Effective Date: April 13, 2022
- ADDITIONAL POLICIES
In the event you are a resident of California please also review our CCPA Notice.
- CONTACT DETAILS OF THE CONTROLLER
The “Pen to Paper” shall mean:
Pen to Paper Co. at 115 Central Park West, Apt 12K New York, NY 10023 (“Controller”).
- WHICH DATA DO WE COLLECT AND FOR WHAT PURPOSE?
“Non-Personal Data”: means non-identifiable, aggregated data, that is mainly data which is transmitted to us when you access and interact with Pen to Paper Technology, such as the type of browser, type of operating system, type of device used, the time and date you access the Pen to Paper Technology, navigation, language preference, etc.
“Personal Data”: means individually identifiable information which identifies or may identify, with reasonable effort, an individual, such as your name, address, phone number, billing information and including online identifiers (such as IP address).
Please see below the table which specifies the Personal Data we collect and how we use it:
|DATA SET||PURPOSE AND OPERATIONS||Lawful Basis|
|Personal Data Collected from our customers the “MERCHANT(S)”|
|Merchant and its Authorized Representative: If you register directly with us we will request you provide us with certain Personal Data such as your name, email address, ACH and other banking information, etc. Further, if you are an employee or other authorized representative of one of our Merchant, we will collect information from you when you interact with us on behalf of the Merchant.||We will collect your contact information and username and password or other credentials that you use to access the online dashboard we provide, and we will collect information about your use of the dashboard. We will collect and use your information in accordance with our agreement with Merchant.||Contract necessity|
|Direct Marketing: As a Merchant, we will send you invoices, materials and content through the email information you provided.||We will use this information to keep you updated with offers and content such as software updates, new capabilities and features, surveys and send you invoices and supporting documentation.||Legitimate interest|
|Personal Data collected from Individuals making a purchase on the Merchant Site “END-USER(S)”|
|Registration & Redemption Form: When an End-User registers with or Services and fills out a Redemption Form provided on the Merchant’s Site or through email sent by us, the End-User will be required to provide contact details and financial information.||We will process the Information to be able to provide our Services and send the End User the coupon, cash, refund, etc.||Contract necessity|
|Information Provided from the Merchant: We collect information provided from Merchant from whom the End User purchased the product or service. This information includes the End Users' transactions, name, address, email address, telephone number, the items purchased and the price, transaction history, account balance, and other transaction-related information.||We will process the Information to be able to provide our Services and send the End User the coupon, cash, refund, etc.||Contract necessity|
|Online Identifiers and Browsing Information: We automatically collect information about End Users purchasing goods and services from the Merchant Site through cookies, web beacons, and other technologies. The information that we collect automatically includes the following: domain name; IP address; device ID; web pages End users view on the site; links End Users click on the site; location information; and the referring URL, or the webpage that led End Users to the site.||We will use this information for analytic and marketing purposes, to better understand the End Users’ use of the Services and navigation on the Merchant Website.||Legitimate Interest.|
|Personal Data collected from Individuals that browse our Website “VISITOR(S)”|
|Newsletter: In the event our Website visitors sign up to receive our newsletter or other marketing materials, visitors will be requested to provide contact details, such as email address.||We will use our Website visitors’ email in order to send our newsletter and other Marketing Materials.||Consent.|
|Contact Information: If you are a Website visitor interested in implementing our Service within your site, you may leave contact information such as an email address.||We will use the information to contact you upon your interest in our Service.||Consent.|
|Online Identifiers: We use our own cookies on the Website. These cookies provide us with analytic services as well as marketing services. The Personal Data processed is an online identifier, either a cookie agent, the IP address, etc.||We will use our Website visitors’ online identifiers for functionality purposes, marketing and analytics.||Consent provided through the cookie notice.|
Please note that the actual processing operation per each purpose of use detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability.
- HOW WE COLLECT INFORMATION
According to the nature of your interaction with Pen to Paper Technology, we may collect information as follows:
- Provided by you voluntarily – we will collect information if and when you choose to provide us with information, such as through a checkout process or when you contact us.
- Provided to us by Merchant – we will collect information from the Merchant when you choose to provide the Merchant with information to use our Services.
- DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH
We share your data with third parties, including with trusted partners or service providers that help us provide our Services:
|CATEGORY OF RECIPIENT||DATA THAT WILL BE SHARED||PURPOSE OF SHARING|
|service providers which include those who assist us in processing your refunds or issuing gift, cash or other cards to satisfy your request; banking and financial services providers; technology services providers, such as hosting services providers; and vendors who assist us in our compliance and marketing efforts.||Purchase transaction, contact information, address, payment information, etc.||Providing our services.|
|Cloud Service Provider (AWS USA)||All data||Hosting Services.|
|Analytics Service Provider||Online Identifiers||Analytic information for improving the Services.|
|Marketing Service Providers||Online Identifiers||Marketing and profiling.|
|Legal and law enforcement||Subject to law enforcement authority request.||we may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.|
Where we share information with services providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).
We use the following SDK (a Software development kit) which is a set of tools that provide us with the ability to build a plugin which can be connected to Shopify or other platforms. SDKs are used only in the Pen to Paper plugin on the Merchant’s store. SDK create the opportunity to enable the functionality of our Services, as well as include advertisement and push notifications, if applicable.
|Shopify Developers||Plugin Functionality||https://www.shopify.com/legal/privacy?shpxid=bba2ac4d-EB9D-45BF-2DC1-5145385A24DC|
- COOKIES & TRACKING TECHNOLOGIES
There are several types of cookies, the three main and common ones are:
- Essential, Functionality, Operation & Security Cookies – essential for enabling user movement around the Website, for the Website to function properly, and for security purposes. Please note that these cookies either cannot be disabled, or if disabled, certain features of the Services may not work.
- Analytic, Measurement & Performance Cookies – used to collect information about how users use the Website (clickstream, navigation, time and date of access, etc.) in order to improve our Services and the way we offer them, as well as assessing performance of the content available on the Website.
- Preference, Targeting & Advertising Cookies – used to advertise across the internet and to display relevant ads tailored to users based on the parts of the Website they have (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage).
|Google Display Network & Google Shopping||Analytics & Marketing||For privacy information, go to: https://policies.google.com/privacy?hl=en To opt-out install the plug-in: https://tools.google.com/dlpage/gaoptout|
- Please note that, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. By following the instructions of your device preferences, and by adjusting the privacy and security settings of your web browser, you may remove cookies, however, if you block or erase cookies some features of the Services may not operate properly and your online experience may be limited.
- Please refer to the support page of the browser you are using. In this regard, the following are some links which you may find useful: Google Chrome; FireFox; Internet Explorer; Safari; Edge; Opera.
- USER RIGHTS
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with Pen to Paper (e.g., if you are a Visitor of our Website, Merchant, or an End-User), data protection and privacy laws provide you with various rights regarding your Personal Data.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here and send it to our email address at: [email protected]
Where we are not able to provide you with the information for which you have asked, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the supervisory authority. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any such information in accordance with applicable law.
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws or until an individual requests to opt-out of such collection. We may at our sole discretion, delete or amend information from our systems, without providing any notice to you, once we deem it is no longer necessary for our purposes.
We implement extensive security measures to reduce the risks of damage, loss of information and unauthorized access or misuse of Personal Data. We implement appropriate data collection, storage and processing practices and security tools to protect personal data against unauthorized access, alteration, disclosure or destruction. You should be aware that no security measures are completely fail-proof, and it is impossible to prevent any and all threats to the security of data and systems. Therefore, you should be aware that any processing of digital Personal Data holds certain inherent risks, and we cannot guarantee that our Services and databases will be immune to any wrongdoings, malfunctions, unauthorized interceptions or access, malware attacks or other kinds of abuse and misuse.