This Privacy Policy details how we, Papercup Technologies Limited a company incorporated under the laws of England and Wales with company number 11093649 and whose registered office is at 4th floor, 10 Alie Street, E1 8DE London England collect, use and process personal data provided to us. If you have any questions on this Privacy Policy or otherwise relating to how we process your personal data you can contact us at hello@papercup.com.
This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not agree to be bound by this Privacy Policy, please do not provide your personal data to us.
We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall notify you if we have your email address. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.We are the controller of the personal data provided to us for the purposes of applicable data protection legislation.
We collect personal data of website visitors, prospective clients and their staff, business partners, artists, contractors, and job candidates. This Privacy Policy applies to other data subject as well, unless they have received a separate privacy notice.
By personal data we mean identifiable information about you, such as your name, email address, gender, age, mobile and home telephone number and your IP address, including information derived from it such as likely geolocation and browsing analytics.
We further use personal voices for the purposes of synthetic voices generation and machine translation / reading.We do not collect special categories of personal data about you.
We may receive personal data about you from our security service partners and our payment providers, and from other users of our website and services if they choose to provide it to us for any reason.
If we reasonably believe that any of the personal data you have provided to us is inaccurate, we may receive further personal data from third parties, confirming or otherwise, your identity.
We may also collect personal data about you from viewing your social media accounts.
We will only use your personal data where we have a lawful basis to do so. The lawful purposes that we rely on under this Privacy Policy are:
Consent (where you choose to provide it);
Performance of our contract with you;
Compliance with legal requirements; and
Legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests. These include online analytics, cybersecurity, and direct marketing.
If you wish to access and use our website, we shall use your personal data to allow you to do so all in accordance with our Terms of Business [link]. We may contact you as part of the provision of the services with information about your account and activities on our website.
We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety. If any sums are owed by you to another users, we shall provide your personal details to the other user in order that they can pursue the debt.
We may also use your personal data for our legitimate interests including to improve our services and in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company; to deal with any customer services you require; for audit purposes and to contact you about changes to this Privacy Policy.
For our legitimate interests, we may share your personal data with our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including IT service providers, payment providers, accountants, auditors and lawyers.
We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
Some or all of your personal data may be stored or transferred outside of the European Economic Area (the EEA) for any reason, including for example, if our email server is located in a country outside the EEA or if any of our service providers are based outside of the EEA.
Where your personal data is transferred outside the UK / EEA, it will only be transferred to countries that have been identified as providing adequate protection for UK / EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s or the UK Standard Contractual Clauses.
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below: Digital Marketing Service ProvidersWe periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
Our appointed data processors include:
(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.
Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.
We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our electronic data management systems.
However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
You may consent to receive marketing email messages from us about the services we offer. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information. We will still contact you as necessary about your account.
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here:
Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
Right to portability: You can request that we transfer your personal data to another service provider.
Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information.
Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws.
Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any matters relating to your account, if you have one.
You may be able to exercise some of these rights within your account on the website.
We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. You may directly contact our DPO Aphaia Ltd at dpo@aphaia.co.uk We shall review and investigate your complaint and try to get back to you without undue delay. You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority
Subject to the provisions of this Privacy Policy, we will retain personal data in accordance with applicable laws. In particular, we shall retain your personal data for as long as you access or use our services. However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents.
Human voices used for machine learning and synthetic voice generation will be retained until necessary to use the synthetic voice for such purposes.Papercup aims to delete any dormant personal information older than 5 years. After 5 years, the CRM data will be automatically deleted. Personal data of all job candidates is deleted from the system automatically after 365 days.