UK GDPR Notice and UK Privacy Rights
Effective Date: January 1, 2026 | Last Revised: May 12, 2026 | Version 1.1
Your Rights
Legal Basis
Access
Erasure
Portability
ICO
Transfers
About this UK GDPR Notice and UK Privacy Rights. This Policy covers the rules, obligations, and rights that apply to this policy on the Upmos marketplace. Read the full text below; by using our Services you agree to comply with it.
In Plain English (Non-Binding Summary)
If you are in the United Kingdom, your personal data is processed under the UK GDPR and the Data Protection Act 2018. You have rights to access, rectification, erasure, restriction, portability, and objection, plus the right to complain to the Information Commissioner’s Office (ICO). International transfers from the UK rely on UK Adequacy Regulations and the UK Addendum to EU SCCs.
This summary is informational. The full Notice below controls in case of any conflict.
Print, Export & Relevant Links
Table of Contents
- Overview
- Legal Bases for Processing
- Your Rights Under UK GDPR
- Right of Access (Article 15)
- Right to Rectification (Article 16)
- Right to Erasure (Article 17)
- Right to Restriction of Processing (Article 18)
- Right to Data Portability (Article 20)
- Right to Object (Article 21)
- Automated Decision-Making & Profiling
- Complaints to the ICO
- International Data Transfers
- Contact Our DPO
- Contact
- Version History
Overview
This Notice describes how Upmos processes the personal data of individuals in the United Kingdom, in compliance with the UK GDPR (the assimilated form of EU Regulation 2016/679) and the Data Protection Act 2018 (“DPA 2018”).
Legal Bases for Processing
We rely on one or more of the following lawful bases under Article 6 of the UK GDPR:
- Contract — to provide the Services you have requested (account, orders).
- Consent — for marketing communications and non-essential cookies.
- Legitimate interests — for fraud prevention, security, analytics, and service improvement, subject to balancing against your rights.
- Legal obligation — for tax, accounting, and regulatory reporting.
Your Rights Under UK GDPR
You have the following rights, exercisable through Account > Privacy or by emailing privacy@upmos.com:
Right of Access (Article 15)
You may request a copy of the personal data we hold about you. We respond within one month, free of charge for reasonable requests, with up to a 2-month extension permitted for complex cases.
Right to Rectification (Article 16)
You may request correction of inaccurate personal data and completion of incomplete data. Most profile, address, and payment details can be self-edited; for system-recorded data, contact our DPO.
Right to Erasure (Article 17)
Often called the “right to be forgotten,” this allows you to request deletion of your personal data when:
- The data is no longer needed for the original purpose.
- You withdraw consent (and there is no other lawful basis).
- You object to processing and there is no overriding legitimate interest.
- The data was unlawfully processed.
- Legal compliance requires erasure.
Note: certain financial, tax, and fraud-prevention records are retained for legally required periods (typically 6-7 years).
Right to Restriction of Processing (Article 18)
You may request that we temporarily stop processing your data while we verify accuracy or investigate an objection.
Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used, machine-readable format (CSV/JSON), or request transmission directly to another controller where technically feasible.
Right to Object (Article 21)
You may object at any time to processing based on legitimate interests, including profiling. You may always opt out of direct marketing.
Automated Decision-Making & Profiling
Upmos uses automated systems for fraud detection, recommendation, and risk scoring. None of these systems produce legal or similarly significant effects without human review. You have the right to request human review of any decision you believe was made solely by automated means.
Complaints to the ICO
If you believe we have not complied with UK data-protection law, you may complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by phone at 0303 123 1113. We would appreciate the chance to address concerns directly first via our DPO.
International Data Transfers
Personal data of UK residents is transferred internationally only when:
- The destination country has UK Adequacy regulations (e.g., U.S. for organizations under the UK Extension to the EU-U.S. Data Privacy Framework).
- Standard Contractual Clauses (with the UK Addendum) are in place.
- Binding Corporate Rules approved by the ICO apply.
- An applicable derogation under Article 49 is engaged with informed consent.
Contact Our DPO
Our designated Data Protection Officer for UK matters is reachable at dpo@upmos.com or by writing to the mailing address at the bottom of this Notice.
How Can You Contact Us About This Policy?
If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:
General Contact
- Phone: 1(855)637-2433 (Mon–Fri, 9 AM–5 PM CST)
- General Support: support@upmos.com
- Report Issue: upmos.com/report
- Send Feedback: upmos.com/feedback
Department Directory
| Department | Purpose | |
|---|---|---|
| General Support | support@upmos.com | Account help, general inquiries |
| Legal | legal@upmos.com | Legal questions, appeals, terms inquiries |
| DMCA / Copyright | dmca@upmos.com | Copyright infringement notices & counter-notices |
| Privacy | privacy@upmos.com | Data requests, CCPA/GDPR inquiries |
| Fraud | fraud@upmos.com | Report fraudulent activity (24/7) |
| Security | security@upmos.com | Vulnerability reports, bug bounty |
| Disputes | disputes@upmos.com | Transaction & seller disputes |
| Refunds | refunds@upmos.com | Refund requests & status |
| Accessibility | accessibility@upmos.com | Accessibility issues & feedback |
Mailing Address
Upmos Inc.
9896 Bissonnet St
Houston, TX 77036
United States
Applicable Law
This notice is issued pursuant to the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and the UK Data Protection Act 2018. For general dispute resolution, binding arbitration, governing law, and jurisdiction provisions applicable to all Upmos policies, please refer to our Terms of Use.
Version History
Material revisions to this Policy are tracked below. Minor typographical fixes are not separately enumerated.
| Version | Date | Changes |
|---|---|---|
| v1.1 | May 12, 2026 | Restored chip navigation and the “In Plain English” non-binding summary box; rebuilt the jump-bar into three categorized columns (Overview / Coverage & Rules / Resolution & Help) and removed its sticky positioning; readability hardening for both light and dark mode so that strong/emphasis text, table cells, and contact-section labels remain legible regardless of the active theme. |
| v1.0 | May 11, 2026 | Initial publication under the Upmos Gold Standard policy format with full accessibility chrome, JSON-LD schema, dark mode, reading progress bar, two-column TOC, jump-bar, and Department Directory contact table. |
Manage Consent
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.