GDPR Compliance

Last Updated: 3/27/2025

Our Commitment to GDPR Compliance

At Empyr Digital, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR.

How We Prepared for GDPR

We have conducted a full data audit across the company in order to identify all data processes, including:

  • The type of data we hold
  • Where the data is stored
  • How the data is processed
  • How long the data is kept
  • To whom and where data is transferred

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy-to-access information via our website and communications to individuals about:

  • Right to Access: Individuals have the right to access their personal data and supplementary information.
  • Right to Rectification: Individuals have the right to have inaccurate personal data rectified.
  • Right to Erasure: Also known as 'the right to be forgotten', this permits an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
  • Right to Restrict Processing: Individuals have a right to 'block' or suppress processing of personal data.
  • Right to Data Portability: This allows individuals to obtain and reuse their personal data for their own purposes across different services.
  • Right to Object: Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, direct marketing, and processing for purposes of scientific/historical research and statistics.
  • Rights Concerning Automated Decision Making & Profiling: The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.

Data Breaches

We have implemented robust procedures to detect, investigate, and report data breaches to the relevant supervisory authority within 72 hours of becoming aware of a breach, where feasible.

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below.

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure your data is protected by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Contact Us

If you have any questions about our GDPR compliance efforts or if you wish to exercise any of your rights under the GDPR, please contact our Data Protection Officer at hello@empyrdigital.com.