-described shopping preferences, catalogue size (for brand enquiries), and similar context you choose to share.
• Communications. The content of any messages, forms, or correspondence you send us.
• Consent records. Whether and when you gave consent for specific processing activities.

3.2 Information we collect automatically

• Technical data. IP address, browser type and version, device type, operating system, time zone setting.
• Usage data. Pages visited, time spent on pages, referring URL, broad interaction patterns.
• Cookies and similar technologies. See our Cookie Policy for details.

3.3 Information from product use

When you use the Atelia product, including via our live demo at atelia.kenway.biz, we may also collect queries you submit, products you view, and interactions with recommendations. We use this information to operate, improve, and personalise the service. See our Data and AI page for how we use this in our AI systems.

4. How we use your personal data

We use your personal data for the following purposes.

• To respond to enquiries you send us and to deliver the information, products, or services you have requested.
• To operate and improve the Atelia product and website, including diagnosing technical issues and analysing usage patterns.
• To send service messages and, where you have consented, occasional updates about Atelia.
• To comply with our legal, accounting, and regulatory obligations.
• To protect our rights, property, and the safety of our users and our service, including detecting and preventing fraud, abuse, and security incidents.
• For internal research and development, including training and improving our AI systems on aggregated and where possible anonymised data. See our Data and AI page.

5. Lawful bases under UK GDPR

We rely on the following lawful bases under Article 6 of the UK GDPR.

• Consent. Where you have given clear consent to a specific purpose, for example by checking a consent box on a form or accepting non-essential cookies. You may withdraw consent at any time by writing to privacy@atelia.ai.
• Contract. Where processing is necessary to take steps at your request before entering into a contract, or to perform a contract we have with you.
• Legitimate interests. Where it is in our legitimate interests to process the data, such as understanding how our website is used, improving our products, securing our services, and engaging in business-to-business communications. We balance these interests against your rights and freedoms.
• Legal obligation. Where we must process your data to comply with the law.

6. Who we share your data with

We do not sell your personal data. We share it only with the following categories of recipient, and only as needed.

• Service providers and sub-processors. Trusted third parties that help us run our website and product, including cloud hosting providers, email delivery services (for example Formspree, which processes our contact form submissions), analytics providers, and customer communication tools. All sub-processors are bound by written contracts that require them to handle personal data in line with UK GDPR.
• AI model providers. Atelia uses third-party large language model providers, including but not limited to OpenAI, Anthropic, and Google. Where personal data is sent to these providers we minimise it and, where possible, anonymise or pseudonymise it. See our Data and AI page.
• Professional advisers. Lawyers, accountants, auditors, and insurers, where required for the running of our business.
• Authorities. Where required by law, court order, or to protect our rights, users, or service.
• Successors. If we are involved in a merger, acquisition, financing, or sale of assets, your data may be transferred as part of that transaction, subject to standard confidentiality protections.

7. International transfers

Some of our service providers and sub-processors are based outside the United Kingdom or the European Economic Area. Where we transfer your personal data outside the UK, we ensure that the transfer is protected by one of the following safeguards.

• The destination country is covered by a UK adequacy decision.
• Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), including the UK International Data Transfer Addendum where appropriate.
• Another lawful transfer mechanism under Article 46 of the UK GDPR.

You can request details of the specific safeguards in place for any transfer by writing to privacy@atelia.ai.

8. How long we keep your data

We keep personal data only for as long as we need it for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Enquiry and waitlist data. Up to 24 months from your last interaction, unless you ask us to delete it sooner.
• Account or product usage data. For the duration of your use of the product, and for up to 24 months after, for legitimate operational and analytical purposes.
• Communications. For up to 36 months for service quality and dispute resolution.
• Records required by law. For the minimum period required by applicable law (for example, tax or company law records).

When personal data is no longer needed, we will securely delete or anonymise it.

9. Your rights

Under UK GDPR, you have the following rights in relation to your personal data.

• Access. The right to ask for a copy of the personal data we hold about you.
• Rectification. The right to ask us to correct inaccurate or incomplete data.
• Erasure. The right to ask us to delete your personal data in certain circumstances.
• Restriction. The right to ask us to restrict the processing of your personal data in certain circumstances.
• Objection. The right to object to processing carried out on the basis of our legitimate interests or for direct marketing.
• Portability. The right to receive your personal data in a structured, commonly used, and machine-readable format, and to ask us to transmit it to another controller where technically feasible.
• Withdraw consent. Where we rely on consent, the right to withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.
• Complain. The right to complain to the Information Commissioner's Office, the UK supervisory authority for data protection, at ico.org.uk. We would, however, appreciate the chance to address your concerns first, so please contact us before approaching the ICO.

To exercise any of these rights, please write to privacy@atelia.ai. We will respond within one month, although in complex cases we may extend this by up to two further months and will let you know if so.

10. Children

Atelia is not intended for, marketed to, or designed for use by people under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided personal data to us, please contact privacy@atelia.ai and we will take steps to delete it.

11. Security

We take the security of your personal data seriously. We use appropriate technical and organisational measures, including encryption in transit, access controls, audit logging, and regular review of our security practices, to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

No method of transmission over the internet is fully secure. Where we are aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO without undue delay and, where required, you directly.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top. Where the changes are material, we will take additional steps to bring them to your attention, such as a notice on our website or, where appropriate, by email.

13. How to contact us

If you have any questions about this policy, our use of your personal data, or to exercise any of your rights, please contact our Data Protection Lead.

• Email. privacy@atelia.ai or reema@atelia.ai.
• Post. Reema Raisinghani, Data Protection Lead, ATELIA LIMITED, 167-169 Great Portland Street, London, England, W1W 5PF.
• Phone. +44 7411 721062.