@anoraknophobia Just so you know, I’m attacking this from two sides. The first is just a bit of a lecture to Users in general. It’s because people tend to skip this stuff when they need to pay very close attention. So here’s the User lecture first:
It’s usually important for you and others to always read Terms. I’m guessing you skipped over it? For example, under their Terms they have a portion called:
How do we use your Personal Data, and on what legal basis do we collect and process your Personal Data?
If you go down, you’ll see:
Behavioral Advertising and Analytics (including attribution statistics)*: For those who choose to consent (opt-in) to our targeted advertising cookies, this process includes combining different account, transactional, marketing, and cross-device tracking. When we apply these techniques we may use your Personal Information to provide you with targeted advertisements, banners, or marketing communications we believe may be of interest to you. We may also use information from your mobile device, such as: browser type, device type and model, IDFA Identifiers, CPU, system language, memory, OS version, Wi-Fi status, time stamp and zone, device motion parameters and carrier for advanced attribution, acquisition, and analytical purposes including personalized or lookalike advertising. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page here.
*If you have chosen to consent to our targeted advertising cookies but would like to change your mind and opt-out, you can do so by using the links below:
Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/. Or by visiting any of the links below: http://optout.networkadvertising.org/or http://youronlinechoices.eu/.
In other words, if you just hurriedly accepted things when you created your Uphold account, you likely approved Uphold to share data with all of those advertisers.
How do we use your Personal Data to inform you and market to you?
In compliance with applicable laws, we may send you personalized marketing information, including by email, and such information may include product and service updates, industry news, our events, activities and offers, information about our business and personnel, and tips. We may combine your Personal Data such as age, transaction history, account usage to improve the value and specificity of these communications.
You can ask us to stop sending you marketing messages or information at any time by following the “unsubscribe” link on any marketing message sent to you or by updating your contact preferences directly on the Uphold Platform. Please note, it may take up to 10 days for this to take effect. Where you opt-out of receiving these marketing messages or publications, this will not apply to Personal Data collected by or provided to us in connection with a specific purpose, request, order, event or activity or any dealings with you, and you may still receive emails from us relating to the operation of the Uphold service, like transaction confirmations.
Of course, the most interesting part is about selling or sharing your information.
How do we share your Personal Data?
We sometimes share your information internally between employees and contractors of the Uphold Group (including those based outside the European Economic Area (“EEA”)), in particular in connection with activities undertaken jointly or in common with such group members and/or provide IT and system administration services and undertake management reporting.
We do not sell, trade or otherwise transfer your Personal Data to third parties other than third parties who assist us in operating our Service, third parties who assist us in facilitating certain programs and other business arrangements for which you have expressly agreed to participate, management and reporting, maintaining compliance with relevant laws (including compliance with relevant anti-corruption, anti‐bribery, anti‐terrorism, and anti‐money laundering laws), conducting our business or supporting our users, or providing you with applications or services integrated via our API. We require that those third parties agree to keep this information confidential and secure on the same conditions and protection levels we provide to you as a user, in accordance with relevant privacy laws, including the GDPR. A complete list of our sub-processors can be viewed here
We may also release your information to certified and authorized law enforcement officials when we believe release is appropriate to comply with the law, enforce our terms or policies, or protect the rights, property, or safety of Uphold, our users, or others. We have a set of guidelines for how we engage with law enforcement officials that are available to the public here.
Finally, in the event of the sale or transfer of ownership, your data would be shared with the new owners.
What’s intriguing about it the most is you’ll often hear:
We do not sell, trade or otherwise transfer your Personal Data
But what you don’t often hear is what follows that:
other than third parties who assist us in operating our Service, third parties who assist us in facilitating certain programs and other business arrangements for which you have expressly agreed to participate
So they do sell or share data. It’s just to specific people, which you can see many of at https://uphold.com/legal/uphold-subprocessor-list in terms of who and why.
And yes, leaks have happened, such as https://apps.web.maine.gov/online/aeviewer/ME/40/d88e1395-b0d8-4d35-b07c-439b80ae8f07.shtml where last year approximately 150 people were affected.