Privacy Policy

1. Introduction
   1. Purelypaper Limited takes your privacy seriously. This privacy policy describes how and why we obtain, store and process your personal data. We may update this policy from time to time and shall indicate on our web site (“site”) when changes have been made. It is also important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
   2. Purelypaper Limited is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy policy. We are registered with the Information Commissioner in the UK as a “data controller” in accordance with the provisions of the Data Protection Act 1998. Further details of our registration are available at www.ico.org.uk (Z9326461).
   3. If you have any questions or complaints relating to this privacy policy or how we use the personal information we have about you, please contact us using the details set out below and we will endeavour to respond to you promptly.
   4. Our full details are:
      
      Full name of legal entity: Purelypaper Limited
      Email address: info@purelypaper.co.uk
      Postal address: PO Box 3959, Warminster, Wiltshire, BA12 9WY.
2. The data we collect
   1. Personal data is collected from you when you register with us, or when you contribute to or use some of the advanced features on the site. The personal data we collect is clearly set out on the web page on which we collect it. See for example our registration page. In addition, we may collect your IP address and use cookies unless you configure your web browser not to accept them. In order to fulfil the requests of site users, the user will be requested to provide some or all of the following:
      
      Name
      Email address
      Invoice Address
      Delivery Address
      Other contact Details
      
   2. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
   3. We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
   4. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3. Why we collect it
   1. We collect your personal data so that we can fulfill our contractual obligations to you as our client.
   2. Depending upon your answers to our data protection questions, we may arrange for you to be sent information about related products and services from us. You may update the answers to your questions at any time.
   3. In certain circumstances we will use your personal data where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests, for example if you breach this privacy policy or if you breach our terms and conditions of business.
4. Who we disclose it to
   1. We will only pass on your personal data (as opposed to aggregate data) to third parties to enable us to perform services requested by you or with your prior consent.
   2. Subject to paragraph 4.3 below, we will only pass on your personal data (as opposed to aggregate data) to third parties overseas to enable us to perform services requested by you.
   3. We do not transfer your personal data outside the European Economic Area.
5. Security
   1. Keeping your personal data secure is very important to us. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Certain sections of the site may encrypt data using TLS.
   2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
   3. Online credit and debit card payments are processed directly via Elavon, the largest independent payment service provider in the UK. Elavon is a fully approved payment processor with all major UK acquiring banks and has achieved the highest level of compliance under the Payment Card Industry Data Security Standard (PCI DSS).
   4. We do not store any financial information on our servers and we never share your personal data with third parties for marketing purposes.
   5. All processing of personal data conducted by us is conducted inside the UK.
6. How long will we keep your personal data?
   1. Where you elect to process a payment without creating an account on the site, we will retain relevant personal data for up to 7 years as required by law in relation to the retention of financial data.
   2. Where personal data is provided as part of setting up an account on the site, we will retain the information until such time that you close the account. Any financial records will also be retained for 7 years after the time of purchase as required by law in relation to the retention of financial data.
7. Your rights
   1. You have the right to:
      (a) object to or request restriction of processing of your personal data at any time. However, if we need to keep hold of your personal data for contractual or statutory reasons, which we will tell you when you make your request, we may need to continue to process your data.
      (b) request access to and rectification of your personal data. If we have any incorrect personal data, or if you wish to see what data we hold on you, please let us know.
      (c) request erasure of your personal data.
      (d) request the transfer of your personal data to you or to a third party. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
   2. Please contact us using the details provided above in order to exercise any of these rights.