Privacy Policy for Paper
This Website collects certain Personal Data from its Users.
This document includes a dedicated section for Users located in Switzerland and their privacy rights.
You can print this document using your browser’s print function.
Data Controller
Paper
Controller contact email: privacy@paper.credit
Types of Data Collected
Among the Personal Data collected by this Website, either independently or through third parties, are: Tracking Tools; various categories of Data; payment information; purchase history.
Full details on each category of Personal Data collected are provided in the dedicated sections of this privacy policy or in specific information texts displayed before data collection. Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically while using this Website. Unless otherwise specified, all Data requested by this Website is mandatory. If the User refuses to provide them, it may be impossible for this Website to provide the Service. Where this Website indicates that some Data is optional, Users are free to withhold such Data without affecting the availability or operation of the Service. Users with doubts about which Data is mandatory are encouraged to contact the Controller. The use of Cookies or other tracking tools by this Website or by the operators of third-party services used by this Website has the purpose of providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy.
Users are responsible for Personal Data of third parties obtained, published or shared through this Website.
How and Where the Data is Processed
Processing methods
The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. Processing is carried out using IT and/or telematic tools, with organizational methods and procedures strictly related to the purposes indicated. Besides the Controller, in some cases, Data may be accessible to certain types of persons in charge, such as administrative, marketing, legal staff, system administrators, or external parties such as technical service providers, couriers, hosting providers, IT companies and communication agencies, who may be appointed as Data Processors. An up-to-date list of Data Processors may be requested from the Controller.
Location
Data is processed at the Controller’s operational offices and in any other places where the parties involved in the processing are located. For more information, contact the Controller. Users’ Personal Data may be transferred to a country other than the one in which the User is located. For more information on the location of processing, Users may check the section with details on the processing of Personal Data.
Retention time
Unless otherwise specified in this document, Personal Data will be processed and stored for the time required by the purpose for which they were collected and may be retained for a longer period insofar as required by law or for exercising the Controller’s legitimate rights.
Purposes of Processing the Collected Data
User Data is collected to allow the Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of Users or third parties), detect fraudulent or malicious activity, and for the following purposes: direct registration and authentication on this Website, payment processing, contacting the User.
For more details about purposes and processing of Personal Data, refer to the section “Details on the processing of Personal Data”. Cookie Policy
This Website uses Tracking Tools. To learn more, Users can consult the Cookie Policy.
Additional information for Users
Legal basis of processing
The Controller processes Personal Data relating to the User when one of the following applies:
- The User has given consent to one or more specific purposes;
- Processing is necessary for the performance of a contract with the User and/or to take steps at the User’s request prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the Controller is subject;
- Processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
You may always request the Controller to specify the legal basis of each processing operation and, in particular, whether the processing is based on law, a contract or the Controller’s legitimate interest.
Retention of Personal Data
Unless otherwise specified in this document, Personal Data will be processed and stored for the time required by the purpose they were collected for and may be kept longer for legal obligations or on the basis of the User’s consent.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between the Controller and the User will be retained until the execution of that contract is complete.
- Personal Data collected for purposes related to the Controller’s legitimate interests will be retained until those interests have been satisfied. The User may obtain further information about the legitimate interests pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When processing is based on the User’s consent, the Controller may retain Personal Data until such consent is withdrawn. The Controller may also be obliged to retain Personal Data for a longer period in order to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. As a result, once the retention period has expired, the right to access, delete, rectify and the right to data portability will no longer be exercisable.
Rights of the User under the GDPR
Users may exercise certain rights regarding the Personal Data processed by the Controller.
In particular, to the extent permitted by law, the User has the right to:
- withdraw consent at any time. The User may withdraw consent where processing is based on consent;
- object to processing of their Personal Data. The User may object where the processing is based on a public or legitimate interest;
- access their Personal Data. The User has the right to obtain information about the Data processed by the Controller, certain aspects of the processing and to obtain a copy of the Data being processed;
- verify and request rectification. The User may verify the accuracy of their Data and request that it be updated or corrected;
- obtain restriction of processing. The User may request the restriction of the processing of their Personal Data. In such case, the Controller will not process the Data for any purpose other than storage;
- obtain deletion or removal of Personal Data. The User may request the deletion of their Personal Data by the Controller;
- receive their Data or have it transferred to another controller. The User has the right to receive their Personal Data in a structured, commonly used and machine readable format and, where technically feasible, to have it transmitted to another controller without hindrance;
- lodge a complaint. The User may lodge a complaint with the competent data protection authority or seek judicial remedies.
Users have the right to obtain information about the legal basis for the transfer of their Personal Data abroad, including to any international organization governed by public international law or set up by two or more countries, such as the UN, as well as about the safeguards applied by the Controller to protect their Data.
Details on the right to object
When Personal Data are processed in the public interest, in the exercise of an official authority vested in the Controller or for the purposes of the legitimate interests pursued by the Controller, Users may object to processing for reasons related to their particular situation.
Users are informed that, where their Personal Data are processed for direct marketing purposes, they may object at any time without cost.
How to exercise rights
To exercise their rights, Users may contact the Controller using the contact details provided in this document. Requests are free of charge and the Controller will respond as soon as possible, and in any event within one month, providing the information required by law. Any rectification, erasure or restriction of processing carried out will be communicated by the Controller to each recipient to which the Personal Data have been disclosed, unless this proves impossible or involves a disproportionate effort. The Controller will inform the User about such recipients if requested.
Additional information for Users in Switzerland
This section applies to Users in Switzerland and, for those Users, replaces any other information in this privacy policy that may be inconsistent.
Further details about categories of Personal Data processed, purposes of processing, categories of recipients, retention periods and other information on Personal Data are available in the section titled "Details on the processing of Personal Data" within this document.
Rights under the Swiss Federal Act on Data Protection
Users may exercise certain rights with respect to their data to the extent permitted by law, including the following:
- right of access to Personal Data;
- the right to object to the processing of Personal Data (which also allows Users to request restriction of processing, erasure or destruction of Personal Data, and the prohibition of disclosure of Personal Data to third parties);
- right to receive their Personal Data and to have it transferred to another controller (data portability);
- right to request correction of inaccurate Personal Data.
How to exercise these rights
Requests to exercise User rights may be sent to the Controller using the contact details provided in this document. These requests are free of charge and the Controller will respond as soon as possible, providing the information required by law.
Additional information on processing
Legal defense
The User’s Personal Data may be used by the Controller in court proceedings or in the preparatory stages of such proceedings to defend itself from abuses in the use of this Website or the related Services by the User. The User acknowledges that the Controller may be required to disclose Personal Data by order of public authorities.
Specific information
Upon request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning specific Services or the collection and processing of Personal Data.
System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services used by it may collect system logs, which may contain Personal Data such as the User’s IP address.
Information not contained in this policy
Further information regarding the processing of Personal Data may be requested at any time from the Controller using the contact details provided above.
Changes to this privacy policy
The Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, where possible, on this Website as well as, if technically and legally feasible, sending a notice to Users through one of the contact details the Controller has. Please therefore check this page frequently, referring to the date of last modification at the bottom.
Where changes concern processing activities whose legal basis is consent, the Controller shall collect new consent from the User, if required.
Definitions and legal references
Personal Data (or Data)
Personal Data means any information that, directly or indirectly, also in connection with any other information, including a personal identification number, identifies or can identify an individual.
Usage Data
Usage Data are the information collected automatically through this Website (also by third-party applications integrated into this Website), such as: IP addresses or domain names of the computers used by the User connecting to this Website, URI addresses (Uniform Resource Identifier), time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the server response (successful, error, etc.), country of origin, characteristics of the browser and operating system used by the visitor, various time details of the visit (e.g., time spent on each page) and details about the path followed within the Application with particular reference to the sequence of pages visited, parameters related to the operating system and the user’s computing environment.
User
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
The natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller, as described in this privacy policy.
Controller (or We)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data and the tools adopted, including security measures concerning the operation and use of this Website. The Controller, unless otherwise specified, is the owner of this Website.
This Website (or this Application)
The hardware or software tool by which Personal Data of Users is collected and processed.
Service
The Service provided by this Website as described in the relevant terms (if any) on this site/application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document is extended to all current member states of the European Union and the European Economic Area.
Cookie
Cookies are Tracking Tools that consist of small portions of data stored within the User’s browser.
Tracking Tool
By Tracking Tool we mean any technology — for example cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting — that enables tracking of Users, for example by collecting or storing information on the User’s device.
Legal references
This privacy policy has been prepared based on multiple legal systems.
Unless otherwise specified, this privacy policy only concerns this Website.
Last updated: January 21, 2026