Atlas ApexAtlasApex

Legal

Privacy Policy

Last updated: 12 May 2026

Introduction

ATLASAPEX OÜ (“ATLAS Apex”, “we”, “our”, “us”), an Estonian private limited company registered under code 17493706 with its seat at Pärnu mnt 388b, 11612 Tallinn, Estonia, is the data controller responsible for the processing described in this policy. We operate in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR) and the Estonian Personal Data Protection Act.

What Data We Collect

We collect only the information you voluntarily provide through our contact form:

  • Name
  • Email address
  • Company name
  • Role or job title (if provided)
  • Sector (if provided)
  • Current identity provider or identity stack (if provided)
  • Project timing (if provided)
  • Message content describing your inquiry

We do not use tracking cookies, third-party analytics, or advertising pixels. We do not collect data passively beyond standard server access logs (IP address, browser type, timestamp), which are retained for security and abuse-prevention purposes only.

We do not collect personal data from third-party sources, public scraping, data brokers, or enrichment services. All personal data we hold originates from your direct submission to us.

For browser-storage specifics (cookies, localStorage, sessionStorage), see our Cookie Policy.

Lawful Basis for Processing

We process contact form data on the basis of Article 6(1)(b) GDPR (steps taken at your request prior to entering a contract) and Article 6(1)(f) GDPR (our legitimate interest in responding to business inquiries and maintaining the security of our website, applicable to server access logs).

Google Analytics processing is carried out on the basis of Article 6(1)(a) GDPR (your consent). You may withdraw consent at any time via the cookie preferences dialog in the footer, with no effect on the lawfulness of processing prior to withdrawal.

How We Use Your Data

The data you submit through our contact form is used solely to:

  • Respond to your inquiry
  • Assess whether we can assist with your identity challenge
  • Follow up on the conversation if mutually agreed

We do not sell, share, or transfer your data to third parties for marketing purposes. We do not use your data for automated decision-making or profiling under Article 22 GDPR.

Recipients and Processors

Contact form submissions are relayed to a private Slack workspace operated by us. The processor for that workspace is Slack Technologies Limited (an EU-based entity with its parent company in the United States). The website is hosted on our self-managed hosting infrastructure inside the European Union; server-side logs may temporarily contain submission metadata.

Where you grant Analytics consent, aggregated usage telemetry is processed by Google Ireland Limited via Google Analytics 4 (IP anonymisation enabled, ad personalisation and Google Signals disabled). No analytics processing takes place if you reject or do not grant consent.

We do not disclose your data to any other recipient unless required by applicable law, court order, or to protect our legal rights.

International Transfers

Where data is processed by Slack or Google (the latter only on Analytics consent), transfers outside the European Economic Area may occur. Such transfers are covered by the European Commission Standard Contractual Clauses and, where applicable, by the processor's certification under the EU-US Data Privacy Framework. No other international transfers take place.

Data Retention

Contact form submissions are retained for no longer than 12 months from the date of submission, unless an ongoing business relationship exists. Where a submission leads to an engagement, the relevant records are migrated to our client files and retained for the duration of the engagement and thereafter as required by the Estonian Accounting Act (currently 7 years for accounting-relevant records). Server access logs are retained for a maximum of 90 days. You may request earlier deletion at any time, subject to legal retention obligations.

Security Measures

In line with Article 32 GDPR, we apply appropriate technical and organisational measures, including transport-layer encryption (TLS) for all submissions, access controls on hosting infrastructure, the principle of least privilege for Slack workspace access, encrypted storage on hosting volumes, multi-factor authentication on administrative accounts, and periodic review of processor security posture. Identity architecture is our profession; we apply the same standards to our own environment.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to restrict processing: Request that we limit how we use your data
  • Right to object: Object to the processing of your personal data

To prevent unauthorised disclosure, we may request reasonable proof of identity before acting on a request. We will respond within one month of receipt, extendable by up to two further months for complex or numerous requests, in accordance with Article 12 GDPR.

Data Protection Officer

We have assessed our processing under Article 37 GDPR and have determined that appointment of a Data Protection Officer is not mandatory for our scale and nature of processing. Privacy matters are handled by company management. You may reach us at privacy@atlas-apex.eu.

Children

Our services and website are directed at business users. We do not knowingly process personal data of persons under 16. If you believe we have collected data of a minor, please contact us and we will delete it.

Contact and Complaints

To exercise any of your rights or for questions about this privacy policy, contact us at privacy@atlas-apex.eu.

Our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI), Tatari 39, 10134 Tallinn, Estonia, info@aki.ee, telephone +372 627 4135. You may also lodge a complaint with the supervisory authority of your habitual residence or place of the alleged infringement.

Changes to This Policy

We may update this policy from time to time. The current version is identified by the “last updated” date at the top of this page. Material changes will be communicated where reasonably practicable.