Privacy Policy

At Empire Foundry LTD, we are committed to protecting your privacy and handling personal data responsibly, transparently, and securely.

This Privacy Policy explains how we collect, use, store, and protect personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Empire Foundry LTD is the data controller for the personal data described in this policy, meaning we decide how and why your data is processed.

Registered in England & Wales.

Company name: Empire Foundry LTD

Company No. 16994581

Registered office: Henleaze House Business Centre,
13 Harbury Road, Henleaze
BS9 4PN

Email: contact@empirefoundry.co.uk

In some cases, where we access or process data relating to a creator’s audience or subscribers on third-party platforms, we act as a data processor on behalf of that creator. In these circumstances, the creator remains the data controller, and we act strictly under their instructions and applicable platform terms.

What Personal Data We Collect

We may collect and process the following categories of personal data.

1. Creators & Applicants

Legal name and stage name
Contact details (email, phone number, address)
Date of birth and age-verification information
Identification documents (where required by law or platforms)
Platform usernames, performance analytics, and earnings data
Content preferences, boundaries, and working notes

2. Employees & Contractors

Contact and payroll information
Right-to-work documentation
Contracts and performance records
System access credentials (stored securely)

3. Safeguarding & Sensitive Information

Safeguarding disclosures
Mental well-being or support notes
Incident, complaint, or whistleblowing reports

This information is handled with enhanced confidentiality, restricted access, and additional safeguards.

4. Website & Communications

IP address and device information
Website usage data (via cookies where applicable)
Enquiries, applications, and correspondence

Special Category Data

Where necessary, we may process special category data (such as health or safeguarding information). This is done only:

For safeguarding and duty-of-care purposes
Where a valid legal basis applies
With enhanced security and access controls

How We Use Personal Data

We use personal data to:

Provide creator management and support services
Onboard creators, employees, and contractors
Manage contracts, payments, and commissions
Meet safeguarding, welfare, and duty-of-care obligations
Comply with legal and regulatory requirements
Maintain account, platform, and system security
Communicate with individuals who contact us

Lawful Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

Contractual necessity – to perform agreements
Legal obligation – to comply with the law
Legitimate interests – to operate ethically and securely
Consent – where required (for example, marketing)
Vital interests – safeguarding and prevention of harm

How We Share Personal Data

We only share personal data where necessary and proportionate, including with:

Platform providers and hosting services
Professional advisers (legal, accounting, compliance)
Payment processors
Anti-piracy, security, or fraud-prevention services
Regulators or authorities where required by law

We do not sell personal data.

All third parties are required to maintain appropriate confidentiality and security standards.

Data Protection Impact Assessments (DPIAs)

We carry out Data Protection Impact Assessments where processing is likely to result in a high risk to individuals’ rights and freedoms. This includes, but is not limited to:

Processing of adult or sexual content data
Safeguarding records
Private communications
Large-scale profiling or monitoring

International Data Transfers

Where personal data is transferred outside the UK:

Appropriate safeguards are applied (such as IDTAs or Standard Contractual Clauses)
Transfers are limited to what is necessary
Equivalent data protection standards are maintained

Data Retention

We retain personal data only for as long as necessary, including:

The duration of contracts plus statutory limitation periods
Safeguarding records where legally required
Financial records in line with HMRC requirements

Retention schedules are reviewed regularly.

Data Security

We use appropriate technical and organisational measures to protect personal data, including:

Role-based access controls
Secure and encrypted storage where appropriate
Staff training and confidentiality obligations
Incident and data breach response procedures

Your Data Protection Rights

Under UK GDPR, you have the right to:

Access your personal data
Request correction of inaccurate data
Request erasure (where applicable)
Restrict or object to processing
Data portability
Withdraw consent at any time

Requests can be made by contacting: admin@empirefoundry.co.uk

Safeguarding & Whistleblowing Exception

Certain rights may be restricted where processing is necessary for:

Safeguarding
Legal obligations
Prevention of harm, exploitation, or abuse

Any limitations are applied lawfully, proportionately, and only where necessary.

Cookies & Tracking

Where applicable, we use cookies in line with our Cookie Policy.

You can manage cookie preferences through your browser settings or our cookie banner.

Complaints

If you have concerns about how we handle personal data, please contact us first.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

Updates to This Policy

We may update this Privacy Policy from time to time.

The most current version will always be available on our website.

Contact Us

For any privacy-related questions or requests:

Email: contact@empirefoundry.co.uk

Effective date: 28/01/2026

Last updated: 28/01/2026