Privacy Policy (for Employees)


At Atom bank (“Atom”, “we” and/or “the bank”), we’re transparent, and as such, we believe our privacy practices should be easy to understand. It is one of our fundamental responsibilities to protect the information entrusted to us, we have therefore outlined some of the measures we have to protect your privacy in our Privacy Policy.

“Atom bank”, “Atom” and “Digital Mortgages by Atom bank” are trading names of Atom bank plc. Atom bank plc is a company registered in England and Wales with company number 08632552. Atom bank plc is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority and the PRA. Our Financial Services Register number is 661960.

For the purposes of the General Data Protection Regulation (‘GDPR’), Atom bank will be the ‘controller’ of the personal data you provide to us.

Please read the following information very carefully in order to understand our practices in relation to our treatment of your personal data. If you have any questions please email us at

Data Privacy Principles

  • All personal data will be processed lawfully, fairly and in a transparent manner;

  • Personal data will only be collected for the specified purposes outlined within “How will we use the information we hold about you” and will not be further processed in a manner that is incompatible with those purposes

  • Personal data that we collect will be adequate, relevant and limited to what is necessary in relation to the purposes for which those data are processed. The information we collect is outlined in the section below “What information do we collect about you”.

  • We will take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

  • Personal data will be kept in a form that permits identification for no longer than is necessary for the purposes for which the personal data has been collected for processing, in line with the Atom bank Data Retention Policy.

  • We will hold and process personal data in a manner that ensures appropriate security. We outline this in the “how do we store personal data” section of this policy.

What information do we collect about you?

This policy applies to personal information collected as part of our onboarding process, specifically when you accept a role at Atom and throughout the course of your employment.

Sensitive Personal Data

In the course of applying for employment, and during the course of your employment, we may collect information that may reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered ‘sensitive personal data’ and we will only collect this where it is entirely necessary, we have received your explicit consent or you have deliberately made it public. If you do not allow us to process any sensitive personal data, this may mean that we are unable to employ you. You may inform us if you remove consent for us to process such personal data.

Personal Data

When you apply for a role at Atom, the personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity. In order to do this we’ll also undertake credit checks, criminal record checks and reference checks relating to you and your previous employment. These checks require us to process personal data about you, which includes the personal data you have provided, we have collected from you, or we have received from third parties.

We will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and other relevant conduct, and to verify identify, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us. This will include:

Personal information such as your name, address and date of birth in order to verify your identity. This may also include any maiden or previous name, national insurance number and nationality.

Contact information including your telephone number and email address.

Details of a nominated bank account where we will be able to process your salary and other benefits.

Information held as part of your personnel file, which will include your contract of employment (and any amendments to it), your CV, any correspondence between us and you relating to matters including, but not limited to, salary, benefits, absence, disciplinary and grievance, and any information relating to performance management.

How will we use the information we hold about you?

The data we collect will be used to maintain our personnel records and will enable us to comply with our legal and regulatory requirements. We will not collect any personal data from you that we do not need.

We will use your personal data in order to verify your identity. In order to do this, we may need to share some or all of your data with third parties, which may include fraud prevention, anti-money laundering and credit reference agencies (whose details we can share with you on request), law enforcement departments, regulators, government departments (e.g. HMRC) and the providers of our sales or servicing platforms.

We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We will use your personal data to prevent fraud and money laundering – e.g. the information provided to fraud prevention agencies may be used when checking applications for credit, credit-related or other facilities or for managing these accounts; for recovering debt; for checking insurance proposals or claims; and for checking details of job applicants or employees. Other organisations may also use your information for these purposes.

Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).

A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas an may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.

We will use your personal data to carry out credit reference agency searches, where it is appropriate to do so.

We will use your information for payroll purposes, specifically in order to process your salary and any other benefits, and ensure the necessary tax, national insurance and pension deductions are made. For this purpose our payroll is outsourced, therefore we will share some of your personal information with our chosen third party.

We will also share your personal information in order to facilitate the benefits that we offer. For this purpose we will share your information with third-party providers who deliver our benefits including private healthcare, life assurance, health cash plan, pension, applicable industry brokers and other applicable benefits.

We will use your personal data to communicate with you throughout the course of your employment. This may include correspondence relating to pay, benefits, disciplinary, grievance and absence, amongst others.

We will use your information to comply with the law, in order to protect ourselves, our customers, or others. Where required we will share information to respond to a court order or other lawful request from a public authority.

We will use your data to complete troubleshooting, data analysis, testing, research, and for statistical and survey purposes.

We will use your information to monitor IT and system use, as detailed in our Acceptable Use Policy. We will also monitor employees via CCTV and door access systems for reasons of security, safety and workplace conduct.

We may transfer your data to other group companies for purposes connected to your employment, specifically the Atom Employee Benefit Trust which is a key component of our share-based reward scheme.

We may use your image in marketing collateral, such as photographs, videos, and other promotional material. Where we do this we will always ask your permission in advance, and where you would rather we did not use your image, you have the right to opt-out.

How do we store personal data?

The measures we use to keep your personal data safe and secure include firewalls, intrusion detection systems, 24/7 physical protection of facilities where your data is stored; background checks for personnel that access physical facilities and/or systems; and strong security procedures across all service operations.

We encrypt the transmission and storage of your personal data using the highest standards of security technologies and procedures. Should Cifas transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

How long do we keep your personal data?

Atom will not retain your personal information for longer than is necessary for the practices described in this policy.

Regulatory requirements dictate that we should retain your personal information for six years following the end of your employment. In certain circumstances, we may have to store this data for a longer period. Please note that Cifas may hold your personal data for up to six years if you are considered to pose a fraud or relevant conduct risk.

Your Rights

For as long as we hold your personal information, you have certain rights which apply.

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email We will provide this information to you within 30 days, free of charge.

You have the right to request that the information we hold about you is erased, where there are no additional legal and/or regulatory requirements for us doing so.

You have the right to request that any information we hold about you be provided to another company in a commonly used and machine-readable format, otherwise known as ‘data portability’.

You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or inaccurate and should be updated, please contact

You have the right to object or to restrict the processing of your information where there is no legitimate and/or legal reason for doing so and;

You have the right to object to any decisions based on the automated processing of your personal data, including profiling.

Changes to this Policy

From time to time, we will review and update this policy. We will notify you of any material changes and update an updated version on our website.

Contact Us

If you have any questions about the practices contained within this policy, please email Alternatively, you may write to us at:

FAO The Data Protection Officer Atom bank The Rivergreen Centre Aykley Heads Durham DH1 5TS

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.

Our Complaint Handling Policy can be found on our website. However, the best way to get in touch is to email us at You may also write to us at the above address.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office

November 2018 revision