Paperless Post Privacy Policy
We interact with three categories of individuals:
Hosts – individuals who use Paperless Post to design and distribute invitations, order related Products, and facilitate and manage events;
Guests – individuals who receive an invitation to an event or greeting through our Services or by other third party communication, and may respond on our Sites or Apps;
Other visitors whose interactions with us are limited to browsing our Sites or Apps, or interacting with us on social media.
All Users:
If you submit a request through our Sites or otherwise contact us, you may provide us with your name, email address or other contact information to respond to you and resolve your request.
If you interact with our pages on social media platforms, such as Facebook, Instagram, and Twitter, you or the platforms may provide us with information through the platform.
Hosts:
When you register to use the Services and order Products, you voluntarily give us certain personal data, including your name, zip code, email address, and username. If you register for a Paperless Post account by logging in using your social media account (including Facebook, Google and Apple), we receive information from these accounts according to your settings and the privacy policies and terms of service of the social media platforms, so please check those policies and terms to understand the privacy practices of those platforms.
When you use the Services, you may provide event-related personal data including your name, email address, phone number, address book, messages with Guests, photos, gifs, videos, graphics or other content (collectively “User Content”).
If you buy Paperless Post Coins (described in our Paperless Post Terms of Service), or other Products on the Party Shop Site, one or more of our payment service providers will collect from you payment information (including payment card number, security code associated with the card, expiration date, zip code and country) (please see “How We Share Personal Data” section for more information).
We collect information you choose to provide to us when you complete any “free form” boxes on our Sites or Apps (for example, our account settings or preference page, or a survey submission). We may collect personal data you disclose on other areas of our Sites and Apps, or when you contact us for help.
You may order event-related Products, such as party decorations and party supplies on the Paperless Post Party Shop Site. If you choose to make these purchases, you may provide us information related to the items you purchase, transaction and payment data, and shipping information.
We will collect and store a history of events you have created, sent and received in your Paperless Post account for future reference. This may include information from Event and Manage Pages, which contain relevant event information, User Content, and Guest lists. Any Product order history will be stored in your Party Shop Site account.
Guests:
If you click on an invitation link and voluntarily give us your personal data, such as your name and email address, your name will be added to the Host’s Guest list, which may be public.
If you do not have a registered account, Paperless Post may store the data associated with your email address, telephone number or other identifier. If you register for a Paperless Post account in the future, we will populate your event history in your account dashboard.
When you respond to an event through the Services, you may voluntarily provide personal data when messaging the Host and other Guests, or posting publicly on the Event Page. This personal data may include photos, gifs, videos, or other User Content.
Sensitive Personal Data
Our Services are not designed to collect sensitive personal data. To the extent you choose to provide this data – for example, if you include it in the title of your event or other User Content – we will handle this information as we would any other details you make public to your audience. We do not share personal data except as described in the “How We Share Personal Data” section of this Privacy Policy.
Automatically Collected Data
When you use the Services or order Products, the following information is created and automatically logged in our systems:
Log Data. Information that your browser automatically sends whenever you visit the Sites, or that the Apps automatically send when you use them. Log data includes the device’s IP address, browser type and settings, the date and time of your request, and how you interacted with the Sites and Apps. Your geographic location determines which Services and Products, disclosures, features, and third party content will be available to you.
Cookies. Information from cookies and other technologies stored on your device (together, “Cookies”). A Cookie is a piece of information stored on your browser or device. We use Cookies to make it easier for you to use the Services during future visits by identifying your browser or device, and helps us monitor traffic on our Sites and Apps. Our third party vendors and service providers may also place Cookies on your browser through your interaction with our Sites. These Cookies may be used to collect and store information about your browsing activities over time and across different websites. For more detail about specific Cookies, how we use Cookies, and your choices regarding cookies please see our Cookie Policy.
Device Information. Includes the type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. The information collected may depend on the type of device you use and its settings.
Usage Information. We collect information about how you use our Services, and order our Products such as the types and categories of content that you view or engage with, the features you use, the actions you take, the other Users you interact with and the time, frequency and duration of your activities. For example, this includes whether you open and respond or act on an event invitation or marketing emails.
How We Use Personal Data
We use the personal data we collect for the following purposes:
- To Provide and Support Our Services and Products
We use personal data to perform our contractual obligations under our Terms of Service, such as:
To authenticate Users, provide the Services and Products and related support, process transactions and respond to your requests;
To send you real-time email or push notifications of certain actions related to your Event Page or Guest activity;
To manage our relationship with you, which includes sending you information relating to our Services and Products, or requesting you to review or respond to a survey.
- To Improve, Monitor, Personalize, and Protect Our Services and Products
It is in our legitimate interests to improve and keep our Services safe for our users, which includes:
To administer and protect our business and the Services, prevent fraud, criminal activity, or misuse of our Sites and Apps, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data).
To investigate and protect against fraudulent, harmful, unauthorized or illegal activity.
To better understand how visitors interact with our Services, including to ensure that our Sites are presented in the most effective manner for you or your device.
To conduct analytics to inform our Products and marketing strategy and enable us to enhance and personalize our communications and the experience we offer to our Users.
To provide other customized Services, Products and communications that may be relevant or of interest to you.
To create anonymized, de-identified and/or aggregated data for commercial, statistical and market research purposes.
To conduct research.
- To Enforce Our Agreements, to Comply with Legal Obligations and to Defend Us Against Legal Claims or Disputes
We may use your personal data in our legitimate interests to enforce and comply with our Terms and Policies; protect our and others’ rights, privacy, safety, or property; to ensure the integrity of our Services; to defend ourselves against legal claims or disputes; and to recover payments due to us. Some processing may also be necessary to comply with a legal obligation, for example to keep records of transactions, or as requested by any judicial process or governmental agency.
- For Marketing and Advertising Purposes
We may use personal data where it is in our legitimate interest to promote our Services, Products or our business. Where required by law, we will ask your consent for such activities, which you may withdraw at any time.
Email Communications. We will send you updates and information about our new Services and Products or other promotions by email. You can unsubscribe or opt out at any time, via (1) the email preference page linked to the email (unsubscribe here), or (2) in your account settings on the Paperless Post Site (click here). If you opt out of receiving marketing emails, Hosts may continue to initiate emails to invite you to their events, and we may send you non-marketing emails regarding your Paperless Post account, and in response to your requests. If you have any questions about the communications we may send you, please Contact Us.
Offsite Targeted Advertising. We may use personal data to show you Paperless Post advertising on other websites you visit, following your interaction with our Sites, and to measure the effectiveness of our advertising. We may use Cookies and other technologies for these purposes. This allows us to tell you about new Services and Products you have expressed an interest in by browsing on our Sites, or that we believe will be of interest to you and others in the future, and to understand if you visited our Sites or purchased our Services or Products after seeing our advertising. You can limit online tracking as described in our Cookie Policy.
We allow Users to share their data (or direct us to share their data), including with other Users and the public. Users may share their personal data with:
Other Users: by sharing event information, RSVPs and User Content with other Users, including Guests via Share Link or otherwise.
Social Media Platforms: by posting User Content related to your events and your use of our Services or Products to social media.
Public: by establishing a public profile, you may share certain of your profile information publicly via our Apps and the Sites. This information may include your event information, RSVPs, and the Users you follow.
Your Rights and Choices
Updating Your Account. If you have an account, and need to change or correct your personal data, you may update it yourself in your account settings, on our Sites or in our Apps, or Contact Us. We will address your request as required by applicable law.
Communications and Service Choices. You have the following choices in connection with our Services:
You may go to account settings on the Site (if you have a registered Paperless Post account), app settings (if you have downloaded our Apps), or settings on your mobile device, and determine what, if any, real-time email, or push notifications you want to receive, including Event Page comments and private messages. Click here to find out more about account and app settings. If you do not have a Paperless Post account, you may Contact Us to suppress email or other notifications sent through the Services.
You can opt out of receiving any associated event email communications, at any time via (1) the preference page linked in the footer of every email sent through the Services (unsubscribe here), (2) in your account settings on the Paperless Post Site (click here), or (3) Contact Us.
You can withdraw consent to receive text messages by replying “STOP.” We will send you a text to confirm you have unsubscribed, and going forward, we will not send any text message invitations through our Services. Alternatively, you may respond to a text message with “HELP” to contact our Customer Support.
As a Host, you may choose whether the Guest list, Guest responses and comments are visible to other invited Guests on the Event Page, or private to you.
As a Guest, if you prefer that your name not appear on the Event Page Guest list, you may message the Host, or alternatively Contact Us to remove your name from the list.
Privacy Rights. We also offer you choices that affect how we handle the personal data that we control. You may request the following in relation to your personal data:
Information about how we have collected and used your personal data. We have made this information available to you without having to request it by including it in this Privacy Policy.
Access to a copy of the personal data that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
Correction of personal data that is inaccurate or out of date for the purpose for which we collected or use this data.
Deletion of personal data that we no longer need to provide the Services, deliver Products, or for other lawful purposes.
Opt Out of Sharing of Your Personal Data. We share personal data with advertising partners that display offsite Paperless Post targeted advertising to Users around the web, and this may qualify as “selling” or “sharing” personal data under applicable laws. You can opt out of our “selling” or “sharing” personal data for targeted advertising by enabling the Global Privacy Control setting within the browser that you use to access our Site. Learn more at the Global Privacy Control website. You can also opt out of selected data sharing as described in our Cookie Policy Please note that your opt out will be specific to the device and browser you use when you opt out. If you are a registered User you can opt out on your account settings page.
Additional rights, such as to object to and request that we restrict our use of your personal data, and where applicable, you may withdraw your consent.
To make a request, please email us or write to us as provided in the “Contact Us” section below. We may ask for specific information from you to help us confirm your identity. Depending where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Limits on Your Rights and Choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a feature of our Services you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may contact us as provided in the “Contact Us” section below. Depending where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com/”.
Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected and processed in accordance with our retention policies and applicable laws, or until you withdraw your consent (where applicable). You can also delete any Apps downloaded on your mobile devices. Click here to learn how to delete your account, or Contact Us if you do not have a registered account.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications in accordance with our policies.
To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.
International Data Transfers
Paperless Post is based in the U.S. When you use the Services or order Products, you provide your personal data directly to us in the U.S. We may transfer your personal data to our affiliates and service providers, as described in the ‘How We Share Personal Data’ section above. These service providers and affiliates may be located in the U.S. and other jurisdictions that may not provide the same protections as the data protection laws in your home country. In these instances, where required by applicable law, we will ensure that relevant safeguards are in place to afford adequate protection for your personal data. For more information about how we transfer personal data internationally, please contact us as set out in the “Contact Us” section below.
Data Privacy Framework. Paperless Post complies with the EU-U.S. and Swiss-U.S. Data Privacy Framework, and the UK Extension to the Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the transfer of personal data from the European Economic Area (“EEA”), Switzerland, and the UK to the U.S. Paperless Post has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the policies in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification page, please visit https://www.dataprivacyframework.gov/.
We may be accountable for the personal data that we transfer to third-party service providers (described in the “How We Share Personal Data” section above). If such service providers process personal data in a manner inconsistent with the Data Privacy Framework Principles, we are responsible for the harm caused.
Recourse, Enforcement, Liability. In compliance with the Data Privacy Framework Principles, we commit to resolve complaints about our collection or use of your personal data. EEA, Swiss, and UK individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at privacy@paperlesspost.com. Further contact information can be found at Contact Us.
We have further committed to refer unresolved Data Privacy Framework complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For additional information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
We are subject to investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to personal data received or transferred pursuant to the Data Privacy Framework.
Children’s Privacy
Our Services are not intended for use by children. If you are a parent or guardian and you have reason to believe that a child under the age of 13 has provided personal data to Paperless Post through the Sites or Apps, please contact us as set out in the “Contact Us” section below.
Links to Other Websites
The Site may contain links to or integrations from other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services such as the Shopify Shop Pay wallet feature on our Party Shop Site. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of such Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.
Security
We maintain organizational, administrative and technical safeguards designed to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.
Changes to Our Privacy Policy
We may change this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services.
Contact Us
Paperless Inc. is the entity responsible for the processing of your personal data, and is the data controller for the personal data we collect or otherwise process as described in this Privacy Policy. If you have any questions about our Privacy Policy or our data practices, or if you would like to exercise your rights with respect to your personal data, please contact us at privacy@paperlesspost.com, or by post at:
Paperless Inc.115 Broadway
New York, NY 10006
USA
Paperless Post Customer Support
+1 877-605-8644
EEA and UK Representative Contact Information. If you are an individual in the European Economic Area (EEA) or the UK, you can also contact VeraSafe, who has been appointed as Paperless Inc.’s representative in the EEA and the UK for data protection matters. To make a personal data processing inquiry, you may contact VeraSafe:
if you reside in the EEA at,VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Contact form: https://www.verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
if you reside in the UK at,
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Contact form: https://www.verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
Privacy Snapshot
Here is a high-level snapshot of our privacy practices, but you need to read the entire Privacy Policy for complete information.
How You Use the Services | Personal Data Categories | Primary Purposes of Processing | Primary Recipients (Other than Service Providers) | Can you Limit Sharing? |
---|---|---|---|---|
When you browse our Sites |
|
| Service providers | No |
Advertising partners | Yes | |||
When you use the Services we provide to Hosts and Guests (e.g., creating an account, responding to an event, ordering a Product, etc.) |
|
| Where initiated by you: other Users, the public, and social media platforms | Yes |
Service providers | No | |||
Advertising partners | Yes | |||
Any information you provide within User Content, including, if you choose to provide it, protected classifications, such as age, sex, or national origin, sensitive personal data, and audio or visual information. |
| Where initiated by you: other Users, the public, and social media platforms | Yes | |
Service providers | No |