effective on May 25, 2018
Preamble
This Privacy Policy explains the collection, use, and disclosure of “personal information” by Paper and Sage Design (“P&S” or “Paper and Sage”). Because P&S often uses third party resources, this policy will occasionally refer to documents and polices provided by the companies and/or persons responsible for creating and or operating those resources. We will do our best to keep you apprised of what information we collect and how we use that information.
Portions of this Privacy Policy are based on a Creative Commons Sharealike license provided by Automattic.
You can grab a copy of their original policy and other legal documents on Github.
1 Who We Are
Paper and Sage (P&S) is a design company specializing in book cover design and related promotional items. P&S respects your right to privacy and will always do our best to protect and honor your private information as far as is within our power.
Unless otherwise noted on a particular site or service, this Privacy Policy applies to information we collect about you when you use:
- paperandsage.com (the “Website”),
- products and services provided through the Website, (together with the Websites, the “Services”), for instance
- our online store,
- contact forms,
- questionnaires and surveys,
- commenting system,
- blog,
- sign up for our newsletter, and
- proofing system
Throughout this Privacy Policy we’ll refer to our website, products and services collectively as “Services.”
Because P&S often uses third-party resources to operate our Services, this policy will occasionally refer to documents, resources and policies provided by the companies and/or persons responsible for creating those resources.
Please note that this Privacy Policy does not apply to any of our products or services that have a separate privacy policy.
Furthermore, this Privacy Policy does not apply to any of the websites operated by affiliates of P&S.
Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
2 Information We Collect
We only collect information about you if we have a reason to do so–for example, to provide our services, to communicate with you, or to make our Services better.
We collect information in three ways: if and when you provide information to us, automatically through operating our Services, and from outside sources. In more detail:
2.1 Information You Provide to Us
It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:
- Basic Account Information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a paperandsage.com account to provide a username and email address–and that’s it. You may provide us with more information–like your name–but we don’t require that information to create a paperandsage.com account.
- Transaction and Billing Information: If you buy something from us—a premade or custom cover, for example—you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name and contact information. However, because all payments are handled through the WooCommerce PayPal Powered by Braintree Payment Gateway plugin for added security, you supply your credit card information to PayPal and Braintree directly. PayPal Powered by Braintree uses Hosted Fields to help us meet PCI Compliance SAQ-A standards. Hosted Fields are little iFrames, hosted on PayPal’s servers, that fit inside the checkout form elements and provide a secure means for you to enter your card information. This also means that P&S will not have access to or handle certain sensitive information (like your credit card number). You can view PayPal’s privacy policy here and Braintree’s privacy policy here.
- Communications With Us: You may also provide us with information when you contact us via webform, submit a questionnaire or survey, comment in our proof system or other section of the site, approve artwork, or submit various project details through one of our forms.
- Subscribe to our mailing list: You have the option of adding your email address one of our mailing lists. We do not use the information provided for marketing purposes without consent. This service is powered by mailchimp.com. You can view their privacy policy here.
- Comments: Some pages, post, or products on our Services allow for public commenting. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
2.2 Information We Collect Automatically
We also collect some information automatically:
- Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our website–for example, when you browse the Premade Shop, log into your account, or leave a comment on a proof.
- Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and users perform on paperandsage.com—in other words, who did what, when and to what thing on the site (e.g., [paperandsage.com username] commented on “[title of post]” at [time/date]). As another example, when visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. We also collect information about what happens when you use our website (e.g., page views, comments, submitting project forms) along with information about your device (e.g., screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our website to you, as well as get insights on how people use our Services, so we can make our Services better.
- Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
- Analytics: Our Services utilize Automattic’s Jetpack/WordPress.com Stats. Automattic’s Privacy Policy is available here.
Data Used: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Important: The site owner does not have access to any of this information via this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post. Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used for the sole purpose of powering this feature.
Activity Tracked: Post and page views, video plays (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page load that includes the Javascript file used for tracking stats. This is exclusively for aggregate performance tracking across Jetpack sites in order to make sure that the plugin and code is not causing performance issues. This includes the tracking of page load times and resource loading duration (image files, Javascript files, CSS files, etc.). DNT is currently not honored. - Information from Cookies & Other Technologies: A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and emails. P&S uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand email campaign effectiveness and to deliver targeted ads. Our intention in using cookies is always to make your experience with P&S better, for example, to improve site performance by keeping track of cart contents while you’re browsing our site. Our Services use Automattic’s WordPress platform along with several plug-ins available for that platform—including Jetpack, WooCommerce, MailChip for WordPress, and Ninja Forms. For more information about cookies set by WordPress and these plugins see:
- WordPress & WooCommerce: https://automattic.com/cookies/,
- Jetpack: https://jetpack.com/support/cookies/,
- MailChimp: https://mailchimp.com/legal/cookies/
- PayPal and Braintree: https://www.paypal.com/uk/webapps/mpp/ua/cookie-full
For detailed information about each of their cookie policies, and use of cookies, please visit their applicable Privacy/Cookie Policy.
2.3 Information We Collect from Other Sources
We may also get information about you from other sources. For example, if you create or log into your paperandsage.com account through another service (like wordpress.com), we will receive information from that service (such as your username, basic profile information, and friends list) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available.
2.4 Embedded Content from Other Websites
Services may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
For example, payment processing by Braintree or PayPal. We use PayPal Powered by Braintree, which uses Hosted Fields to help us meet PCI Compliance SAQ-A standards. Hosted Fields are little iFrames, hosted on PayPal’s servers, that fit inside the checkout form elements and provide a secure means for you to enter your card information. You can view PayPal’s Privacy Policy here and Braintree’s Privacy Policy here.
This also pertains to numerous social media sites (e.g., Facebook).
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
3 How And Why We Use Information
3.1 Purposes for Using Information
We use information about you as mentioned above and for the purposes listed below:
- To provide our Services–for example, to set up and maintain your account, charge you for any of our paid services, or view proofs;
- To further develop and improve our services–for example by adding new features that we think our users will enjoy or will make the purchasing and proofing process easier or better;
- To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our services and make them easier to use;
- To measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition–for example, we may analyze how many individuals made a purchase after receiving a marketing message or the features used by those who continue to use our services after a certain length of time;
- To monitor and prevent any problems with our services, protect the security of our services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of P&S and others, which may result in us declining a transaction or the use of our services;
- To communicate with you, for example through an email, about advice, offers and promotions offered by P&S and others we think will be of interest to you, solicit your feedback, or keep you up to date on P&S and our products; and
- To personalize your experience using our services, provide content recommendations (for example, through our Featured PreMades), target our marketing messages to groups of our users (for example, those who have subscribed to a particular mailing list or service), and serve relevant advertisements.
3.2 Legal Bases for Collecting and Using Information
A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
- The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account–for example, in order to enable access to our website on your device or charge you for a paid service; or
- The use is necessary for compliance with a legal obligation; or
- The use is necessary in order to protect your vital interests or those of another person; or
- We have a legitimate interest in using your information–for example, to provide and update our services, to improve our services so that we can offer you an even better user experience, to safeguard our services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our services, and to personalize your experience; or
- You have given us your consent–for example before we place certain cookies on your device and access and analyze them later on, as described above under 2.2 Information We Collect Automatically: Information from Cookies & Other Technologies.
3.3 Sharing Information
3.3.1 How We Share Information
We do not sell our users’ private personal information.
We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Employees and Independent Contractors: We may disclose information about you to our employees and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our employees and independent contractors to follow this Privacy Policy for personal information that we share with them.
- Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us, or to provide their services to you. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information, fraud prevention services that allow us to analyze fraudulent payment transactions, postal and email delivery services that help us stay in touch with you, customer email support services that help us communicate with you, registrars, registries, and data escrow services that allow us to provide domain registration services), those that assist us with our marketing efforts (e.g. by providing tools for identifying a specific marketing target group or improving our marketing campaigns), those that help us understand and enhance our services (like analytics providers), and companies that make products available on our websites (such as the extensions on WooCommerce.com), who may need information about you in order to, for example, provide technical or other support services to you. Vendors are required to have appropriate privacy commitments (e.g., a Privacy Policy) before we will share information with them.
- Legal Requests: We may disclose information about you in response to a subpoena, court order, or other governmental request.
As permitted by US law, we may disclose user information to the government or law enforcement, without a subpoena or warrant if we have a good faith belief that an emergency (imminent danger of death or serious physical injury) requires disclosure of information related to the emergency without delay. - To Protect Rights, Property, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of P&S, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that P&S goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
- With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, for example, sending your information to a mailing list to enable you to keep up-to-date with P&S.
- Aggregated or De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our services and we may share a hashed version of your email address to facilitate customized ad campaigns on other platforms.
- Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.
3.3.2 Information Shared Publicly
Information that you choose to make public is–you guessed it–disclosed publicly.
That means, of course, that information like your public profile, comments, other content that you make public on our Services are all available to others.
For example, the photo that you upload to your public profile, along with other public profile information, will display with the comments and interaction you may have with others on our site.
We also may use the design(s) created by P&S associated with your name, pen name, and/or book(s) for marketing purposes, promo materials and/or in our portfolio(s). Our aim is to show off our work, with the intentional side-effect of generating publicity for your book as well.
You may also provide us with a testimonial per one of our feedback mechanisms, and if so, we reserve the right to publish that on our Website and along with your name an other information (e.g., a URL to your website).
Public information may also be indexed by search engines or used by third parties.
Please keep all of this in mind when deciding what you would like to share.
3.4 How Long We Keep Information
We generally discard information about you when we no longer need the information for the purposes for which we collect and use it–which are described in the section above on How and Why We Use Information–and we are not legally required to continue to keep it.
For example, when you delete a comment from your account, it stays in your Trash folder for thirty days just in case you change your mind and would like to restore that content–because starting again from scratch is no fun at all. After the thirty days are up, the deleted content may remain on our backups and caches until purged.
You can request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
3.5 Security
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our services for potential vulnerabilities and attacks. You are responsible for creating a secure password for your paperandsage.com account. In the case of a security breach we will notify any persons affected by email.
3.6 Choices
You have several choices available when it comes to information about you:
- Limit the Information that You Provide: If you have an account with us, you can choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, many of our services–for example, any custom work, including custom cover designs, premade designs and promo materials–may not be accessible.
- Limit Access to Information On Your Mobile Device: Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps. If you do so, certain features maybe limited.
- Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
- Set Your Browser to Reject Cookies: At this time, Paper and Sage does not respond to “do not track” signals. However, you can usually choose to set your browser to remove or reject browser cookies before using Paper and Sage’s website, with the drawback that certain features of Paper and Sage’s website may not function properly without the aid of cookies.
- Close Your Account: While we’d be very sad to see you go, if you no longer want to use our Services, you can request to close your paperandsage.com account through our contact form. Please keep in mind that we may continue to retain your information after closing your account, as described in How Long We Keep Information above–for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.
3.7 Your Rights
If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (AKA the “GDPR”), data protection laws give you rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You can usually access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren’t able to do that, or you would like to contact us about one of the other rights, please use the contact form to get in touch.
EU individuals also have the right to make a complaint to a government supervisory authority.
4 Privacy Policy Changes
Paper & Sage encourages visitors to frequently check this page for any changes to its Privacy Policy. If we make changes, we will notify you by revising the change log below, and, in some cases, we may provide additional notice (such as including a note in our newsletter). Your further use of the Services after a change to our Privacy Policy will be subject to the updated policy.
4.1 Change Log
- May 23, 2018: New privacy policy created. The policy goes into effect May 25, 2018.
5 How to Reach Us
If you have a question about this Privacy Policy, or you would like to contact us about any of the rights mentioned in the Your Rights section above, please use our contact form to get in touch.
You may also contact us by postal mail at:
Paper and Sage
100 E Main
Unit 5
Wilmore, KY 40390
effective as of August 24, 2016 and until May 25, 2018
Preamble
This Privacy Policy explains the collection, use, and disclosure of “personal information” by Paper and Sage Design (“P&S” or “Paper and Sage”). Unless otherwise noted on a particular site or service, this Privacy Policy applies to your use of all websites that Paper and Sage operates, including https://paperandsage.com and http://proofs.paperandsage.com (collectively, the “Websites”), as well as the products, information, and services provided through the Websites, including our contact form, commenting system, newsletter, and design approval system (together with the Websites, the “Services”). Furthermore, this Privacy Policy does not apply to any of the websites operated by affiliates of Paper and Sage.
By accessing or using any of the Services, you are accepting and agreeing to the practices described in this Privacy Policy.
Personal Information P&S Collects
We may collect personal information through our Services, including without limitation:
- when you provide us with your personal information such as by sending an email to us or signing up to receive updates from Paper and Sage;
- when you subscribe to one of our email lists, submit our contact form, or Custom Cover Questionnaire;
- when you make a purchase from our website;
- when you provide personal information in connection with your participation in any of the forums or commenting features we make available through our Services.
Non Personal Browsing and Site Usage Information
When you use the Services, our servers (which may be hosted by a third party service provider) may collect information indirectly and automatically (through, for example, the use of your “IP address”) about your activities while visiting the Websites and information about the browser you are using. In addition, whenever you log into our Design Approval System, our servers (which, again, may be hosted by a third party service provider) keep a log of the websites you visit and when you visit them.
We do not intentionally link browsing information or information from our server logs to the personal information you submit to us. We use this information for internal purposes, such as to help understand how the Services are being used, to improve our Services, and for systems administration purposes. P&S also uses a third party analytics providers (such as Google Analytics and WordPress Jetpack) to help us collect and analyze non personal browsing information through operation of our Services for those same purposes. For information about how Google uses this data visit: https://www.google.com/policies/privacy/partners/
Cookies
Cookies are small files storing strings of information that our Websites store on a visitor’s computer, and that the visitor’s browser provides to the Websites each time the visitor returns. Paper and Sage uses cookies to help identify and track visitors, their usage of the Websites, and their access preferences. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our Websites.
Web Beacons
When we send emails, we may track behavior such as who opened the emails and who clicked the links. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details.
What P&S Does with Personal Information
Emails and Newsletters. We use the personal information you provide to us when you send us emails or sign up to receive updates from Paper and Sage in order to respond to your request – for example, to reply to your email, update you on the progress of your order or project, or to send you communications about Paper and Sage’s products and services.
Comments. When you leave comments on our Websites we use the name and email address provided to associate your name with your respective comments. We encourage you to use an alias or nickname if you are not comfortable providing your legal name. The name or nickname you provide may be used to attribute you in connection with any content you submit to any Service. Additionally, some users will choose to associate their comments with a WordPress.com or Gravatar account. If so, their respective privacy policies apply.
Purchases. Paper and Sage uses PayPal to process online orders. When using PayPal to purchase from Paper and Sage, your personal information is sent to, handled by and stored by PayPal in accordance with their privacy policy and terms of use. We will then use what information PayPal makes available to us for the processing of your order.
Design Approval System. Most purchases from Paper and Sage will require you to interact with a graphic designer through our design approval system. In this case, we will use your email address to create a user account on your behalf.
Disclosures of Personal Information
In general, it is not Paper and Sage’s practice to disclose personal information to third parties. We may share your personal information in two instances:
First, Paper and Sage may share personal information with our contractors and service providers in order to maintain, enhance, or add to the functionality of the Services.
Second, we may disclose your personal information to third parties in a good faith belief that such disclosure is reasonably necessary to (a) take action regarding suspected illegal activities; (b) enforce or apply our Terms of Use and Privacy Policy; (c) comply with legal process, such as a search warrant, subpoena, statute, or court order; or (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public.
If Paper and Sage is required to provide a third party with your personal information (whether by subpoena or otherwise), then provided we have collected and retained an email address for you, Paper and Sage will use reasonable means to notify you promptly of that event, unless prohibited by law or P&S is otherwise advised not to notify you on the advice of legal counsel.
Security of Personal Information Collected via the Services
Paper and Sage has implemented reasonable measures to protect against unauthorized access to and unlawful interception or processing of personal information that Paper and Sage stores and controls. However, no website can fully eliminate security risks. Third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications. We will post a reasonably prominent notice to the Websites if any such security breach occurs.
Reorganization or Spin-Offs
Paper and Sage may transfer some or all of your personal and/or non personal browsing information to a third party as a result of a reorganization, sale, consolidation, liquidation, acquisition, spin-off, or similar transaction. Upon such transfer, the acquirer’s privacy policy will apply.
Children
The Services are not directed at children under the age of 13. Consistent with the federal Children’s Online Privacy Protection Act of 1998 (COPPA), we will never knowingly request personal information from anyone under the age of 13 without requiring parental consent. Our Terms of Use specifically prohibit anyone using our Services from submitting any personally identifiable information about persons under 13 years of age. Any person who provides their personal information to P&S through the Services represents that they are 13 years of age or older.
Third Parties
The Services may include links to other websites or utilize plugins, widgets or social media features such the WordPress Jetpack and the Facebook Like button operated by other websites. These features may set cookies and collect information such as your IP address or which page you’re visiting on our site. Plugins, widgets, and social media features may be hosted directly on our site or by a third party. You should consult the respective privacy policies of these third-party sites. This Privacy Policy does not apply to, and we cannot control the activities of, such other websites.
Special Note to International Users
The Services are hosted in the United States. Please note that your personal data may be located on servers in the United States. By providing your personal data you consent to the use of your personal data for the uses identified above in accordance with the Privacy Policy.
Changes and Updates to this Privacy Policy
We may occasionally update this Privacy Policy. When we do, we will also revise the Effective Date above. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal information we collect. Your continued use of the Services constitutes your agreement to this Privacy Policy and any updates.
Questions & Concerns
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter please use our contact form to get in touch. You may also contact us by postal mail at:
Paper and Sage100 E Main
Unit 5
Wilmore, KY 40390