
Privacy Policy
At Empire Foundry LTD, we are committed to protecting your privacy and handling personal data responsibly, transparently, and securely.
This Privacy Policy explains how we collect, use, store, and protect personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Empire Foundry LTD is the data controller for the personal data described in this policy, meaning we decide how and why your data is processed.
Registered in England & Wales.
Company name: Empire Foundry LTD
Company No. 16994581
Registered office: Henleaze House Business Centre,
13 Harbury Road, Henleaze
BS9 4PN
Email: contact@empirefoundry.co.uk
In some cases, where we access or process data relating to a creator’s audience or subscribers on third-party platforms, we act as a data processor on behalf of that creator. In these circumstances, the creator remains the data controller, and we act strictly under their instructions and applicable platform terms.
What Personal Data We Collect
We may collect and process the following categories of personal data.
1. Creators & Applicants
-
Legal name and stage name
-
Contact details (email, phone number, address)
-
Date of birth and age-verification information
-
Identification documents (where required by law or platforms)
-
Platform usernames, performance analytics, and earnings data
-
Content preferences, boundaries, and working notes
2. Employees & Contractors
-
Contact and payroll information
-
Right-to-work documentation
-
Contracts and performance records
-
System access credentials (stored securely)
3. Safeguarding & Sensitive Information
-
Safeguarding disclosures
-
Mental well-being or support notes
-
Incident, complaint, or whistleblowing reports
This information is handled with enhanced confidentiality, restricted access, and additional safeguards.
4. Website & Communications
-
IP address and device information
-
Website usage data (via cookies where applicable)
-
Enquiries, applications, and correspondence
Special Category Data
Where necessary, we may process special category data (such as health or safeguarding information). This is done only:
-
For safeguarding and duty-of-care purposes
-
Where a valid legal basis applies
-
With enhanced security and access controls
How We Use Personal Data
We use personal data to:
-
Provide creator management and support services
-
Onboard creators, employees, and contractors
-
Manage contracts, payments, and commissions
-
Meet safeguarding, welfare, and duty-of-care obligations
-
Comply with legal and regulatory requirements
-
Maintain account, platform, and system security
-
Communicate with individuals who contact us
Lawful Bases for Processing
Under UK GDPR, we rely on one or more of the following lawful bases:
-
Contractual necessity – to perform agreements
-
Legal obligation – to comply with the law
-
Legitimate interests – to operate ethically and securely
-
Consent – where required (for example, marketing)
-
Vital interests – safeguarding and prevention of harm
How We Share Personal Data
We only share personal data where necessary and proportionate, including with:
-
Platform providers and hosting services
-
Professional advisers (legal, accounting, compliance)
-
Payment processors
-
Anti-piracy, security, or fraud-prevention services
-
Regulators or authorities where required by law
We do not sell personal data.
All third parties are required to maintain appropriate confidentiality and security standards.
Data Protection Impact Assessments (DPIAs)
We carry out Data Protection Impact Assessments where processing is likely to result in a high risk to individuals’ rights and freedoms. This includes, but is not limited to:
-
Processing of adult or sexual content data
-
Safeguarding records
-
Private communications
-
Large-scale profiling or monitoring
International Data Transfers
Where personal data is transferred outside the UK:
-
Appropriate safeguards are applied (such as IDTAs or Standard Contractual Clauses)
-
Transfers are limited to what is necessary
-
Equivalent data protection standards are maintained
Data Retention
We retain personal data only for as long as necessary, including:
-
The duration of contracts plus statutory limitation periods
-
Safeguarding records where legally required
-
Financial records in line with HMRC requirements
Retention schedules are reviewed regularly.
Data Security
We use appropriate technical and organisational measures to protect personal data, including:
-
Role-based access controls
-
Secure and encrypted storage where appropriate
-
Staff training and confidentiality obligations
-
Incident and data breach response procedures
Your Data Protection Rights
Under UK GDPR, you have the right to:
-
Access your personal data
-
Request correction of inaccurate data
-
Request erasure (where applicable)
-
Restrict or object to processing
-
Data portability
-
Withdraw consent at any time
Requests can be made by contacting: admin@empirefoundry.co.uk
Safeguarding & Whistleblowing Exception
Certain rights may be restricted where processing is necessary for:
-
Safeguarding
-
Legal obligations
-
Prevention of harm, exploitation, or abuse
Any limitations are applied lawfully, proportionately, and only where necessary.
Cookies & Tracking
Where applicable, we use cookies in line with our Cookie Policy.
You can manage cookie preferences through your browser settings or our cookie banner.
Complaints
If you have concerns about how we handle personal data, please contact us first.
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).
Updates to This Policy
We may update this Privacy Policy from time to time.
The most current version will always be available on our website.
Contact Us
For any privacy-related questions or requests:
Email: contact@empirefoundry.co.uk
Effective date: 28/01/2026
Last updated: 28/01/2026
