GDPR Compliance

Last updated: 27 May 2026

Our Commitment to Data Protection

Empir Hyper is committed to ensuring the protection of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our compliance measures and your rights as a data subject.

Data Controller Information

Empir Hyper acts as the data controller for personal information collected through our website and services. Our contact details are:

Empir Hyper

48 Moorgate

London EC2R 6EL

Email: [email protected]

Lawful Basis for Processing

We process personal data only where we have a valid lawful basis. The specific lawful basis depends on the nature of the processing:

Consent

Where you have provided clear, affirmative consent for us to process your data for specific purposes, such as receiving our newsletter or marketing communications. You may withdraw consent at any time.

Contractual Necessity

Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request. This includes processing required to deliver our research and consulting services.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. We conduct legitimate interest assessments where appropriate.

Legal Obligation

Where we must process data to comply with legal requirements, such as tax regulations or responding to valid legal requests.

Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data. We will respond to access requests within one month.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data we hold about you.

Right to Erasure

In certain circumstances, you have the right to request deletion of your personal data. This right is not absolute and depends on the legal basis for processing and any applicable retention requirements.

Right to Restriction

You have the right to request restriction of processing in certain circumstances, such as while we verify the accuracy of data or assess an objection request.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently engage in such automated decision-making.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer at [email protected]. We may need to verify your identity before processing your request.

We will respond to valid requests within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two additional months, in which case we will inform you of the extension and reasons.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and penetration testing
  • Staff training on data protection requirements
  • Incident response procedures for data breaches
  • ISO 27001 certified information security management system

International Data Transfers

Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place. These may include:

  • Transfers to countries with adequacy decisions
  • Standard Contractual Clauses approved by the UK government
  • Binding Corporate Rules where applicable

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are determined by:

  • The nature and sensitivity of the data
  • Legal and regulatory requirements
  • Legitimate business needs
  • Your instructions and preferences

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk to you, we will also notify you directly without undue delay.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Website: ico.org.uk

Updates to This Information

We review our GDPR compliance measures regularly and may update this page to reflect changes in our practices or applicable law. Material changes will be communicated through our website.