At Uphold, we take the security and privacy of our Members seriously. Although Uphold’s relationship with its customers is typically governed by general terms and conditions, Uphold is also legally bound by various laws and regulations concerning the manner in which it collects, uses, and processes Personal Data, including the EU General Data Protection Regulation 2016/679 (the “GDPR”)
What is GDPR?
The General Data Protection Regulation (2016/679) is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. GDPR replaces the 20 year old EU Data Protection Directive (95/46/EC).
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
GDPR provides EU individuals with additional rights, including:
Right to Access - Individuals can request a copy of the personal data we hold on them at any time
Right to Erasure - Individuals have the right for their personal data to be erased and no further use made of their data
Right to Object - Individuals can object to the processing of their personal data (e.g., direct marketing)
Does Uphold comply with GDPR?
Yes. We have reviewed our technical and organizational measures in accordance with the requirements of the GDPR. We have added amendments to our existing agreements to address GDPR data processing requirements. Uphold has additionally improved our internal policies and procedures to meet the GDPR compliance obligations.
You can learn more below and also in our updated privacy section.
What if I am not a European Citizen?
Our Privacy Policies and procedures have been updated for members worldwide. Therefore, all Uphold members, regardless of citizenship, will also have expanded personal data rights.
What if I am a business user or Uphold partner?
If you are a Partner using the Uphold API to send and receive Personal Data about or from your users, you must comply with GDPR regulations. If you are Partner, please reach out to firstname.lastname@example.org with any questions.
I am under 18, can I still use Uphold?
Previously, Uphold Members needed to be 13 years or older. GDPR stipulates that users 18 or younger must have parental consent. We have therefore decided to only offer Uphold Membership to people 18 years and over worldwide.
If you are under 18, please contact email@example.com with any questions.
What is Personally Identifiable Information Data (PII)?
Personally identifiable information (PII) as it pertains to the GDPR is information relating to an identified or identifiable natural person (‘data subject’)
It is a broad term and includes a wide range of information including;
What personal information does Uphold collect, use, and share?
Does GDPR affect how Uphold communicates with me?
We sometimes send you updates, promotions, and industry news via email, these are considered marketing communications.
Uphold has adopted a global explicit consent methodology for the use of customer email and other personal information for marketing communications regardless of country of origin,
If you decline to opt-in for this, you can still use Uphold, however, you will no longer receive promotional information, which can include BETA invitations and other announcements and we can no longer use your personal data for any marketing efforts. Marketing preferences can be accessed through your account profile and can be updated at any time.
We also send you transactional communications by email, such as transfer confirmations, verifications or legal updates. We will always send these emails even if you opt-out of marketing communications since they are an essential part of the Uphold service.
Can I close my account and delete my data?
Yes, you can close your Uphold account at any time. Prior to closing your account, you are required to withdraw all funds leaving a zero balance.
If you wish to close your account, please contact us at firstname.lastname@example.org.
Please note that, as a financial institution, we are required to maintain a record of your personal information/data for a legally required period of time, which can vary depending on your Country of residence. During this legally required window of time, your data will be securely held and only accessed if required for security or legal reasons. This means in some cases, especially if transactions have been conducted on your account, we can not delete your data right away. We will, however, delete any/all data after the legally required time has passed as per our standard company and regulatory data retention schedules, which in most cases is 7 years from when you cease to be our customer.
For account deletion requests where no transactions have been conducted on the account, please submit a data deletion request through our secure Data Subject Request Portal.
Can I request that all of my data be deleted or my right to be forgotten?
Yes. All data deletion requests are processed through our secure Data Subject Request Portal.
We will review your request and your account and advise if your request can be processed based upon the status of your account and whether or not any transactions have been processed.
Please note; Data deletion requests require that your account be closed and that all funds have been removed from your account. Additionally, as a financial institution, we are required to maintain a record of your personal information/data for a legally required period of time, which can vary depending on your Country of residence. During this legally required window of time, your data will be securely held and only accessed if required for security or legal reasons. This means in some cases, especially when transactions have been conducted on your account, we cannot delete your data right away. We will, however, delete any/all data after the legally required time has passed as per our standard company and regulatory data retention schedules, which in most cases is 7 years from when you cease to be our customer.
How do I get a copy of my Data?
You can request a copy of all the data that we have on file associated with your Uphold account activities, by submitting a request through our secure Data Subject Request Portal.
How to update my information?
If you believe that the Personal Information that we have on file is incorrect, it is possible to request that we update our records. If you wish to change your information please email email@example.com