UPFLEX PRIVACY NOTICE
Date of Last Revision: 4 April 2022
Upflex, Inc. (“Upflex”), (“we,” “us,” or “our”) knows that you care how information about you (“you,” or “your,”) is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
This Privacy Notice describes how we collect, store, process, share, and use information collected when you access our websites:
- https://explore.upflex.com/, and
- https://spaces.upflex.com (“Websites”), and
our mobile application (accessed through Upflex Mobile Application (“Application”) (collectively, “Sites”), or engage us to provide the services provided via our Sites, or related training or support (collectively, the “Services”).
By accessing or using our Sites or Services, you signify that you agree to be bound by our Terms and Conditions at: https://upflex.com/legal/user/ and this Privacy Notice. If you do not agree to the terms of this Privacy Notice, you must discontinue using our Sites and Services.
Information We Collect and How We Use It
We collect several types of data about individuals: (1) technical data automatically collected from visitors to our Sites and individuals who use the Services, (2) information that you or others voluntarily submit to us.
Our primary purpose in collecting personal information is to personalize your user experience, maintain, provide and improve our Services, Sites, and business, and for internal operations, including troubleshooting, data analysis, testing, and survey purposes. We may also use third-party service providers, partners, or affiliates to help us operate our business; provide, support, maintain, or secure our Services, or administer activities on our behalf, such as events or marketing campaigns. It may be necessary to provide or allow access to your personal information to these third-party service providers, partners, or affiliates for those purposes.
Information We Collect From You
We collect a variety of information that you provide to us. While parts of the Services may not require you to provide any information that can directly identify you by name (such as if you choose to browse our website), the specific types of information we collect will depend upon the Services you request and the information you choose to provide. For example, we collect information from you when you:
- register on our site or subscribe to our Services or to our newsletter
- submit requests, ideas, or questions via online forms, email, online blogs/forums, or otherwise
- submit reviews about the Services
- upload to or share documents or files with the Services
- integrate third-party services with our Service
- request customer support or technical assistance
- search for reviews about you or your business
- any other information you choose to directly provide to us in connection with our delivery of the Services
Site Registration and Purchase of Services. When registering on our site, using our payment function(s), or subscribing to our Services, as appropriate, we may collect your:
- contact information, such as name, email address, mailing address, and phone number
- account credentials, such as username and password
- firm-related information, such as company or firm name, industry, role, or professional details
- location information, if enabled by you
- biometric information in the form of a photograph, if you choose to upload
- IP address and device fingerprints
- payment-related information, such as credit card information or other banking information
- and other associated information necessary to provide you with the Services.
Form Submissions and User-Initiated Communication. If you fill in forms on our Sites or communicate with us via phone, email, or otherwise, we may collect your contact information and firm-related information, as well as other information you may provide to us, such as customer service interactions with us.
API Integrations. We may collect information about you or your employees, clients, or customers when you connect an API that integrates with our Services. We use this information only for the purpose of providing the requested Services to you.
Third-Party Personal Information. We may collect information from you about your employees, clients or customers, including sensitive details such as geo-location data, when you choose to share their personal information with us, upload or disclose to us, or otherwise grant access to their personal information for the purpose of using our Services. It is your responsibility to decide whether you may do so pursuant to applicable law and legal and ethical standards.
Information We Collect Through Automated Means
We automatically track certain information based upon your behavior on the Sites. We use this information to do internal research on demographics, interests, and behavior to better understand, protect, and serve you.
Device Information. When you access our Sites or Services, we collect device information that can be used to identify you or your device. These identifiers may include IP address, hardware and software information, browser type, device event information, crash data, cookie data, and the pages you have viewed or engaged with before or after accessing our Sites or Services.
User Activity Information. We record information about your behavior on our Sites and when using our Services. This includes details about how you use our Sites or Services, such as content accessed, time viewed, links clicked, Internet service provider (ISP), referring/exit pages, date/time stamp, and clickstream data. We may use this information to monitor our Services and how they are used in order to inform decisions to improve our Sites and Services.
Cookies we use on our Sites may include session cookies, persistent cookies, and targeting cookies. Each cookie expires after a certain period of time, depending on what we use it for. A session cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Targeting cookies may record your visit to our Sites, the pages you have visited and the links you have followed. We will use this information to make our Sites and Service more relevant to your interests.
- To provide the Service (strictly necessary)
- To provide you with personalized content and easier to use (essential functionality)
- To gather metrics and track the success of our marketing campaigns (marketing)
For more information see our Cookies Notice located on the Sites.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Outside of the EU, you can clear and manage your browser settings at any time.
Use of Information
We, or our service providers, use (process) your information for various purposes depending on the types of information we have collected from you, in order to:
- Verify or authenticate your identity or credentials where you wish to exercise a right or for security purposes
- Complete a transaction (including invoicing and accounting)
- Provide the Services you have requested
- Respond to your request for information and provide you with more effective and efficient customer service
- Contact you by email, phone, or mail regarding our Services, surveys, testimonials/interviews, promotions, special events, and other subjects that we think may be of interest to you or data analytics
- Help us better understand your interests and needs, and improve the Services, as well as our Sites
- Secure our Sites and Services and resolve crashes and other issues being reported
- Notify you of service updates or other updates
- Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
- Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
- to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings)
- to notify you about changes to our Services, our terms or this Privacy Notice.
Combined Information. For the purposes discussed in this Privacy Notice, we may combine the information that we collect through the Services with information that we receive from your engagement with our Sites and use such combined information in accordance with this Privacy Notice.
Aggregate Data. We may aggregate information collected through our Sites and Services so that the information can no longer be linked to you or your device. We may use the combined information for any internal purpose, including without limitation for marketing purposes.
Disclosure of Information with Third Parties. We share your personal information with the following types of third parties:
Affiliates and Subsidiaries. We may share information we collect within our family of companies to deliver our services to you, and to enhance our services and your customer experience.
Service Providers. We share your information with select third parties who assist us in operating our Sites, conducting our business, and providing services to us on your behalf. They provide a variety of services to us, including billing, sales, database management, product content and features, research and surveys, customer service, data storage, security, fraud prevention, payment processing, and legal services. They have access to perform these services but are prohibited from using your information for other purposes. See further information here on our Service Providers: https://upflex.com/legal/subprocessor-list/.
Protection of Us and Others. By accessing our Sites or using our Services, you acknowledge and agree that we may also release your information when required by law or in good faith believe that such access, retention or disclosure is reasonably necessary to comply with the law or legal process (e.g., a subpoena or court order), enforce our Privacy Notice or other contracts with you, including investigations of potential violations thereof, or protect our or others’ rights, property, or safety, respond to claims that any content violates the rights of third parties; or respond to your requests for customer service. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.
Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
Public Forums. Certain features of our Services may make it possible for you to share comments publicly with other users. Any information that you submit through these features is not confidential, and we may use it for any purpose (including in testimonials or other marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Accordingly, please take care when using these features.
Third Party Sites / Social Media. From time to time, we may post customer testimonials and/or customer interviews on third party sites and/or social media, which may include customer names and photographs but only with appropriate consent.
Integrations. On your instructions, we share your information or data if you choose to use an integration in conjunction with the Services, to the extent necessary to facilitate that use. For further information contact us at: [email protected]
Partners. From time to time, we may engage in marketing and promotional activities with other brands (our “Partners”), which we think will appeal to our customers. Partners may be provided with non- identifying or aggregate information indicating the demographic information of customers on our Sites, purchasing activities, and opportunities to market to select segments of our customer base indirectly. When we share aggregate customers data, we do so in a way that it cannot be linked with a customer’s personal information.
General Data Protection Regulation (GDPR)
Data Controller and Data Processor. While using the Services, you may choose to upload, share, or store personal information about you and/or your clients, employees or customers. To the extent such personal information would be considered personal data under the General Data Protection Regulation (“GDPR”), and to the extent that we process this personal data on your behalf, you are a data controller, and we are a data processor, meaning that you direct the manner in which such personal data is collected and used as well as the determination of the purposes and means of the processing of such personal data.
Legal Bases for Uses of Information. The legal bases for using information as set out in this Privacy Notice are as follows:
- Where use of your information is necessary to perform our obligations under a contract with you,
- Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Sites, to operate our business and our Services, to make and receive payments, to comply with legal requirements and to defend our legal rights, or prevent fraud and to know the customer to whom we are providing Services), or
- Where we are required to process information in accordance with a valid legal obligation; or
- Where we have your consent, in accordance with applicable law.
International Transfer of Personal Information. The information discussed in this Privacy Notice is processed in the United States by Upflex.
Upflex will provide an appropriate data processing agreement that will be agreed upon and executed by both of us before Upflex begins providing any Services that will involve transfer of your personal information to or from the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions requiring specific data protection terms.
Data Subject Rights and Choices. Depending on your jurisdiction of residence, you may have certain rights with respect to your information. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us. Your local laws (e.g., may provide you with the following rights:
- Disclosure of the categories of personal information we have collected from you and about you or that is sold or disclosed to third parties
- Disclosure of the categories of sources from which the personal information is collected
- Disclosure of the business or commercial purpose for collecting or selling your personal information
- Disclosure of the categories (or specific list) of third parties with whom we share personal information
- Disclosure of the specific pieces of personal information we have collected about you
- The right to update or correct your data
- The right to object to the use of your data
- The right to restrict the use of your data
- The right to the erasure of your data
- The right to transfer your data to another data controller
- The right to withdraw consent
- Non-discrimination related to the exercising of your rights
- The right to opt-out from sales of your personal information to third parties
We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from these time requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.
Marketing Communications and Sharing
You may instruct us not to use your contact information to contact you regarding services, promotions, surveys and special events that might appeal to your interests by contacting us using the information below. You can also opt out by following the instructions located at the bottom of any commercial emails messages you may receive.
Please note that, regardless of your request, we may still use and share certain information as permitted by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you, or important notifications regarding the Services we are providing to you, such as service-related announcements (e.g., if our Services are temporarily suspended for maintenance).
Or, if you have downloaded our mobile application and enabled push notifications on your mobile device, we may send you alerts and notifications through push notifications, for example, to communicate status updates on our Services. However, you may choose to disable these notifications (except for the initial notification intended to verify your identity).
Privacy Notice for Residents of Certain U.S. States
Some U.S. state laws provide state residents with additional privacy rights. We are not currently subject to any US state law which grants its residents with additional privacy rights, including the California Privacy Rights Act.
Do Not Track Disclosure
Regulatory agencies such as the U.S. Federal Trade Commission have promoted the concept of Do Not Track as a mechanism to permit Internet users to control online tracking activity across websites through their browser settings.
We currently do not process or comply with any web browser’s “do-not-track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our Sites or use our Services.
Children’s Online Privacy Protection Act Compliance
Our Services are all directed to people who are at least 18 years old or older.
We do not knowingly collect any “personal information” (as defined by the U.S. Children’s Online Privacy Protection Act) from anyone under 18 years of age without valid parental consent. If we become aware that we have collected such personal information without parental consent, we will take reasonable steps to delete it as soon as possible.
We also do not knowingly directly collect data of EU residents under the age of 18 without parental consent. If we become aware that we have directly collected such personal information without parental consent, we will take reasonable steps to delete it as soon as possible.
We also comply with other age restrictions and requirements in accordance with applicable local laws.
Retention of Information
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
Protection of Information. We implement a variety of security measures designed to protect the safety of your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction when you register or sign up for a subscription for our Services or enter, submit, or access your personal information. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us via the Internet.
Third Party Links and Websites
This Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties, including those that operate websites to which our Sites link. The inclusion of a link on our Sites does not imply that we or our affiliates endorse the practices of the linked website.
In the event that our Sites link to other websites that include our branding, this Privacy Notice does not apply to those other websites. Visitors to those websites are advised to carefully read the notices on those individual websites.
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, our Services, or advances in technology. We will make the revised Privacy Notice accessible through our Sites and the Services, so you should review the Privacy Notice periodically. The “Date of Last Revision” included at the beginning of this Privacy Notice will indicate when it was last updated.
By continuing to access or use our Sites or Services, you are confirming you have read and understand the latest version of this Privacy Notice.
Representative for Data Subjects in the EU, UK and Turkey
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/12321850633
Data Protection Officer
We have appointed a Data Protection Officer based on professional qualities and expert knowledge of data protection law and practices. The Data Protection Officer is tasked with ensuring that we always comply with our responsibilities under applicable data protection legislation.
Contact details of the Data Protection Officer:
Email: [email protected],
or write to us the DPO:
833 Broadway, New York, New York 10003 USA
If you have any questions about our Privacy Practices or this Notice, please contact us at:
Email: [email protected],
or write to us at:
833 Broadway, New York, New York 10003 USA