Privacy Policy

1. Who We Are

UP Commerce Ltd ("UP Commerce", "we", "us", "our") is a full-service e-commerce growth consultancy registered in England and Wales. We provide services including advertising management, listing optimisation, creative production, catalogue management, and full account management for brands selling on online marketplaces.

This Privacy Policy explains how we collect and use personal data when you visit our website (upcommerce.agency), make an enquiry, or use our services. It complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable e-privacy legislation.

2. Data We Collect

2.1 Information You Provide

• Name and contact details (email address, phone number) when you complete a contact form or book a call
• Business information (company name, marketplace URLs, business goals) when you engage our services
• Correspondence including emails, messages, and meeting notes
• Billing information (processed securely through our payment provider — we do not store card details)

2.2 Information Collected Automatically

• Browser type, device type, and operating system
• IP address (anonymised where possible)
• Pages visited, time on site, and navigation patterns (via analytics)
• Referral source (how you arrived at our website)

2.3 Third-Party Data

When you engage us as a service provider, we may access your marketplace seller account data solely for the purpose of delivering the services you have engaged us to provide. This data is accessed under a formal data processing agreement and never used for any other purpose.

3. How We Use Your Data

We use your personal data only for the following purposes and legal bases:

• Service delivery (Contract): Providing the e-commerce management services you have engaged us for
• Communication (Legitimate Interest): Responding to your enquiries and providing service updates
• Marketing (Consent): Sending newsletters or promotional content only if you have explicitly opted in
• Legal compliance (Legal Obligation): Meeting our obligations under UK law including tax and accounting records
• Improvement (Legitimate Interest): Analysing website usage to improve our services, always in an aggregated, anonymised form

4. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (HTTPS/TLS) for all website communications
• Access controls restricting data access to authorised personnel only, based on job role and business necessity
• Regular security reviews and incident response planning
• Staff training on data protection responsibilities
• Secure credential management — credentials are never stored in public repositories or shared insecurely

5. Incident Response and Data Breach Procedure

UP Commerce maintains a documented Incident Response Plan that includes the following provisions:

• Detection: All staff are trained to identify and escalate potential data security incidents immediately
• Assessment: Upon detection, incidents are assessed within 4 hours to determine scope and severity
• Notification: We will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach where it is likely to result in a risk to individuals' rights and freedoms
• Client notification: Affected clients are notified without undue delay, and no later than 72 hours after we become aware of an incident affecting their data
• Review: All incidents are documented, investigated, and used to improve our security practices
• Third-party marketplace data: Any security incident involving seller account data is escalated to the relevant marketplace platform within 24 hours of detection, in accordance with their service provider agreements

6. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

• Client data: Retained for the duration of our engagement plus 7 years for legal and accounting compliance
• Enquiry data: Retained for 2 years from last contact if no engagement commenced
• Website analytics: Anonymised aggregate data retained indefinitely; identifiable data deleted after 26 months
• Marketing preferences: Retained until you withdraw consent

Personally Identifiable Information (PII) relating to marketplace buyer data that we may access during service delivery is never stored beyond what is strictly necessary to perform the relevant service. We do not extract, copy, or retain buyer PII from marketplace platforms.

7. Third-Party Sharing

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients only where necessary:

• Service providers: IT infrastructure, cloud hosting, payment processing, and communication tools — all under data processing agreements
• Professional advisors: Solicitors, accountants, and auditors under confidentiality obligations
• Legal authorities: Where required by law or court order

All third-party processors are assessed for data protection compliance before we engage them. We do not transfer personal data outside the UK/EEA without appropriate safeguards.

8. Cookies

Our website uses cookies and similar tracking technologies. These fall into the following categories:

• Essential cookies: Required for the website to function correctly. These cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with our website (e.g. Google Analytics with IP anonymisation enabled). You may opt out via our cookie preference centre.
• Marketing cookies: Only set with your explicit consent.

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer, or by adjusting your browser settings.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to restriction: Request that we limit how we use your personal data
• Right to portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw any consent you have given at any time

To exercise any of these rights, contact us at bakar@upcommerce.agency. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

10. Children's Privacy

Our services are directed at businesses and business owners. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, we will notify existing clients by email. Your continued use of our website after changes are posted constitutes acceptance of those changes.

12. Contact Us