Privacy Policy

Last Updated: 10 July 2025

This Privacy Policy (“Privacy Policy”) describes the types of information Paperform and any of its subsidiaries and affiliates (“Paperform”, “we”, “us”, or “our”) collect, use, share and transfer about you when you visit or use our website located at https://paperform.co/ (the "Website") and all related services, features, and content offered by Paperform (including, custom forms built by our customers through our Website), or when you otherwise contact or interact with us (collectively, “Services”). The terms “you” and “your” refers to you, the user. If you are using the Services on behalf of a business, association, or other entity, “you” or “your” will also refer to such business, association, or other entity, unless the context clearly dictates otherwise. You agree that you are authorized to consent to these terms on behalf of such business, association, or other entity, and we can rely on this. This Privacy Policy also explains how Paperform may use and share your Personal Information (as defined in Section 1), as well as the choices available to you.

By using/continuing to use the Services, you acknowledge you have read and understand and agree to the collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy, and you agree to our General Terms and Conditions of Use which are incorporated by reference. If you do not agree, please do not access or use the Services.

Important Notice

Individuals who answer or respond to forms or content (“Respondents”) created by a user of the Services (the “Customer”) may divulge personal information or data to Paperform (which is the data processor) on behalf of a Customer (which is the data controller). When Paperform is acting as a processor for a Customer, all processing of Respondents' personal information divulged when answering or responding to forms will be subject to the Customer's own privacy policy. If you are a Respondent, please contact the Customer directly if you have any questions about the form created by the Customer or the Customer's privacy policy.

However, while Paperform processes personal information of Respondents on behalf of the Customer, we may still gather certain types of information on Respondents in order to provide our Services, which will be subject to this Privacy Policy. For example: (a) the information Respondent enters into a form, before the Respondent completes or submits the form in order to prevent the inadvertent loss of Respondent's response; and (b) Respondent's e-mail address if the Customer provides it to us to send the Respondent an invitation to complete a form by e-mail.

Eligibility to Use the Services

To use the Services you must be, and represent and warrant that you are, at least the age of majority in your state, province or jurisdiction of residence and competent to agree to these terms; or if you are under the age of majority in your state, province or jurisdiction of residence, you represent and warrant that your parent or legal guardian has reviewed this Privacy Policy with you and accepts them on your behalf; parents or legal guardians are responsible for the activities of their minor dependents while using the Services.

General Terms and Conditions of Use

If you choose to access or use the Services, your access and use, and any dispute over privacy is subject to this Privacy Policy and our General Terms and Conditions of Use, including, but not limited to, limitations on damages and resolution of disputes.

1. Personal Information We Collect

   Generally, we collect four (4) types of information about you: (A) information and content you give us directly; (B) information we obtain automatically when you use our Services; (C) demographic information; and (D) information we get about you from other sources. When we talk about “Personal Information” in this Privacy Policy, we are talking about any information collected in accordance with this section. Please see below for more information on each category.

   1. Information and Content You Give Us Directly
      1. Personal Information. Personal information, such as your name, address, e-mail address, username, password, and any other information you directly provide us on or through the Services.
      2. Email Correspondences. Records and copies of your email messages together with your email address and our responses, if you choose to correspond with us through email.
      3. Transaction Information. We or service providers working on our behalf may collect information and details about any purchase or transactions made on the Services. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping, and contact details. We do not collect or store payment card information ourselves; rather we rely on third party payment processors (e.g., Stripe) to store and process this information as part of the Services.
   2. Information We Obtain Automatically When You Use Our Services
      1. Activity Information. Details of your visits to our Services, including the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; the time, frequency, and duration of your activities; and other information about your use of and actions on the Services.
      2. Equipment Information. Information about your computer and internet connection, including your device or computer operating system, IP address, browser type, and browser language.
      3. Location Information. Information about the location of your device, including GPS location, for purposes of enhancing or facilitating the Services. For example, we may use information about the location of the device you are using to help us understand how the Services and functionality are being used and to deliver more relevant advertising. If you do not want to share your location, you can disable location sharing in the settings on your device.
      4. Cookies, Pixel Tags/Web Beacons, and Other Technologies. Cookies, pixel tags, web beacons, clear GIFs, JavaScript, entity tags, HTML5 local storage, resettable device identifiers, or other similar technologies (collectively, the “Technologies”) may be used by us, as well as third parties that provide the content, advertising, or other functionality on the Services to automatically collect information through your use of the Services. Please see Section 9 for more information on the technologies we may use for this automatic data collection.
   3. Demographic Information

      We may collect demographic, statistical, or other aggregate information that is about you, but individually does not identify you. Some of this information may be derived from Personal Information, but it is not Personal Information and cannot be tied back to you. Examples of such aggregate information include gender, age, and race.

   4. Information We Get About You From Other Sources

      We may receive information about you from other sources and add it to our information, including from third-party services and organizations who have the right to provide us with such information. We protect this information according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. These sources may include: online and offline data providers, from which we obtain demographic, interest-based, and online advertising related data; publicly-available sources such as open government databases or social networks; and service providers who provide us with information, and updates to that information, based on their relationship with you. By gathering additional information about you, we can correct inaccurate information, enhance the security of your transactions, and give you product or service recommendations and special offers that are more likely to interest you.

2. How We Use Your Information

   We may use the information we collect about you in a variety of ways, to provide our Services, for administrative purposes, and to market and advertise our Services and products.

   1. We Use Your Personal Information to Provide Our Services

      We may use your Personal Information to:

      1. provide the Services and its content to you.
      2. respond to comments, questions, and provide customer service.
      3. fulfill any other purpose for which you provide Personal Information.
      4. communicate with you about an account.
      5. inform you about important changes to, or other news about, the Services or any of its features or content.
   2. We Use Your Information for Administrative Purposes

      We may use your Personal Information to:

      1. operate, maintain, improve, personalize, and analyze the Services.
      2. monitor and analyze trends, usage, and activities for marketing or advertising purposes.
      3. detect, prevent, or investigate security breaches, fraud, and other unauthorized or illegal activity.
      4. carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
      5. maintain appropriate records for internal administrative purposes.
      6. allow you to participate in interactive features on the Services.
      7. develop, improve, and analyze our predictive models, analytics and machine learning, both experimental and underlying the Services.
   3. We Use Your Information to Market and Advertise Our Services and Products.

      We may use your Personal Information to:

      1. send promotional communications, such as information about features, newsletters, offers, promotions, contests, and events.
      2. share information across Services and devices to provide a more tailored and consistent experience on the Services.
      3. develop, test, and improve new products or services, including by conducting surveys and research and testing and troubleshooting new products and features.

3. How We may Share or Disclose Your Information

   We may share or disclose aggregated or anonymized information about our users to third parties for a variety of business purposes without any restrictions, including to provide our Services and/or to protect us or others. We may share or disclose information in the event of a major business transaction such as a merger, sale, or asset transfer. The following circumstances describe in additional detail the ways we may share or disclose your Personal Information that we collect or that you provide under this Privacy Policy:

   1. We Disclose Your Information to Provide Our Services
      1. Subsidiaries and Affiliates. We may share your Personal Information with our parent companies, subsidiaries, joint ventures, and affiliated companies for purposes of management and analysis, decision-making, and other business purposes, consistent with this Privacy Policy. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
      2. Consent or to Fulfill the Purpose that Information was Provided. We may share your Personal Information to fulfill the purpose for which you provide that information, with your consent, or for any other purpose disclosed by us when you provide the information. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
      3. Improvement of Analytics and Research Studies. We may share your Personal Information with research associates and other third-party research organizations to assess, develop, improve, and exchange predictive modeling and data analytics for purposes of improving outcomes. For example, we may use your Personal Information as a part of a data set that will be used to improve the accuracy of our product outcomes predictive modeling algorithms or in connection with various Paperform product studies. Legal basis: Art. 6(1)f GDPR (legitimate interest).
      4. Advertising/Marketing Service Providers. We may share your Personal Information with marketing service providers to assess, develop, and provide you with promotions and special offers that may interest you, administer contests, sweepstakes, events, or for other promotional purposes. Legal basis: Art. 6(1)f GDPR (legitimate interest).
      5. Service Providers. We may share your Personal Information with our third-party service providers, contractors, and any other similar third parties that help us provide our Services. This may include service providers that help us with analytics services or support services, website hosting, email and postal delivery, location mapping, product and service delivery. Some of our aspects of our Services utilize framing techniques to serve content to you from our third-party providers, while preserving the look and feel of the Services. In such cases, please note that the information you provide is being provided to the third party. Service providers are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. A list of the current third party service providers of Paperform (including a link to their privacy policies) is maintained at https://paperform.co/subprocessors. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
   2. We May Disclose Your Information to Protect Us or Others
      1. When Required by Law. Paperform may from time to time need to disclose Personal Information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request. Legal basis: Art. 6(1)c GDPR (legal obligation).
      2. To Protect Lawful Interests. Paperform may also disclose your Personal Information to third-parties when necessary to protect the copyright, trademarks, legal rights, property or safety of Paperform, our Services, our customers or third parties. This may include exchanging information with other companies and organizations for fraud protection, and spam and malware prevention. Legal basis: Art. 6(1)b GDPR (situation similar to contract); Art. 6(1)f GDPR (legitimate interest).
      3. To Enforce Our Rights. We may share your Personal Information to enforce or apply this Privacy Policy, our General Terms and Conditions of Use, and other agreements, including for billing and collection purposes. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
   3. We May Disclose Your Information in the Event of a Merger, Sale or Other Asset Transfers

      If we become involved in a merger, acquisition, financing due diligence, divestiture, restructuring, reorganization, bankruptcy, dissolution, sale, or transfer of some or all of our assets (whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding), or transition of Services to another provider, your Personal Information may be sold or transferred to business entities or people involved in such process. Legal basis: Art. 6(1)f GDPR (legitimate interest).

      Personal Information that you post on or through the public areas of the Services (e.g., chat rooms, bulletin boards, and discussion groups) are generally accessible to, and may be collected and used by, others which may result in unsolicited messages or other contact from others. Users of the Services are encouraged to exercise caution when providing personal information about themselves in public or interactive areas.

4. Your Privacy Choices and Rights

   You have certain choices and rights with respect to your privacy. For example, you may be able to opt out of receiving marketing messages from us, make choices regarding cookies, and exercise other privacy rights under applicable law.

   1. Mechanisms to Control Your Information
      1. Cookies and Other Tracking Technologies. You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. Please note that you cannot remove Flash cookies simply by changing your browser settings. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or may not function properly.
      2. Communications from Paperform. If you do not wish to have your contact information used by Paperform to promote our own or third-party products or services, you can opt-out by: (1) informing us of your preference at the time you sign up for your Services account (if applicable), or complete any other form on or through the Services which we collect your data; (2) modifying your user preferences in your account profile by checking or unchecking the relevant boxes; (3) following the opt-out instructions at the bottom of the promotional emails we send you; or (4) sending us an email stating your request. Please note that we may also send you non-promotional communications, however you will not be able to opt-out of these communications (e.g., transactional communications, including emails about your account; communications regarding our Services; and communications about updates to this Privacy Policy and the General Terms and Conditions of Use).
      3. “Do Not Track”. "Do Not Track" (“DNT”) is a privacy preference you can set in certain web browsers. When you turn on this preference, it sends a signal or message to the websites you visit indicating that you do not wish to be tracked. Please note that we currently exclude users from our internal analytics processing in response to DNT signals.

      The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

   2. Accessing and Correcting Your Information

      In accordance with applicable law, you may have the right to:

      1. Access Personal Information. You may access Personal Information about you, including: (1) confirming whether we are processing your Personal Information; (2) obtaining access to or a copy of your Personal Information; and (3) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the "right of data portability").
      2. Request Correction of Personal Information. You may request correction of your Personal Information where it is inaccurate, incomplete, or improperly possessed.
      3. Request Deletion/Erasure of Personal Information. You may request deletion/erasure of your Personal Information held by us about you. Please note: we cannot delete your Personal Information except by also deleting your account.
      4. Restrict/Opt-out. You may request to restrict/opt-out of the processing of your Personal Information for the purpose(s) of: (1) targeted advertising; (2) sale or sharing of personal information; or (3) profiling to make decisions that have legal or other significant effects on you.
      5. Withdraw Consent. You may have the right to withdraw consent where such consent is required to share or use Personal Information.

         If you would like to exercise any of these rights, you may send us an email at legal@paperform.co to request access to, correction of or removal of any Personal Information that you have provided to us. We will process such requests in accordance with applicable law. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

         The following are additional Consumer Privacy Rights:

      6. Non-Discrimination. Residents have the right not to receive discriminatory treatment by covered businesses for the exercise of their rights conferred by the applicable privacy law.
      7. Verification. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.

         Please note: Your exercise of these rights may be subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). As a result, we may retain certain data necessary to prevent fraud or future abuse or as otherwise required or permitted by law, including to comply with legal obligations we are subject to, as well as to establish, exercise and defend our legal claims.

   3. Your Right to Appeal

      If you are dissatisfied with the refusal of Paperform to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Information” section above, you may request reconsideration by Paperform, by sending a written request for reconsideration to the mailing address found in the “Contact Information” section below. Within sixty (60) days of Paperform’s receipt of such written request for reconsideration, Paperform shall inform you in writing (at the address indicated in your initial written request) of any action taken or not taken in response to your request for reconsideration, including a written explanation of the reasons for the decision. In addition, if your request for reconsideration is denied, you have the right to appeal to the applicable supervisory authority in your jurisdiction of residence (see subsection (D) below and the state-specific privacy notices for more information).

   4. Complaints to Data Protection Authority

      You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

   5. State Specific Privacy Rights

      A number of states require us to provide residents of those states with additional information and rights. Please scroll below to see a list of those states and the state-specific disclosures.

5. Cookies and Other Tracking Technologies
   1. Description of the Technologies. We as well as third parties that provide the content, advertising, or other functionality on the Services may use Technologies to automatically collect information through your use of the Services. The following describes some of these Technologies we may use for this automatic data collection:
      1. Cookies. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies may be stored on the hard drive of your computer either for (a) the duration of your visit on a website ("session cookies") or (b) for a fixed period ("persistent cookies"). Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of the Services.
      2. Web Beacons. Web beacons are small files that are embedded in webpages, applications, and emails (also known as "clear gifs", "pixel tags", "web bugs", and "single-pixel gifs") that collect information about engagement on our Services. For example, web beacons allow us to track who has visited those webpages or opened an email, to test the effectiveness of our marketing, and for other related website statistics.
      3. JavaScripts. JavaScripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.
      4. Entity Tags. Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or "cached" within your browser and validates these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.
      5. HTML5 Local Storage. HTML5 local storage allows data from websites to be stored or "cached" within your browser to store and retrieve data in HTML5 pages when the website is revisited.
      6. Resettable Device Identifiers. Resettable device identifiers (also known as "advertising identifiers") are similar to cookies and are found on many mobile devices and tablets (for example, the "Identifier for Advertisers" or "IDFA" on Apple iOS devices and the "Google Advertising ID" on Android devices), and certain streaming media devices. Like cookies, resettable device identifiers are used to make online advertising more relevant.
   2. Our Use of the Technologies. We may also use these technologies for security purposes, to facilitate navigation, to display information more effectively, and to better serve you with more tailored information, as well as for website administration purposes, e.g., to gather statistical information about the usage of our websites in order to continually improve the design and functionality, to understand how users use our websites, and to assist us with resolving questions regarding use of the websites.
   3. Mechanisms to Control Cookies and Other Technologies. You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. Please note that you cannot remove Flash cookies simply by changing your browser settings. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or may not function properly. In addition, cookies may be used to display relevant ads to website visitors through third party services such as Google Adwords. These ads may appear on the Website or third-party websites you visit. For information on how you can exercise your options regarding these advertisements, please see the below links:

      Facebook: https://www.facebook.com/help/568137493302217

      Google: https://support.google.com/ads/answer/2662922?hl=en

   4. Third-Party Technologies. This Privacy Policy covers the use of cookies by Paperform and does not cover the use of tracking technologies by any third parties. The Services may contain links, content, advertising, or references to other websites or applications run by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you interact with their content on the Services, such as member recruitment vendors to using Web beacons and cookies on our registration pages for payment verification. The information they collect may be associated with your Personal Information or they may collect information about your online activities over time and across different websites. Please be aware that we do not control these third parties' tracking technologies or when and how they may be used. Therefore, Paperform does not claim nor accept responsibility for any privacy policies, practices, or procedures of any such third party. We encourage you to read the privacy statements and terms and conditions of linked or referenced websites you enter. We do not endorse, screen, or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk. If you have any questions about an ad or other targeted content, you should contact the responsible provider directly.
   5. Google Analytics. The Services may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

6. Children Using or Accessing the Services

   We are especially committed to protecting the privacy of children. The Services are directed at a general audience and are not directed to nor are the Services intended for any individuals under the age of eighteen (18), European Union individuals under the age of sixteen (16) or United States individuals under the age of thirteen (13) (each individually a "Child" or collectively "Children"). If we learn we have inadvertently collected or received Personal Information from a Child, we will use reasonable efforts to immediately remove such information, unless we have a legal obligation to keep it. If you are a parent or legal guardian and believe we might have any Personal Information from or about a Child, please contact us via the information found in the “Contact Information” section below.

7. How We Protect Your Information

   We have implemented safeguards reasonably designed to secure your Personal Information. Such safeguards include the implementation of various technical, physical, administrative and organizational security measures intended to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. All information you provide to us is stored on our secure servers behind firewalls.

   The safety and security of your information is also dependent on you. If we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

   While we have employed security technologies and procedures to assist safeguarding your Personal Information, no system or network can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

8. International Transfer of Personal Information

   Paperform is domiciled in the United States and therefore, if you provide Personal Information through the Services, you acknowledge and agree that your Personal Information may be accessed by staff or other persons in, transferred to, and/or stored at, countries located outside your current location to the offices and servers of Paperform and the other third parties referenced in this Privacy Policy located in the United States, Australia, Singapore, or other countries in which data protection laws may be different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of such laws, where applicable.

   Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not been approved by the European Commission (see the full list here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), we will establish legal grounds justifying such transfer, such as EU Commission-approved standard contractual clauses, or other legal grounds permitted by applicable legal requirements.

9. Personal Information Retention Period

   We keep your information for the length of time needed to carry out the purpose outlined in this Privacy Policy and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations. Where we retain data, we do so in accordance with our record retention policies and any limitation periods and records retention obligations that are imposed by applicable law.

10. Changes to Our Privacy Policy

    We reserve the right to update this Privacy Policy from time to time in order to reflect, changes to our practices or for other operational, legal, or regulatory reasons. When we do update this Privacy Policy, we will post the updates and changes on our website. We may elect to notify you of material changes by mail, email, posting of modified Privacy Policy, or some other similar manner. However, it is your responsibility to check our website regularly for changes to this Privacy Policy. Your continued use of or access to the Services following the posting of any changes to this Privacy Policy constitutes acceptance of those changes.

11. Third-Party Websites and Applications

    Our Services may offer links to websites or applications that are not run by us but by third parties. These third-party services, websites or applications are not controlled by us, and may have privacy policies that differ from our own. We encourage our users to read the privacy policies and terms and conditions of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk.

12. Contact Information

    If you have any questions, comments and/or complaints about our privacy practices, please feel free to contact us at:

    Address: Post Office Box 4

    Summer Hill, NSW 2130

    Australia

    Email: legal@paperform.co

    Phone: +61424619055

    For Data Subjects in the EU:

    We appointed GDPR-Rep.eu as representative according to Art 27 GDPR. If you want to make use of your GDPR data privacy rights, please visit: https://prighter.com/q/16726919268

    Contact GDPR-Rep.eu:

    GDPR-Rep.eu

    Maetzler Rechtsanwalts GmbH & Co KG

    Attorneys at Law

    c/o Paperform Pty. Ltd.

    Schellinggasse 3/10, 1010 Vienna, Austria

    Please add the following subject to all correspondence:

    GDPR-REP ID: 16726919268

    We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

California Privacy Notice

California law requires us to disclose certain information related to our privacy practices. This California Privacy Notice (the “CA Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). While Paperform is not currently a covered business under the California Consumer Privacy Act of 2018 (CCPA), and California Privacy Rights Act of 2020 (CPRA) (together, the “CCPA”), we value privacy and strive to be transparent with our customers. As such, we have provided additional details below about the information we collect, how we disclose it, and how you can exercise your privacy rights under the CCPA, in the event it applies to our activities in the future. Any terms defined under the CCPA have the same meaning when used in this CA Notice. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy. As used in this CA Notice only, “personal information” has the meaning set forth in the CCPA.

To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement applicable to California residents.

1. Categories of Personal Information that is Collected, Disclosed and Shared

   The CCPA provides California residents with the right to know what categories of personal information covered businesses have collected about them and whether such businesses have disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:

   Category of Personal Information and Examples	Category of Third Parties Personal Information is Disclosed to for a Business Purpose
   Identifiers
   A real name, Internet Protocol address, email address, or other similar identifiers.	• Service providers • Advertising partners
   Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
   A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.	• Service providers • Advertising partners
   Commercial information
   Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	• Service providers • Advertising partners
   Internet or other similar network activity
   Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	• Service providers
   Geolocation data
   Physical location or movements.	• Service providers
   Sensory data
   Audio, electronic, visual, thermal, olfactory, or similar information.	• Service providers
   Professional or employment-related information
   Current or past job history or performance evaluations.	• Service providers
   Inferences drawn from other Personal Information.
   Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	• Service providers
   Category of Sensitive Personal Information and Examples	Category of Third Parties Sensitive Personal Information is Disclosed to for a Business Purpose
   Precise Geolocation Data Any data that is derived from a device, and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of  1,850 feet, except as prescribed by regulations.	• Service providers

   We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected. The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in "Personal Information We Collect" and "How We Use Your Information" above, respectively.

   We may share any of the information listed above with service providers, which are companies that we engage for business purposes to conduct activities on our behalf. Service providers are restricted from using personal information for any purpose that is not related to our engagement.

2. "Sales or Sharing" of Personal Information under the CCPA

   California residents have the right to opt out of the "sale" or “sharing” of their personal information to third parties. The CCPA defines "sale" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for monetary or other valuable consideration (which may be considered “sales” under the CCPA even if no money is exchanged). The CCPA defines “sharing” to mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

   Paperform may "sell or share" personal information. The categories of personal information we have "sold" and the categories of third parties we have "sold or shared" personal information to in the preceding twelve (12) months are listed below:

   Category of Personal Information Sold or Shared by Paperform	Category of Third Parties Personal Information is Sold or Shared to
   Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers.	• Service providers • Advertising partners
   Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number.	• Service providers
   Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	• Service providers
   Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.	• Service providers
   Inferences drawn from other personal information to create a profile about a consumer Profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	• Service providers • Advertising partners

   Paperform’s business and commercial purposes for "selling" personal information can be found in "How We Use Your Information" above. Paperform does not have actual knowledge of any "sale" of personal information of minors under eighteen (18) years of age.

3. Additional Privacy Rights for California Residents

   California residents have additional rights regarding their personal information. This section describes those additional rights and explains how to exercise those rights.

   1. Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in the “Contact Information” section above and provide written authorization signed by you and your designated agent.
   2. Opt-out of "Sales or Sharing".  California residents may opt-out of the "sale or sharing" of their personal information by contacting us as set forth in "Contact Information" section. California residents (or their authorized agent) may also exercise your right to limit the disclosure of your sensitive personal information, by clicking on this "Your Privacy Choices" link. Please note: You may also broadcast an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal).
   3. California Shine the Light. The California "Shine the Light" law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to exercise any of your rights under the law, please contact us as set forth in "Contact Information" section. We will process such requests in accordance with applicable laws.

Nevada Privacy Notice

Nevada law requires us to provide all visitors, users, and others who reside in the State of Nevada ("you") certain additional privacy rights. This Nevada Privacy Notice (the “NV Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to you. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to sell or license that Personal Information, even if your Personal Information is not currently being sold. If you would like to exercise this right, please contact us via the information found in the “Contact Information” section.

Multi-State Privacy Notice

Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia may have additional rights under relevant privacy laws, including under the Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Delaware Personal Data Privacy Act (“DPDPA”), Iowa Consumer Data Protection Act (“ICDPA”), Minnesota Consumer Data Privacy Act (effective July 31, 2025) (“MNCDPA”), Montana Consumer Data Privacy Act (“MTCDPA”), Nebraska Data Privacy Act (“NDPA”), New Hampshire Consumer Data Privacy Act (“NHCDPA”), New Jersey Data Protection Act (“NJDPA”), Oregon Consumer Privacy Act (“OCPA”), Tennessee Information Protection Act (effective July 1, 2025) (“TIPA”), Texas Data Privacy and Security Act (“TDPSA”), Utah Consumer Privacy Act (“UCPA”), and Virginia Consumer Data Protection Act (“VCDPA”), as applicable. The following additional information is required to be provided by covered businesses under applicable state laws. This Multi-State Privacy Notice (the “Multi-State Notice”) supplements the information contained in the Paperform Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the States of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia ("consumers" or "you"). We adopt this notice to comply with relevant privacy law. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy.

To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement.

1. Sharing /Disclosing Personal Data

   The CPA, CTPDA, DPDPA, ICDPA, MNCDPA, MTCDPA, NDPA, NHCDPA, NJDPA, OCPA, TIPA, TDPSA, UCPA and VCDPA require covered businesses to provide residents of their respective states with the right to know the categories of “personal data” (as defined under applicable law) covered businesses shared with / disclosed to third parties and the categories of third parties with whom such personal data has been shared / disclosed. Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia can find this information below:

   Category of Personal Data Shared	Category of Third Parties Personal Data is Shared With / Disclosed to
   Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers.	• Service providers • Advertising partners
   Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	• Service providers • Advertising partners
   Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.	• Service providers
   Geolocation data Physical location or movements.	• Service providers
   Professional or employment-related information Current or past job history or performance evaluations.	• Service providers
   Inferences drawn from other Personal Information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	• Service providers

2. “Sales” or Processing for Targeted Advertising

   Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia have the right to opt-out of the “sale” of their personal data to third parties or the processing of their personal data for targeted advertising (see Section 4(B)(iv) above). For purposes of this paragraph the definition of “sale”, “sell” or “sold” has the meaning set forth in applicable privacy law. However, please note, in accordance with applicable privacy law certain specific exceptions to “sale” and/or “targeted advertising” may apply, including the disclosure of personal data to a processor that processes personal data on behalf of a controller. If a consumer wishes to exercise their right to opt-out of the sale of personal data or processing of personal data for targeted advertising, they may do so by following this link. The categories of personal data “sold” or processed for targeted advertising can be found below:

   Category of Personal Data Sold to Third Parties or Processed for Targeted Advertising	Category of Third Parties Personal Data is Sold to or Processed by for Targeted Advertising
   Identifiers. A real name, postal address, telephone number, unique personal identifier, online identifier, email address, or other similar identifiers.	• Service providers • Advertising partners
   Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	• Service providers
   Internet or other electronic network activity Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.	• Service providers
   Inferences drawn from other personal information to create a profile about a consumer Profile reflecting a consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	• Service providers • Advertising partners

3. State-Specific Rights to Opt-Out
   1. Colorado, Connecticut, Delaware, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas and Virginia. Residents of Colorado (or an authorized agent thereof), Connecticut (or an authorized agent thereof), Delaware, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Montana, Oregon, Tennessee, Texas and Virginia may request to opt-out of the processing of your personal data for the purpose(s) of: (i) targeted advertising; (ii) sale of personal data; or (iii) profiling to make decisions that have legal or other significant effects on you. If you would like to exercise this right, you may send us an email to request to opt-out. We will process such requests in accordance with applicable law. Please note: You may broadcast an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal).
   2. Iowa and Utah. Iowa and Utah residents may request to opt-out of the processing of your personal data for the purpose(s) of: (i) targeted advertising; or (ii) sale of personal data. If you would like to exercise this right, you may send us an email to request to opt-out. We will process such requests in accordance with applicable law.
   3. Connecticut Right to Appeal a Denied Appeal. If you are a resident of the State of Connecticut and your request for reconsideration of Notable’s refusal to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Personal Information” section of the Privacy Policy is denied, you have the right to file a complaint with the Connecticut Office of the Attorney General by visiting the “File a Compliant” page here or contacting the Consumer Assistance Unit at 860-808-5420.
   4. Additional Minnesota Rights. If you are a resident of the State of Minnesota, you have the right to: (i) request the specific third parties to whom Company has disclosed Personal Information; and/or (ii) question the results of Company’ profiling to the extent it produced legal effects.