UK GDPR Notice and UK Privacy Rights
Effective Date: January 1, 2026 | Last Revised: June 11, 2026 | Version 1.3
Your Rights
Legal Basis
Access
Erasure
Portability
ICO
Transfers
About this UK GDPR Notice and UK Privacy Rights. This Policy covers the rules, obligations, and rights that apply to this policy on the Upmos marketplace. Read the full text below; by using our Services you agree to comply with it.
In Plain English (Non-Binding Summary)
- UK GDPR Overview. If you are in the United Kingdom, Upmos processes your personal data under the UK GDPR (as retained in UK law by the EU (Withdrawal) Act 2018) and the Data Protection Act 2018. Upmos acts as the data controller. You may contact our DPO at uk-privacy@upmos.com.
- Legal Basis for Processing. Upmos processes UK personal data on the bases of: contract performance (fulfilling your order); legal obligation (tax, fraud prevention); legitimate interests (fraud detection, platform improvement); and, where required, your explicit consent (marketing communications, cookies). You may withdraw consent at any time.
- Right of Access & Rectification. You have the right to request a copy of the personal data Upmos holds about you (Subject Access Request) within one month of request. If your data is inaccurate or incomplete, you have the right to have it corrected without undue delay.
- Right to Erasure & Restriction. You may request deletion of your personal data where it is no longer necessary for the purpose collected, where consent is withdrawn, or where you object and Upmos has no overriding legitimate interest. Where erasure is not possible (e.g., legal hold), Upmos will restrict processing instead.
- Right to Portability & Objection. You may request your personal data in a structured, machine-readable format for transfer to another controller where processing is based on consent or contract. You have an absolute right to object to direct-marketing processing; for other processing, Upmos will balance your interests against legitimate grounds.
- Automated Decisions & ICO Complaints. You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects. If Upmos conducts automated decision-making, you may request human review. If you are unhappy with Upmos’s response, you may lodge a complaint with the ICO at ico.org.uk.
- International Transfers. Upmos transfers UK personal data to the United States and other countries. Transfers rely on UK Adequacy Regulations (where applicable), the UK Addendum to EU Standard Contractual Clauses, and Binding Corporate Rules where in force. You may request a copy of the relevant transfer mechanism from our DPO.
This summary is informational. The full Notice below controls in case of any conflict.
Print, Export & Relevant Links
Table of Contents
- Overview
- Legal Bases for Processing
- Your Rights Under UK GDPR
- Right of Access (Article 15)
- Right to Rectification (Article 16)
- Right to Erasure (Article 17)
- Right to Restriction of Processing (Article 18)
- Right to Data Portability (Article 20)
- Right to Object (Article 21)
- Automated Decision-Making & Profiling
- Complaints to the ICO
- International Data Transfers
- Contact Our DPO
- Contact
- Version History
Overview
This Notice describes how Upmos processes the personal data of individuals in the United Kingdom, in compliance with the UK GDPR (the assimilated form of EU Regulation 2016/679) and the Data Protection Act 2018 (“DPA 2018”).
Legal Bases for Processing
We rely on one or more of the following lawful bases under Article 6 of the UK GDPR:
- Contract — to provide the Services you have requested (account, orders).
- Consent — for marketing communications and non-essential cookies.
- Legitimate interests — for fraud prevention, security, analytics, and service improvement, subject to balancing against your rights.
- Legal obligation — for tax, accounting, and regulatory reporting.
Your Rights Under UK GDPR
You have the following rights, exercisable through Account > Privacy or by emailing privacy@upmos.com:
Right of Access (Article 15)
You may request a copy of the personal data we hold about you. We respond within one month, free of charge for reasonable requests, with up to a 2-month extension permitted for complex cases.
Right to Rectification (Article 16)
You may request correction of inaccurate personal data and completion of incomplete data. Most profile, address, and payment details can be self-edited; for system-recorded data, contact our DPO.
Right to Erasure (Article 17)
Often called the “right to be forgotten,” this allows you to request deletion of your personal data when:
- The data is no longer needed for the original purpose.
- You withdraw consent (and there is no other lawful basis).
- You object to processing and there is no overriding legitimate interest.
- The data was unlawfully processed.
- Legal compliance requires erasure.
Note: certain financial, tax, and fraud-prevention records are retained for legally required periods (typically 6-7 years).
Right to Restriction of Processing (Article 18)
You may request that we temporarily stop processing your data while we verify accuracy or investigate an objection.
Right to Data Portability (Article 20)
Where processing is based on consent or contract and carried out by automated means, you may receive your personal data in a structured, commonly used, machine-readable format (CSV/JSON), or request transmission directly to another controller where technically feasible.
Right to Object (Article 21)
You may object at any time to processing based on legitimate interests, including profiling. You may always opt out of direct marketing.
Automated Decision-Making & Profiling
Upmos uses automated systems for fraud detection, recommendation, and risk scoring. None of these systems produce legal or similarly significant effects without human review. You have the right to request human review of any decision you believe was made solely by automated means.
Complaints to the ICO
If you believe we have not complied with UK data-protection law, you may complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by phone at 0303 123 1113. We would appreciate the chance to address concerns directly first via our DPO.
International Data Transfers
Personal data of UK residents is transferred internationally only when:
- The destination country has UK Adequacy regulations (e.g., U.S. for organizations under the UK Extension to the EU-U.S. Data Privacy Framework).
- Standard Contractual Clauses (with the UK Addendum) are in place.
- Binding Corporate Rules approved by the ICO apply.
- An applicable derogation under Article 49 is engaged with informed consent.
Contact Our DPO
Our designated Data Protection Officer for UK matters is reachable at dpo@upmos.com or by writing to the mailing address at the bottom of this Notice.
How Can You Contact Us About This Policy?
If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:
General Contact
- Phone: 1(855)637-2433 (Mon–Fri, 7 AM–8 PM CT)
- General Support: support@upmos.com
- Report Issue: upmos.com/report
- Send Feedback: upmos.com/feedback
Department Directory
| Department | Purpose | |
|---|---|---|
| General Support | support@upmos.com | Account help, general inquiries |
| Legal | legal@upmos.com | Legal questions, appeals, terms inquiries |
| DMCA / Copyright | dmca@upmos.com | Copyright infringement notices & counter-notices |
| Privacy | privacy@upmos.com | Data requests, CCPA/GDPR inquiries |
| Fraud | fraud@upmos.com | Report fraudulent activity (24/7) |
| Security | security@upmos.com | Vulnerability reports, bug bounty |
| Disputes | disputes@upmos.com | Transaction & seller disputes |
| Refunds | refunds@upmos.com | Refund requests & status |
| Accessibility | accessibility@upmos.com | Accessibility issues & feedback |
Mailing Address
Upmos Inc.
9896 Bissonnet St
Houston, TX 77036
United States
Applicable Law
This notice is issued pursuant to the UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018, and the UK Data Protection Act 2018. For general dispute resolution, binding arbitration, governing law, and jurisdiction provisions applicable to all Upmos policies, please refer to our Terms of Use.
Version History
Material revisions to this Policy are tracked below. Minor typographical fixes are not separately enumerated.
| Version | Date | Changes |
|---|---|---|
| v1.3 | June 11, 2026 | Content audit: header Last Revised updated May 12 → June 11, 2026; JSON-LD dateModified updated 2026-05-12 → 2026-06-11; VH table reduced to single row (v1.0 removed, v1.2 replaced with v1.3); TL;DR box converted from to 7-bullet
tag (retained on |
Manage Consent
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.