Privacy Policy

This privacy policy sets out details of the personal data that we collect from you, or which you provide to us, when you visit our website or contact our customer services department. It also sets out details of how we process that personal data, who we disclose it to, and your rights in connection with our processing of your personal data.

About Us

Paperline Limited is the controller of personal data collected pursuant to this notice. If you have any questions about our use of your personal data, please contact us.

Personal Data that We Process

We process the following personal data about you:

• Orders – If you place an order with us we will collect the details of your order, your name, email address, address and your phone number. Our third party payment processor will also collect your payment details.
• Queries and complaints – If you contact our customer services department with a query or a complaint, we will record details of the query or complaint and how it is dealt with on our systems.
• Email updates – If you subscribe to receiving our email newsletter we will collect your email address.
• Information that is automatically collected – We use certain technologies that collect non-personally identifiable details about how our website is used, such as what pages you visit and how long you stay on them.

Purposes of Processing and Legal Basis

• Orders – We will process your personal data in order to fulfil your order. We process this data on the basis that it is necessary in order for us to perform our obligations under our contract with you to fulfil your order. We will also process aggregated data in relation to the orders that are placed, for the purpose of our internal business analysis processes. Our processing of such data is on the basis of our legitimate interests in operating and improving our business.
• Accounts – We process your personal data in order to provide you with the account feature on our website, which allows you to review your orders, manage your subscription to our email newsletter, and update the details we hold about you. We process this data on the basis of our legitimate interests in making the account feature available to you.
• Email updates – If you subscribe to receiving our email newsletter we will process your personal data in order to send you those emails, which will be on the basis of having received your consent to send you marketing emails.
• Information that is automatically collected – We process this personal data to help us understand how our website is being used and to help us make improvements to our website. To the extent that this involves the processing of personal data, it will be on the basis of our legitimate interests in making the website available and improving its services.

Personal Data that We Require You to Provide

You are required to provide certain personal data in order for us to enter into a contract with you for the purchase of goods. Where information is required this is indicated during the checkout process. If you do not provide the required information, we will not be able to process your order.

Recipients of Data

We may disclose your personal data to various recipients in connection with the above purposes, including:

• Service providers – We use other service providers in the context of operating our business, some of which may have access to your personal data in the context of providing those services. For example, we use various courier and shipping companies to deliver our goods to you.
• Group companies – We operate as part of a group of companies. Certain services are procured and operated on a group wide basis, which means that another group company acts as a data processor on our behalf when it engages third party service providers to provide those services.

Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Withdrawal of Consent

When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent to receive marketing emails at any time by clicking on the unsubscribe link in the email, or logging into your account on the website. Please note that if you withdraw your consent we will not be able to continue providing you with our email newsletter.

Credit Applications

1. Contact Details of the Data Protection Officer (DPO)

   Richard Wilson - sales@paperline.co.uk

2. Legitimate Interests Pursued by the Controller

   Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

3. Source of Personal Data

   We may collect personal data about you from:

   • You directly
   • Employers/clients when you apply for a role or are considered for an opportunity
   • Referees (where relevant and permitted)
   • Publicly available sources (e.g. professional networking sites, business websites, public records)
   • Credit reference agencies (CRAs) where required for checks
   • Third-party service providers supporting recruitment, screening, and compliance

4. International Data Transfers

   We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).

   Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include:

   • Approved standard contractual clauses
   • International data transfer agreements
   • Transfers to countries with adequate data protection levels

5. Rights of Data Subjects

   Under UK data protection law, you have the following rights:

   • Right of access – Request a copy of your personal data
   • Right to rectification – Correct inaccurate or incomplete data
   • Right to erasure – Request deletion where no lawful basis exists
   • Right to restrict processing – Limit how data is used
   • Right to data portability – Receive and transfer your data
   • Right to object – Object to processing based on legitimate interests or marketing

6. Right to Lodge a Complaint

   You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

7. Provision of Personal Data

   Is the provision of personal data statutory or contractual?

   The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

   Personal data is required to:

   • Enter into and perform contracts
   • Process orders and deliver services
   • Verify identity and prevent fraud
   • Comply with legal and regulatory obligations

   Consequences of Not Providing Personal Data

   If you choose not to provide requested personal data:

   • We may be unable to enter into a contract
   • We may be unable to fulfil orders or provide services
   • We may be unable to complete verification or compliance checks
   • Services may be delayed, restricted, or declined

   Where personal data is optional (e.g. marketing), providing it is not mandatory and consent can be withdrawn at any time.

8. Automated and Non-Automated Decision Making

   Non-Automated Decision Making and Profiling

   We may use automated tools to support processes such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

   These tools generate indicators or recommendations, but decisions with legal or significant effects are not made solely by automated means and always involve human review.

   Automated Decision Making

   In some cases, automated decision making or profiling may be used to evaluate risk, affordability, or fraud indicators.

   This may result in decisions such as approval, restriction, or rejection of services.

   Individuals have the right to request human intervention, express their views, and challenge automated decisions.