We really care about the protection of your personal data. Please ensure you read this Privacy Policy (“Policy”) carefully before you use our services or website (“Services”). This Policy details how we, Papercup Technologies Limited a company incorporated under the laws of England and Wales with company number 11093649 and whose registered office is at 4th floor, 10 Alie Street, E1 8DE London England collect, use and process personal data provided to us and it also tells you about your privacy rights and how the law protects you. If you have any questions on this Policy or otherwise relating to how we process your personal data you can contact us at notices@papercup.com.
We may update this Policy from time to time at our discretion and in particular to reflect any changes in applicable laws or updates to our Services. If we do so, and the changes substantially affect your rights or obligations, we shall use reasonable efforts to notify you posting the updates on our website. Otherwise, you are responsible for regularly reviewing this Policy so that you are aware of any changes to it.
In some circumstances we are the Controller of the personal data provided to us for the purposes of applicable data protection legislation. This Policy applies where we are the Controller. In other circumstances, such as where your personal data is contained within content provided to us to translate, we act as a Processor and in such circumstances you should direct any queries about our processing of your personal data to the relevant data controller of your personal data. If you are unsure you can contact us at notices@papercup.com.
If you do not agree with anything contained within this Policy, please do not provide your personal data to us or use our Services.
We collect personal data of clients and their staff, website visitors, prospective clients and their staff, business partners, artists, contractors, and job candidates. This Policy applies to other data subjects as well, unless they have received a separate privacy notice.
Personal data is any information relating to an identifiable individual and for the purposes of this Policy, is any information about you (where you are a Data Subject), such as your first and last name, image, email address, gender, age, mobile and home telephone number and your IP address, including information derived from it such as likely geolocation and browsing analytics.
We further use and collect voice data for the purposes of machine learning and synthetic voice generation and machine translation / reading. We do not collect any voice or imaging data for the purposes of identification.
We do not collect special categories of personal data about you.
We use different methods to collect data from and about you including through:
You may give us your identity, contact and financial information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As you interact with our website or our services, we will automatically collect technical data about your equipment, browsing actions and usage. We collect this personal data by using cookies , server logs and other similar technologies. Please see our cookie policy for further details.
We may receive personal data about you from our clients or another third party where your personal data is contained within content provided to us to translate. We may also receive personal data about you from security service partners and our payment providers, and from other users of our website and services if they choose to provide it to us for any reason.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, confirming or otherwise, your identity.
We may also collect personal data about you from viewing your social media accounts or other media sources.
We will only use your personal data where we have a lawful basis to do so. We may use your personal data for the following purposes:
If you wish to access and use our website, we shall use your personal data to allow you to do so all in accordance with our Terms of Business. We may contact you as part of the provision of the services with information about your account and activities on our website.
Where your personal data forms part of content to be translated and you have contracted for our services we shall use your personal data to enable us to perform our contract with you.
We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety. If any sums are owed by you to another users, we shall provide your personal details to the other user in order that they can pursue the debt.
We may also use your personal data for our legitimate interests in the normal running of our business including to improve our services, customer services, online analytics, cybersecurity, to contact you and in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company; to deal with any customer.
We may also use your personal data where you have otherwise given your consent to do so.
For our legitimate interests, we may share your personal data with our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
Some or all of your personal data may be stored or transferred outside of the European Economic Area (“EEA”) for any reason, including for example, if our email server is located in a country outside the EEA or if any of our service providers are based outside of the EEA.
Where your personal data is transferred outside the UK / EEA, it will only be transferred to countries that have been identified as providing adequate protection for UK / EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s or the UK Standard Contractual Clauses.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about the services we offer. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary about your account.
You have a number of rights under applicable data protection legislation.
You have the right to:
Right of access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may be able to exercise some of these rights within your account on the website.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
If you have any complaints in relation to this Policy or otherwise in relation to our processing of your personal data, please tell us. You may directly contact our DPO Aphaia Ltd at dpo@aphaia.co.uk. We shall review and investigate your complaint and try to get back to you without undue delay. You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the UK, please contact your local regulatory authority.
Subject to the provisions of this Policy, we will retain personal data in accordance with applicable laws. In particular, we shall retain your personal data for as long as you access or use our services. However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents.
Human voices used for machine learning and synthetic voice generation will be retained until such time as is necessary to use the synthetic voice for such purposes. We aim to delete any dormant personal information older than 5 years. After 5 years, the CRM data will be automatically deleted. Personal data of all job candidates is deleted from the system automatically after 365 days.
