EU-U.S. and Swiss-U.S. Privacy Shield Policy

Last updated: 2 July 2019

UPPmarket Inc. (“UPPmarket”, “we”, “our” or “us”) has subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). UPPmarket adheres to the Privacy Shield Principles including the Supplemental Principles, (collectively, the “Privacy Shield Principles”) for Personal Data received from entities in the European Economic Area (the “EEA”) and Switzerland.

This UPPmarket Privacy Shield Policy (“Privacy Shield Policy”) and the UPPmarket Privacy Policy (“Privacy Policy”) describe the privacy practices that we implement for Personal Data received from the EEA or Switzerland in reliance on the Privacy Shield. This Privacy Shield Policy uses terms which are defined in the Privacy Policy.

If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles as concerns the Personal Data received under the Privacy Shield, the Privacy Shield Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program visit www.privacyshield.gov, and to view our certification, please visit https://www.privacyshield.gov/list.

Privacy Shield Principles

1. and 2. Notice and Choice

Our Privacy Policy describes how we use Personal Data we receive from different sources. This Privacy Shield Policy describes how we process Personal Data covered by the Privacy Shield.

If you are a User, UPPmarket may act as an agent for you in relation to the Personal Data that you provide or make available to UPPmarket. UPPmarket usually will not have a relationship with your Reseller Channel. Here, the User is responsible for ensuring that Resellers are provided with appropriate notice and choice with respect to their Personal Data.

In its role as a controller and as required by applicable law, UPPmarket generally offers individuals in the EU and Switzerland (together: “EEA/CH Consumers”) the opportunity to choose whether their Personal Data may be (i) disclosed to third-party controllers or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant EEA/CH Consumer. To the extent required by the Privacy Shield Principles, UPPmarket obtains opt-in consent for certain uses and disclosures of sensitive data. EEA/CH Consumers may contact UPPmarket as indicated below regarding the UPPmarket’s use or disclosure of their Personal Data. Unless UPPmarket offers EEA/CH Consumers an appropriate choice, UPPmarket uses Personal Data only for purposes that are materially the same as those indicated in this Policy.

3. Data Integrity and Purpose Limitation

We only collect Personal Data that is relevant to providing our Services. We process Personal Data compatible with us providing the Services or as otherwise notified to you. We take reasonable steps to ensure that the Personal Data received under the Privacy Shield is needed for UPPmarket’s Services, accurate, complete, and current.

4. Accountability for Onward Transfers

This Policy and the Privacy Policy describe how UPPmarket shares Personal Data.

Except as permitted or required by applicable law and in accordance with UPPmarket’s role as a controller or processor, UPPmarket provides EEA/CH Consumers with an opportunity to opt out of sharing their Personal Data.

UPPmarket, Inc. is responsible for the Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. UPPmarket, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, and Switzerland including the onward transfer liability provisions. UPPmarket further commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to data transferred from the EU and Switzerland in the context of the employment relationship. With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, UPPmarket, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, UPPmarket, Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, UPPmarket, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, UPPmarket, Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5. Data Security

We use reasonable and appropriate physical, electronic, and administrative safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.

6. Access to Personal Data

Our Privacy Policy explains how you may access and/or submit requests to review, correct, update, suppress, or delete Personal Data. You can ask to review and correct Personal Data that we maintain about you by sending a written request to privacyshield@uppmarket.com. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome, expensive under the circumstances, or as otherwise permitted by the Privacy Shield Principles.

When UPPmarket acts on behalf of its Users, UPPmarket will assist Users in responding to individuals exercising their rights under the Privacy Shield Principles.

If you are a Customer of a User, please contact the User directly with your request to access or limit the use or disclosure of your Personal Data. If you contact us with the name of the User to which you provided your Personal Data, we will refer your request to that User and support them in responding to your access request.

7. Recourse, Enforcement and Dispute Resolution

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.

In the event we are unable to resolve your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. UPPmarket, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

Contact Information

If you have any questions regarding this Privacy Shield Policy, please contact us by email at privacyshield@uppmarket.com, or please write to the following address:

UPPmarket, Inc.

PO Box 1481

Troy, N 12189

Attention: UPPmarket DPO

Changes to this Privacy Shield Policy

This Privacy Shield Policy may be changed from time to time, consistent with the requirements of the Privacy Shield and in accordance with the process described in the Privacy Policy. You can determine when this Privacy Shield Policy was last revised by referring to the “LAST UPDATED” date at the top of this page.