Privacy Policy

This privacy policy sets out details of the personal data that we collect from you, or which you provide to us, when you visit our website or contact our customer services department. It also sets out details of how we process that personal data, who we disclose it to, and your rights in connection with our processing of your personal data.

About Us

Paperline Limited is the controller of personal data collected pursuant to this notice. If you have any questions about our use of your personal data, please contact us.

Personal Data that We Process

We process the following personal data about you:

  • Orders – If you place an order with us we will collect the details of your order, your name, email address, address and your phone number. Our third party payment processor will also collect your payment details.
  • Queries and complaints – If you contact our customer services department with a query or a complaint, we will record details of the query or complaint and how it is dealt with on our systems.
  • Email updates – If you subscribe to receiving our email newsletter we will collect your email address.
  • Information that is automatically collected – We use certain technologies that collect non-personally identifiable details about how our website is used, such as what pages you visit and how long you stay on them.

Purposes of Processing and Legal Basis

  • Orders – We will process your personal data in order to fulfil your order. We process this data on the basis that it is necessary in order for us to perform our obligations under our contract with you to fulfil your order. We will also process aggregated data in relation to the orders that are placed, for the purpose of our internal business analysis processes. Our processing of such data is on the basis of our legitimate interests in operating and improving our business.
  • Accounts – We process your personal data in order to provide you with the account feature on our website, which allows you to review your orders, manage your subscription to our email newsletter, and update the details we hold about you. We process this data on the basis of our legitimate interests in making the account feature available to you.
  • Email updates – If you subscribe to receiving our email newsletter we will process your personal data in order to send you those emails, which will be on the basis of having received your consent to send you marketing emails.
  • Information that is automatically collected – We process this personal data to help us understand how our website is being used and to help us make improvements to our website. To the extent that this involves the processing of personal data, it will be on the basis of our legitimate interests in making the website available and improving its services.

Personal Data that We Require You to Provide

You are required to provide certain personal data in order for us to enter into a contract with you for the purchase of goods. Where information is required this is indicated during the checkout process. If you do not provide the required information, we will not be able to process your order.

Recipients of Data

We may disclose your personal data to various recipients in connection with the above purposes, including:

  • Service providers – We use other service providers in the context of operating our business, some of which may have access to your personal data in the context of providing those services. For example, we use various courier and shipping companies to deliver our goods to you.
  • Group companies – We operate as part of a group of companies. Certain services are procured and operated on a group wide basis, which means that another group company acts as a data processor on our behalf when it engages third party service providers to provide those services.

Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Withdrawal of Consent

When we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent to receive marketing emails at any time by clicking on the unsubscribe link in the email, or logging into your account on the website. Please note that if you withdraw your consent we will not be able to continue providing you with our email newsletter.

Credit Applications

Credit Applications

  1. Contact Details of the Data Protection Officer (DPO)

    Richard Wilson - sales@paperline.co.uk

  2. Legitimate Interests Pursued by the Controller

    Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

  3. Source of Personal Data

    We may collect personal data about you from:

    • You directly
    • Employers/clients when you apply for a role or are considered for an opportunity
    • Referees (where relevant and permitted)
    • Publicly available sources (e.g. professional networking sites, business websites, public records)
    • Credit reference agencies (CRAs) where required for checks
    • Third-party service providers supporting recruitment, screening, and compliance

  4. International Data Transfers

    We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA).

    Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection. 

  5. Rights of Data Subjects

    Under UK data protection law, you have the following rights in relation to your personal data: 

    • Right of access – You have the right to request a copy of the personal data we hold about you and information about how it is used
    • Right to rectification –  You have the right to request that inaccurate or incomplete personal data is corrected
    • Right to erasure ("right to be forgotten") – you have the right to request that we delete your personal data where there is no lawful reason for us to continue processing it. 
    • Right to restrict processing – You have the right to request that we limit how we use your personal data in certain circumstances
    • Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine readable format, and to request that we transfer it to another organisation where technically feasible, readable format, and to request that we transfer it to another organisation where technically feasible. 
    • Right to object – You have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing. 

  6. Right to Lodge a Complaint

    You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

  7. Provision of Personal Data

    Is the provision of personal data statutory or contractual?

    The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

    Personal data is required to:

    • enter into and perform contracts with customers, suppliers, or business partners. 
    • process orders, manage accounts, and deliver goods and services. 
    • verify identity and prevent fraud; and 
    • comply with applicable legal, regulatory, accounting, and tax obligations. 

    What are the consequences of not providing personal data? 

    If you choose not to provide the personal data, we request: 

    • we may be unable to enter into a contract with you. 
    • we may be unable to fulfil orders, supply goods, or provide services. 
    • we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and 
    • as a result, our services may be delayed, restricted, or declined. 

    Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us. 

  8. Automated or Non automated decision making – this will need to selected based on your business

    Non-Automated Decision Making and Profiling

    We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management. 

    These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review. 

    The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement. 

    Automated Decision Making and Profiling 

    In some circumstances, we may conduct automated decision making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms. 

    Where automated decision making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service. 

    Individuals have the right to request human intervention, to express their point of view, and to challenge decisions made solely by automated means. Further information about automated decision making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy.

  9. Credit Reference and Affordability Checks

    To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

    We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

    Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority
    FCA Firm Reference Number: 742313

    TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority
    FCA Firm Reference Number: 805757

    The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

    Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

    Creditsafe Privacy / Transparency Notice
    TransUnion CRAIN (Credit Reference Agency Information Notice)
    TransUnion Bureau Privacy Notice

    Date 19 April 2026

© Paperline Limited 2026 | Company registration no. 02469888