How WholesaleUp™ meets its obligations under the EU General Data Protection Regulation and the UK GDPR.
Effective Date: 17 May 2026
Controller: Tradegenius SL, Calle Villalba Hervas 2, 4-2, 38002 Santa Cruz de Tenerife, Spain.
Contact for data-protection matters: service@wholesaleup.com or write to the registered postal address above.
Lead supervisory authority: the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) at www.aepd.es.
You have the following rights regarding your personal data. To exercise any of them, email service@wholesaleup.com with your request — we will respond within 30 days of receipt (Article 12), extendable by up to two further months for complex or high-volume requests (we will notify you of any such extension within the initial 30 days).
We process personal data under one or more of the following Article 6(1) lawful bases:
Several of our service providers (Vercel, Cloudflare, Resend, Anthropic, Stripe, Google) are based in the United States. Where personal data is transferred outside the EEA or UK we rely on:
If a sub-processor's DPF certification is suspended, withdrawn, or invalidated, the transfer continues to rely on the SCCs. Section 6 of our Privacy Policy details the full sub-processor list and the legal basis applied to each transfer.
WholesaleUp™ is a B2B service intended for business users aged 18 or over. We do not knowingly collect personal data from children under 16 (the age threshold under Spanish law per Article 7 of LOPDGDD). If you believe a child has registered an account, contact us at service@wholesaleup.com and we will delete the account and associated data.
We retain personal data for as long as you maintain an active account, plus the minimum periods required for legal, tax, and audit purposes. Granular event-level data (page views, deal impressions, search interactions) is aggregated into anonymised daily statistics after 7 days and the raw records are permanently deleted. Specific retention windows per data category are documented in §7 of our Privacy Policy.
We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. The license-abuse detection signals described in §1.10 of our Privacy Policy inform manual review by our team and may trigger account suspension pending appeal; suspensions are not enforced solely by automated means — every adverse decision is reviewed by a human before account access is permanently affected.
We may update this GDPR Notice from time to time. The Effective date shown at the top of this page is the date of the current version. Material changes will be notified by email or via a prominent on-site notice before they take effect.
Last updated: 17 May 2026. If you have questions about this notice, please contact us.
Access 30,600+ verified suppliers and exclusive wholesale deals with the best margins.