Privacy policy

Personal Data Protection
Upwealth places great importance on privacy protection. In accordance with the European regulations of April 27, 2016, Upwealth has adopted common principles within its Policy regarding the processing of personal data, available on the website

Upwealth Digital Asset Management SAS is a simplified joint-stock company, headquartered at 31 avenue de Ségur, 75007 Paris (“Upwealth”), and is responsible for the processing of your personal data. The purpose of this document is to inform you of how we use and protect your personal data, as well as the reasons for which we process this data.

This policy is applied uniformly to all products and services offered by Upwealth, with additional information provided as needed.

What personal data do we process?
Upwealth collects and uses only the personal data necessary for providing quality services within the scope of our activity.

We may collect various categories of personal data from you, including:
Identification and contact information (name, first name, place and date of birth, photo, identity card and passport numbers, postal address, country, email, phone number, gender, age, signature);
Identification and authentication data, particularly when using Upwealth services (technical logs, computer traces, security information and terminal use, IP address);
Tax data (tax identification number, tax status, tax residence);
Employment information (employment, employer’s name, remuneration, payslip);
Various legal documents (deed of transfer, inheritance deed, resale deed of securities);
Banking, financial, and transactional data (banking details, card number, transaction-related data, including transfer information, investor profile, asset value);
Data related to your habits and preferences:
Data related to the use of subscribed products and services in connection with banking, financial, and transactional data;
Data related to interactions with us: on our website, on our application, on our pages, on social networks, during phone or video conversations, in emails;
The data we use may be collected directly from you or obtained from the following sources to verify or enrich our databases:
Publications/databases made accessible by official authorities (Official Journal);
Third parties such as business intelligence agencies, anti-fraud entities, in compliance with data protection regulations;
Websites/social media pages containing information that you have made public and databases made public by third parties.

Special cases of data collection – indirect collection
Upwealth may collect information about you even if you are not a Upwealth client.
The list below (non-exhaustive) provides examples of personal data collected by Upwealth from non-client individuals, such as:
Prospects, guarantors, proxies;
Legal representatives, corporate officers, and authorized persons of a legal entity client of Upwealth;
Ultimate beneficiaries and shareholders of a legal entity client of Upwealth;
Order givers or beneficiaries in transactions made in connection with a client of Upwealth;

Why do we use your personal data and on what legal basis?
To comply with our legal and regulatory obligations
We use your personal data, including data that may be listed on national, regional, and international sanctions/asset freeze lists, to fulfill various legal and regulatory obligations:
The fight against money laundering and terrorist financing;
Compliance with applicable legislation on international sanctions and embargoes (Treasury and European Commission lists);
Combating tax fraud, compliance with tax control and reporting obligations;
Responding to official requests from duly authorized public or judicial authorities.

To execute a contract concluded between you and Upwealth and provide you with pre-contractual information
We use your personal data to conclude and perform our contracts to:
Provide you with information about our products and services;
Assist you with transaction requests;
As part of customer relationship management, including:
Assessment of your needs and knowledge, for example, regarding crypto assets;
Security of the payment services you use.

To serve our legitimate interests
We use your personal data to establish and develop our products or services, optimize our risk management, and defend our interests in legal proceedings, including for purposes such as:
Evidence of transactions or operations;
IT management, including infrastructure management (e.g., trading platforms) and business continuity, including personnel security;
Prevention of fraud and abuse (security measures, control of unusual transactions);
Establishment of anonymized statistical models, tests, for research and development, to optimize Upwealth’s risk management or improve our offerings;

To respect your choice when we request your consent for specific processing
In some cases, consent is required to process your data. For example, when the purposes described above result in automated decision-making with legal effects concerning or significantly affecting you.

To which categories of entities may your personal data be disclosed?
To achieve the aforementioned purposes, we disclose your personal data only to:
Financial, judicial authorities, or State agencies, public bodies upon request and to the extent permitted by regulations;
Certain regulated professions, such as lawyers, notaries, statutory auditors.

Data transfer outside the European Economic Area
In the event of international transfers originating from the European Economic Area (EEA):
If the European Commission has made an adequacy decision, recognizing a level of personal data protection in that country equivalent to that provided by EEA legislation, your personal data will be transferred on this basis;
To obtain a copy of these documents or to learn how to access them, you can submit a written request by mail to Upwealth Digital Asset Management SAS, 31 avenue de Ségur, 75007 Paris.

How long do we retain your personal data?
At Upwealth, and regardless of the service provided, we retain your personal data for a duration that does not exceed what is necessary for the purposes for which they are processed. Thus, personal data are retained throughout the duration of the business relationship.
However, personal data may be retained for longer periods where they are processed exclusively for archival purposes in the public interest, scientific or historical research, or statistical purposes in accordance with Article 89(1) of the GDPR. Indeed, Upwealth retains the personal data of its clients for a period of 5 years from the end of the business relationship for the aforementioned purposes. They are then archived and anonymized on a secure external server.

What are your rights and how can you exercise them?
In accordance with applicable regulations, you have various rights, namely:
Right of access: you can obtain information regarding the processing of your personal data, as well as a copy of this personal data.
Right to rectification: if you believe that your personal data is inaccurate or incomplete, you can demand that this personal data be modified accordingly.
Right to erasure: you can request the erasure of your personal data within the limits permitted by regulations.
Right to restriction of processing: you can request the restriction of the processing of your personal data.
Right to object: you can object to the processing of your personal data for reasons related to your particular situation. You have an absolute right to object to the processing of your personal data for direct marketing purposes, including profiling related to this marketing.Right to data portability, when applicable, you have the right to have the personal data you have provided us returned to you or, where technically feasible, transferred to a third party;Right to define directives relating to the storage, erasure, or communication of your personal data, applicable after your death.
Right to withdraw your consent: if you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
You can exercise the rights listed above by sending a letter to Upwealth Digital Asset Management SAS, 31 avenue de Ségur, 75007 Paris or through our website.In accordance with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority such as the CNIL (National Commission for Data Protection and Liberties) in France.

How can you be informed of changes made to this personal data information document?
We regularly update this information document.
We invite you to review the latest version of this document on our website, and we will inform you of any substantial changes through our website.

How can you contact us?
If you have questions regarding the use of your personal data covered by this document, you can contact us by mail addressed to:
Upwealth Digital Asset Management SAS
31 avenue de Ségur
75007 Paris, France

Information related to our cookie policy and IT security is available on our website.