Revised 23rd November 2017, 9th April 2018, 22nd May 2020
Effective 25th May 2020
1.1 We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your (or your children’s) personal data.
1.2 Except for user work data (see below), we are the data controller. In the case of user work data, you are the data controller and we act as your processor.
1.3 We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to it.
2.1 You should read this section if you are a under 18 or are a parent or tutor of anyone using our website.
2.2 Children under the age of thirteen are not allowed to create an account on our website without a parent or guardian's permission. If we believe that we have been provided with any personal data of a child under the age of thirteen without a parent or guardian’s permission, we will delete it immediately.
2.3 We suggest that educators or persons in a similar capacity who are using our website and services in any way that is related to children below the age of thirteen obtain consent from the children’s parents before using the service.
2.4 Please contact us if you believe that we have been provided with any personal data of children under the age of thirteen without their parents’ consent.
3.1 This section explains the varieties of personal data we collect; what we use it for; and the legal basis for which we use it.
3.2 User data : some of the data we process will have been supplied by you. This includes:
3.2.1 Account data: If you create an account on our website you will need to provide your email address and you may be asked for other information about you, for example your name (taken together: “account data ”). We use account data in order to maintain an account for you on our website.
3.2.2 User work data: any information that happens to be personal to you and that you enter into our website as a part of any work you are doing, for example things you may say in a chat session or things you may write on a paper. We process this data as a core part of our service on your behalf.
3.2.3 Enquiry data: any information that you send to us as part of an enquiry (for example by email or by submitting the information via a contact template) and any response by us. We process this data in order to be able to give you support.
3.3 We also use your account data in order to notify you about specials and new features, sending you notifications related to your use of our website and service:
3.4 We use all your user data in various ways to enable us to operate our website; provide our services to you; ensuring the security of our website and services, maintaining back-ups of our databases and customising the content you see.
3.5 Our legal basis for using your user data is our legitimate interest in the proper administration of our website and business.
3.6 Service data: If you use our website, we will automatically collect and/or process certain information about you (“service data”). This includes:
3.6.1 Browser data: this is data that your browser sends to us when you access the website. This will typically include your IP address, the name and version of your operating system, the name and version of your browser, the date and time of your visit to our website and the pages you visit on our website. Please check your browser if you want to learn what information your browser sends or how to change your settings.
3.6.2 Analytics data: this is information generated by our analytics tracking system in the course of your use of our website and services (“analytics data”). Analytics data consists of information such as: your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We use analytics data for the purposes of understanding the ways in which people use our website and services.
3.6.3 Metadata: associated with any form you may fill in (for example for the purposes of correspondence with us) on the website.
3.7 We use service data for the purposes of improving our website, for example making it more compatible with the technology used by our visitors. We may link service data sent by your browser to information that identifies you personally. The most important examples of situation where we would do this are: combatting abuse such as posting offensive material; combatting fraud; and resolving disputes.
3.8 The legal basis for processing service data is our legitimate interests in the proper administration of our website, including the detection of any bugs, misfeatures or security problems.
3.9 Transaction data: If you purchase any services through our website, information necessary to complete the transaction, including the nature of your purchase and details from your credit or debit card (“transaction data”). Some of this information will be processed directly by our card provider (Stripe) on our behalf, which means that we will never obtain a copy your card details.
3.10 We process transaction data primarily in order to fulfil your order, and so our legal basis for that processing is the fulfilment of a contract with you. We retain your transaction data in order to keep proper financial records – for which our legal basis is our legitimate interest in good business management – and for tax purposes – for which our legal basis is compliance with a legal obligation, in particular under tax law. We will only share your transaction data with our payment processing provider Stripe.
4.1 We may share your personal data with:
4.1.1 any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as this is reasonably necessary for the purposes set out in this policy;
4.1.2 our insurers and/or professional advisers insofar as this reasonably necessary for the purposes of obtaining and maintaining insurance coverage, making insurance claims (if necessary), obtaining professional advice and managing legal disputes; and
4.1.3 our service providers who (i) need to know that information to perform services (including payment, data management, data storage and web hosting services) and (ii) who are contractually bound to us to process you personal data only under our instructions and on our behalf. Our services provider are: Vonage (video provider), Stripe (payment provider), Amazon (storage), Google (email provider), Heroku (server provider), Mailchimp (email provider).
5.1 We store your personal data for the following lengths of time:
5.1.1 Service data is automatically deleted no later than 60 days after it was collected unless we deliberately retain the data if we have a specific need for it, for example in order to investigate a problem, such a security incident or a complaint by you, in which case we will delete it when it no longer has any relevance to the problem, or the problem has been entirely resolved.
5.1.2 User work data is deleted when the relevant user work ceases to be stored on our system. For example if it is recorded on a paper, it will be deleted when the paper is deleted, which will be under the control of the person who created the paper.
5.1.3 We store all other forms of data for so long as you have a BitPaper account. After you close your BitPaper account we will delete all your personal data other than transaction data and enquiry data (your “residual data”). The residual data will remain on our database for 7 years or the required statutory length of time.
5.1.4 If you would like to delete your personal data, simply login and visit your account and click "Delete Account". Alternatively you can request the deletion of any of your personal or user data by emailing us at admin@bitpaper.io and we shall do so within 7 working days.
6.1 We may process any of your personal data in any way that we reasonably believe is necessary for us to (i) comply with a legal obligation prevent or investigate a possible crime, such as fraud or identity theft; (iii) enforce the Terms of Use or other agreements that govern your use of the Service; (iv) to protect the rights, property or safety of us, our users or others; or (v) to protect your vital interests or the vital interests of others.
7.1 Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights, in some circumstances, to:
7.1.1 access to your personal information;
7.1.2 require us to correct any mistakes in your information which we hold;
7.1.3 require the erasure of personal information concerning you in certain situations;
7.1.4 receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
7.1.5 object at any time to processing of personal information concerning you for direct marketing
7.1.6 object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
7.1.7 object in certain other situations to our continued processing of your personal information
7.1.8 otherwise restrict our processing of your personal information in certain circumstances
7.2 For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
7.3 If you would like to exercise any of those rights, please:
7.3.1 email us on the email address published on our website from time to time; and;
7.3.2 let us have enough information to identify you;
7.4 If you would like to unsubscribe from any bulk email correspondence you can also click on the ‘unsubscribe’ button.
7.5 The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ or telephone: 0044 303 123 1113.
8.1 A cookie is a small text file that a website (including our website) saves on your computer or mobile device when you visit the site. It enables the website, including plugins such as YouTube, to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
8.2 Cookies also enable us to analyse how this website is being used. For this purpose, we use Google Analytics which gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google may also process this information.
Google’s privacy policy is available at: https://www.google.com/policies/privacy/.
8.3 Cookies also enable us to facilitate payment processing through Stripe. These cookies are set by Stripe payment gateway and are used to enable payment on the website without storing any payment information on a server.
Stripe’s cookie policy is available here: https://stripe.com/cookies-policy/legal
9.1 The following table explains the cookies we use and why we use them:
| Cookie | Description | Duration | Type |
|---|---|---|---|
| __stripe_mid | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server. | 1 year | Necessary |
| __stripe_sid | This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server. | 30 mins | Necessary |
| _ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years | Analytics |
| _gid | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. | 1 day | Analytics |
| _gat | This cookies is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. | 1 minute | Performance |
9.2 You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
10.1 This website is owned and operated by BitPaper Limited.
10.2 We are registered in England and Wales under registration number 09949476, and our registered office is at 65 Schomberg House, Page Street, SW1P 4BP.
10.3 Our principal place of business is at 2 Minster Court, London, EC3R 7BB.
10.4 You can contact us:
10.4.1 by post, using the registered address given above;
10.4.2 by email, using the email address published on our website from time to time.
11.1 Our data protection officer's contact details are: Legal Department, BitPaper Limited, registered address as above.