Policy Resources
Menu
Data Transfer
International Data Transfer Tools
In the context of UK data transfers, the Standard Contractual Clauses (SCCs), have been replaced or supplemented by the International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum (UK Addendum). See here for up-to-date document templates.
These are legally approved, pre-written contract terms used by Atom to ensure that when personal data is transferred from the UK to a country that does not have a UK “adequacy decision” (meaning it is not deemed to provide an adequate level of data protection), the data remains protected to the standard required by UK data protection law (the UK GDPR and Data Protection Act 2018).
Here is a breakdown of the key clauses/mechanisms currently in use for UK international data transfers:
- International Data Transfer Agreement (IDTA)
- What it is: A standalone contract issued by the UK’s Information Commissioner’s Office (ICO).
- Purpose: It is used as an appropriate safeguard for transferring personal data out of the UK to a third country that lacks a UK adequacy decision.
- Key Features: It imposes specific, binding contractual obligations on both the data exporter (the UK organisation sending the data) and the data importer (the foreign organisation receiving the data) to protect the personal information. This includes obligations relating to data security, data subjects’ rights, and accountability to the ICO.
- International Data Transfer Addendum (UK Addendum)
- What it is: A short add-on document that is used alongside the European Commission’s new Standard Contractual Clauses (EU SCCs).
- Purpose: It modifies the EU SCCs to make them compliant with UK data protection law. This is often used by multinational businesses that transfer data from both the EU and the UK, as it allows them to use a single, unified contract set (the EU SCCs + the UK Addendum) for both jurisdictions.
- Core Purpose of the Clauses
The goal of both the IDTA and the UK Addendum is to provide:
- Appropriate Safeguards: They contractually require the foreign data importer to apply UK-level data protection standards.
- Enforceable Rights: They ensure that the individuals whose data is being transferred maintain their rights under the UK GDPR and have a mechanism for redress (e.g., through legal claims or complaints to the ICO).
In essence, if the country is not adequate, the clauses act as a contractual bridge to provide the necessary protection. Atom can choose to select IDTA or the UK Addendum (with the EU SCCs) as the “appropriate measure” per section 9.7(b) of our Privacy Policy.
Data Retention
Atom Freelance Ltd
Data Retention Policy
Last Updated: 14/12/2025
This policy outlines our commitment to retaining and deleting data in compliance with legal and business requirements.
- Scope and Purpose
This policy applies to all data, whether physical or electronic, held by Atom Freelance Ltd (the “Company”). Its purpose is to ensure that data is only retained for as long as it is necessary for the purposes for which it was collected, or as required by law.
- Retention Principles
We adhere to the following key principles regarding data retention:
- Necessity: Data will be kept for no longer than is necessary to fulfil the purpose for which it was collected.
- Legal Compliance: We will retain data to meet our legal, accounting, and regulatory obligations.
- Security: Data scheduled for destruction will be securely disposed of to prevent unauthorized access.
- Retention Schedule
The following table provides general retention periods for common categories of data. These periods are minimum requirements and may be extended if required for specific legal or operational reasons.
| Data Category | Examples of Data | Minimum Retention Period | Rationale |
|---|---|---|---|
| Customer/User Data | Account profiles, order history, communication records. | 6 years (country specific) after the customer’s account is closed or their last interaction. | To resolve disputes, comply with financial regulations, and analyse customer trends. |
| Financial Records | Invoices, receipts, tax documents, bank statements. | 6 years (in line with most major tax laws). | Legal and tax compliance. |
| Employee/HR Data | Employment contracts, payroll information, performance reviews. | 6 years after the employee’s termination date. | Employment law and statutory requirements. |
| System/Technical Logs | Server logs, security audit trails, IP addresses. | 1 year. | Security, troubleshooting, and regulatory audit purposes. |
| Marketing Data | Mailing list sign-ups, consent records. | Until consent is withdrawn, plus a short grace period (e.g., 6 months) for processing deletion. | Compliance with marketing and data protection laws (e.g., GDPR, CCPA). |
Note: Where legal proceedings or investigations are anticipated or underway, retention periods for relevant data may be temporarily suspended until the matter is fully resolved.
- Data Disposal (Destruction)
When the retention period for a category of data expires, the Company will securely dispose of the data in a manner appropriate to its format:
- Electronic Data: Permanent deletion from all active systems, backups, and archives, rendering the data irretrievable.
- Physical Records: Shredding, pulping, or incineration to ensure the documents are unreadable.
- Contact Information
If you have any questions about this Data Retention Policy or our data disposal practices, please contact us at https://atomhub.co.uk/contact
Atom Freelance Ltd
Office 312, The Base
Dallam Lane
Warrington WA2 7NG
Registered in England & Wales
Company number 14871614
Handbooks
Atom Freelance Ltd
Policies and Staff Handbook
Download the Atom Freelance Ltd Policies and Staff Handbook PDF here.