Seller Privacy Policy

Welcome to Upcite's Seller Privacy Notice

What does this Privacy Notice Cover?

This Privacy Notice covers the position where Upcite is the Controller of your personal data. Please see the end of this Privacy Notice where Upcite is a Processor.

At all times, Upcite respects your privacy and is committed to protecting your Personal Data. We want to be transparent with you about how we collect and use your Personal Data in making available our website and tell you about your privacy rights and how the law protects you.

Therefore, this Privacy Notice describes how Upcite collects and processes your personal data, which may be either through your use of the Upcite website; or through your interaction with Upcite through marketing activities and social media. The Privacy Notice complies with and is intended to meet our duties of Transparency under the retained EU law version of the General Data Protection Regulation (“UK GDPR”) and The Data Protection Act 2018.

It is important that you read this Privacy Notice together with any other privacy processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that at all times, you are fully aware of how and why we are using your personal data.

Who we are and how to contact us

Who we are

Upcite Limited is a company registered in England and Wales (number 13535230) at 12 John Martin Street, Haydon Bridge, NE476AA.

We are registered with the information Commissioners Office (“ICO”) reference number:  ZB318484.

Where we refer to “Upcite”, “we”, “us” or “our” in this Privacy Notice we mean Upcite Ltd.

How to contact us

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about it, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

You can contact us by emailing or by writing to 12 John Martin Street, Haydon Bridge, NE47 6AA.

What personal data we collect

Category of Personal Data Being Collected  What This Means
Identity Data Including; full name, username or similar identifier.
Contact Data Including; email address, phone number and postal address.
Profile Data Including; your password, an optional profile picture.
For Sellers - Payment Information  Including; sort code; account name; account number; or a different form of payment method you choose for us to release funds to.
Transaction Data Including; any details about payments to and from you.
Technical Data Including; website related usage such as Internet Protocol (IP) address; your login data, browser type and version; time zone setting and location; device language settings; page interaction (such as scrolling, clicks and mouse-overs) device type and model; operating system and platform and other technology on the devices you use to access this Platform or use our services.
Marketing and Communications Including; your preferences in receiving marketing communications from us and third parties and your communication preferences; our communications with you (which may include correspondences, call and video records, transcriptions and analysis thereof).


Aggregated Data

We may use and share personal data as “Aggregated Data” for statistical and analytical purposes only. Aggregated may be derived from your personal data but once in aggregated form it will not constitute personal data for the purposes of the UK GDPR as this data does not directly or indirectly reveal your identity. However, if we connect or combine your Personal Data with Aggregated Data so that it can directly or indirectly identify you, we will then treat the combined data as Personal Data which will be used in accordance with this Privacy Notice.

Special Categories of Personal Data

We generally do not collect any “Special Categories of Personal Data” about you (including data about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data, criminal convictions and offences).

Our Notice on Children

This platform is not intended for individuals below the age of 16 and we do not knowingly collect data relating to such children. If you believe there is an instance where we have processed the data of any person under 16 years of age please contact our DPO at; or writing to us at 12 John Martin Street, NE47 6AA.

How we collect your Personal Data


Directly from in-website chat, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:

  • Create an account:
  • Enrol in our services:
  • Creating a seller account
  • Completing surveys or entering promotional activities
  • Giving us feedback or contacting us


Automated Technologies or Interactions

As you interact with the Upcite website, we will automatically collect technical data about your browsing actions, equipment and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies. Please see the Cookie section for further details.

Third Party Data Source  Categories of Personal Data Received  Purpose 
Analytics providers (such as Google based outside the UK). Technical To understand and measure how users are interacting with our website to improve it and report relevant aggregated management information. To also track and identify any occurring issues.
We use, Shopify and Shopify Payments to run our website facilitate transactions that partner with arrange of payment providers such as; Paypal, Apple Pay, Discover, Google Pay, Mastercard, American Express, Shop Pay, UnionPay, Visa, Maestro and Diners Club. FAQ of Shopify Payments Transactional To fulfil our services, legal obligations, HMRC, accounting purposes, dealing with queries and refunds, to perform aggregated reporting and analytics.
Webkul as a Shopify plug-in. Link. Transactional To facilitate the marketplace functionality of the website. Including storing seller orders and seller sales data within their Upcite profiles.
Webkul as a Shopify plug-in. Link. Transactional For sellers; this includes receiving information in order to process and release payments from orders to sellers, legal obligations and dealing with queries and refunds.
Other Shopify Plug ins such as; Automate Shipping ProfilesConsent GDPR. Functionality and compliance To be compliant and for website functionality.


How we use your Personal Data

We will only use your Personal Data where we have a lawful basis to do so. Below, in table format, states how we use your Personal Data.

Purpose Categories of Personal Data Why Do We Do This? Our Legal Basis For This Use Of Data 
Account Creation  Identity, contact.  To register you as a new seller allowing you; to add products to Upcite, message other Upcite users and to sell on Upcite.  Performance of contract.
Customer Services Identity, Contact, Profile, Marketing and Communications Data, Customer Support and Technical. To Provide User Support. Performance of contract.
Compliance and Fraud Prevention Identity, Contact, Behavioural, Technical, Financial. To keep our website and associated systems secure. To keep your data and identity secure. Performance of Contract.
Troubleshooting Technical To track issues that might be occurring on our website or systems. Performance of contract, Legitimate Interest.
Facilitating transactions Transactional, Identity. Facilitating transactions, HMRC, Legal, dealing with queries and refunds and accounting purposes. Performance off contact.
Optimization and Analytics.  Identity, Contact, Transactional, Behavioural, Technical. To measure, monitor and understand how users interact with our website to improve it and report relevant aggregated management information.  Performance of contract, Legitimate interest.
Surveys Identity, Contact, Profile. Improving Our Services. Legitimate Interests
Service Improvement and Development Contact, Profile, Identity, Transactional, Behavioural, Technical and Other Personal Data. To monitor and improve our existing Upcite services and develop news services where we think would be of interest to our users. Legitimate Interests
Research and Statistics Transactional, Behavioural, Technical, Identity, Contact, Profile, Financial and Other Personal Data. We use a varied range of rigorous  scientific methods to help us better understand our users and how to support them. Legitimate Interests
On-Website Communication Between Users Identity, Contact. To facilitate contact between users. Performance of Contact, Legitimate Interests. 



At all times, we prioritise your preferences regarding certain Personal Data uses – particularly around marketing and advertising.

Promotional offers from us

If you have requested to receive information from us or obtained services services from us, you will receive marketing communications from us (including email and push notifications) and you have not opted out or unsubscribed from receiving marketing communications.

You will receive marketing communications by text/ email / WhatsApp only where you have provided consent.

Third Party Marketing

We will obtain your opt-in consent before we share any of your information with third party services.

Opting Out

You can ask us to stop sending you marketing communications at any time by clicking “unsubscribe” within marketing communications or emailing STOP to Please allow for two working days for instruction to take effect in all of our systems.

Who we share your Personal Data with

We may share your Personal Data with the third parties set out below for the purposes set out in this privacy notice:

  • If you opt-in to email or have obtained services from us, we may share your Personal Data with Mailchimp to perform email marketing activities with you.
  • Professional advisers. For the provision of consultancy, banking, insurance, accounting and similar services.
  • If you opt-in to receiving additional cookies, you may collect data on you via This is to help improve our services and understand user behaviour for marketing and functionality purposes.
  • me Reviews. As a Shopify plugin, to receive reviews and testimonials for the website.
  • EcomSend Popups. As a Shopify plugin, to collect new email marketing subscribers for those who sign up.
  • HM Revenue & Customs, regulators and other authorities acting as processors, and our principals, who require reporting of processing activities in certain circumstances.

We require all third parties to at all times, respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our strict instructions.

International data transfers

Many of our external parties are based outside of the UK so their processing of your personal data will involve a transfer of data outside of the UK.  Main partners outside of UK and their privacy polices;

Where we transfer your Personal Data outside the UK, we ensure a similar degree of protection is provided to it by ensuring at least one of the following safeguards is implemented:

  • We use certain service providers, we may use specific contacts approved for use in the UK in which give Personal Data the same level of protection as in the UK.
  • Personal Data is only transferred to countries that have been deemed to provide an adequate level of protection for Personal Data.

How do we keep your Personal Data secure

We limit access to your personal data to agents, contractors and other third parties on a strict business need to know basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. We have also put in place necessary technical and operational security measures designed to prevent your Personal Data from misuse, loss destruction or alteration. 

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally obligated to do so. If you suspect any misuse or loss of, or unauthorised access to, your personal data, you should inform us immediately.

How long we store your Personal Data

We will only retain your Personal Data for as long as we reasonably need to use it for the purposes stated above in “How we use your personal data and why”, unless a longer period is required (for example, regulatory or legal purposes).

Generally, we store your data for as long as your using Upcite and for five years after that for compliance purposes. In some circumstances, for example in the case of the law like fraud, we may keep data longer if we need to and / or the law obligates us to.

Website usage and marketing data is typically held for 3 years.

What happens when you do not provide necessary Personal Data?

Where we need to process your Personal Data to perform contractual elements relating to our services or in regards to legal obligations, we may not be able to perform the contract we have or potential contact with you (e.g. core website functionalities).

In this instance, we may have to stop you from using our services for which we will notify you by phone or email.

Automated Decision Making

Upcite does not provide automated decision making, including profiling, concerning or significantly affecting you.

Third Party Links

Upcite is a multi-vendor marketplace. Therefore, there may be external links on the website (e.g. provided by other users/sellers) to third-party website, applications and external plug-ins. If you click on those links, you may enable those third parties to collect Personal Data on you. We do not control these third-party websites and are not responsible for their privacy polices. When you leave our website, we encourage you to research and read the Privacy Policy for every new site you visit.


You have control over your cookie usage. You can set your browser to refuse all or some browser cookies. Please note that if you refuse or disable all browser cookies, some core aspects of the website may not function properly or may become inaccessible. More information is available here regarding our cookie policy.

Your rights relating to your personal data

By law, you have the right to:

You have certain rights under the law such as; requests to access your information, to manage it and to request for it to be deleted or transfer information about you or to restrict the way it is used.

  • Request access to your personal data. This is usually referred to as “data subject access request” and enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold on you. Where we have incomplete or inaccurate information on you, this enables you to have such data corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove your Personal Data where there is no good reason for us to continue processing it. You also have the right to ask us to erase or remove your Personal Data where you have exercised your right to object to processing (see below text). Please note, however, that we may not always be able to comply with your request of deletion for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest (or those of a third party) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground as you feel it impacts on your rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling & legitimate grounds to process your information which override your fundamental rights and freedoms.
  • Request the restriction of processing your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want to confirm it’s accuracy.
  • Request the transfer of your Personal Data. We will provide you or a third party of your choice, your Personal Data in a commonly-used structure, machine-readable format. Please note that this right only applies to automated information you initially provided consent for us to use or where we have used the information to perform a contract with you.
  • Withdraw consent. This right only exists where we are requiring on consent to process your Personal Data (“Consent Withdrawal”). If you choose you to withdraw consent, you may not be able to provide core functionalities of our website. We will advise you of this at the time of withdrawal.

How to exercise your rights

If you to wish to exercise any of these rights where we are the data Controller, please contact us via the details provided in the section “Who We Are and How To Contact Us”. Where we are the Processor, please contact the controller (this will usually be your employer). If you are unsure, please reach out to us and we would be happy to help establish who would be the best person to help you. Due to our own contractual obligations with the controller, we may be required to advise the controller of the request.

Normally, you will not have to pay to access any of your rights. However, expect in relation to Consent Withdrawal, we may charge a fee, or refuse to comply with the request If it is unfounded, excessive or repetitive.

We may require specific information from you to help us confirm your identity in order to exercise any of your rights, including those relating to Data Protection. This is a safety measure on our side to help ensure Personal Data is not disclosed to any person with no right of receiving it. We may also ask you further questions in relation to your request.

Usually, all legitimate requests are response to within one month. If request is particularly complex or you have made a number of requests, it may take longer than usual. We will keep you updated regardless.


If you would like to make a complaint regarding this Privacy Policy or our practices in using your Personal Data, please contact us: We aim to respond within one business day and aim to resolve issues within the shortest period possible.

We are obligated to provide a final response within 15 business days. It is vital that if you submit a complaint, we both must first attempt to resolve the issue directly between us. However, if you feel your complaint as inadequately been resolved, UK GDPR gives you the right to contact our lead supervisory data protection authority

At any time, you have the right to contact the ICO to make a complaint. However, we would appreciate the chance to resolve your concerns with you before you approach the ICO so please contact us in the first instance.

Where we are a processor

Where we are a Processer of your Personal Data, we will operate under the Data Protection Agreement with the relevant Controller.

This privacy notice is version 2.0 and was last updated 8th May 2024. We will post any changes to this Privacy Notice on this page.