Our Policies

Terms & Conditions
Privacy Policy
Information Security Policy
Incident Response Policy
Cyber Policy

ByAtlas Ltd Terms and Conditions


1.      DEFINITIONS

1.1          In theseTerms and Conditions, the following definitions apply:

Advertising Spend: means all charges, costs and expenses whichare charged by ByAtlas in connection with the procurement and supply of thedigital advertising as part of the Services and which are payable by theClient.

Business Day: any day (but excluding a Saturday or Sunday)on which the London clearing banks are open for business in England.

Charges: the Management Fee (if set out in the Service Order or otherwiseagreed in writing) and the Advertising Spend and any other charges specifiedand payable for the provision of the Services as set out in the Service Order.

Client: the client named in the Service Order.

Client Material: any documents, manuals, data, materials orother information supplied by or on behalf of the Client to ByAtlas for use inthe provision of the Services including without limitation, creative and othermaterials.

Confidential Information: the terms and conditions of thisagreement, and information (including data) that one party (the ReceivingParty) has received or will receive from the other party (Disclosing Party)that is proprietary and confidential to the Disclosing Party.

Data Protection Law: as applicable the Data Protection Act 2018,the General Data Protection Regulation ((EU) 2016/679), (and any UK law whichimplements or acts as a domestic equivalent of it in whole or in part), and anyapplicable laws, regulations or secondary legislation relating to privacy ordata protection, as amended or updated from time to time.

Entire terms: These terms, together with associateddocumentation referred to therein to which they relate, contain all the termsbetween ByAtlas and the Client. These Terms supersede all prior agreementsbetween the ByAtlas and the Client prevail over any contrary or alternativeterms of yours or of any third party

Inappropriate Content: any data or other material that:(a)  isobscene, indecent, pornographic, seditious, offensive, defamatory, threatening,liable to incite racial or religious hatred, menacing, blasphemous; (b) infringes any applicable laws or regulations; or (c)  is in breachof any third-party Intellectual Property Rights.

Intellectual Property Rights: any and all intellectual propertyrights arising anywhere in the world, whether registered or unregistered (andincluding any application), including copyright, know-how, confidentialinformation, trade secrets, business names and domain names, trademarks,service marks, trade names, patents, petty patents, utility models, designrights, semi-conductor topography rights, database rights and all rights in thenature of unfair competition rights or rights to sue for passing off.

Liability: any and all liability of ByAtlas in contract, tort (including,without limitation, negligence or breach of statutory duty), misrepresentation,mis-statement, restitution, infringement of Intellectual Property Rights orotherwise, whether arising out of, in connection with or in relation to theServices or the supply or non-supply of the Services or otherwise under or inconnection with this agreement.

Management Fee: means (if set out in the Service Order orotherwise agreed in writing) a fee payable by the Client in addition to theAdvertising Spend which is calculated in accordance with the Service Order.

Review: please review these terms carefully and contact us promptly if you haveany questions

Service Order: the order document describing the Services andsetting out amongst other things the Charges and the terms in a letter ofengagement, service order, purchase order, statement of work or other agreeddocument.

Services: the services to be provided by ByAtlas to the Client as set out inthe Service Order.

Update: ByAtlas reserves the right to update these terms and conditions.

ByAtlas: ByAtlas Ltd (registered number 15816292) Picton House, LowerChurch Street, Chepstow, Wales, NP16 5HJ

ByAtlas Material: all documents, manuals, data, materials orother information provided by ByAtlas in relation to the Services (excludingany Third Party Material).

Third Party Material: any material originated by a third party andsupplied by ByAtlas to the Client pursuant to the Services

1.2          This agreementconsists of these Conditions, the Service Order together with all appendicesand schedules attached to this agreement. In the event of conflict betweenthese Conditions and the Service Order, these Conditions will prevail.

 

2.      THE SERVICES

2.1          ByAtlas shallprovide and the Client shall purchase the Services subject to the terms of thisagreement.  The Client shall ensure that the details set out in theService Order (including any specifications) are sufficient and appropriate forthe Client’s requirements.

2.2         ByAtlas reserves theright (but are under no contractual obligation) to make any changes to theServices which are necessary to conform to any applicable safety or otherstatutory, regulatory, code of conduct or legal requirements.  ByAtlasreserves the right to make such other changes to the Services (provided they donot materially affect the nature and quality of the Services) if in ByAtlas’sreasonable opinion such changes assist with the delivery of the Services underthe terms of this agreement.

2.3         ByAtlas will:

2.3.1     provide the Services withreasonable care and skill; and

2.3.2      use reasonable endeavours to ensurethat the Services comply with their specification in the Service Order at thetime of delivery.

2.4         ByAtlas shall not beliable for any costs, claims, demands, expenses, losses, damages andliabilities or other claims of any nature whatsoever caused by or arising from:

2.4.1       any Client Material,information or instructions supplied by the Client being incomplete, incorrect,inaccurate, illegible, out of sequence or in the wrong form;

2.4.2      any act or omission of the Client,its personnel, or any other person contracted to the Client;

2.4.3     any failure by the Client to comply withany legal or statutory obligations or regulations;

2.4.4     any failure by the Client to comply withany recommended course of action which ByAtlas make to the Client as part ofthe Services;

2.4.5     any act or omission of any third partyperson (not within ByAtlas’s reasonable control); and

2.4.6     any infringement of Intellectual PropertyRights or any other rights of any third party arising from the Client Material.

2.5         The partiesacknowledge their understanding that ByAtlas is acting as an independentcontroller for the purposes of Data Protection Law in providing the Services.The Client shall ensure that, for any personal data it provides to ByAtlas, ithas obtained all necessary consents and provided all necessary notices toensure that such provision is compliant with Data Protection Law and thatByAtlas’s use of such personal data for the purposes of providing the Servicesis compliant with Data Protection Law. 

2.6         To the extent thatByAtlas report on any conversion rates or similar metrics, it is acknowledgedthat certain devices and browsers technically restrict the ability to measureactivity on their browsers or devices. In connection with these situationsByAtlas is therefore limited in it’s ability to report. In these situations itis agreed that ByAtlas shall base their reporting on predicted outcomes whichare based upon measurements for activity carried out on devices and browserswhere no such technical restrictions are in place.

 

3.      CLIENT OBLIGATIONS

3.1          The Clientwill:

3.1.1        co-operate with ByAtlasin all matters relating to the Services (including but not limited to providingsuch access and assistance in relation to its relevant accounts and revenueinformation as required by ByAtlas);

3.1.2       be responsible for theaccuracy of any Client Material (whether supplied by the Client or by any thirdparty) and for ensuring that the Client Material is provided in a timely mannerand in such format as is agreed between the parties;

3.1.3       ensure that all ClientMaterial is scanned for viruses or other destructive or contaminating programsor disabling devices using commercially-available anti-virus software that hasbeen updated in accordance with good industry practice;

3.1.4       ensure that the ClientMaterial does not contain material which contains Inappropriate Content;

3.1.5       obtain and maintain allnecessary licences and consents and comply with all relevant legislation inrelation to the Services and the use of the Client Material, in all casesbefore the date on which the Services are to start; and

3.1.6      retain duplicate copies of anyClient Material which the Client provides to ByAtlas.

3.2         The Client agrees toindemnify and keep indemnified ByAtlas from and against all costs, claims,demands, liabilities, expenses, damages or losses (including without limitationany direct or indirect consequential losses, loss of profit and loss ofreputation, and all interest, penalties and legal and other professional costsand expenses) arising out of or in connection with any claim that any theClient Material contains or comprises Inappropriate Content or any failure ofthe Client to comply with Condition 3.1.

3.3         Upon delivery of theServices (which for the purpose of this Condition shall include any report) theClient shall be responsible for inspecting the Services and shall notifyByAtlas in writing within 14 days of delivery of any allegation that theServices do not comply with this agreement (including the relevant ServiceOrder) or are otherwise incorrect. If the Client fails to give such notice inaccordance with this Condition, the Services shall be deemed to comply with theterms of this agreement (and are otherwise correct) and the Client shall not beentitled to make a claim afterwards that the Services do not comply with theterms of this agreement (or are otherwise incorrect) except where suchnon-compliance would not have been apparent on a reasonable inspection of theServices. 

 

4.      PAYMENT OF CHARGES

4.1          Inconsideration of ByAtlas agreeing to provide the Services the Client willpay to ByAtlas the Charges.

4.2         Except as set out inthe Service Order or as otherwise agreed in writing, the Charges will beinvoiced by ByAtlas as follows:

4.2.1       any fixed or recurringCharges: monthly in advance; and

4.2.2      any other Charges: monthly inarrears.

4.3         Except as set out inthe Service Order or as otherwise agreed in writing, all advance payments willbe non-refundable and all Charges are exclusive of VAT and expenses which willbe added to invoices.

4.4         Except as set out inthe Service Order or as otherwise agreed in writing, all sums due under thisagreement will be paid in full within 14 days of the date of the relevantinvoice save that Charges which are payable in advance must be paid in full andcleared funds at the start of the month of which they relate.

4.5         If any sum due fromthe Client to ByAtlas under this agreement is not paid by the due date for thatsum then (without prejudice to any other rights and remedies available toByAtlas) ByAtlas reserves the right to suspend or cancel the Services andcharge the Client interest on such sum on a day to day basis, compoundedmonthly, at the annual rate of 8% above the prevailing Bank of England baserate from time to time from the date when payment became due until the date onwhich payment has been received together with any interest which has accruedunder this condition.

4.6         The Client will payall amounts due under this agreement in full without any deduction orwithholding except as required by law and the Client will not be entitled toassert any credit, set-off or counterclaim against ByAtlas in order to justifywithholding payment of any such amount in whole or in part. ByAtlas may,without limiting its other rights or remedies, set off any amount owing to itby the Client against any amount payable by ByAtlas to the Client.

4.7         ByAtlas may revisethe Charges at any time by giving by not less than 30 days prior notice inwriting to the Client.

4.8         If the Service Orderprovides that the Client shall pay any Charges directly to a third partyservice provider the Client acknowledges that it is a material provision ofthis agreement that it shall pay such Charges to the third party providerpromptly and in full.

4.9         Where applicable,the Client shall be liable for Charges upon a click or action occurringregardless of whether or not the Client’s webpage is operational for any reasonwhatsoever.

4.10       If there is any excess in thesum paid in advance by the Client in any month, ByAtlas shall issue a creditnote to for the excess sum paid or, at ByAtlas’s discretion, return any excesspayment to the Client or set off such excess sum paid against ByAtlas’ssubsequent invoices or against any other sums owing by the Client toByAtlas. 

4.11 VAT is payable on our charges. Our VAT registration number is GB476225282

4.12 Ways to pay - please pay by bank transfer

4.13 Currency conversion.  If youpay us in a different currently from the currency in which payments wasrequested, we will convert the payment at our bank’s standard exchange ratesand deduct any charges we incur in receiving such funds.  You remain liable for any shortfall afterconversation of payment and deduction of charges.

4.14 our bank details for payments will be provided,.

 

5.      TERMINATION

5.1          ByAtlas mayterminate this agreement immediately by notice in writing to the Client if anyamount payable by the Client under this agreement remains outstanding more than7 days after the due date for that amount.

5.2         Either party mayterminate this agreement immediately by notice in writing to the other partyfor any of the following reasons:

5.2.1       upon a material breach by theother party of any part of this agreement which is incapable of remedy orwhich, if capable of remedy, is not remedied within seven (7) days of thedefaulting party receiving notice of such breach from the non-defaulting party;or

5.2.2      if the other party becomes subjectto an administration order; a receiver or administrative receiver or similar isappointed over, or an encumbrancer takes possession of any of the other party'sproperty or assets; the other party enters into an arrangement or compositionwith its creditors, ceases or threatens to cease to carry on all or asubstantial part of its business, goes into liquidation or bankruptcy, becomesinsolvent, or suspends or threatens to suspend payments of its debts or is unableto pay its debts as they fall due.

5.3         ByAtlas may, at itsdiscretion, and without limitation to any other rights or remedies it may have,suspend provision of all or any part of the Services if:

5.3.1       any amount payable by theClient under this agreement remains outstanding after the due date for thatamount; or

5.3.2     upon a breach by the Client of any part ofthis agreement, until that breach is remedied.

5.3.3    The period of notice inwriting required is 7 days

 

6.      EFFECTS OF TERMINATION

6.1          In the eventthat this agreement is terminated for any reason whatsoever:

6.1.1        ByAtlas shall beentitled to issue an invoice for any un-invoiced Charges in respect of Serviceswhich are provided prior to the date of termination and for any other sumspayable by the Client under this agreement, and such invoice shall beimmediately due and payable by the Client;

6.1.2       the Client shall pay to allsums then owing in respect of invoices already issued prior to the date oftermination; and

6.1.3      each party shall return to the otherany Confidential Information (including ByAtlas Material (which for thepurposes of this Condition will include Third Party Material) and ClientMaterial) belonging to such party and all copies of the whole or any partthereof or, if requested by the disclosing party, shall destroy the same andcertify in writing to the disclosing party that it has been destroyed.

6.2         In the event thatthis agreement is terminated by ByAtlas under condition 5, ByAtlas shall beentitled to issue an invoice for all Charges in respect of Services which wouldhave been provided during the remainder of the term had this agreement not beenterminated, and such invoice shall be immediately due and payable by theClient.

6.3         Any termination orexpiry of this agreement (howsoever occasioned) shall not affect any accruedrights or liabilities of either party nor shall it affect the coming into forceor the continuance in force of any provision hereof which is expressly or byimplication intended to come into or continue in force on or after suchtermination.   

 

7.       LIABILITY

7.1          Nothing inthis agreement will limit ByAtlas's liability for :

7.1.1        personal injury or deathcaused by its negligence; or

7.1.2       fraudulent misrepresentation.

7.2         Subject to Condition7.1, ByAtlas will have no Liability for any of the following losses or damage(whether such losses or damage were foreseen, foreseeable, known or otherwise):

7.2.1       loss of revenue, loss ofactual or anticipated profits (including for loss of profits on contracts),loss of the use of money, loss of anticipated savings, loss of business orbusiness contracts, loss of opportunity, loss of goodwill, loss of reputation,loss of, damage to or corruption of data or goods; or

7.2.2      any indirect or consequential lossor damage howsoever caused (including, for the avoidance of doubt, whether ornot such loss or damage is of a type specified in Condition 7.2.1).

7.3         Subject toConditions 7.1 and 7.2 above, ByAtlas’s total aggregate Liability under or inconnection with this agreement and all other agreements and arrangementsbetween the parties will be limited to £10,000,000

7.4         The Clientacknowledges that it has assessed for itself the suitability of the Servicesfor its requirements, and (for the avoidance of doubt) ByAtlas does not warrantthat the Services will meet such requirements.

7.5         The warranties andconditions stated in this agreement replace all other warranties, conditions orother terms, whether express or implied, statutory or otherwise, all of whichare expressly excluded, including, without limitation, any implied warrantiesor conditions as to satisfactory quality, fitness for a particular purpose oras to the use of reasonable skill and care. 

7.6       The maximum liability forany loss whatsoever is £10,000,000.  Wedo not accept any liability for any third party interest whatsoever.

7.9       We are not liable for theacts or omissions or third parties

7.10     Matters outside ourcontrol. We are not liable for matters outside our control. This includes,without limitation, industrial action, act of God, war, riot, civil commotion,acts of terrorism, theft, malicious damage, accident, failure or breakdown ofplant, computers, communications systems, machinery, vehicles, fire, flood,extreme weather conditions, Covid-19 or other disease epidemic or pandemic,power failure or failure of telecommunications services. If any such occurrenceadversely impacts us, we shall notify you as soon as reasonably practicable.

 

8.       INTELLECTUAL PROPERTY RIGHTS

8.1          AllIntellectual Property Rights in the Services and the ByAtlas Material shall bethe sole property of ByAtlas. The Client shall not during or at any time afterthe term of this agreement in any way question or dispute the ownership byByAtlas of the same, and the Client shall not at any time transfer, sell ordistribute the same.

8.2         Subject to paymentin full of all Charges and compliance with the other terms and conditions ofthis agreement, ByAtlas grants the Client a non-exclusive licence during theterm of the applicable Service Order to use ByAtlas’s Intellectual PropertyRights in the Services and the ByAtlas Material to such extent as is necessaryto enable the Client to make reasonable use of the ByAtlas Material andServices delivered pursuant to the applicable Service Order.

8.3         All IntellectualProperty Rights in any Client Material shall belong to the Client (save to theextent that they contain any ByAtlas Material) and the Client hereby grantsByAtlas and its service providers a non-exclusive licence to use allIntellectual Property Rights in the Client Material for the purpose ofproviding the Services.

8.4         The Client agrees tocomply with any additional licensing requirements notified to it in respect ofThird Party Material supplied to it by ByAtlas.

8.5         Without limitationto any of ByAtlas’s other rights whether under this agreement or otherwise, theClient will not:

8.5.1      make any copies of the whole or anypart of the ByAtlas Material or Third Party Material without the expresswritten consent of ByAtlas other than in accordance with this agreement;

8.5.2     use its access to the ByAtlas Material orThird Party Material in order to recreate (or enable or assist any third partyto recreate) the whole or any part of the ByAtlas Material or the Third PartyMaterial or the database structures underlying the same, or to attempt to doso; or

8.5.3     use, or allow any other person to use, theByAtlas Material or Third Party Material for any purpose other than pursuant tothis agreement, including without limitation any use in relation to the supplyby any other person of any other services to the Client.

 

9.       CONFIDENTIALITY

9.1          Both partieswill keep confidential and will ensure that its employees and sub-contractorskeep confidential and will not (except as expressly authorised by the otherparty) use or disclose or attempt to use or disclose the other’s ConfidentialInformation which comes to the knowledge of either party during this agreement. Each party undertakes to the other that any sub-contractors engaged by itin relation to the Services to be provided under this agreement will firstenter into obligations of confidentiality on no less onerous terms than thosespecified in this Condition.

9.2         The restrictioncontained in Condition 9.1 will apply both during and after the term of thisagreement but will not apply to information or knowledge which:

9.2.1       has in its entirety becomepublic knowledge otherwise than through any unauthorised disclosure or otherbreach of such restriction;

9.2.2      has already come into the possessionof a party from an independent third party without breach of any obligation ofconfidentiality; or

9.2.3     the party whose Confidential Informationit is has consented in writing to being disclosed.

9.3         Nothing in thisagreement will restrict disclosure:

9.3.1       to third parties to the extentnecessary to comply with legal, accounting or regulatory requirements;

9.3.2     to the professional advisers of theparties in connection with the interpretation and operation of this agreementand any dispute arising therefrom; or

9.3.3       by ByAtlas to third parties involved theprovision of the Services.

9.4         The provisions ofthis Condition 9 replace any existing non-disclosure undertakings between theparties, any and all of which are hereby terminated.

 

10.      FORCE MAJEURE

10.1       Neither party will be liable to the other for a failure or delay inthe performance of any of its obligations hereunder (other than any obligationto pay money) if the delay or failure was due to any cause beyond the affectedparty's reasonable control Including, without limitation, strikes, lock-outs orother industrial disputes, failure of a utility service or transport network,telecommunications, network and internet disruptions, act of God, war, riot,civil commotion, malicious damage, compliance with any law or governmentalorder, rule, regulation or direction, accident, breakdown of plant ormachinery, fire, flood, storm or default of suppliers or subcontractor(a Force Majeure Event)

10.2      Upon either party becoming affected by a Force Majeure Event, thatparty will notify the other in writing immediately of that Force Majeure Eventand provide all relevant information pertaining to the Force Majeure Event,followed by written notice of when the Force Majeure Event hasceased.  

10.3      In the event that the Force Majeure Event subsists for a period ofmore than three months, either party may terminate this agreement by notice inwriting. 

 

11.      NOTICES

11.1          Any notice orother communication given under this agreement will be in writing and will beserved by one of the following methods:

11.1.1        delivering itpersonally;

11.1.2       sending it by registeredfirst-class post; or

11.1.3      sending by email to the address ofthe relevant party set out in the Service Order (or as otherwise notified bythat party to the other party in writing from time to time).

11.2         Subject toCondition 11.3, any such notice or other communication will be deemed to havebeen received:

11.2.1       if delivered personally, atthe time of delivery;

11.2.2      in the case of registeredfirst-class post, 72 hours from the time of posting;

11.2.3     in the case of email, twelve hours aftersending.

11.3         If deemed receiptunder Condition 11.2 occurs other than between the hours of 9am and 5pm (at therecipient’s local time) on a Business Day, then the notice will be deemed to bereceived at 9am on the next Business Day.

11.4         Notice under thisagreement may not be validly given by fax.

11.5         This Condition 11does not apply to the service of any proceedings or other documents in anylegal action or, where applicable, any arbitration or other method of disputeresolution. 

11.6              Privacy Notice. Our Privacy Notice explains how wecollect, process and store your personal data. It also explains your rights andwhat to do in the event you have any concerns. Our Privacy Notice is at https://www.byatlas.com/policies

11.7     Cyber Policy - Our cyberpolicy is at https://www.byatlas.com/policies

 

12.      GENERAL

12.1         Assignment and Sub-Contracting

The Client may not assign, transfer or sub-license any of its rights orobligations under this agreement in whole or in part without the prior writtenconsent of ByAtlas.

12.2        Waiver

The failure of either party to enforce or to exercise any term of thisagreement does not constitute a waiver of such term and will in no way affectthat party’s right later to enforce or to exercise it.

12.3        Entire agreement

This agreement constitutes the entire agreement and understanding of theparties and supersedes any previous agreement between the parties relating tothe subject matter of this agreement.

12.4        Severability

12.4.1     If any provision of this agreement willbe found by any court or administrative body of competent jurisdiction to beinvalid or unenforceable, such invalidity or unenforceability will not affectthe other provisions of this agreement which will remain in full force andeffect.

12.4.2    If any provision of this agreement is so foundto be invalid or unenforceable but would be valid or enforceable if some partof the provision were deleted, the provision in question will apply with suchmodification(s) as may be necessary to make it valid and enforceable.

12.5        Variation

No variation of, or amendment to, this agreement will bind either partyunless made in writing and signed by an authorised representatives of bothparties. Each Service Order shall be subject to the Conditions in force whenthe Service Order is agreed.

12.6        Third Party Rights

No term of this agreement will be enforceable under the Contracts(Rights of Third Parties) Act 1999 by a third party.

12.7        Governing Lawand Jurisdiction The construction, validity and performance of this agreementwill be governed by English law and the parties irrevocably submit to theexclusive jurisdiction of the English courts

12.8     Security. We are committed to ensuring that allinformation we hold about you is secure. In order to prevent unauthorisedaccess or disclosure we have implemented appropriate physical, electronic andmanagerial procedures to safeguard and protect that information. Other datacontroller recipients of your personal data are each responsible forimplementing appropriate physical, electronic and managerial procedures tosafeguard and protect that information and to keep it secure. We haveimplemented measures to ensure compliance with the UK General Data ProtectionRegulation, the Data Protection Act 2018 and to protect your rights.

12.9     Email and documents. We may communicate with you byemail, except to the extent that you instruct us not to do so. Documents sentto you by email (whether or not containing confidential information) will notbe encrypted unless you specifically request ByAtlas in writing to encryptoutgoing email and we are able to agree with you and implement mutuallyacceptable encryption standards and protocols. We may assume emails sent fromyour accounts are from the Client, and are received as you sent them. 

12.10        Virus and defects. ByAtlas makes reasonableattempts to exclude from its emails and any attachments any virus or otherdefects that might affect any computer or IT system. However, it is yourresponsibility to put in place measures to protect your computers or IT systemsagainst any such viruses or other defects, and ByAtlas does not accept anyliability for any loss that may arise from the receipt or use of electroniccommunications from us.

12.11        Third parties. You agree that the Contracts (Rightsof Third Parties) Act 1999 does not apply to the terms of the engagementbetween Atlas and the Client, or to any subsequent amendments to those terms,except where otherwise expressly agreed in writing.  

12.12        Waiver. No delay by ByAtlas or the Client inenforcing any terms of this agreement will affect or limit their rights underthis agreement. Any waiver by ByAtlas or the Client of any breach of thisagreement shall not be deemed a waiver of any other prior or subsequent breachof this agreement. Any waiver of any contractual claim or right must be made inwriting to be effective.

12.13        Arbitration. The Firm may refer any dispute(including non-contractual claims) arising out of or in connection with eachengagement contract to arbitration under the Rules of the London Court ofInternational Arbitration, which Rules are deemed to be incorporated byreference into this clause. The number of arbitrators shall be one. The placeof the arbitration shall be London, England and this arbitration agreementshall be governed by and construed in accordance with English law. The languageof the arbitration shall be English. The Emergency Arbitrator provisions shallnot apply.

Byatlas Ltd Privacy Notice

1. Introduction

Welcome to ByAtlas. Your privacy is important to us. This Privacy Notice explains how we collect, use, disclose, and protect your information when you visit our website or engage with our services, including our programmatic display advertising campaigns activated via API integrations with third-party partners.

ByAtlas is based in the United Kingdom and is committed to complying with all applicable UK data protection laws and regulations, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website or services, you agree to the terms outlined in this Privacy Notice.

2. Who we are

ByAtlas is a UK-based advertising agency that specialises in the delivery and optimisation of programmatic display advertising campaigns. We work with a network of trusted third-party advertising platforms and technology partners, utilising API integrations to activate and manage data-driven campaigns on behalf of our clients.

3. Information we collect

We may collect the following types of personal and non-personal data:

  • Website Usage Data: Information such as IP address, browser type, device data, referring URLs, pages visited, and access times.
  • Website Usage Data: Information such as IP address, browser type, device data, referring URLs, pages visited, and access times.
  • Client and Prospect Information: Contact details (name, business email, phone number), company affiliation, and project-related communications.
  • Campaign Data: Audience targeting parameters, engagement metrics, and campaign performance indicators.
  • Third-Party Data: Anonymised or pseudonymised data from advertising platforms or data providers to support campaign delivery and optimisation.

We do not knowingly collect personal data directly from end users who see our clients' ads, unless explicitly required and agreed upon as part of a specific engagement.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve our services and website.
  • Conduct data analysis and performance tracking.
  • Communicate with clients and respond to enquiries.
  • Fulfil legal and contractual obligations under UK law.
5. Sharing of Information

We may share data with:

  • Third-Party Partners: Advertising technology platforms, DSPs, SSPs, data providers, and analytics vendors, for the purposes of campaign delivery and optimisation.
  • Service Providers: UK and international vendors providing web hosting, CRM, analytics, and IT support.
  • Legal or Regulatory Bodies: When required to comply with UK legal obligations, such as investigations, court orders, or regulatory compliance checks.

All third parties with whom we share data are required to process it in accordance with applicable data protection laws and to implement appropriate safeguards.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and measure performance. These may include first-party cookies and third-party tools (e.g., Google Analytics, ad tech pixels).

You can manage your cookie preferences via your browser settings or through the cookie management interface provided on our site, in compliance with the Privacy and Electronic Communications Regulations (PECR) in the UK.

7. Data Security

We apply appropriate technical and organisational measures to protect your data, including encryption, access controls, and regular system reviews. While no system is completely immune to risk, we take data security very seriously.

8. International Data Transfers

Some of our third-party partners and platforms may process data outside the UK. Where this occurs, we ensure that adequate safeguards are in place, such as the use of standard contractual clauses or other UK-approved mechanisms for international data transfers.

9. Your Rights

As a UK resident, you have rights under the UK GDPR and the Data Protection Act 2018, including:

  • The right to access your personal data.
  • The right to correct or delete inaccurate or outdated data.
  • The right to restrict or object to certain processing activities.
  • The right to data portability.
  • The right to withdraw consent where processing is based on consent.
  • The right to lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of your rights, please contact us at privacy@byatlas.com.

10. Children’s Privacy

Our services are intended for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Notice

We may update this Privacy Notice periodically to reflect changes in our business, services, or legal obligations. Updates will be posted on this page with a revised “Effective Date.”

12. Contact Us

If you have any questions about this Privacy Notice or how we process personal data, please contact:

ByAtlas
Email: info@byatlas.com

If you are unsatisfied with our response, you may also contact the UK Information Commissioner's Office (ICO):

https://ico.org.uk/

Last Updated: 31st January 2025

Byatlas Information Security Policy

Purpose

This Information Security Policy establishes the principles and rules necessary to ensure the confidentiality, integrity, and availability of information managed by Byatlas. It is designed to protect client data, business operations, and comply with relevant legal, contractual, and regulatory requirements, including the General Data Protection Regulation (GDPR). As a programmatic advertising agency, ByAtlas utilise the expertise of its partners and 3rd party vendors to deliver campaigns.

This policy applies to:
  • All employees, contractors, and third-party partners of Byatlas.
  • All systems, networks, software, and data used in delivering programmatic advertising services.
  • All locations where Byatlas operates, including remote work environments.
Responsibilities
  • Management is responsible for policy enforcement and providing necessary resources.
  • Employees are responsible for adhering to this policy and attending required training.
  • IT/Security personnel are responsible for implementing technical and procedural controls.
Data Classification

All data is classified as follows:

  • Confidential: Client data, targeting parameters
  • Internal: Operational documents, internal communication, forecasts and proposals
  • Public: Marketing materials, public case studies

Sensitive data (e.g., campaign performance data, user targeting information) must be encrypted and access is restricted to only those who have been granted access to online reporting.

Access Control
  • Access to systems is granted by the management team.
  • User access must be reviewed quarterly.
  • MFA (Multi-Factor Authentication) is required for administrative accounts and remote access.
Data Protection and Privacy
  • Personal data collected or processed as part of campaigns must comply with GDPR principles.
  • Data minimization and anonymization are to be used where possible.
  • A designated Data Protection Officer (DPO) oversees GDPR compliance.
Network and System Security
  • Firewalls and intrusion detection systems must be in place for all production environments.
  • All devices must use antivirus and be regularly patched.
  • Cloud infrastructure (e.g., DSP integrations, data management platforms) must be assessed for security compliance.
Third-Party Management
  • Third parties (vendors, tech partners) must sign NDAs and pass a security evaluation.
  • Contracts must include data processing agreements (DPAs) for GDPR-covered data.
Incident Response
  • All suspected breaches must be reported immediately to the Management Team.
  • An incident response plan must be followed, including notification to affected parties and regulators where required by GDPR (within 72 hours).
Business Continuity
  • Regular backups must be taken and tested.
  • A disaster recovery plan must be documented and tested annually.
Policy Review

This policy will be reviewed annually or upon significant changes to business operations or applicable law.

Enforcement

Violations of this policy may result in disciplinary action, up to and including termination or legal action.

Approved by: James Taylor

Date: 1/11/2024

Position: Managing Director

Version: 1.7

Byatlas Incident Response Plan

Purpose

The purpose of this Incident Response Plan is to provide a structured and systematic approach for identifying, managing, and responding to information security incidents that may impact Byatlas, its clients, and stakeholders.

Scope

This plan applies to all employees, contractors, systems, and data environments managed by Byatlas, including third-party services and remote work locations.

Objectives
  • Detect and respond to information security incidents quickly and effectively.
  • Minimize impact to operations and clients.
  • Comply with legal and regulatory obligations, including GDPR.
  • Prevent recurrence through root cause analysis and mitigation.
Definition of an Incident

An information security incident is any event that compromises the confidentiality, integrity, or availability of information, systems, or services. Examples include:

  • Unauthorized access to systems or data.
  • Malware, ransomware, or phishing attacks.
  • Data breaches or data leaks.
  • Denial of service (DoS) attacks.
  • Insider threats or policy violations.
Roles and Responsibilities
  • Incident Response Team (IRT): Core team responsible for coordinating incident response activities.
  • IT/Security Lead: Oversees technical containment and recovery.
  • Data Protection Officer (DPO): Manages GDPR-related assessments and notifications.
  • Communications Manager: Handles internal and external communications.
  • HR and Legal Teams: Provide support for compliance and disciplinary actions.
Incident Response Lifecycle

a) Preparation

  • Maintain up-to-date security policies and tools
  • Conduct regular security awareness training• Maintain contact list for IRT and key stakeholders

b) Identification

  • Monitor logs, alerts, and user reports for signs of incidents
  • Use automated detection tools where applicable
  • Log and categorize the incident

c) Containment

  • Short-term containment: isolate affected systems to prevent spread.
  • Long-term containment: apply temporary fixes to restore business functions.

d) Eradication

  • Identify root cause and remove malicious code or access
  • Patch vulnerabilities and update configurations

e) Recovery

  • Restore systems from clean backups.
  • Monitor systems for signs of recurrence.
  • Resume normal operations.

f) Lessons Learned

  • Conduct post-incident review within 7 days.
  • Document findings, lessons learned, and recommended improvements.
  • Update policies and controls as needed.
GDPR Compliance
  • Incidents involving personal data must be reported to the Data Protection Officer immediately.
  • If a breach is likely to result in risk to individuals' rights and freedoms, notify the appropriate data protection authority within 72 hours.
  • Notify affected individuals if there is a high risk to their rights and freedoms.
Communication
  • Internal communication must follow a controlled process via the Communications Manager.
  • External communications, including press and client updates, must be approved by senior management.
  • Avoid speculation or unverified information in any disclosure.
Documentation
  • Maintain a detailed incident log for each event.
  • Include timelines, actions taken, decisions made, and communication details.
  • Retain incident records in accordance with legal and regulatory requirements
Testing and Review
  • Conduct tabletop or simulation exercises annually.
  • Review and update the Incident Response Plan after significant incidents or at least annually.

Approved by: James Taylor

Date:1/11/2024

Version: 1.7

Position: Managing Director

Byatlas Ltd Cyber Policy

1. Purpose

The purpose of this Cyber Security Policy is to establish a framework for protecting the information systems, data, and digital infrastructure of ByAtlas Ltd ("ByAtlas") from unauthorised access, cyber threats, data breaches, and service disruptions. As a UK-based advertising agency with API integrations into third-party platforms, it is critical we uphold high security standards to protect client data, third-party integrations, and the integrity of our programmatic campaign operations.

2. Scope

This policy applies to:

  • All ByAtlas employees, contractors, and consultants.
  • All systems, software, APIs, networks, cloud platforms, and devices used for business purposes.
  • All data handled by or on behalf of ByAtlas, including client and campaign data.
3. Responsibilities

Executive Management: Ensure leadership and resourcing for cyber security initiatives.

IT/Technology Teams: Implement and monitor technical controls and respond to incidents.

All Staff: Follow this policy, complete required training, and report suspected issues.

4. Security Objectives

ByAtlas is committed to:

  • Ensuring confidentiality, integrity, and availability of data and systems.
  • Protecting systems from cyber threats including malware, ransomware, phishing, and DDoS attacks.
  • Complying with applicable legal and regulatory requirements (UK GDPR, Data Protection Act 2018).
  • Maintaining client and partner trust in our digital infrastructure.
5. Key Security Measures

5.1 Access Control

  • Enforce role-based access to systems and data.
  • Use multi-factor authentication (MFA) for all critical systems where possible.
  • Immediately revoke access for former employees or terminated contracts.

5.2 Device & Endpoint Security

  • Require use of company-approved devices for accessing sensitive systems.
  • Maintain antivirus/anti-malware software and enable automatic updates.
  • Apply disk encryption to laptops and mobile devices handling client data.

5.3 Network Security

  • Use firewalls and intrusion detection systems (IDS) on internal and cloud networks.
  • Encrypt data in transit using TLS/SSL for all external communications.
  • Segment internal systems to reduce lateral threat movement.

5.4 Cloud & API Security

  • Secure third-party API access with authentication tokens and rate limiting where possible.
  • Monitor API activity for anomalies or unauthorised access.
  • Ensure cloud providers meet ISO 27001 or equivalent standards.

5.5 Data Protection

  • Store data securely with encryption at rest and access logging.
  • Limit data retention to business-justified periods.
  • Anonymise or pseudonymise personal data used for analytics or advertising.

5.6 Software & Patch Management

  • Apply critical security patches within 7 days of release.
  • Maintain a patch management log and asset inventory.
  • Regularly review software libraries and dependencies for vulnerabilities.

6. Employee Responsibilities

All employees must:

  • Complete cyber security training.
  • Use strong, unique passwords and never share credentials
  • Report phishing emails, malware alerts, or suspicious activity immediately
  • Lock screens when leaving desks and secure mobile devices when not in use

7. Incident Response

ByAtlas maintains an Incident Response Plan (IRP) that includes:

  • Detection and logging of incidents.
  • Immediate containment and investigation.
  • Notification to affected clients and authorities (e.g., ICO) where required.
  • Post-incident review and remediation actions.
  • Major security incidents will be escalated to executive management and logged for audit purposes.

8. Vendor & Third-Party Security

All third-party vendors and technology partners must:

  • Sign a Data Processing Agreement (DPA) if processing personal data on our behalf.
  • Meet minimum security standards (e.g., SOC 2, ISO 27001, or equivalent).
  • Undergo vendor risk assessments.

9. Compliance

Failure to comply with this policy may result in disciplinary action, up to and including termination. ByAtlas reserves the right to audit access and activity on its systems to ensure compliance.

10. Policy Review

This policy will be reviewed annually or upon significant change to our technology infrastructure, threat landscape, or regulatory environment.

11. Contact

For questions or reports related to cyber security, please contact:

Email: info@byatlas.com

Redefining Full-Funnel Advertising

Traditional advertising stops at the funnel, but we believe real results come from a deeper understanding of your audience’s journey. That’s why we’ve reimagined the process as Mindset > Ambition > Success. From shaping perceptions through impactful branding (Mindset), to igniting desire with targeted prospecting (Ambition), and driving action through precision retargeting (Success), our approach aligns strategy with audience intent. It’s more than a funnel—it’s a pathway to meaningful connections and measurable outcomes.
Your Programmatic Lifecycle
Every customer embarks on a unique journey, yet traditional media campaigns often rely on outdated KPIs, leaving marketers unable to adapt or optimise effectively.We’re redefining the standard.

Our approach integrates a connected media strategy that measures real results at every interaction. By tracking meaningful outcomes, we ensure your campaign enhances the customer experience across all touchpoints and channels.
Find out more
Arrow
What they say about us
Emma
Founder
Quotetion
“Since partnering with byatlas, we’ve experienced a level of service that goes beyond anything we’ve encountered before. Their insights are not only incredibly sharp but also genuinely actionable, giving us a clear edge. We truly feel like we’re in the very best hands with a trusted partner who’s as invested in our success as we are.”
Jodie & Max
Co-Founders
Quotetion
“byatlas has been instrumental in elevating Opulure’s position in a crowded marketplace. Their ability to enhance our creative direction and build audiences that genuinely add value is nothing short of astonishing. We couldn’t imagine succeeding without them.”
Lucas
Founder
Quotetion
“Since bringing in byatlas, the results speak for themselves! They exceeded initial projections and smashed agreed KPIs. The team is an absolute joy to work with - genuinely!
Jennie & Jodie
Co-Founders
Quotetion
“Partnering with byatlas has been a game-changer for our young brand. From day one, their team has supported us every step of the way. They truly listen, take action, and provide insightful advice rooted in data. Thanks to ByAtlas, we’ve been able to build our community with confidence and purpose.”
Sunday Stretch
Picton House, Lower Church Street, Chepstow, Wales, NP16 5HJ
email us:
info@byatlas.coM
Quick links
About
Services
Contact
Policies
Copyright © 2024 – byatlas Ltd.
All Rights Reserved
Made Bydesign