Privacy Policy

We are very pleased about your interest in our website and company. Data protection is of a particularly high priority for the management of Empire Base.

The use of our website is possible without any indication of personal data. However, if a data subject wants to use specific parts of our service via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address of a data subject shall always be in line with the country-specific data protection regulations applicable to Empire Base. As such this Privacy Policy sits in line with the UK`s Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). Nonetheless and given the similarity of these provisions it is possible to generally apply the principles contained. Thus, we apply the most stringent provisions in instances where conflict arises. In this sense, Empire Base strives to ensure certainty, transparency and uniformity amongst all its personal data processing activities.

By means of this privacy policy, we would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this Privacy Policy. This Privacy Policy does not apply to the “content” processed, stored, or hosted by our customers using Empire Base Offerings in connection with a Empire Base account. See the Data Processing Addendum governing your access to your Empire Base account for more information about how we handle content and how our customers can control their content through Empire Base Offerings.

As the controller, Empire Base has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions may be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means.

Name and address of the data controller

The controller within the meaning of the DPA and the GDPR is:

Posiquence Ltd trading as Empire Base
71-75 Shelton Street, Covent Garden,
London, United Kingdom, WC2H 9JQ

https://empirebase.co

Contact Us

Our principles

Empire Base respects your right to privacy and is committed to the following key principles:

  • We protect your privacy and aim to provide you with a service that is tailored to your needs.
  • Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
  • You have the right to information and access to your personal data at any time and may request its correction or deletion.
  • We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with partners and other service providers. In this case, their own privacy policies may also apply.
  • We take all reasonable measures to ensure the security and protection of your data from misuse.
Types of data processed
  • Inventory data
  • Payment data
  • Contact data
  • Contract data
  • Usage data
  • Meta/communication data
Categories of data subjects
  • Customers
  • Employees
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners
Purposes of processing
  • Provision of contractual services and customer services
  • Contact requests and communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Office and organisational procedures
  • Remarketing
  • Conversion measurement
  • Targeting
  • Managing and responding to enquiries
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Audience targeting
  • Provision of our online offer and user-friendliness

Relevant legal basis

Below you will find an overview of the legal basis on the basis of which we process personal data. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent – The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
  • Performance of a contract and pre-contractual enquiries – Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject’s request.
  • Legal obligation – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests – Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

Collection of general data and information

a) Log files

The website of Empire Base collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, Empire Base does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimise the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, Empire Base analyses anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

b) Use of cookies

Cookies are small text files or other storage devices that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping basket in an e-shop, the contents called up or the functions used in an online offer. Cookies can further be used for various purposes, e.g., for purposes of functionality, security, and comfort of online offers as well as the creation of analyses of visitor flows.

The legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users’ consent, the legal basis for processing their data is their consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the business operation of our online offer and improvement of its usability).

The purposes for which the cookies are processed by us are explained in our Cookie Policy which forms an integrated part of this Privacy Policy.

c) Contact possibilities via the website

Empire Base offers various means of electronic contact via Contact and Support Forms, as well as direct communication with us, which also includes e-mail. If a data subject contacts us by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to us will be stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

We use “Google reCAPTCHA” from Google Inc to check whether the data input in our contact forms is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.

d) Account Registration

If you register on our website, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is our legitimate interest in communicating with interested users and, in the case of contracts, also the storage of contract data. Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).

e) Commercial and business services

We process data of our customers and interested parties in the context of contractual relationships as well as related measures. We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, payment processors, banks, tax and legal advisers, payment service providers or tax authorities).

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioural marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.

f) Technical services

We process the data of our customers in order to enable them to select, purchase or commission the selected services. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information. The legal bases are contractual performance and pre-contractual inquiries, legal obligation, and our legitimate interests. For further information please refer to our processing addendum.

g) Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to consultants, such as legal advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, event organisers and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

h) Credit/Debit Cards Payments

Payment by credit card and debit card is made via the payment service provider Stripe to which you pass on your payment details during the checkout, for payment processing. Your data will only be passed on for the purpose of payment processing with Stripe and only insofar as it is necessary for this purpose. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

i) Empire Base Affiliate Account

If you register for a Empire Base Affiliate Account, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form for the purposes stated below. The entry of your data is encrypted so that third parties cannot read your data when it is entered. The basis for this storage is the provision of a contract. Your data will remain stored for as long as the registration lasts, in particular the storage is still necessary for the fulfilment/execution of the referral contract, for legal prosecution by us or for our other legitimate interests or we are required by law to retain your data (e.g., within the framework of tax retention periods).

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

Routine deletion and blocking of personal data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or were provided for by applicable legislation and statutory retention periods. If the storage purpose ceases to apply or if a storage period prescribed expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Rights of the data subject

a) GDPR

As a UK or EU citizen, you have various rights under the GDPR, in particular under Articles 15 to 21 of the GDPR:

  • you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
  • you have the right to revoke any consent given at any time.
  • you have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
  • you have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
  • you have the right, in accordance with the law, to request that data concerning you be erased without delay or, alternatively, to request restriction of the processing of the data in accordance with the law.
  • you have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format, or to request that it be transferred to another controller, in accordance with the law.

Complaint to supervisory authority

In accordance with the GDPR and the DPA and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with Information Commissioner’s Office (UK), if you consider that the processing of personal data relating to you is in breach of the GDPR, and the DPA.

Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.

We inform you that the provision of personal data is sometimes required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

When do we disclose your Personal Data?

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the mentioned provider’s name.

Typically, and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g., when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).

If we commission third parties to process data on the basis of a so-called “processing agreement”.

In relation to metadata obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used in global data centres. We take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the EU and the EEA.

Where we need to transfer your data outside the UK, we will use one of the following safeguards:

  • The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
  • Transfers to a third country with privacy laws that give the same protection as the UK.

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en.

Security measures

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

Promotional communication

We process personal data for the purposes of promotional communication. Recipients have the right to revoke consent given at any time or to object to promotional communication at any time.

After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. The legal bases for processing your data for promotional communication is our legitimate interests.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.