GDPR Compliance | Data Protection

Upswitch is fully committed to compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all users within the European Union and European Economic Area.

Our GDPR Commitment

As a European M&A platform, we take data protection seriously and have implemented comprehensive measures to ensure full GDPR compliance. We process personal data lawfully, transparently, and for specific, legitimate purposes only.

Your Rights Under GDPR

Right to be Informed

You have the right to know how your personal data is collected, used, stored, and shared. This information is detailed in our Privacy Policy and data processing notices.

Right of Access

You can request a copy of the personal data we hold about you, including information about how it's processed. We'll provide this information in a commonly used electronic format.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly through your account settings.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the original purpose.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.

Right to Object

You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. You can opt out of marketing communications at any time.

How We Protect Your Data

Technical Measures

• End-to-end encryption for sensitive data
• Secure cloud infrastructure
• Regular security audits and penetration testing
• Multi-factor authentication
• Automated backup and disaster recovery

Organizational Measures

• Staff training on data protection
• Data processing agreements with vendors
• Privacy by design and by default
• Regular compliance reviews
• Incident response procedures

Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

• Contract: To fulfill our contractual obligations to you
• Consent: Where you have explicitly agreed to specific processing
• Legitimate Interest: For our business operations and service improvement
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect your vital interests or those of others

Data Transfers

When we transfer personal data outside the EU/EEA, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Certification schemes and codes of conduct
• Binding Corporate Rules (BCRs) where applicable

Data Retention

Our retention schedule is aligned with our Privacy Policy and Terms. We keep personal data only as long as necessary:

• Account data: Active account period + up to 24 months after termination
• Client/business dossier data: Default up to 24 months after last activity (configurable by client)
• Post-termination export window: 90 days to request an export
• Backups: Rolling 90-day retention
• Technical logs: Maximum 12 months
• Billing and invoice records: 7 years (legal requirement)

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Contact Us About Privacy

hello@upswitch.app

Use Your Account Settings

Access, update, or delete much of your personal data directly through your account dashboard.

Submit a Formal Request

Send us a detailed request via email. We'll respond within 30 days and may need to verify your identity for security purposes.

Complaints and Supervisory Authority

If you believe we have not complied with GDPR requirements, you have the right to:

• Contact us directly to resolve the issue
• Lodge a complaint with your local supervisory authority
• Contact the Belgian Data Protection Authority (our lead supervisory authority)

Belgian Data Protection Authority

Website: autoriteprotectiondonnees.be

Address: Rue de la Presse, 35, 1000 Brussels, Belgium

Phone: +32 (0)2 274 48 00

Updates to Our GDPR Compliance

We continuously review and update our data protection practices to ensure ongoing GDPR compliance. Any material changes will be communicated through our website and directly to affected users.

View Privacy Policy Contact us about privacy

Your Rights Under GDPR

Right to be Informed

You have the right to know how your personal data is collected, used, stored, and shared. This information is detailed in our Privacy Policy and data processing notices.

Right of Access

You can request a copy of the personal data we hold about you, including information about how it's processed. We'll provide this information in a commonly used electronic format.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly through your account settings.

Right to Erasure

Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the original purpose.

Right to Restrict Processing

You can request that we limit how we use your personal data in specific circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.

Right to Object

You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. You can opt out of marketing communications at any time.

How We Protect Your Data

Technical Measures

• End-to-end encryption for sensitive data
• Secure cloud infrastructure
• Regular security audits and penetration testing
• Multi-factor authentication
• Automated backup and disaster recovery

Organizational Measures

• Staff training on data protection
• Data processing agreements with vendors
• Privacy by design and by default
• Regular compliance reviews
• Incident response procedures

Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

• Contract: To fulfill our contractual obligations to you

• Consent: Where you have explicitly agreed to specific processing

• Legitimate Interest: For our business operations and service improvement

• Legal Obligation: To comply with applicable laws and regulations

• Vital Interest: To protect your vital interests or those of others

Data Retention

Our retention schedule is aligned with our Privacy Policy and Terms. We keep personal data only as long as necessary:

• Account data: Active account period + up to 24 months after termination
• Client/business dossier data: Default up to 24 months after last activity (configurable by client)
• Post-termination export window: 90 days to request an export
• Backups: Rolling 90-day retention
• Technical logs: Maximum 12 months
• Billing and invoice records: 7 years (legal requirement)

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Contact Us About Privacy

hello@upswitch.app

Use Your Account Settings

Access, update, or delete much of your personal data directly through your account dashboard.

Submit a Formal Request

Send us a detailed request via email. We'll respond within 30 days and may need to verify your identity for security purposes.

Complaints and Supervisory Authority

If you believe we have not complied with GDPR requirements, you have the right to:

• Contact us directly to resolve the issue

• Lodge a complaint with your local supervisory authority

• Contact the Belgian Data Protection Authority (our lead supervisory authority)

Belgian Data Protection Authority

Website: autoriteprotectiondonnees.be

Address: Rue de la Presse, 35, 1000 Brussels, Belgium

Phone: +32 (0)2 274 48 00