top of page
  • Facebook
  • Twitter
  • Instagram

Our

Privacy Policy

Your privacy, our priority
As Safe as Houses

At Mypaper.uk, we are committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, share, and store your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.​

1. How we collect information​

 

We collect personal data directly from you when you:

  • Register for an individual subscription to our personalized newspapers.

  • Provide consent through a legally authorized representative if you lack the capacity.

  • Contact us for support or inquiries.

  • Submit feedback or reviews.

  • Sign up for newsletters or marketing communications.

  • Interact with us via social media or third-party platforms.

Indirect Collection:

We may collect personal data from publicly available sources or third parties where it is lawful to do so.

Legal basis for collection:

  • Consent: When you or your legally authorised representative provide explicit consent for specific purposes (e.g., marketing communications, processing health-related information).

  • Contractual Necessity: To perform a contract with you or take steps at your request before entering into a contract.

  • Legal Obligation: To comply with legal or regulatory obligations.

  • Vital Interests: In rare cases, to protect your vital interests or those of another person.

Data minimisation and purpose limitation:

We collect only the personal data necessary for the specified purposes and ensure it is not used for purposes incompatible with the original reason for collection.

2. What information we collect​

 

We may collect the following categories of personal data:

  • Contact Information: Name, postal address, email address, and telephone number.

  • Account Information: Subscription preferences and payment details.

  • Communication Data: Records of communications, inquiries, feedback, and reviews.

  • Personalisation Data: Life story details, preferences, interests, and other information necessary for creating personalised newspapers.

  • Special Category Data: Health-related information pertinent to individuals living with dementia.

Children's Data:

Our services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

Handling Data of Individuals Lacking Capacity:

For individuals who may lack the capacity to consent due to dementia or any other condition:

  • Consent from Legal Representatives: We obtain explicit consent from a legally authorized representative, such as someone with power of attorney.

  • Verification of Authority: We verify the authority of the person providing consent by requesting legal documentation (e.g., power of attorney certificate).

3. How we use your information​

 

We use your personal data for the following purposes:

  • Service Provision: To process subscriptions, manage accounts, and deliver personalized newspapers.

  • Content Personalization: To generate content tailored to individual needs using locally run AI technologies.

  • Customer Support: To respond to inquiries and provide support.

  • Marketing Communications: To send newsletters, updates, and promotional materials with your explicit consent.

  • Service Improvement: To analyze and improve our services and user experience.

  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce agreements.

  • Vital Interests: In emergency situations, to protect your vital interests or those of another person.

Legal Basis for Processing:

  • Consent: For marketing communications and processing special category data (health-related information).

  • Contractual Necessity: To fulfill our contractual obligations to you.

  • Legal Obligation: To comply with applicable laws and regulations.

  • Vital Interests: To protect the vital interests of you or another person.​

Automated Decision-Making and Profiling:

We use automated processing, including AI technologies like Llama running locally within the UK, to personalise content and enhance user experience. This processing does not produce legal or similarly significant effects on you.

  • Impact on Users: The automated processing is used solely to tailor content to your preferences, enhancing the quality of our services.

  • Right to Object: You have the right to object to automated decision-making and profiling. To exercise this right, please contact us using the details provided.

4. Sharing your information​

 

We do not sell or rent your personal data to third parties for marketing purposes.

Third-Party Processors:

  • Local AI Processing: We use AI technologies, such as Llama running in local mode, to process data locally within the UK. This ensures that your data remains under UK GDPR protection and is not transferred outside the UK.

  • Service Providers: We may share your data with third-party service providers (e.g., payment processors, hosting services) who assist us in delivering our services. All such providers are contractually obligated to protect your data and comply with GDPR.

Data Processing Agreements (DPAs):

We have DPAs in place with all third-party processors to ensure they comply with GDPR requirements, including data security and confidentiality obligations.

International Data Transfers:

Your data is processed and stored within the UK. We do not transfer your personal data outside the UK or the European Economic Area (EEA). If future transfers are necessary, we will ensure appropriate safeguards are in place and update this policy accordingly.

Other Disclosures:

We may disclose your personal data:

  • To comply with legal obligations or respond to lawful requests by public authorities.

  • To protect our rights, privacy, safety, or property, and/or that of you or others.

5. Data security measures​

 

Technical Measures:

We employ the following technical measures to protect your data:

  • Encryption: Data in transit is protected using SSL/TLS protocols, and data at rest is encrypted using industry-standard encryption (e.g., AES-256).

  • Firewalls and Anti-Malware: Robust firewall systems and regularly updated anti-malware software are in place.

  • Access Controls: Access to personal data is restricted to authorized personnel through authentication processes.

  • Regular Security Audits: We conduct regular security assessments and vulnerability scans to identify and address potential threats.

  • Secure Disposal: All data is securely deleted or destroyed when no longer needed, using methods such as data wiping or shredding of physical documents.

Organisational Measures:

  • Policies and Procedures: Comprehensive data protection policies guide our data handling practices, including incident response and employee responsibilities.

  • Access Restrictions: Only personnel who need access to personal data for their role are granted access.

  • Confidentiality Agreements: All future employees and contractors will be required to sign confidentiality agreements.

  • Regular Training: While we currently have no employees, we are committed to providing regular data protection training to all staff in the future.

Incident Response Plan:

We have an incident response plan to promptly address and mitigate any data breaches, ensuring compliance with notification requirements.

6. Data retention​

 

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law.

  • Subscription Data: Retained for the duration of your subscription and for an additional 12 months thereafter to comply with legal obligations and for record-keeping purposes.

  • Personalization Data: Retained while providing personalized services and deleted upon termination of the service or upon your request.

  • Communication Records: Retained for 12 months for quality assurance and legal purposes.

  • Legal Requirements: Certain data may be retained for longer periods if required by law (e.g., financial records retained for 6 years per UK tax laws).

Deletion Procedures:

After the retention period, personal data is securely deleted or anonymized to prevent unauthorized access or use.

7. Your rights​

 

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: Obtain confirmation and access to your personal data.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure: Request deletion of your personal data under certain conditions.

  • Right to Restrict Processing: Request limitation of your data processing.

  • Right to Data Portability: Receive your data in a structured, commonly used format (e.g., CSV, XML).

  • Right to Object: Object to processing based on legitimate interests.

  • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

  • Rights Related to Automated Decision-Making: Challenge decisions made solely by automated means and request human intervention.

Exercising Your Rights:

To exercise your rights, please contact us:

Process for Exercising Rights:

  • Submission: Send your request via email, telephone, or postal mail.

  • Verification: We may request additional information to verify your identity, such as a copy of a government-issued ID. This information will be securely handled and deleted after verification.

  • Response Timeframe: We aim to respond to all legitimate requests within one month. If the request is complex or numerous, we may extend this period by an additional two months, and we will inform you accordingly.

  • Fees: We do not charge a fee for processing your request unless it is manifestly unfounded or excessive.

Right to Lodge a Complaint:

f you believe your data protection rights have been violated, we encourage you to contact us directly at info@mypaper.uk. We are committed to doing everything we can to resolve any concerns. However, if we are unable to address the issue to your satisfaction, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Telephone: 0303 123 1113
Website: www.ico.org.uk

8. Cookies and similar technologies​

 

Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and for security purposes.

Types of Cookies Used:

  • Essential Cookies: Necessary for website functionality (e.g., session management).

  • Analytics Cookies: Help us understand how visitors interact with our site.

  • Preference Cookies: Remember your preferences and settings.

Cookie Consent:

We obtain your explicit consent for non-essential cookies in compliance with the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR.

Managing Cookies:

You can manage your cookie preferences through our Cookies Policy and adjust settings in your web browser. You can withdraw your consent at any time.

9. Consent for special category data​

 

For processing special category data, such as health-related information, we obtain explicit consent from:

  • Individuals with Capacity: Directly from the individual if they have the capacity to consent, using clear opt-in forms.

  • Legal Representatives: From the legally appointed power of attorney or legal guardian if the individual lacks capacity.

Documentation of Consent:

Consent is documented through:

  • Written Consent Forms: Signed by the individual or their legal representative.

  • Electronic Consent: Confirmed through explicit opt-in mechanisms (e.g., ticking a consent box during the sign-up process), accompanied by clear information about the processing activities.

  • Record Keeping: We maintain records of when and how consent was obtained.

Withdrawal of Consent:

You or your legal representative can withdraw consent at any time by contacting us. Upon withdrawal, we will cease processing your special category data unless we have another legal basis to do so.

10. Data protection impact assessment (DPIA)​

 

We have conducted a Data Protection Impact Assessment to identify and mitigate risks associated with processing personal data using AI technologies and automated decision-making.

Summary of Findings:

  • Risks Identified: Potential for unauthorized access to personal data, data breaches, and biases in automated content personalization.

  • Mitigation Measures: Implemented robust security protocols, regular audits, and human oversight of AI outputs to ensure accuracy and fairness.

11. Data protection contact​

 

While we have not appointed a Data Protection Officer, we have designated a Data Protection Lead responsible for overseeing compliance with this Privacy Policy.

12. Updates to this policy​

 

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

Notification of Changes:

  • Advance Notice: We will notify you at least 30 days in advance of significant changes to this policy.

  • Methods of Notification: Notifications will be sent via email and posted prominently on our website.

  • Effective Date: Updates will include a new effective date at the top of the policy.

By continuing to use our services after the effective date, you acknowledge the updated Privacy Policy.

13. User responsibilities​

​​

  • Accuracy of Data: You are responsible for ensuring that the personal data you provide is accurate and up-to-date.

  • Updating Information: You can update your personal data by contacting us or through your account settings (if applicable).

  • Consent for Third-Party Data: If you provide personal data about another individual, you must have their consent or legal authority to do so.

14. Provision of data and consequences​

 

Providing personal data is necessary for us to:

  • Enter into a Contract: We cannot provide our services without certain data.

  • Legal Compliance: Failure to provide data may result in non-compliance with legal obligations.

If you choose not to provide the necessary personal data, we may not be able to offer you certain services.

15. Complaints handling procedure​

 

We are committed to addressing any concerns you may have regarding your personal data.

Process:

  1. Contact Us: Reach out to our Data Protection Lead using the contact details provided.

  2. Acknowledgment: We will acknowledge your complaint within five business days.

  3. Investigation: We will investigate your complaint and aim to provide a resolution within one month.

  4. Escalation: If you are not satisfied with our response, you have the right to lodge a complaint with the ICO.

16. Terms of service​

 

For more information on user responsibilities, acceptable use, and legal disclaimers, please refer to our Terms of Service.

17. Data portability​

 

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Process:

  • Request Submission: Contact us to request data portability.

  • Formats Available: We provide data in formats such as CSV or XML.

  • Timeframe: We will fulfil your request within one month, unless extensions apply due to complexity.

18. Security of data during transmission​

 

We take measures to protect your data during transmission over the internet.

  • Secure Protocols: We use HTTPS and SSL/TLS protocols to encrypt data transmitted between your device and our servers.

  • User Practices: We recommend using secure networks and keeping your login credentials confidential to enhance security.

19. Record of processing activities​

 

We maintain detailed records of our data processing activities as required by Article 30 of the GDPR. This demonstrates our commitment to accountability and transparency in handling personal data.

20. Data breach response plan​

 

Our Data Breach Response Plan includes:

  • Detection and Reporting: Procedures for identifying and reporting suspected breaches internally.

  • Assessment: Steps to assess the scope and impact of the breach.

  • Notification: Guidelines for notifying affected individuals and the ICO within 72 hours if necessary.

  • Mitigation: Strategies to contain and remediate the breach, including restoring data from backups and enhancing security measures.

21. Internal policies and training​

 

We have established internal policies to ensure data protection compliance, including:

  • Information Security Policy: Outlining technical and organisational measures to protect data integrity and confidentiality.

  • Data Retention Policy: Defining retention periods and secure disposal methods for different data categories.

  • Employee Training: While we currently have no employees, we plan to conduct regular training on GDPR principles, data handling best practices, and security measures for all future staff.

22. Transparency in AI usage​

 

We use AI technologies like Llama, running locally within the UK, to personalise content for our users.

  • Purpose: Enhance user experience by tailoring content to individual preferences and needs.

  • Data Processing: Your data is processed securely within our local systems, ensuring it remains under UK GDPR protection.

  • Human Oversight: We implement human review of AI outputs to maintain accuracy and relevance.

  • Impact on Users: The AI usage does not have legal or significant effects on you but improves the personalisation of our services.

23. International data transfers​

 

We confirm that your personal data is not transferred outside the UK or EEA. If future business needs require international data transfers, we will:

  • Safeguards: Implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) and encryption.

  • Transparency: Update this Privacy Policy to reflect any changes and inform you accordingly.

bottom of page