In this notice, ‘we’, ‘our’ and ‘us’ refers to The Paper High Gift Company Limited and ‘Site’ refers to paperhigh.com. We are committed to protecting your personal data and privacy. For this reason we will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

This privacy policy explains the types of personal data we may collect when you interact with our Site, and how we will store and protect that data. Whenever we process such information, we do so in line with all applicable laws concerning the protection of personal data. By visiting our Site you are accepting the practices described in this notice.

We may update this policy to reflect new laws or practices. You should check this page often to ensure that you are happy with any changes. This policy is effective from 9 August 2022.

When we collect personal data

  • When you visit our Site and use your account to purchase products and services.
  • When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
  • When you create an account with us.
  • When you shop online, we capture information through cookies and similar technologies, you can manage these when you visit our site.
  • When you purchase a product or service by phone but don’t have (or don’t use) an account.
  • When you engage with us on social media.
  • When you contact us by any means with queries, complaints etc.
  • When you ask our customer service team to email you information about a product or service.
  • When you enter prize draws or competitions.
  • When you choose to complete any surveys we send you.
  • When you comment on or review our products and services.
  • Any individual may access personal data related to them, including opinions. Therefore, if your comment or review includes information about the member of staff who provided that service, it may be passed on to them if requested.
  • When you fill in any forms.
  • When you’ve given a third-party permission to share with us the information they hold about you.

What personal data we collect

  • If you have a web account with us: your full name, billing/delivery address, orders and receipts, email address and phone number. For your security, we’ll also keep an encrypted record of your login password.
  • Details of your interactions with us online. For example, we keep secure records of our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket, voucher redemptions, web pages you visit and how and when you contact us.
  • Details of your visits to our Site, and which site you came from to ours.
  • Information gathered by the use of cookies in your web browser.
  • Open rates and click through rates on email marketing campaigns through the use of Pixels.
  • Personal details which help us to recommend items of interest. For example, you might tell us you like a certain range or material, which we’ll use to guide our suggested products.
  • Financial and credit card information.
  • Your comments and product reviews.
  • To deliver the best possible web experience, we collect technical information about your internet connection and browser, device ID and type, as well as the country where your computer is located and the web pages viewed during your visit.
  • Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
We use cookies, web beacons, unique identifiers and similar technologies to collect information about the pages you view, the links you click and other actions you take when using our Site, within our advertising or email content.

How we use your data

We use the information you give to us:

  • To fulfil a contract with you and to provide you with the information, products and services that you receive from us.
  • To provide you with information about goods and services we offer that are similar to those that you have already purchased or enquired about or that we feel may be of interest you. We may contact you either in writing or by electronic means, if you have consented to this.
  • To notify you about changes to our privacy policy or terms & conditions.
  • To ensure that content from our Site is presented in the most effective manner for you and for your browsing device.
  • To administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • To allow you to participate in interactive features of our Site, when you choose to do so.
  • As part of our efforts to keep our Site safe and secure.
  • To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

We may share hashed email addresses (no personal identifying information is passed to a third-party) to networks that also hold your information or have an existing online relationship with you in order to identify you and to enable us to provide you with relevant marketing online. For instance, we may share your information with sites such as Facebook and Google so that they can identify you as a customer of ours and can tailor the marketing we send you via their sites and products. We may also use the information to pursue our legitimate interests where your rights and freedoms do not outweigh these interests. This includes to:

  • Improve our Site, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.
  • Personalise, measure and improve our advertising based on your advertising customisation preferences.
  • Deliver targeted marketing, service updates and promotional offers based on your communication preferences.
  • Measure the performance of our email marketing campaigns.

How long we keep your personal data

Our data retention policy is dictated by data protection laws and we will not keep your data for longer than is necessary. 

When you place an order with us online, we will keep the personal data you provided us for five years to enable us to comply with our legal and contractual obligations. 

At the end of that retention period, your data will either be deleted completely or anonymised, so that it can be used in a non-identifiable way for statistical analysis.

Third-party service providers

We will keep your data inside our organisation except where disclosure is required or permitted by law or when we use third-party service providers to supply and support our business services, such as:

  • IT systems and email provider.
  • Couriers and warehousing.
  • Customer service network.
  • Marketing services such as email and direct mail.
  • With consent, advertising networks that require the data to select and serve relevant adverts to you and others.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our Site.
  • To contact you via email to invite you to review any services and/or products you received from us in order to collect your feedback and improve our services and products (the “Purpose”). We use an external company, Feefo Holdings Ltd. (“Feefo”), to collect your feedback which means that we will share your name, email address and order details with Feefo for the Purpose.
  • We are a Virgin Experience Days Reseller. This allows us to distribute, promote and sell a selection of their Products on our Site (the “Purpose”). In order to provide you with your experience e-voucher, we share your name, email address and order details with Virgin Experience Days for the Purpose. 
  • Sometimes the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA “) including but not limited to transaction processing and fraud prevention. It may also be processed by staff operating outside the EEA who work for us.

To keep everything running smoothly – whether that’s delivering your order, processing your payment, or tailoring your experience – we work with a small number of trusted partners. These companies process your data under strict agreements with us:

  • Analytics – Google
  • Feedback provider – Feefo
  • Marketing – AWIN (Affiliate Window), Google, Klaviyo, Meta, Pinterest 
  • Payment providers – Clearpay, Klarna, PayPal, Stripe
  • Postal service providers – APC Overnight, Royal Mail

Every one of these partners has been carefully chosen to meet our high standards for privacy, security, and respect.

Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Your rights

Your rights under the GDPR are as follows;

  • To be informed: we must provide a privacy policy which should contain transparent information of how we process your data.
  • Right to access your information: you are entitled to know what information we hold about you and the reasons why.
  • Rectification of your data: if you think we are holding incorrect information on you, you may request that these details are updated.
  • Erasing your data: you can request for your details to be deleted, in line with the data protection legislation.
  • Restrict the processing of your data: you have the right to ask us not to process your personal data for marketing purposes.
  • Data portability: you have the right to request a copy of the data you have provided us, in a format that is reusable.
  • Object to processing your data: you have the right to object to us processing your data for customer profiling or marketing.
  • Automatic decision making and profiling: you have a right to object to us using your data in automated marketing and profiling.

Security

How we protect your personal data

At Paper High, we maintain the highest levels of security and are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Access to your personal data is password-protected. Sensitive data (such as payment card information) is secured and encrypted to ensure it is protected.

We regularly monitor our Site for possible vulnerabilities and attacks, and we are always investigating ways to further strengthen our security.

Online Payment

Our site uses SSL encryption technology. You can tell whether a page is secure or not by the address; ‘https’ means the site is secure, whilst ‘http’ means it is not. A small locked padlock will also appear in the bottom bar of your browser window.

We do not store any credit or debit card information on our Site. All financial transactions made via:

Phishing

Phishing is the practice of tricking someone into handing over their personal information. Unfortunately, this happens a lot online. Here’s our top tips to keep you safe:

  • We’ll never ask you to provide payment information or your account login details via email. If we do need to take payment from you, we’ll only do so by phone once we’ve verified your identity. 
  • If you don’t recognise the sender, don’t open the email. Be especially wary of emails in your spam folder.
  • Legitimate emails from us will end in paperhigh.com.
Website

Our Site URLs will always contain paperhigh.com. We don’t operate any separate “discount” websites.

Phone

Don’t give out any personal information over the phone before you’ve verified who you’re speaking to. If in doubt, you can always call our customer services team using the number on our contact us page.

Account Password

We recommend setting up a unique password on our Site to keep your information safe. For guidance on creating a strong password visit the National Cyber Security Centre.

How we use cookies

We use cookies, which are small text files, to improve your experience on our Site and to show you personalised content. Cookies allow web applications to respond to you as an individual.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about Site page traffic and improve our Site in order to tailor it to user needs. We only use this information for analytical purposes and then the data is removed from the system. Overall, cookies help us provide you with a better Site, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept, customise or decline cookies. If you decline cookies, your experience of using our Site will be limited, as some of the cookies help us to identify and resolve technical issues, for example, or determine relevant related products to show you whilst you’re browsing.

We also host third party cookies for remarketing purposes. If you’d like to opt out of these, please customise your cookie preferences. You are welcome to do this at any time.

If you’d like to learn more about cookies in general and how to manage them, please visit aboutcookies.org.

How to contact us

We hope that the information provided on this page answered any questions you may have had but if not, please do get in touch with us.

Amendments to your data

To ask for your information to be amended, please contact our customer services team by email.

Subject Access Requests

As outlined above, you have the right to request a copy of the information that we hold on you. A small fee will be payable. To ask for your information, please contact us in writing or by email.

Complaints

You have the right to complain about the processing of your personal data. To do this please use the contact details provided below. If we are unable to resolve the issue, you have the right to complain to the Information Commissioner’s Office.

Address

Data Protection Representative, The Paper High Gift Company Limited, Unit 1, Delanair Estate, Brooks Road, Lewes, East Sussex, BN7 2BY. For the purpose of the Data Protection Act 1998 and the GDPR The Paper High Gift Company Limited is the data controller.

Want to know more about online security?

For more information, the National Cyber Security Centre website is a great resource. Here you’ll find further advice and guidance on what to look out for, how to protect yourself from online fraud, and how to report suspicious emails and websites.

If you believe you’re the victim of a fraud or cyber-enabled crime, please report it to Action Fraud. If this crime involves your banking information, contact your bank fraud team by dialling 159 – a service operated by Stop Scams UK.