UPHOLD PRIVACY STATEMENT
Last updated on September 17, 2019
Our Privacy Statement
This Privacy Statement describes how Uphold collects, uses, and shares your Personal Data that we receive from you when you visit our website or app or which we otherwise receive or collect from you in the course of, or in connection with, the provision of our products and services and our business operations. It answers the following questions:
Uphold Group is made up of different legal entities, including Uphold HQ Inc., Uphold Europe, Ltd., Uphold, LDA, Uphold Worldwide Ltd., and other affiliates. This privacy statement is issued on behalf of the Uphold Group so when we mention “Uphold,” "we," "us" or "our" in this privacy statement, we are referring to the relevant company in the Uphold Group responsible for processing your Personal Data.
It is important that you read this Privacy Statement together with any other privacy statement or fair processing notice we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Statement supplements the other notices and is not intended to override them.
How do we collect Personal Data about you?
We collect information from and about you when you register with us or use our products, services or apps (our “Service”) or use our website or software applications, or access or use third-party services that use our Application Programming Interface (“API”).
- When registering with us as a customer, we ask you for detailed information, which we will use to verify your identity and protect against fraud, among other reasons discussed below.
- We gather Personal Data at other times when managing your Uphold account, such as from surveys, during support or customer care or during investigations.
- We automatically collect information sent to us by your computer, mobile phone or other device so improve your experience.
- When you use a location-enabled device with our Service, we may collect geographical location data or use various means to determine your location, such as sensor data from your device that may, for instance, provide data on nearby cell towers and Wi-Fi access spots.
We may receive data from third parties about you. This may include technical data from analytics and advertising partners like Google, from identity verification providers, as well as from other financial institutions.
What Personal Data do we collect?
Uphold only collects the Personal Data we need in order to offer and support our Service and meet our legal and regulatory obligations, which may vary depending on our relationship with you.
Here is an overview of the Personal Data we collect from or about you:
- Account activity data: We collect information about your transactions, payments from or to you, and your other activities on our site or Service and other details of products and services you have purchased from us.
- Application use data: We may collect data on your interaction and use our Service. This includes visits to our website or app, sign-up activity, your bank account, credit card , other payment details to enable you to enter into transactions on the Service, along with any additional information you may disclose to our member support team in order to resolve problems you report.
- Your device data: We collect and process your internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or any of our software applications.
- Marketing data: We collect and process your preferences in receiving marketing from us, your email address and where you may have seen Uphold advertisements.
How do we use your Personal Data, and on what legal basis do we collect your Personal Data?
Listed below are the ways in which we may use and process your Personal Data and the legal grounds we rely on to do so.
- Providing our Service to you: It may sound obvious, but we need your data to make Uphold work in the first place. Without your name, banking information and other details, we simply could not offer you our products and services.
- Identity verification: As a financial institution, it is essential that we are able to confirm the true identity of our members. There are rules and regulations across the globe that require we identify our customers, including laws concerning anti-corruption, anti‐bribery, anti‐terrorism, and anti‐money laundering.
- Keeping you informed: It is important for security and financial transparency that we keep you aware of your transactions and related activity at Uphold. We will send you emails with confirmations, invoices, technical notices, updates, security alerts, legal and support and administrative messages.
- Investigations: Occasionally, we need to look at your account activity in order to check and protect against fraudulent, unauthorized or illegal behavior.
- Customer care: We strive to make sure you can easily use our products with no headaches, but sometimes you need help. Our customer care team will occasionally need access to your account data in order to fix any issues or answer your questions.
- Managing and improving our Service: We like to understand how our members engage and use Uphold in order to make sure Uphold is the best it can be. This process includes combining different account, transactional, marketing and other data to analyze the effectiveness and performance of our Service.
- Communicating with you: We want you to be aware of product updates, news, events, and promotions and, if you consent, we will send you information, including regular personalized emails, to keep you up to date with all things Uphold.
- Business operations: We may need to use your Personal Data for our business operations, including internal training and administration, legal compliance, to enforce our legal rights, to protect third party rights, and in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.
- Website and software applications: We use data analytics to improve our website and software applications, activities and operations, products/services, events, etc.
- Third parties: If you authorize applications or third party integrations on or using our Service, these parties may receive detailed information about your account, your use of the Service, transaction history or even the ability to take actions on your behalf. When you authorize an application or third party integration via the Uphold platform, you will be notified of what Personal Data will be shared with these third parties. Information collected by these applications or third-party integrations are subject to their terms and policies and are required by contract by Uphold to maintain the confidentiality and security of your Personal Data.
The primary legal grounds upon which we collect and process your Personal Data are:
- through obtaining your consent at the time of collection,
- due to the necessity of doing so to perform the services as requested,
- in order to comply with our legal obligations, and
- to pursue our legitimate interests (e.g., to improve our services).
Note that we may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using that data.
How do we keep your Personal Data safe?
We have implemented security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We protect your Personal Data by maintaining physical, electronic, and procedural safeguards, incorporating tested security technologies, in compliance with applicable laws. We may use network safeguards such as firewalls and data encryption, enforce physical access controls, and authorize access to Personal Data only for those people who require access to fulfill their job responsibilities.
In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Those with access to your Personal Data are carefully screened, periodically reevaluated, and are required to keep all your Personal Data confidential.
How do we share your Personal Data?
We sometimes share your information internally between employees and contractors of the Uphold Group (including those based outside the European Economic Area (“EEA”)), in particular in connection with activities undertaken jointly or in common with such group members and/or provide IT and system administration services and undertake management reporting.
We do not sell, trade or otherwise transfer your Personal Data to third parties other than third parties who assist us in operating our Service, maintaining compliance with relevant laws, conducting our business or supporting our members, or providing you with applications or services integrated via our API. We require that those third parties agree to keep this information confidential and secure on the same conditions and protection levels we provide to you as a member, in accordance with relevant privacy laws, including the GDPR. A complete list of our sub-processors is listed below.
Data Transfer & Processing
Customer Support Ticket Management
Financial Account Verification
Customer Authentication Services
Credit Card Processing
Financial Transaction Verification
Debit Card Processor
We may also release your information to certified and authorized law enforcement officials when we believe release is appropriate to comply with the law, enforce our terms or policies, or protect the rights, property, or safety of Uphold, our members, or others. We have a set of guidelines for how we engage with law enforcement officials that are available to the public here.
Finally, in the event of the sale or transfer of ownership, your data would be shared with the new owners.
Do we transfer your Personal Data outside of the EU?
Uphold is headquartered in the United States. Many of our affiliates and third party service providers are based outside the EEA, so processing of your Personal Data may involve a transfer of your Personal Data outside the EEA and may be maintained or accessed in servers or files located in countries outside the EEA, including the United States.
By voluntarily providing your Personal Data on or via this website or app, you consent to its transfer, processing and storage in the United States or other countries outside the EEA, some which have not been deemed by the EEA to have “adequate” privacy safeguards.
Whenever we transfer any Personal Data outside the EEA, we will put in place an adequate level of protection to ensure that any such transfers comply, and are consistent with applicable EU and/or UK data protection laws, including with respect to transfers among Uphold affiliates, the standard data protection clauses adopted by the EU Commission.
Please contact us at [email protected] if you are located in the EU and want further information on the specific mechanism used by us when transferring Personal Data outside of the EEA.
What does Uphold's real-time public reserve transparency mean for your Personal Data?
As part of our transparency, we publish our holding and transactions on our Transparency Page. Our Reservechain™ and Reserveledger™ do not contain any Personal Data. The amount, asset class and time-stamp of all transactions conducted using our Service is a permanent part of the publicly-accessible Reservechain™ and Reserveledger™. Only members who are party to the transaction have the ability to access Personal Data associated with their transactions.
What are your legal data privacy rights?
You have the right to:
- Access the Personal Data we store about you or to request a copy of it.
- Request that we correct inaccurate data about you.
- Ask us to delete or object to us processing your data, although for legal reasons (e.g. anti-money laundering rules and regulations) we cannot always do this.
- Withdraw your consent to receive marketing emails.
Your marketing preferences can be updated on the Uphold Platform under your user settings or through any Newsletter via the “Unsubscribe” link. For all other Data Privacy inquiries, please submit your request through our Data Subject Request Portal. Also, under the relevant privacy laws of the EEA (including the European Union’s General Data Protection Regulation) in respect of your EEA Personal Data you may have a number of important rights. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the European Union’s General Data Protection Regulation.
How long do we retain your Personal Data?
Uphold maintains reasonable procedures to help ensure that your Personal Data is reliable for its intended use, accurate, complete, and current.
- We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, as well as other factors required by General Data Protection Regulation or other laws to which we are subject.
- When it is no longer necessary to retain your Personal Data, we will securely delete it, subject to applicable law and regulations.
- In some circumstances, we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- If you request that we stop sending you marketing materials, we will continue to keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
- Should you make a request through our Data Subject Request Portal, we will retain the minimum required amount of data in order to keep a record of your request and the action we took to resolve it.
Please be aware that we may keep your Personal Data for five years or more from the date you cease to be our customer, depending on applicable law or regulations in the jurisdictions we operate.
How do we protect children’s privacy?
We do not knowingly solicit or collect information from individuals under 18. If we become aware that a child under the age of 18 has provided us with Personal Data, we will close the account and restrict their information. If you believe that we might have collected Personal Data from a child under 18, please contact using the information below.
How do we use your Personal Data to inform you and market to you?
In compliance with applicable laws, we may send you personalized marketing information, including by email, and such information may include product and service updates, industry news, our events, activities and offers, information about our business and personnel and tips. We may combine your Personal Data such as age, transaction history, account usage to improve the value and specificity of these communications.
You can ask us to stop sending you marketing messages or information at any time by following the “unsubscribe” link on any marketing message sent to you or by updating your contact preferences directly on the Uphold Platform. Please note, it may take up to  days for this to take effect.Where you opt out of receiving these marketing messages or publications, this will not apply to Personal Data collected by or provided to us in connection with a specific purpose, request, order, event or activity or any dealings with you, and you may still receive emails from us relating to the operation of the Uphold service, like transaction confirmations.
How do we make changes to this Privacy Statement?
This version was last updated on the date indicated above and historic versions are archived and can be obtained by contacting us.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
Where does this Privacy Statement apply?
This Privacy Statement applies to all of the services offered by the Uphold Group and services offered on third-party sites, such as advertising services. This Privacy Statement does not apply to services that have separate privacy notices that do not incorporate this Privacy Statement.
This Privacy Statement doesn’t apply to the information practices of other companies and organizations that advertise our services or to services offered by other companies or individuals, including products or sites that may include our Services or be linked from our Services.
This website and app may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit.
Who can you contact if you have further questions or requests about your privacy?
You can direct any questions or complaints about the use or disclosure of your Personal Data to us by contacting us as set out below. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data as soon as possible.
If you have any questions about this Privacy Statement or need to contact us, please email us at [email protected], or contact us by mail at Suite A, 6 Honduras Street Honduras Street, London, England, EC1Y 0TH. All Data Subject Requests should be submitted through our Data Subject Request Portal.
As Uphold is based in the United States it has appointed Uphold Europe Ltd. a company incorporated in England & Wales (Co. Number: 09281410), to be its representative within the EEA. They may be contacted at [email protected].
If you are resident in the European Union and are dissatisfied with the resolution of your complaint in respect of your EEA Personal Data, you may contact the EU data protection authority in your jurisdiction using the contact details provided at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for further information and assistance.