Privacy Statement

This policy was last revised on 8th May 2024

Who we are

We are Epimorphics Ltd; we are a company registered in England and Wales (registration number: 07016688) and our registered address is Epimorphics Ltd, Second Floor One The Square, Temple Quay, Bristol, BS1 6DG, UNITED KINGDOM.

Data is central to everything that we do: we publish data, we carry out data integration, and we build data-driven applications. We treat data very seriously, carefully and professionally.

We use cloud computing and cloud storage to run our business. This means that our email system, and many of our documents and files are stored on servers belonging to a third party cloud computing provider. For any data we hold we are the Data Controller; our cloud computing provider is a Data Processor. We carefully select our cloud computing providers to ensure that acting as our Data Processors they meet all the obligations of the General Data Protection Regulations. Currently we use Google as our data storage provider (for file storage, email and messaging); our contract with them includes the GDPR contract amendments and we actively choose Europe (EU) as the data region policy for Google supplied services.

The lawful basis for almost all the processing of personal data that we do is our legitimate interests. We process a small amount of personal data to support research work we carry out (see below); the lawful basis for this processing is consent. If you withdraw your consent for any of the personal data we hold under this basis we will securely delete this data within two weeks.

What personal data do we hold, and why

Unless you have contacted us, or are a customer, supplier, partner or employee we probably don’t hold any data on you, but if we do we will treat it securely.

As noted above we use a Data Processor to look after our emails and file storage; they are GDPR compliant, keep all our information secure and will not disclose it to any third party. Apart from this use of a Data Processor we will not disclose any personal data to any third party unless we have your explicit permission to do so or we are required to do so by law.

If you contact us we will use the contact information you give us to respond to you. We will keep this information secure and delete it when it is no longer relevant. We will not use your contact information to send you unsolicited marketing information. If you would like to receive unsolicited marketing information please follow @epimorphics on Twitter (X), on Mastodon, Epimorphics on LinkedIn, Epimorphics on Facebook and Instagram or read our blog ( We also co-post our TechTalk blog posts on Medium. If you follow our GitHub organisation, or any repositories, you may get notifications of updates on public repositories.

If you send us additional personal information (e.g if you are applying for a job and send us your CV) we will keep this information secure and delete it when it is no longer relevant.

If you are a customer, a supplier or a partner we will keep information about you (including contact information and financial information) to enable us to do business with you.

If you are an employee we keep information about you that is relevant to your employment with us.  We know where you live.

If you sign-up for more information through our MailChimp service, we will keep limited contact information and provide details on how to withdraw consent.

We publish open data on behalf of various public organisations. Here we are a Data Processor; the Data Controller for this data is the relevant public organisation; where this data includes personally identifiable information this is covered by the privacy policy of the relevant organisation.

We sometimes undertake interview based research to support the services that we develop or to understand associated user requirements in regard to services we are building for clients.  In addition to your opinions, we may also collect some personal information about you, such as your name, email address and other details that we highlight specifically with you in advance of the interview.  We actively avoid capturing sensitive personal information. We securely store this data to support the write up of the research and for no longer than 12 months or when the research is completed (whichever is sooner).   

We respect your trust and protect your privacy.  In work we are doing for clients we will only share summaries and non-identifiable information unless you have specifically consented to sharing more. Where it would be helpful to use any direct quotes we only do this with your specific prior consent.

We use cookies on the website. These aren’t used to collect any personal information. The way we use cookies is described at

We are trialing the use of LinkedIn’s lead generation form on our LinkedIn profile page. See LinkedIn’s privacy policy for how they operate. The LinkedIn lead generation form page feature allows LinkedIn members to submit their contact and other information to us.  We include a link to this privacy policy in each such form. We only use the data submitted to us through the Lead Gen Forms on Pages (“Form Data”) for  the purpose agreed to by the registered LinkedIn members (as in for contacting the user, that has requested more information, or a discussion). We do not request sensitive data.   If any LinkedIn member requests to opt-out of our communications or have their Form Data deleted, we will honor such request promptly. We will review our use of the tool and may remove it from our LinkedIn page.

Your rights

You have the right to find out what information we hold about you and to correct it if it is wrong. If you wish to find out what information we hold on you please contact:

If the data we hold on you is with your consent you have the right to withdraw your consent at any time. In such a case we will securely delete all the data we hold on you because of your consent within two weeks.

If you are not happy with the way we treat your personal information, or with the way we respond to any query you have, you have the right to raise your concerns with the Information Commissioner’s Office – see: