Privacy Policy

Privacy Policy

Last Updated: [INSERT DATE]

This Privacy Policy relates to the information collection and use practices of Upexi, Inc. [INSERT ANY AND ALL AFFILIATED, SUBSIDIARY OR OTHER ENTITIES THAT SHOULD BE INCLUDED FOR COVERAGE PURPOSES HERE] (“we,” “us,” or “our) in connection with this investor relations website ([INSERT URL HERE]) (the “Website”).

Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors to the Website (“Visitors,” “you,” or “your”).

Please review this Privacy Policy carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us. By accessing Website or providing us information via the Website you are agreeing to the terms of this Privacy Policy. If you do not agree to this Privacy Policy, do not use the Website. Your continued use of the Website and/or of our services means that you agree to this Privacy Policy.

You are not legally required to provide us with any personal data. If you do not wish to provide us with your personal data, or to have it processed by us or any of our service providers, please do not provide it to us and avoid any interaction with us or with any of our Services.

The Information We Collect and How We Use It

In the course of operating the Website, we collect or otherwise receive the following types of information:

What Information We Collect About You and How We Collect It

When you visit the Website or otherwise engage with the Website, we collect personal information about you, which, depending on the scope of your use and/or interaction with the Website, may include some combination of your name, email address, contact type, company information (including address), and information you provide in messages to us. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

We also collect information that alone cannot directly identify you as a natural person such as usage data that automatically records information about your visit (like your browser, domains, page views, the URL of the page that referred you, the URL of the page you next visit, page navigation, time and duration of your visits to the Site, and the type and amounts of your purchases); data from cookies, pixel tags, and web beacons; and device data (like the type of operating system you use, mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, and mobile phone carrier identification). This information is referred to as “non-identifying information”.

We only collect personal information from you if you choose to share such information with us. When you access the Website, we automatically collect non-identifying information through cookies and other similar technologies. See Cookies and Data Collection Technologies.

Like most websites today, we use web servers that keep log files that record data each time a device accesses those servers. These log files are maintained by our website hosting service and contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), and referral URL (i.e., the external source by which you arrived at our Website, or the pages you’ve clicked on while on our Website). We may wish to use these log files for purposes such as monitoring and troubleshooting errors and incidents, analyzing web traffic, or optimizing the user experience.

Cookies and Data Collection Technologies

We use “cookies”, anonymous identifiers, pixels, container tags and other technologies in order to provide our Services and ensure that they perform properly, to analyze our performance and marketing activities, for personalization purposes, for product development and improvements, and to personalize your experience. We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive (or other storage medium) so that your computer will “remember” information about your visit. We use both 1st and 3rd-party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.

  • Session Cookies: We use session cookies to make it easier for you to navigate our Website. A session ID cookie expires when you close your browser.
  • Persistent Cookies: A persistent cookie remains on your hard drive (or other storage medium) for an extended period of time or until you delete them. To the extent we provide a log-in portal or related feature on our Website, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track analytics and target the interests of our Visitors to personalize the experience on our Website.

In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to our Website (e.g., email open rates, URL clickthroughs).

If you do not want us to place any cookies on your device (or any third-party cookies, if you’d like), you may be able to turn that feature off on your computer or mobile device. Please consult your browser’s documentation for information on how to do this. However, if you decide not to accept cookies from us, certain aspects of the Website may not function properly or as intended.

Third-Party Analytics Providers

We use one or more third–party analytics services, such as Google Analytics, to evaluate your use of the Website by compiling reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links clicked, search terms, and other similar usage data) and analyzing performance metrics. These third parties use cookies and other similar technologies (e.g., pixel tags) to help collect, analyze, and provide us reports or other data.

By accessing the Website, you consent to the processing of data about you by analytics providers in the manner and for the purposes set out in this Privacy Policy. To opt-out of Google Analytics, you may download the Google-provided browser add-on here: https://tools.google.com/dlpage/gaoptout.

As noted above, you may also set your browser to block all cookies, though this may disable other aspects of the Website.

How We Use How We Use the Information We Collect About You and Lawful Basis for Processing

We use your personal data as necessary for the following purposes and in reliance on the lawful bases detailed in the chart below:

Users, Prospects & Customer Data

Purpose

Lawful basis for processing

To facilitate, operate and provide our services.
  • Performance of a Contract (to the extent applicable)
  • Legitimate Interest
  • Consent (to the extent applicable)

To monitor, study and analyze use of the services.
  • Performance of a Contract (to the extent applicable)
  • Legitimate Interest

To gain a better understanding on how individuals use and interact with our Website, and how we could improve their and others’ user experience and continue improving our offerings and the overall performance of our Website.
  • Legitimate Interest

To provide customer service and technical support.
  • Performance of a Contract
  • Legitimate Interest

To support and enhance our data security measures, including for purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity.
  • Performance of a Contract
  • Compliance with legal obligations
  • Legitimate interest

To comply with court orders and warrants, and prevent misuse of the Website and/or our services, and to take any action in any related legal dispute and proceeding.
  • Compliance with legal obligations
  • Performance of a Contract
  • Legitimate interest

To comply with applicable laws and regulations.
  • Compliance with legal obligations

To contact you with general or personalized service-related messages, including following up with you regarding our services, responding to your inquiries, providing you with requested information, sending you email alert, including promotional messages that may be of specific interest to you.
  • Performance of a Contract
  • Consent (to the extent applicable)
  • Legitimate Interest

To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications.
  • Consent (to the extent applicable)
  • Legitimate Interest

To explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences.
  • Legitimate Interest

To facilitate, sponsor and offer certain events, contests and promotions.
  • Legitimate Interest
  • Consent (to the extent applicable)

Review for employment opportunities.
  • Legitimate Interest Performance of a Contract
  • Compliance with legal obligations

In an ongoing effort to better understand our Visitors and the Website, we might analyze your information in aggregate form to carry out, maintain, manage, and improve operations in connection with the Website. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our services and the Website to current and prospective business partners and to other third parties for other lawful purposes.

To create aggregated data, inferred non-personal data or anonymized or pseudonymized data (de-identified data), which we or our business partners may use to provide and improve our respective services, conduct research, or for any other purpose.
  • Legitimate Interest Performance of a Contract
  • Compliance with legal obligations

In some cases, such as where you sign up for a webcast, presentation, or other event/service, we may receive your contact information from a third-party website, including those white-labeled under our brand. Where we collect such contact information, our use of such contact information shall be pursuant to this Privacy Policy. In addition, please see Links to External Websites below for more information on submission of information to third party websites.

If you reside or are using the Website or services in a territory governed by privacy laws under which “consent” is the only or most appropriate lawful basis for the processing of personal data as described herein (in general, or specifically with respect to the types of personal data you expect or elect to process or have processed by us or via the Website or services, or due to nature of such processing), your acceptance of our Terms of Service (or the execution of another service agreement with us) and this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at support@upexi.com.

We do not sell or share your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA) and have not sold your shared personal information in the past.

How We Disclose or Otherwise Share Information We Collect About You

Service Providers: We engage selected third-party companies and individuals to perform services on our behalf or complementary to our own. Such service providers include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, billing and payment processing services, fraud detection and prevention services, web and product analytics, e-mail distribution and monitoring services, session or activity recording services, remote access services, content transcription and analysis services, performance measurement, data optimization and marketing services, social and advertising networks, content and data enrichment providers, event production and hosting services, e-mail, voicemails, support, enablement and customer relation management systems, and our legal, financial, privacy and compliance advisors (collectively, “service providers“). Our service providers may have access to personal information, depending on each of their specific roles and purposes in facilitating and enhancing our Website and services, and may only use the data as determined in our agreements with them.

Legal Compliance: We may disclose or allow government and law enforcement officials access to your personal information, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and services. Please see our Principles for Responding to Government Access Requests for further details.

Protecting Rights and Safety: We may share personal information with others if we believe in good faith that this will help protect the rights, property or personal safety of us our employees, any of our prospects, users or customers, or any members of the general public.

Subsidiaries and Affiliated Companies: We may share personal data internally within our group, for the purposes described in this Privacy Policy. In addition, should we or any of our subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, personal information may be shared with or transferred to the parties involved in such an event. We may disclose personal information to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal information may also be disclosed in the event of insolvency, bankruptcy or receivership.

Business Transfers: In the event of a merger, dissolution, reorganization, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.

Disclosure to Public Authorities: We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Other Purposes: We may process your personal information for other purposes as otherwise disclosed to you (or pursuant to your consent) during your experience on, or in relation to, our Website.

For the avoidance of doubt, may share personal information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.

Communications and Instructions for Opting-Out for Email Marketing Communications

We may contact you with important information regarding our services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Website and/or services. Please note that you will not be able to opt out of receiving certain service communications that are integral to your use of some of our service or your use of the Website.

We may also notify you about new features, additional offerings, events, special opportunities or any other information we think you will find valuable, as our customer, user or prospect, subject to any necessary collection of your consent as appropriate based on applicable laws. If you do not wish to receive such promotional communications, you out-out of marketing communications by clicking on the "Unsubscribe" (or similar) link located on the bottom of an applicable marketing email and following the instructions found on any page to which the link may take you.

You may also manage your receipt of press releases and other communications (e.g., SEC filings) that you’ve signed up to receive via email by clicking on the link on the bottom of such applicable email communication and following the instructions found on any page to which the link may take you.

You cannot opt out of receiving administrative or transactional e-mails. In all such cases, please allow us a reasonable time to process your request.

How We Protect Your Information

We take commercially reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. As such, your use of the Website and/or of our services is at your own risk.

Retention of Personal Information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, subsequently authorized, or as allowed under applicable law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.

Children

We do not knowingly collect personal information from children under the age of 13 through the Website. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal information to us. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at support@upexi.com and we will endeavor to delete that information from our databases.

Important Notice to All Non-US Residents

We maintain, store and process personal information in the United States of America with our servers located in the US. If you reside outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. If you reside in a country outside the United States, please note that the data protection and privacy laws of the United States may not be as protective as the laws in your country. You agree that the laws of the United States will govern the processing of your personal information, including any obligations of security and third party sharing.

To the extent permitted under applicable law, your decision to provide such data to us, or allow us to collect such data through our Website, constitutes your consent to this data transfer.

US Privacy Policies

California Consumer Privacy Rights

If you are a California resident, please click here regarding your rights and other information under the CCPA.

Nevada and Utah Resident Privacy Rights.

We do not disclose a user’s Personal Data to any third party for such third-party’s direct marketing purposes. Nevada S.B.220 allows Nevada residents to opt-out of the sale of their Personal Data. Should you desire to opt-out of the sale of your Personal Data for third party direct marketing purposes, you may contact us at support@upexi.com subject “Opt-Out of the Sale of My Personal Data”. This may prevent or restrict your use of the Services in the future.

GDPR

If you are located in the European Economic Area or are otherwise afforded the protections of the General Data Protection Regulation (GDPR), please click here regarding your rights and other information under the GDPR.

Do Not Track

We do not respond to "Do Not Track" settings or other related mechanisms at this time.

Links to External Websites

The Website may contain links to third-party websites (“External Sites”). We have no control over the privacy practices or the content of any such External Sites. As such, we are not responsible for the content or the privacy policies of such External Sites. You should check the applicable privacy policy and terms of use when visiting or submitting any information through such External Sites.

Changes to This Privacy Policy

This Privacy Policy is effective as of the “Last Updated” date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time with or without notice to you. By visiting the Website after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your information is governed by the Privacy Policy in current effect. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Privacy Policy, please e-mail us at support@upexi.com with “Privacy Policy” in the subject line.

CCPA Privacy Notice

Last Updated: [INSERT DATE]

This California Consumer Privacy Act (CCPA) privacy notice (this “CCPA Notice”) is included in our Privacy Policy and applies to our processing of “personal information” of California “consumers” in relation to the Website (as the terms “personal information” and “consumer” are defined under the CCPA) (collectively, “Consumers, “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning given to them elsewhere in our Privacy Policy or, if not defined herein or elsewhere in our Privacy Policy, the CCPA.

To the extent of any conflict between this CCPA Notice and the rest of our Privacy Policy, this CCPA Notice shall control only with respect to Consumers and their personal information. If you are located elsewhere, please see our Privacy Policy here.

You may also designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.

We currently do not collect household data. If we receive a Right to Know or Right to Delete request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 13 as we do not collect Personal data from any person under the age of 13.

General

This CCPA Notice provides further detail regarding (a) how we have processed Consumers’ personal information within the past twelve (12) months and (b) your rights under the CCPA.

Personal Information We Collect

Collection: As set forth in additional detail in the Privacy Policy, we collect, and in the preceding 12 months have collected, the categories of personal information listed below:

  1. Identifiers – Examples include name, email address, physical address, company name, and title.
  2. Commercial Information – Examples include products or services purchased, obtained, or considered and demographics/interests.
  3. Internet or Network Activity – Examples include page views, clickthroughs, referral and exiting URLs, time spent on pages, latency, and IP address.
  4. Professional or Employment Information – Examples include cover letter, and CV/Resume (including job experience, education).
  5. Characteristics of Protected Classifications under California or Federal Law – Examples include race, ancestry, gender, disability, sexual orientation, and military or veteran status.

Note that we may not collect each category of personal information above (or each example contained therein) in relation to every Consumer, depending on how Consumers interact with us through our Website.

Sources: The above categories of personal information are collected from you directly or, in the context of Internet or Network Activity =, from server logs or 1st/3rd-party cookies, pixels, or similar technologies.

Business Purposes: We use the above categories of personal information for the following business purposes:

  • Responding to inquiries and other messages
  • Providing marketing materials and emails
  • Audience measurement and analytics (e.g., understanding of how the Website is used, the locations where Consumers engage with the Website, engagement with social media and other marketing channels such as email, measuring clickthroughs from URLs)
  • Providing location-specific services (e.g., finding a distributor, store, or event near you)
  • Processing job applications
  • Cybersecurity and fraud detection
  • Compliance with applicable law
  • Protecting the company, our employees/agents, and users
  • Responding to lawful requests by public authorities
  • Establishing, exercising, or defending legal claims
  • Optimizing the Website and related services
  • A merger, dissolution, reorganization, or similar corporate event, or the sale of all or substantially all of our assets (including, in each case, any due diligence relating thereto)
  • Internal purposes aligned with Consumer expectations
  • As otherwise either disclosed to you (e.g., via “just-in-time” notices) or pursuant to Consumer consent.

Note that each business purpose listed herein may not use every category of personal information described above. For example, “Protected Classifications” under California or Federal law are a designation primarily relevant to the employment context (and associated legal compliance). However, all information may be transferred in the context of a merger, sale, or similar event, as such are further described above.

We do not share or sell your personal information as the terms “share” and/or “sel” are defined by the CCPA and have not in the preceding 12 months.

Disclosures: For the above business purposes, we disclose each of the categories of personal information above to third parties and service providers such as cloud storage and web hosting providers, distributors, technical assistance and security vendors, database management/back-up services, analytics services, email clients, digital marketing services (e.g., marketing automation), customer relationship management/CRM platforms, and customer service vendors. For clarity, we do not use professional or employment information or characteristics of protected classifications for marketing purposes.

Your CCPA Rights

Access: You may request access to the personal information that we have collected and maintained about you (along with information regarding its use and disclosure) over the past 12 months upon appropriate verification. You may only make such requests twice per every 12 months.

Deletion: You have the right to request that we delete personal information collected and maintained about you, subject to certain exceptions. Once your request is verified and we have determined that we are required to delete that information in accordance with applicable law, we will delete your personal information accordingly. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations, as discussed below.

“Do Not Sell” and “Do Not Share” Requests: We do not “sell” or “share” your personal information, as such terms are defined under the CCPA, nor do we have actual knowledge of any “sales” or “sharing” of personal information of minors under the age of 16.

Right to Correct: You have the right to request that inaccuracies in your personal information that we have collected and maintain about you be corrected.

Right of Portability. You have the right to request a copy of the personal information that we have collected and maintained about you over the past 12 months.

Right to Non-Discrimination: You have the right to request equal treatment, and to not be discriminated against, for exercising any of the privacy rights described here.

Exercising Your Rights: To exercise the access, correction, and deletion rights described above, please submit a request to us by either:

  • Filling emailing us at support@upexi.com subject line: “CCPA Privacy Notice”.
  • Calling us at [INSERT TOLL-FREE NUMBER HERE]

Consumers have a right to not receive discriminatory treatment for the exercise of their rights under the CCPA. Please note that a record of your requests, including how we responded and any correspondence or documentation related thereto, may be kept pursuant to our legal obligations.

Verifying Your Rights Requests

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verified before we can fulfill such request.

Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf (e.g., name, email address).

We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.

Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.

Authorized Agent

You may designate an authorized agent in writing or through a power of attorney, to request to to exercise some of your data subject rights. The authorized agent may submit a request to exercise these rights by contacting us.

How to Contact Us

If you have any questions regarding our privacy practices as it relates to this CCPA Notice, please contact us via email at support@upexi.com with the subject line, “CCPA Notice.”

GDPR Privacy Notice

Last Updated: [INSERT DATE]

This General Data Protection Regulation (GDPR) privacy notice (this “GDPR Notice”) is included in our Privacy Policy and applies to the “personal data,” as defined in the GDPR, of natural persons located in the European Economic Area or otherwise subject to the protections of the GDPR (“Covered Individuals,” “you,” or “your”) processed by us in relation to the Website. Any capitalized terms or other terms not defined herein shall have the meaning given to them elsewhere in our Privacy Policy or, if not defined herein or elsewhere in our Privacy Policy, the GDPR.

To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to Covered Individuals and their personal data. If you are located elsewhere, please see our Privacy Policy here.

Controller Disclosure & Details: We are a data controller of personal data regarding Visitors for the purposes and under the legal bases described in the table below.

Data Subject Category

Purpose & Legal Basis of Processing

Visitors

Information Security: Our web servers will log Visitors’ IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Website usage, combating DDOS or other attacks, and removing or defending against malicious Visitors.

Email Communications: We will answer inquiries, such as those sent through a Contact Us (or similar) page, pursuant to our legitimate interest in answering such inquiries, ensuring prospective or Visitor satisfaction, and furthering business relationships.

We will send e-mail marketing communications to Visitors based on their consent. Visitors may also have the option to consent to other e-mail-based communications that are not marketing-related.

General Business Development: We have a legitimate interest in processing the personal data of Visitors to further business relationships and ensure Visitor satisfaction (e.g., by storing Business Contact information within a CRM or other file, answering inquiries per Email Communications above).

Applicant Processing: For “career” or similar pages, we have a legitimate interest in processing the personal data of Visitors that submit resumes, CVs, and similar materials for eligibility purposes.

Audience Analytics/Geolocation: We utilize web audience measurement tools such as Google Analytics pursuant to Visitors’ consent to understand how Site Visitors interact with our Website and optimize the Website and related services. Additionally, we may request consent for use of your geolocation in order to provide location-based services.

Compliance With Applicable Law: We will process Visitors’ personal data pursuant to (a) our obligations under member state or Union law or (b) our legitimate interests in complying with applicable law generally. This includes responding to lawful governmental requests and establishing, exercising, or defending legal claims.

Other: We may process Visitors’ personal data for other purposes as otherwise disclosed to you (e.g., via “just-in-time” notices).

Recipients: Our personnel process Visitors’ personal data for the purposes listed above. Such personal data is also disclosed to the following categories of recipients in relation thereto: Cloud storage and web hosting providers, distributors, technical assistance and security vendors, database management/back-up services, analytics services, email clients, digital marketing services (e.g., marketing automation), customer relationship management/CRM platforms, and customer service vendors. For clarity, we do not use job applicant information for marketing purposes.

Retention: We process Visitors’ personal data for as long as we have a legitimate business relationship with such Visitors or unless otherwise deleted upon request by such Visitors. Web server logs are deleted on a running 12-month basis.

Your GDPR Rights: You have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting support@upexi.com with the subject line “GDPR Notice.”

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under our Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within a marketing email. In such case, your personal data will no longer be used for that purpose.

Transfer of Personal Data To Outside the EEA: Where otherwise not transferring personal data to an “adequate” country or organization (e.g., in the latter case, where an organization is certified under the Privacy Shield frameworks or, if invalidated, any similar mechanism replacing the Privacy Shield frameworks), we rely on Standard Contractual Clauses to ensure adequate protection for your personal data.

Governmental Access Requests: We may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice

Updates to this GDPR Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Last Updated” date at the top of this page will be updated accordingly.

How to Contact Us: Reach out to support@upexi.com with the subject line “GDPR Notice” for any questions, complaints, or requests regarding this GDPR Notice.