Skip to content
Upvendo· upvendo.be

Last updated: 2026-06-17

This privacy notice is published in the official language(s) of each country we operate in. Where translations differ, the version in your national language governs (per local data-protection law). The English version is provided as a courtesy translation only.

Privacy Notice

Last updated: June 17, 2026

Who we are

"Upvendo" refers to one of two affiliated entities, depending on where you are located:

  • Upvendo BV (the "EU Entity"), a Belgian private limited company with registered office at Kalvekeetdijk 179, 8300 Knokke-Heist, Belgium, is the data controller for personal data of visitors, customers and users located in the European Economic Area, the United Kingdom or Switzerland.
  • Upvendo, Inc. (the "US Entity"), a Delaware corporation with registered office at 300 Delaware Avenue, Suite 210, Wilmington, DE 19801, United States, is the controller for personal data of visitors, customers and users located in the United States.

For individuals located elsewhere, the EU Entity acts as controller by default unless otherwise stated in your contract.

Each entity is referred to in this notice as "Upvendo", "we", "us" or "our". This notice describes how each entity collects, uses and shares personal data in connection with our websites (upvendo.com and the ccTLD variants .be, .nl, .fr, .de), our software, kiosks and related services (the "Services").

Personal data we collect

Information you provide directly

  • Contact details (name, business address, phone, email)
  • Order and billing information (billing/shipping address, VAT number, payment confirmation references)
  • Account credentials (username, password hash, security questions)
  • Communications with our sales, support and partner teams
  • Information submitted through our configurator, demo bookings, partner applications and contact forms

Information collected automatically

When you use the Services we collect device and usage information through cookies and similar technologies, including IP address, browser characteristics, referrer, pages visited and interactions. We use these technologies only where you have given consent (EEA/UK/CH visitors) or on a legitimate-interest basis (US visitors). See the "Cookies" section below.

Information from third parties

We may receive personal data from vendors, service providers, payment processors (Stripe Payments Europe Ltd. for EEA payments; Stripe, Inc. for US payments), edge infrastructure providers (Cloudflare), advertising networks and resellers. Historical data may also have been collected through our former Shopify storefront and remains subject to this notice until deletion.

How we use personal data

We use personal data to:

  • Provide, operate and improve the Services
  • Process orders, invoices and payments
  • Provide customer support, training and onboarding
  • Send service communications and, where permitted, marketing
  • Detect, investigate and prevent fraud, abuse and security incidents
  • Comply with legal, tax and regulatory obligations

Where required by EU/UK/CH law, the legal bases on which we rely are: performance of a contract (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR), our legitimate interests in running and securing the Services (Art. 6(1)(f) GDPR), and your consent for marketing and non-essential cookies (Art. 6(1)(a) GDPR).

Cookies

The Site uses cookies grouped into four categories:

  • Required, necessary for the Site to function (cannot be disabled)
  • Personalization, remember your preferences across visits
  • Marketing, used by us and our advertising partners to show relevant ads and measure campaigns
  • Analytics, help us understand how visitors use the Site

EEA/UK/CH visitors must explicitly opt in to non-required categories before any non-essential cookie is set. US visitors are auto-granted and can revoke at any time via the "Cookie preferences" link in the footer. The Site honors Global Privacy Control signals where applicable.

How we share personal data

We share personal data with:

  • Service providers acting as processors — payment processors (Stripe), edge and hosting infrastructure (Cloudflare, GitHub), customer communications tools, analytics providers — bound by a written processing agreement.
  • Affiliates and group companies — between Upvendo BV and Upvendo, Inc. for the purposes set out in this notice, under appropriate intra-group transfer safeguards.
  • Business partners and resellers — where you have engaged a reseller or where attribution is relevant to your contract.
  • Authorities and other third parties — where required by law, court order or to protect rights, property or safety.
  • Acquirers — in connection with a merger, financing or sale, subject to confidentiality.

We do not sell personal data within the meaning of US state privacy laws and we do not use personal data for cross-context behavioural advertising unless you have opted in via the cookie banner.

International transfers

The Services are operated jointly by Upvendo BV (Belgium) and Upvendo, Inc. (United States). Personal data may therefore be transferred between the European Economic Area and the United States, and between Upvendo and its processors in other jurisdictions.

Where personal data of EEA, UK or Swiss individuals is transferred outside those regions to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914), the UK International Data Transfer Addendum or the Swiss equivalent, supplemented by appropriate technical and organisational measures. EU customer traffic is served from Cloudflare's European edge by default.

Data retention

We retain personal data for as long as needed to provide the Services and meet our legal, accounting and reporting obligations. When personal data is no longer needed, we delete or anonymise it. Specific retention periods are available on request.

Children

The Services are intended for businesses. We do not knowingly collect personal data from children under 16.

Your rights

Depending on where you are located, you may have rights to:

  • Access the personal data we hold about you
  • Request correction or deletion
  • Receive a portable copy
  • Object to or restrict certain processing
  • Withdraw consent (without affecting prior lawful processing)
  • Opt out of "sales", "sharing" or targeted advertising under US state privacy laws
  • Appeal a refusal of any of the above

To exercise these rights, email privacy@upvendo.com. We will respond within the time limits set by applicable law (typically 30 days under the GDPR; 45 days under most US state laws).

EEA/UK/CH residents have the right to lodge a complaint with their national data protection authority. The Belgian supervisory authority is the Autorité de protection des données / Gegevensbeschermingsautoriteit.

Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit and at rest, least-privilege access, security logging and an incident-response process. See the Security page for more detail. No system is perfectly secure, and we cannot guarantee absolute security.

Contact

For privacy questions or to exercise your rights, contact:

Email: privacy@upvendo.com

Upvendo BV (EU controller): Kalvekeetdijk 179, 8300 Knokke-Heist, Belgium

Upvendo, Inc. (US controller): 300 Delaware Avenue, Suite 210, Wilmington, DE 19801, United States

Under Article 27 GDPR, EEA individuals may also contact our Belgian establishment directly at the address above.

Changes

We may update this notice from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated through the Site or by email where appropriate.

Cookie preferences

We use cookies to make the site work, personalize your experience, measure traffic, and show relevant ads. Required cookies are always on; the rest is your choice. Cookie policy