Umptly Ltd – Customer Privacy Notice

Last updated: 01 August 2025

Umptly Ltd (“we,” “us,” or “our”) is the controller of your personal data. This privacy notice explains how we collect, use, store, and share your personal information, and informs you of your rights under UK data protection law.

For more on controllers and their responsibilities, see the ICO guidance on data protection principles, definitions, and key terms.

1. Contact Details

Controller: Umptly Ltd
Email: info@umptly.co.uk

2. What Information We Collect, Use, and Why

We collect and use personal information for various purposes as outlined below:

2.1 Providing and Improving Products and Services

  • Names and contact details

  • Addresses

  • Occupation

  • Payment details (card/bank info for transfers and direct debits)

  • Transaction data (payments to/from you, purchased products/services)

  • Usage data (website, product, and service interactions)

  • Compliments or complaints

  • Website user information

  • Business role/title, industry sector

2.2 Operation of Client or Customer Accounts

  • Names and contact details

  • Addresses

  • Purchase/service history

  • Account information (registration details)

  • Security information

  • Marketing preferences

  • Technical data (browser, operating system details)

2.3 Prevention, Detection, Investigation or Prosecution of Crimes

  • Names and contact details

  • Client account records

  • Financial information (fraud prevention/detection)

  • Location data

2.4 Marketing and Information Updates

  • Names and contact details

  • Addresses

  • Profile information

  • Marketing preferences

  • Purchase/account history

  • Website/app usage journey

  • IP addresses

2.5 Research or Archiving

  • Names and contact details

  • Addresses

  • Purchase/account history

  • Website/app usage journey

  • IP addresses

2.6 Compliance with Legal Requirements

  • Name and contact details

  • Identification documents

  • Client account information

  • Any information required by law

2.7 Dealing with Queries, Complaints or Claims

  • Names and contact details

  • Addresses

  • Payment details

  • Account information

  • Purchase/service history

  • Information from previous investigations

  • Financial transactions

  • Correspondence

3. Lawful Bases and Your Data Protection Rights

Under UK GDPR, we must have a lawful basis to process your personal information.

3.1 Your Rights

You have the following rights (subject to certain exemptions):

  • Right of access – Request copies of your personal data.

  • Right to rectification – Ask us to correct inaccurate or incomplete data.

  • Right to erasure – Request deletion of your personal data.

  • Right to restrict processing – Ask us to limit how we use your data.

  • Right to object – Object to certain types of processing.

  • Right to data portability – Request transfer of your data to another organisation.

  • Right to withdraw consent – Withdraw consent at any time when consent is the lawful basis.

Requests will be addressed within one month. To exercise your rights, contact us using the details above.

3.2 Lawful Bases Used

Purpose Lawful Bases
Provide & improve products/services Consent, Contract, Legitimate Interests (service quality, usability, technical performance)
Operate client/customer accounts Consent, Contract, Legitimate Interests (secure operations)
Crime prevention/detection Legal Obligation, Legitimate Interests (fraud/security prevention)
Marketing & updates Consent, Legitimate Interests (service updates to customers)
Research/archiving Legal Obligation
Legal compliance Legal Obligation
Queries, complaints, claims Consent, Contract, Legal Obligation, Legitimate Interests (record-keeping, improvement)

4. Where We Get Personal Information From

  • Directly from you

  • Publicly available sources

  • Suppliers and service providers

  • Third parties (CRM integrations, referral systems, partner platforms with consent)

5. How Long We Keep Information

We retain personal data in line with our data retention schedule.

6. Who We Share Information With

6.1 Data Processors

  • Google LLC – Analytics & Cloud (EU/US under SCC)

  • Stripe Payments UK Ltd – Payment processing (UK/Ireland)

  • Microsoft Corporation – Email, cloud storage (UK/Ireland)

  • Amazon Web Services (AWS) – Hosting & infrastructure (EU)

  • Mailchimp (Intuit Inc.) – Email marketing (US under SCC)

  • Zoho/HubSpot – CRM systems (EU/US under SCC)

  • Developers/Consultants – IT support (UK/EU, under NDA)

6.2 Other Recipients

  • Professional/legal advisors (accountants, solicitors)

  • Hosting and security providers (e.g., Cloudflare, Wordfence)

7. Sharing Information Outside the UK

Some processors transfer personal data outside the UK. These transfers comply with UK GDPR safeguards such as Standard Contractual Clauses (SCCs).

  • Google LLC – United States (SCC Addendum)

  • Microsoft Corporation – EU/United States (SCC Addendum)

  • Stripe Payments – United States (SCC Addendum)

Contact us for details of safeguards.

8. How to Complain

If you have concerns about our use of your personal data:

  1. Contact us at info@umptly.co.uk

  2. If unsatisfied, you can complain to the ICO:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint