Privacy Notice

Who are we?

We are Hyperion Technology Limited (‘Hyperion’, ‘we’, ‘us’, ‘our’). We provide a cloud-based compliance monitoring and risk management platform (‘the Platform’) built for regulated financial firms, together with associated support services (‘Platform Services’).

Why have we taken the time to write this Notice?

We are committed to keeping personal data safe. Not just because the law tells us to, but because we think it is the right thing to do.

This Notice is designed to tell you about the information Hyperion collects from you when:

  • you use our website: hyperioncmp.com (the ‘Site’); or

  • we are engaged directly to carry out Platform Services; or

  • we receive or gain access to your personal data when we help another company by providing them Platform Services.

What are the core principles we follow when dealing with personal data?

We are committed to looking after any personal data that we encounter. We do this by complying with the following core principles:

  • Lawfulness, fairness and transparency

  • Purpose limitation

  • Minimisation

  • Accuracy

  • Storage limitation

  • Confidentiality and integrity

  • Accountability

What personal data do we collect?

When we decide what personal data we collect and use (i.e. when we are Controller), we may use your personal data when:

  • You use our website;

  • We provide Platform Services directly through Hyperion;

  • We provide Platform Services to you or the business you work for;

  • We provide information of Platform updates and features

When another party decides what personal data they are going to collect and subsequently share with us (i.e. when we are a processor), we may process your personal data when we:

  • provide Platform Services or generalist consultancy to other companies.

In instances where we are a processor, you should also review the privacy notice of the companies that have engaged Hyperion to understand what personal data is being collected, used and shared by them and your rights.

Browsing and interaction on any other website, including websites which have a link from our website, is subject to that website’s own terms and policies.

When you use our website:

Submitting a contact request: If you submit a query through the forms on our website, an email is sent to the Directors of Hyperion. Your email will then be stored in accordance with our retention periods. We use Lettermint to facilitate this section of the website. As part of this process, any information that you enter into the contact section will be stored by Lettermint for 28 days, prior to being deleted. This party is based in the EU.

We expect the level of personal data entered into this form to be very limited (i.e. business email and type of services required). By using this form, you consent to your personal data being processed in this manner. You may remove this consent at any time by emailing: info@hyperioncmp.com.

Using our website: When you use our website (hyperioncmp.com), we use non-personal identification information (‘cookies’) whenever you interact with our Site. The cookie contains an encrypted session ID required for the functioning of the Site. We do not use any other form of cookies.

We use Umami to collect anonymous usage statistics for the Site. Umami stores no cookies and anonymises all visitor data, stripping away any personally identifiable information (PII). No personal data is ever collected or processed. Umami is fully compliant with GDPR and other privacy regulations, including the California Consumer Privacy Act (CCPA).

When we provide Platform Services:

When we are engaged directly by a company to provide Platform Services, we may receive some or all of the following personal data:

  • Names;

  • Contact details;

  • People’s roles and titles;

  • People’s working hours and availability;

  • Information about the compliance challenges or regulatory obligations the company might be facing;

  • Names and details of clients or customers of the company to which we are providing Platform Services that are required to allow us to fulfil our responsibilities.

Our legal basis for collecting this personal data is a combination of contract and legitimate interest. Our legitimate interest is to help us tailor and provide effective Platform Services to clients and effectively solve the tasks they have provided.

Where we provide access to the Platform and associated services, we may have access to a wide range of personal data held or processed by our clients. When we carry out this type of work, we do so under the instruction of the relevant company and work hard to ensure that we comply with their privacy notices and data protection policies.

Hyperion’s legal basis for collecting this personal data is to fulfil the contract (i.e. to allow us to carry out the engagement). It is retained for as long as required by the contract we entered into with these parties. Where this is under our control, personal data is either deleted or access is suspended at the completion of a contract, or retained for up to 7 years (or longer where required by our clients).

Who do we share your personal data with?

Given the size and operation of the business, we do not share your personal data routinely. However, the following people may have limited access to your personal data from time to time:

  • Our outsourced accounting and tax advisors.

Automated Processing

We do not use any automated means to process personal data.

Data security

We have put in place security measures to mitigate the risk of your personal data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those parties, agents, contractors and other third parties who have a business need to know. These parties will only process your personal data on our instructions and we ensure they are subject to a duty of confidentiality.

We do not allow our third-party service providers to use your personal data for their own purposes.

We may be compelled by law to disclose personal data we hold about you to a third party and have limited control over how that personal data is protected by that party.

We have put in place procedures to deal with any suspected data breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Your rights in connection with personal information

You have the following rights under the Data Protection (Bailiwick of Guernsey) Law, 2017:

  • Right to data portability: right to request the transfer of your personal information to another party.

  • Right of access to your personal information (i.e. ‘subject access request’). This enables you to receive a copy of the personal information Hyperion holds about you.

  • Right to object to processing of your personal data: i.e. where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes or if data were being processed on grounds of public interest or for historical or scientific purposes.

  • Right to rectification of the personal data: this enables you to have any incomplete or inaccurate personal data we hold about you corrected.

  • Right to erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.

  • Right to restriction of processing of your personal data: this enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Right to be notified of rectification, erasure and restrictions.

  • Right not to be subject to decisions based on automated processing.

If you want to exercise any of these rights, please contact info@hyperioncmp.com.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact info@hyperioncmp.com.

Your right to complain

If you have a complaint about how we have handled or processed your personal data, we would prefer it if you contact us directly in the first instance (info@hyperioncmp.com). However, you can also contact the Office of the Data Protection Authority (‘ODPA’) directly at the following address:

Block A
Lefebvre Court
Lefebvre Street
St Peter Port
GY1 2JP

You can also make a complaint via their website.

Changes to this Notice

We may update this Notice at any time, and we will publish any new versions of it on our website. We may also notify you in other ways from time to time about the processing of your personal data. This Notice was last updated on 22 June 2026.

>