PURPOSE OF THIS PRIVACY POLICY

GPTributes is powered by the Go paperless Online Marketing Platform. Go Paperless Ltd respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we collect, process and share your personal data when you visit our website (https://gopaperless.eu/), use our application or use any of our other services (collectively, the “Services”), including any data you may provide us with when you purchase an Online Tribute or access the Services to view an Online Tribute.

It is important that you read this privacy policy so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Definitions

CONTROLLER
Subject to the paragraph below, Go Paperless Ltd. is the controller and responsible for personal data you provide to us (collectively referred to as “Go Paperless”, “we”, “us” or “our” in this privacy policy).

If you are an Online Tribute owner, and you use the Services to store personal data about third parties (including contact details), then you are the owner of, and the controller in relation to, that data. In that context, Go Paperless acts as processor of such data and will only process the personal data in accordance with our agreement with you.

ONLINE TRIBUTE
Online Tribute means the Go Paperless digital marketing platform.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Go Paperless may collect, process, and use the following information about you when you access the Services to view an Online Card:

• Identity Data including your name.
• Contact Data including your email address and telephone number.
• Usage Data includes information about how you use the Services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Go Paperless may collect, process, and use the following information that you provide when you sign up to and purchase an Online Tribute:

• Identity Data includes your name, gender and birth date.
• Contact Data includes billing address, delivery address, email address and telephone number.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Services.
• Profile Data includes your username and password, details of your employment and preferences.
• Usage Data includes information about how you use the Services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and third parties, and your communication preferences.

We use different methods to collect data from and about you including through:

Direct Interactions: Viewing an Online Card
You may give us your Identity, Contact, Usage and Marketing Data when viewing the details of a person that has shared an Online Card with you.

Direct interactions: Purchasing an Online Card
You may give us your Identity, Contact, Financial, and Profile Data by filling in forms to purchase an Online Tribute or by corresponding with us by phone, email, or otherwise. This includes personal data you provide when you:

• apply and purchase a Tribute;
• subscribe to the Services or publications;
• request marketing to be sent to you; or
• give us feedback or contact us.

Automated technologies or interactions. As you interact with the Services, we will automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies.

Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

• Technical Data from the following parties:
  • • analytics providers;
    • advertising networks; and
    • search information providers.

Contact, Financial and Transaction Data from providers of technical, payment services. We use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. Stripe is our third payment processor. Their Privacy Policy can be viewed at https://stripe.com/us/privacy.

Go Paperless will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Go Paperless processes the following data in the following ways, and on the following legal bases:

• Your name, email address and contact telephone number for the purpose of identification on the Services when you view the details of an Online Tribute that has been shared with you by an Online Tribute holder to: (i) inform the Tribute Holder that you have viewed their Online Tribute; and (ii) to share your contact details with that Tribute Holder. Go Paperless does this on the bases that:
  • • it is necessary for the performance of the Go Paperless Services;
    • it is necessary in our legitimate interest in providing the Service in an effective manner.

• To carry out the obligations arising from the contract entered into between Go Paperless and you when you purchase an Online Tribute and/or use the Services, including processing payments, fees and any charges. Go Paperless does this on the basis that it is necessary for the performance of our contract with you.

• To personalise your experience of your Online Tribute, to help Go paperless to respond better to your individual needs and to improve the Go paperless Service. Go Paperless does this on the basis that it is necessary in our legitimate interest to ensure that the Go Paperless Service is being provided in the best way possible.

• To send you periodic emails or notifications as an Online Tribute holder about the Go Paperless Services and any update or changes to them. Go Paperless does this on the bases that:
  • • it is necessary in the legitimate interest of Go Paperless to keep you up to date on the Go Paperless Services; and
    • some communications with you are necessary for the performance of any Go Paperless contract with you under which it is obliged to provide you with the Go Paperless Service.

• To process transactions relating to our provision of the Service to you. Go Paperless does this on the basis that it is necessary for the performance of our contract with you.

• If you have saved an Online Tribute of any Tribute Holder, to send communications about that Tribute Holder’s business to you. Go Paperless does this on the bases that it is necessary in the legitimate interest of Go Paperless to allow its members to keep fully up to date with other Tribute Holders’ businesses, which they have already expressed clear interest in.

• To send you marketing communications about other services provided by Go Paperless. Go Paperless does this on the bases that it is necessary in the legitimate interest of Go Paperless to allow its members to keep fully up to date with the services it can access, in particular as its members have already indicated a strong interest in our Services. We will not send these marketing communications to you if you have chosen to opt-out of receiving them at the point of data collection or at a later date.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending any third party direct marketing communications to you via email or text message. You have the right to withdraw consent at any time by contacting us.

Go Paperless may use your information in an anonymised and/or aggregated manner in order to analyse the data so that it can enhance its IT systems, website or newsletter, and to carry out research. It may share this anonymised and/or aggregated data with third parties, but you will not be identifiable from any such data.

Go Paperless may review your personal data if it has reason to believe that the information has been provided inappropriately, unlawful or illegally. We do this on the basis that it is necessary in our legitimate interest to ensure that the Services are being used appropriately, lawful and legally.

The Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Services, we encourage you to read the privacy policy of every website you visit.

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your county/state, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are an EU citizen based in the EEA, then whenever we transfer your personal data out of the EEA, we will only transfer your personal data:

• to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
• if an appropriate safeguard has been put in place; or
• if one of the exceptions under Article 49 of the GDPR applies, for example if a party shares an
• Online Tribute with a party outside of the EEA, then the transfer to the non-EEA party would be necessary for the performance of our contract with our customers to provide them with the Services.

Go Paperless does not sell, trade, or otherwise transfer your personal identifiable information to outside parties other than as set out in this privacy notice.

Go Paperless provides your personal data:

• to selected third party providers in order to process and deliver the Service, maintain records of payment and transactions; and
• to selected marketing agencies, hosting companies and web-mailing providers.

Go Paperless doesn’t allow third-parties to use your personal data for their own purposes and only permits them to process your personal data for specified purposes and in accordance with our instructions.

Go Paperless will only transfer your personal data outside of the EEA to organisations who have adequate safeguards in place to ensure the security of your personal data.

Go Paperless may pass your personal data to third parties in a statistical and/or aggregated manner in order to analyse the data. Go Paperless will always ensure that you are not identifiable from any such data.

Go Paperless may otherwise share your information as directed by you or subject to your consent.

Go Paperless will disclose your personal data to third parties:

• if Go Paperless sells or buys any business or assets, in which case Go Paperless will disclose your personal data to the prospective seller or buyer of such business or asset;
• if Go Paperless or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
• if Go Paperless is under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Go Paperless, you, other users or any third party. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

If you ask us to delete your personal data it will no longer be stored and used by Go Paperless.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

In the rare circumstances where Go Paperless relies on consent as the condition for processing your personal data, you have the right to withdraw that consent at any time.

You have various statutory rights in relation to your personal data. In particular, you have the right to:

• object to direct marketing communications at any time;
• request and obtain access to your personal data;
• rectification or erasure of your personal data, in certain circumstances;
• object to or restrict the processing of your personal data in certain circumstances;
• have your personal data stored in a manner in which it is portable from the environment in which it is stored by Go Paperless to another environment; and
• file a complaint with the Information Commissioner’s Office.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or not function properly.

A cookie is a small information file that is sent to your computer, mobile or other device when you visit a website and it will recognise your device on future visits. These types of files do a number of different jobs, such as remembering your preferences and chosen items, improving your site experience and ensuring that the adverts or offers you see online are more relevant to you.

You may delete or block these cookies, but if you do, then these features will stop working, and some of our online services may not work as intended.

The cookie-related information is not used to identify you personally, and the pattern data is fully under our control (except in the case of the anonymous analytics). These cookies are used only for the purposes as described here.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

The Services are not intended for children and we do not knowingly collect data relating to children.

If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:
Full name of legal entity: Go Paperless Ltd.
Email address: cst@gopaperless.eu
Postal address: GPTributes, 4 Kenward Court, Hadlow, Tonbridge, Kent TN11 0DX

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.