The Foreword.
This Privacy Policy is created to describe to you, in easily accessible and transparent manner, the following:
- What data are collected from you when you use or browse the Website;
- For what purposes these data are collected and on what legal bases;
- With whom these data may be or will be shared(specify to you the recipients of your personal data);
- The retention period for the collected data;
- What rights can you exercise within the framework of the processing of your personal data.
Information about us (the controller).
Under the Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or “the UK GDPR”), the “controller” means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”.
https://upstream-technologies.com/ is controlled and operated, and the digital assets are provided by UPSTREAM TECHNOLOGIES LP, the Company incorporated under the laws of the United Kingdom, Company number: SL032038, Registered address: International House, 38 Thistle Street, Edinburgh, Scotland, EH2 1EN. UPSTREAM TECHNOLOGIES LP is the controller within the framework of this Policy and your use of the Website and our services and products (including digital assets) and hereinafter shall be referred to as the “Company”, “we”, “us”, “our”.
E-mail address of our DPO (Data Protection Officer) – dpo@upstream-technologies.com;
E-mail address for other inquires or general questions – info@upstream-technologies.com.
The data concerning you processed by the Company.
Log Data. Log Data are collected automatically by the Cloudflare Services when you visit the Website and include the following:
- Your IP address;
- System configuration information;
- Other information about traffic to and from the Website.
Contact Data. When you send a message/mail/inquiry to the Company via available e-mail address or via the interface of the Website, you provide the following information to the Company:
- Your name;
- Your e-mail address;
- The subject of your message (including all the personal data it may contain);
- The message itself including all the information it contains.
Marketing Data. We may also collect the data concerning the status of your subscription to our marketing newsletter (whether have you consented). You will always have a possibility to unsubscribe from this newsletter by the interface of the mail from us or by sending a withdrawal of your consent to the usage of your data for sending to you our marketing newsletter.
Order Data. When you order any digital asset, provided via the Website, you, in addition to the Contact Data, provide us with the following information:
- The information about your order.
Payment data. When you make the payments/transactions for the digital assets or any other products or services, obtained via the Website, you hereby provide the following information:
- The information about your transactions(including all the data necessary to identify the transactions).
The data, collected by Google Services. To find out what data are collected by Google LLC, please, visit Google LLC clause.
Why do we collect these data and on what legal bases?
To Protect the Website from cyberattacks and other digital threats. We use the Cloudflare Services in order to protect this Website from any forms of cyberattacks and digital threats.
The legal basis for this processing: Article 6(1)(f) of the UK GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
To protect the Website and the Company from fraud, abuse, collusion and illegal activity. We use your Payment Data and the Order Data to protect the Company from abuse, fraud, and other unfair activity or illegal activity.
The legal basis for this processing: Article 6(1)(f) of the UK GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
To analyse the audience of the Website. The Company uses the data, collected by Google Services, in order to:
- Understand the audience of the Website, their preferences and needs;
- To find out geographic distribution of our audience;
- To find out how our audience use the Website;
- To find out how the audience of the Website react to the changes made in the Website;
- To protect the Website from spam and abuse. For example, the Company uses Google reCAPTCHA to distinguish whether an input is made by an individual or robot, algorithm, code, or by any other form of automated processing.
- Make our Website, digital assets and services more user friendly (having researched the audience of the Website with the use of the data, collected by Google Analytics).
The legal basis for this processing: Article 6(1)(f) of the UK GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
To comply with the applicable legislation. We may use your data for the purposes of compliance with the legal obligations, to which the Company is subject.
The legal basis for this processing: Article 6(1)(с) of the UK GDPR: processing is necessary for compliance with a legal obligation to which the Company is subject.
To provide you with our digital assets. We may use your Contact data, Payment Data, Order Data in order to provide you with the digital assets of the Company.
The legal basis for this processing: Article 6(1)(b) of the UK GDPR: processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contact.
Analysis and research. We may anonymize the data concerning you, which have been processed by the Company, and conduct research and analysis with in order to identify how the audience of our Website use the Website, our digital assets and the services that we provide to corporate customers.
The legal basis for this processing: Article 6(1)(f) of the UK GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
To contact you. Your personal data may be used in order to contact you:
a) When communicating with you in the framework of the provision to you our digital assets or any services under the contract between you and the Company.
The legal basis for this processing: Article 6(1)(b) of the UK GDPR: processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
b) To answer to your data subject`s requests or other legal requests.
The legal basis for this processing: Article 6(1)(с) of the UK GDPR: processing is necessary for compliance with a legal obligation to which the Company is subject.
c) To send you our Newsletter. If you have consented to receive our Newsletter, you will be provided with relevant emails.
The legal basis for this processing: Article 6(1)(a) of the UK GDPR: you have given consent to the processing of your data.
d) To answer to general questions or contact you when the situation may require this communication (for example, when you ask about general issues and/or ask general questions about the Company, its products and services, etc.).
The legal basis for this processing: Article 6(1)(f) of the UK GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
Processing of children`s data.
The Website is not intended for individuals under the age of 18 years (“legal age”). If you are a parent or a legal guardian and found that your child had used our Website, please contact us via any available communication channel and appropriate measures will be applied by the Company.
Recipients of your data.
Under the Article 4(9) of the UK GDPR “recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.”
Here you can find the recipients of your data and the reason for the disclosure of your data to them:
Affiliates, sub-contractors of the Company. Some facilities, services, and tools used by the Company, may belong to the legal entities (companies) other than UPSTREAM TECHNOLOGIES LP. Thus, your personal data may be shared with these recipients.
Payment Services Providers, Financial Institutions. The data about your payments for the digital assets are to be processed by financial institutions, payment services providers, banks, or other similar entities that may be engaged in processing of your payment/transaction. Thus, the data about your payments/transactions are to be disclosed to them.
Public Authorities. In case if the Company is obliged to disclose your personal data to the public authorities (which includes, without limitation, police, court(s), and governmental financial organisations) in accordance with the legal obligation to which the Company is subject, the Company will disclose your personal data to these recipients.
Google LLC. The Company uses Google Services, provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which includes Google Analytics, Google Tag Manager and Google reCAPTCHA (if applicable).
a) Google Analytics.The Website uses Google Analytics, a web analytics service. Google Analytics collects the following information concerning you:
- The total time you spend on the Website;
- The time you spend on each page and in what order those pages were visited;
- What internal links were clicked (based on the URL of the next pageview);
- The IP address, user agent string;
- Initial page inspection that analytics.js performs when creating a new tracker object is used to determine your geographic location, what browser and operating system are being used, your device`s screen size and whether flash or java is installed, and the referring site;
- The Company also uses Google Analytics to count pageview hit. Pageview hit is a metric defined as the total number of pages viewed.
The information generated to a Google server in the USA and stored there. Google Analytics Opt-out Browser Add-on provides visitors and users with the ability to prevent their data from being collected and used by Google Analytics. To install Google Analytics Opt-out Browser Add-on, follow this link: https://tools.google.com/dlpage/gaoptout?hl=en.
b) Google Tag Manager. Google Tag Manager is a tool made by Google that allows the Company to integrate and manage tags (snippets of code) into our Website.
c) GooglereCAPTCHA (if applicable). The Company uses Google reCAPTCHA protects the Website from spam and abuse. This tool is primarily used to distinguish whether an input is made by an individual or robot, algorithm, code, or by any other form of automated processing.
If you want to find out more about how Google processes your data, please, follow Google`s Privacy Policy https://policies.google.com/privacy. Additionally, you can find the information about certification of Google under EU-US and Swiss-US Privacy Shield frameworks https://policies.google.com/privacy/frameworks?hl=en&gl=de.
Cloudflare, Inc. The Company uses the services, provided by Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA. Сloudflare provides web optimization and security services that the Company uses to improve and protect the Website, including a reverse proxy, pass-through security service. Cloudflare may collect the log data from the visitors of the Website. Additionally, the Company deployed a Cloudflare`s cookie file for security purposes (see Cookies Policy to find out more). To find out more about processing of the data by Cloudflare, please follow https://www.cloudflare.com/privacypolicy/. Additionally, you can find Cloudflare’s Privacy Shield Framework Statement via the link https://www.cloudflare.com/privacyshield/.
The legal basis for usage of Google LLC. and Cloudflare, Inc. services: Article 6(1)(f) of the UK GDPR- processing is necessary for the purposes of the legitimate interests pursued by the Company and the third party.
Transfer of the data by Google LLC. and Cloudflare, Inc. under the E U – U.S. Privacy Shield Framework.
Google LLC. and Cloudflare, Inc. are certified under EU-U.S. Privacy Shield Framework – this framework protects the fundamental rights of anyone in the EU whose personal data (any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly) is transferred to the United States for commercial purposes. It allows the free transfer of data to companies that are certified in the US under the Privacy Shield. For more information on the Privacy Shields, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.
The period for which the personal data will be stored.
Google Analytics Data – a period of 28 (twenty-eight) months. Contact Data: as long as required for the purpose of your communication/message/request. If you have entered into business relationships with the Company (for example, ordered our digital assets): the Company will retain your data for a period of six (6) years starting from the date of the provision to you its digital assets or services; this period is grounded on the Limitation Act 1980.
Your rights under this Privacy Policy.
As the data subject, you have several rights, which you can implement by contacting the Company via email dpo@upstream-technologies.com.
These rights are:
The right to access. You have the right to obtain from the Company confirmation as to whether or not the data concerning you are being processed, and, if the Company indeed processes your personal data, to receive a copy of the personal data undergoing processing.
The right to rectification. You have the right to obtain from the Company the rectification of inaccurate personal data concerning you.
The right to erasure/to be forgotten. You have the right to obtain from the Company the erasure (removal) of your personal data. Upon your request, your personal data shall be removed. This right shall be applied if: i) your personal data are no longer needed for the purposes, for which these data were collected; ii) you have withdrawn your consent (if you have provided this consent) and there are no other legal bases for further processing; iii) the Company doesn’t need to keep your personal data for the purposes of compliance with the legislation; iv) the data were processed unlawfully; v) there are no any restrictions of this right by the applicable legislation; vi) in other cases, when tр erasure (removal) is required or permitted by the applicable law.
The right to object to processing. You have the right to object, on grounds relating to your particular situation, to processing of your personal data, if the grounds of this processing were necessary for the purposes of the legitimate interests pursued by the Company (Article 6(1)(f)). Additionally, you have the right to object to processing of your personal data for direct marketing purposes (if applicable).
The right to restriction of the processing. You have the right to obtain from the Company restriction of the processing, in case if one of the following applies: a) you contested to the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; c) the Company no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; d) you have objected to processing on the basis of your right to object pending to verification whether your legitimate grounds override those of the Company.
The right to data portability. You have the right to receive from the Company the data, which were collected from you, in a structured, machine-readable format and have the right to transmit those data to another controller (simply, to another company). Nevertheless, this rule applies only to the processing, which:
- Was carried out by automated means;
- Isbased on Articles 6(1)(a) and 9(2)(a) of the UK GDPR (consent) or/and is based on the Article 6(1)(b) of the GDPR- processing which was carried out under the contract between you and the Company.
The right to withdraw consent. If you previously consented (under Article 6(1)(a) of the GDPR) to the processing of your data, you have the right to withdraw this consent at any time. It means that the Company shall stop processing of the personal data, for processing of which the consent was required, starting from the date of the withdrawal. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Please note, that these rights are applicable with some restrictions:
- If the Company is not sure about the identity of the requestor,the Company shall verify the identity of a user/visitor who requests for implementation of any of the rights before the implementation of this right.
- The Company may restrict the rights, specified above, or deny in implementation of any of the rights, if this restriction or denial is grounded on the legislation, to which the Company is subject. In this case, the Company will specify to you the reason for the denial in the reply to your request.
The right to lodge a complaint with the supervisory authority. You can always contact the Company`s Data Protection Officer for any issue concerning your privacy, including complaints. Nevertheless, if you believe that your rights under the data protection legislation have been infringed, you can lodge a complaint with the Information Commissioner’s Office of the United Kingdom (ICO). The Website of the ICO: https://ico.org.uk/.
Third-party Websites.
This Website may contain the links to the Websites, owned and operated by the third parties. For example, links/hyperlinks to third-party`s websites. You follow those links/hyperlinks at your own risk. The Company bears no liability for the content of any third-party`s websites and bears no responsibility for anything, what can happen as a result of your visit to those third-party`s websites. The Company recommends you to visit “Privacy Policy” or “Data Policy” or another privacy document on any of these third-party`s websites before submitting any information to the latter.
Changes to this Policy.
The Company may change, amend or modify this Privacy Policy from time to time. If the Company does, the Company will let you know by revising the date of this Privacy Policy. The Company encourages you to review the Privacy Policy whenever you access our Website. By continuing to use our Website after Privacy Policy changes go into effect, you agree that you have read, understood and agree with the new version of the Policy.
Cookies Policy.
The Website uses cookies. A cookie is a small file of letters and numbers that placed on your electronic device. We use these cookies for various purposes.
We use cookies in order to:
- Protect this Website from the cyberattacks or any form of abuse (“security cookies”);
- Some cookies are essential in order to provide you with the Website. If these cookies are disabled, the Website will not work (“essential cookies”);
- Distinguish you from other visitors and users of the Website, which helps the Company to provide you with a good experience when you browse the Website and allows the Company to improve the Website (“analytics cookies” and other applicable).
Cookies used by the Website.
Essential and Security Cookies. These Cookies are essential and enable you to use the Website and provide access to the features of the Website. Some cookies (see below) are used in order to protect this Website. These cookies cannot be disabled.
Name of the cookie | Source | Expiration time | Purpose of use |
__cfduid | The Website. | 1 month. | This cookie is a security feature deployed by the Company in order to protect this Website. The _cfduid does not allow for cross-site tracking. It also does not allow for Cloudflare to follow visitors from site to site by merging various _cfduid identifiers into a profile. Rather, Cloudflare places the _cfduid cookie in a visitor’s web browser after the user has met certain security requirements. The _cfduid is a one-way hash of certain values and cannot be used to personally identify the individual. |
Analytics. We use Google Analytics cookies to collect information about how visitors use our website. You can always disable these cookies through our cookie consent tool.
Name of the cookie | Source | Expiration time | Purpose of use |
_ga | Google Analytics. | 2 years. | These cookies are used to collect information about how visitors use the Website. We use the information to help us improve and enhance our Website. |
_gid | 2 hours. | ||
_gat | 1 minute. | ||
_gat_gtag_UA_139847697_1 | 1 minute. |