Privacy Policy

Your privacy, our promise

We’ll never bombard you with emails or share your data with any other internet users. You decide how you want to hear from us and you can change your mind at any time. We keep your data safe; we won’t sell it to any third parties, and won’t ever keep anything longer than necessary.

Our privacy policy

At Paperchase, we are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Paperchase may change this policy from time to time by updating this page. We’ll notify you of any significant changes but you should check this page from time to time to ensure that you are happy with any changes. When Paperchase collect and process your personal data, we are doing so on our own behalf, and not on behalf of any third parties. This means that Aspen Phoenix NewCo Limited, trading as Paperchase is termed a data controller under the terms of data protection legislation.

The legal bases

The law on data protection sets out a number of reasons for which a company may collect and process your personal data including: • Consent – for example, where you have ticked a box to receive emails • Contractual obligations – for example, where we need your data to fulfil our contract with you • Legal compliance – for example, where the law requires us to • Legitimate interest – where we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not impact your rights, freedoms or interests – for example, the operation of the Treat Me loyalty scheme

What information we collect

We may collect the following information: • Your name • Contact information including email address • Demographic information such as postcode, preferences and interests Other information relevant to customer surveys and/or offers

Purpose of personal data processing

Activity

Signing up for a Treat Me card in-store

Purpose of processing: Setting up and dealing with your loyalty scheme account and sending you updates on your account, treats and promotions related to your Treat Me membership via email, SMS and postal direct mail. Lawful basis: Legitimate interest – contract

Creating an online account

Purpose of processing: Setting up your online account details and communication of any updates to your account. Lawful basis: Legitimate interest - contract

Signing up for marketing communications as part of online account creation

Purpose of processing: Communicating product updates, news, competitions and promotions by email, SMS and postal direct mail. Lawful basis: Legitimate interest - commercial

Signing up for email newsletters online not as part of account creation

Purpose of processing: Communicating product updates, news, competitions and promotions by email. Lawful basis: Consent – gained through opt-in at point of sign up

Completing an order form on the website

Purpose of processing: Dealing with an order and providing you with information about your products, delivery and service. Lawful basis: Legitimate interest - contract

Information we collect and why

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

How we use your name and contact details. Why?

To carry out our contract with you

Send you service messages - for example, order updates. Why?

To carry out our contract with you – so you know when your order will arrive

Send you information by email, SMS or direct mail about our promotions, products or services. Why?

To keep you up-to-date – you can opt out at any time

Fraud prevention. Why?

This is necessary and protects both of us

Understanding what our customers like. Why?

So we can give you what you want and improve our products and services

Your payment information. Take payment and give refunds. Why?

To carry out our contract with you. All information is anonymised and not kept – see our Security & Cookie Policy for any more details about this

Fraud prevention and detection. Why?

This is necessary and protects both of us

Your contact history

Any contact we’ve had - either written, by email, over the phone, webchat or on social media

How we use this information: Provide customer service support and train our staff. Why?

To carry out our contract with you and so we can give you the best service we can

Purchase history, wishlist & saved items

What you’ve bought, added to your wishlist and what you’ve stored in your basket for another time

How we use this information: Sell you things. Why?

Legitimate commercial interest

Provide customer service support and process returns. Why?

To carry out our contract with you

Understanding what our customers like. Why?

So we can give you what you want and improve our products and services

For product or experience feedback or research. Why?

From time to time we may ask you to review your product or experience to help us improve

To operate the Treat Me loyalty scheme. Why?

So that we can issue Treats and personalised offers

Information about your device and how you use our website

How we use this information: Improve our website and set default options for you – for example country and currency. Why?
To improve your shopping experience

Protect our website. Why?

To prevent fraud which is necessary and protects both of us
Information from accounts you link to us

How we use this information: So you can log in without creating an account.

Why?

To improve your shopping experience

Your responses to competitions, promotions, surveys and reminders

How we use this information: Run the survey, competition or promotion. Why?

To carry out our contract with you – so we can enter you and pick a winner

Understanding what our customers like. Why?

If we’ve asked what you want to hear about we will use this to give you want you want
To remind you of an event in your calendar. Why?
If you’ve given us details of an event you want to be reminded about, we’ll do this until you tell us otherwise. You can switch off reminders at any time.
This information is anonymised and aggregated so we do not identify you but it’s used for improving our website, data analysis, research and improving our products and services.

Sharing personal data

As mentioned, we do not sell any personal information to third parties. However, we do share your data with the following types of companies so that we can provide our services to you: • Companies that help get your orders to you – i.e. delivery companies, warehouses, and payment service providers. • Professional service providers – i.e. data agencies, website hosts, and marketing agencies to help with things we are not able to do ourselves. • Fraud prevention agencies • Companies approved by you – i.e. social media sites, if you choose to link your account. To do this we may share your data with service providers inside and outside the UK and EU however we will only transfer personal data to service providers outside the EU and UK where there is an adequate safeguard in place (typically the Standard Contract Clauses), available on request.

Marketing

If you have given us permission, we’ll send you marketing messages via email, SMS, or direct mail. Sometimes, we may use purchase history, wishlist, or saved items to increase our knowledge of what our customers like. This is so we can make sure we’re only sending you things that you’re interested in. You can opt out of marketing messages by:

• Updating your settings in My Preferences in your online account

Contacting our customer service team here

• Clicking unsubscribe link on any email or replying with the correct STOP message to any SMS We’ll update your information as soon as possible, but it may take a few days for our system to update. We will still continue to send service messages such as order updates.

Keeping your information

We hold on to your information for as long as is necessary for the purpose it was collected for or as is required to meet legal and regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions. At the end of that retention period your data will either be deleted completely or anonymised. Some examples of customer data retention periods: Orders When you place an order, we’ll keep the personal data you give us for two years so we can comply with our legal, financial, and contractual obligations. Inactive accounts If you’ve not used your account for more than two years, it will be flagged as inactive and we’ll contact you to ask whether you want to keep it open. Unless you reply to say ‘yes’, we will close the account and delete or anonymise the personal data associated with it.

Your rights

Your rights relating to your personal information: • The right to know whether we are processing your personal data, and to access the personal information we hold about you - free of charge. See here. • The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This privacy policy sets out the purpose for which we process your personal data and how long we will keep it for. • The right to correct personal data when incorrect, out of date, or incomplete. This can be done by contacting our customer service team here. • The right to have us delete your data, stop collecting or processing it, in some circumstances. This can be done by contacting our customer service team here and requesting for your data to be deleted. At this point, we will look at your request and inform you of our decision within 28 days. • The right to stop direct marketing messages. This can be done by signing in to your online account and updating your marketing preferences, using the unsubscribe button at the bottom of our emails, or replying ‘STOP’ to any SMS. We aim to stop sending you messages within 28 days of your request.

• The right to withdraw consent for any content-based processing. This can be done by contacting our customer service team here. • The right to complain to your data protection regulator. In the UK, please contact the Information Commissioner’s Office.

Last updated 10/05/2022