Privacy Notice
Privacy Notice – Your Personal Data
This Privacy Notice explains how we collect, use, store, and protect your personal data in compliance with:
- The General Data Protection Regulation (GDPR)
- The New York SHIELD Act
- The California Consumer Privacy Act (CCPA), as amended by the CPRA
1. Who We Are
We are responsible for processing your personal data. If you have any questions or concerns, please contact us:
Email: privacy@upf.org
Postal address: 866 United Nations Plaza, Suite 529, NY 10017
2. What Data We Collect
We may collect the following categories of data (as defined by CCPA and GDPR):
- Identifiers: name, email address, phone number, IP address
- Customer records: billing, payment details, transaction history
- Sensitive personal information: government ID, health data, biometric data (where relevant)
- Internet/technical data: browsing history, usage logs, device information
- Inferences: preferences, characteristics, trends based on your interactions
We do not knowingly collect data from children under 13 (COPPA compliance). For minors aged 13–16 in California, consent is required before selling or sharing data.
3. Purposes & Legal Bases for Processing
We process personal data only for lawful purposes, including:
- Service delivery and account management (contract performance)
- Customer support and communications (legitimate interests)
- Legal obligations (tax, fraud prevention)
- Marketing and newsletters (consent, where required)
- Improvement of services and analytics (legitimate interests, opt-out rights in CA)
4. How We Share Your Data
We may disclose personal data to:
- Service providers (IT, hosting, payment processors)
- Regulators or law enforcement if legally required
- Affiliates or business partners (with your consent where required)
California-specific disclosure:
We do not sell your personal data. If we engage in “sharing” data for targeted advertising, California residents have the right to opt out.
5. Your Rights
You have the right to:
- Access / Know what categories and specific pieces of personal data we hold (GDPR Art. 15; CCPA §1798.110)
- Rectify inaccurate information (GDPR Art. 16)
- Delete personal data (GDPR Art. 17; CCPA §1798.105)
- Restrict or object to processing (GDPR Art. 18, 21)
- Portability – request a copy in a portable format (GDPR Art. 20; CCPA §1798.100(d))
- Opt-out of the sale or sharing of personal data (CCPA §1798.120)
- Limit use of sensitive personal information (CPRA)
- Non-discrimination – you will not be denied services or charged different prices for exercising your rights (CCPA §1798.125)
To exercise your rights:
- EU/NY: contact us using the details above.
We will verify your identity before fulfilling requests as required by law.
6. Data Security
We use technical, organizational, and physical safeguards as required under GDPR, the New York SHIELD Act, and the CCPA/CPRA to protect your data.
7. Data Retention
We keep your data only as long as necessary for the purposes outlined or as required by law, then securely delete or anonymize it.
8. Data Breach Notifications
In the event of a breach, we will notify you as required by:
- GDPR Art. 34 (if high risk to your rights)
- NY SHIELD Act
- California law (California Civil Code §1798.82).
9. Updates
We may update this Privacy Notice. The latest version will always be available at: