U
Uprev

GDPR Compliance

Your Rights Under the General Data Protection Regulation

Your Rights Under GDPR

As a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). Uprev is committed to facilitating the exercise of these rights.

Right to Access

You have the right to request a copy of all personal data we hold about you. This includes information about how we process your data, the purposes of processing, and any third parties with whom we share your data.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you. If your data is incomplete, you have the right to have it completed.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased for compliance with a legal obligation

Right to Restrict Processing

You have the right to request that we limit how we use your data when:

  • You contest the accuracy of the data
  • The processing is unlawful but you oppose erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification of legitimate grounds

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds for the processing.

How to Exercise Your Rights

For Merchants

If you are a merchant using Uprev, you can exercise your rights by emailing us at:

gdpr@uprev.app

For Customers of Merchants

If you are a customer of a store using Uprev, please contact the merchant directly. The merchant is the data controller for your personal data.

Uprev acts as a data processor on behalf of the merchant. The merchant is responsible for responding to your data rights requests.

Data Processing Agreement

Merchants may request a Data Processing Agreement (DPA) that outlines our obligations as a data processor under GDPR.

To request a DPA, please email: legal@uprev.app

Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers are located.

We ensure appropriate safeguards for international data transfers through the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Service
  • Legitimate Interests: Improving our services, fraud prevention, security
  • Consent: Where you have given explicit consent (e.g., marketing)
  • Legal Obligation: Compliance with applicable laws

Response Timeline

We respond to all valid GDPR requests within 30 days of receipt. If we need additional time due to complexity or volume of requests, we will notify you within the initial 30-day period.

Right to Lodge a Complaint

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

Data Protection Contact

For all GDPR-related inquiries, please contact: