Privacy Policy

Last Updated on March 18, 2019

 

Who we are

If you are here, it means that you value your privacy. We understand it perfectly and that is why we have prepared for you this Privacy Policy.

This website is owned by Martin Koziello, GEMINI Martin Koziello, ul. Jaroslawa Dabrowskiego 82D/35, 02-571 Warsaw, Poland, TIN: 7412004790 (“Pen to Paper“, “we”, “our”, or “ours”).

This Privacy Policy’s main goal is to help you understand what kind of information we gather when you browse our website (https://pentopaper.org), leave a comment, send a book-review request, use any of our services, or contact us in any way, and how we collect, process, store, disclose, and delete that information.

This Privacy Policy covers only and exclusively our website, and does not apply in any way to the way information is collected, processed, used, shared, rented, disclosed, and deleted by any other website, company, or platform we have no control over.

We do not take any responsibility for any personal information or sensitive data that we may learn about you on account of your breaching the terms of this Privacy Policy, our Cookie Policy, or our Review Policy, nor are we obliged to process and store that kind of data. It will be deleted immediately and permanently. For example, if you send us, against our will, a physical copy of your book that, most likely, will have your return address written on the envelope.

We do not take any responsibility for any personal information or sensitive data that you may disclose to us or to other users of your own accord, unasked by us, either intentionally or unintentionally, while using our services or our website (through our website’s comments system, social-media functionality, book-review requests, or in any other way). For example, if you voluntarily reveal sensitive information about you in a comment or in a book-review request.

If you have an account on our website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase the personal data we hold about you (This does not include any data we are obliged to keep for administrative, legal, or security purposes). To this end, contact us at the e-mail address provided below this paragraph.

If you have any questions regarding this Privacy Policy or information we gather about you, contact us at:
privacy [at] pentopaper.org

If you do not accept the terms stated in this Privacy Policy, we advise you to cease using our website and our other services altogether.

 

A Quick Overview of this Privacy Policy

We deeply care about your privacy and the security of your data, but we also care about your time. For this reason, we have compiled for you this overview of our Privacy Policy:

  • When you browse our website (https://pentopaper.org), leave a comment, send us a book-review request, use any of our services, or contact us in any way, we receive personal information from you, and we assure you that your data will be kept safe, confidential, and will not be shared with any third parties without your clear consent.
  • We entrust the processing of our visitors’ personal information only to reliable and safe third parties that specialize in the processing of personal data.
  • We entrust your personal data to such third-party companies as Automattic Inc., the provider of the Akismet service, which guarantee the highest level of security of data due to their compliance with the data protection requirements of the GDPR.
  • We use Google Analytics. Because of that the tracking code built into our website collects data about your activity whenever you are browsing it. This kind of data does not allow your identification. The tracking tool uses cookies provided by Google LLC and connected with the Google Analytics service. If you wish to prevent the use of tracking data by Google, you can download an opt-out plug-in they provide and install it in your browser. The plug-in can be found here: Google Analytics Opt-Out Plug-in.
  • We use the Akismet service to filter out spam in the comments section of our website. This service uses cookies provided by Automattic Inc. We do not have access to the type of data being stored in those cookies whose purpose is facilitating the proper functioning of this service.
  • We provide the possibility of sharing the content from our website via social-media platforms. Using such a service may entail employing cookies provided by a given social-media platform.
  • Our website also uses cookies that are necessary for its proper functioning. Those cookies store, among others, your consent to the use of cookie files.
  • We may embed content from third-party websites like YouTube. In this case, our website will use cookie files provided by Google LLC and related to the YouTube service (including DoubleClick cookies). Cookies provided by YouTube are placed on your device only when you start watching an embedded video. If you object to the use of YouTube cookies, refrain from watching any videos embedded in our website.
  • If you click on a link, a linked picture, or an advertisement located on our website, you may be linked to other websites. This Privacy Policy does not cover those websites’ privacy policies or cookie policies, nor are we responsible for those websites’ content, privacy practices, or the amount and type of data they collect. We strongly encourage you to familiarize yourself with the privacy policies posted on those, and any, websites you browse.
  • Our website is located on a server, which, as every server, generates logs. Such logs store information like the users’ IP addresses, the date, time, and length of a request, bytes served, user’s software (including the browser type and operating system). All that information is used by the hosting provider for the operational purposes only.
  • We use PayPal, a third-party payment service, which, while processing your payment, will collect and process your personal data and this action will be covered by their privacy policy and not our Privacy Policy. We are not responsible for the way this third party will be collecting, processing, and disclosing your personal data.

If you would like to learn more about the above-mentioned key themes of this Privacy Policy, we encourage you to read their detailed explanation below:


Personal data

Your personal data will be processed by Martin Koziello, GEMINI Martin Koziello, ul. Jaroslawa Dabrowskiego 82D/35, 02-571 Warsaw, Poland, TIN: 7412004790.


What is personal data?

According to the definition provided by the General Data Protection Regulation (GDPR): “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

In short, it is any kind of information that enables one to identify you as an individual and is in any way related to you.


Purposes, the legal basis, and the length of the processing of your personal data 
are indicated separately for each instance of data processing taking place on our website, or in every one of our services (you can read about them below).

 

Your Rights

Under the GDPR, you have the following, potential rights in regard to the processing of your personal data:

  • You have a right to access and request to receive a copy of the personal data we hold about you, including any data you have provided to us.
  • You have a right to correct the personal data we hold about you.
  • You have a right to request that we erase the personal data we hold about you if you disagree with the way we process it.
  • You have a right to request that we limit the processing of your personal data (e.g. to archiving it) if, in your opinion, we possess the incorrect data about you or if you believe that we process it incorrectly.
  • You have a right to object to the way we process your personal data if your objection is based on your legitimate interest; you should indicate a particular situation in which, in your opinion, we should stop processing your personal data. We will stop processing your personal data within the scope of such a situation unless we will be able to prove that the legal basis for this processing takes precedence over your rights in this matter or unless your personal data will be indispensable for us to identify, pursue, and defend actual or potential legal claims.
  • You have a right to move your personal data. You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request to have your personal data sent to any third party of your choice.
  • You have a right to lodge a complaint to the supervisory authority (if you come to the conclusion that we process your personal data improperly or incorrectly, you can lodge a complaint to the President of the Personal Data Protection Office or to other appropriate supervisory authority).

The legal basis for the above-mentioned rights is described in the articles 16-21 of the GDPR. We encourage you to familiarize yourself with them. We would like to inform you that the above-mentioned rights are not absolute and shall not apply to you in all instances of the processing of your personal data.

However, there is one right you will always have if you decide that we have infringed the regulations of the personal data processing, and that right is lodging a complaint to the President of the Personal Data Protection Office or to other appropriate supervisory authority.

You can also request that we inform you what kind of personal data we gather and process about you and to what purpose (to this end, contact us at: privacy [at] pentopaper.org). However, we have made every effort to include in this Privacy Policy all the necessary information about the ways we process personal data. You can contact us at this e-mail address in order to ask us any questions regarding the information we gather about you.

 

How we collect and why we collect personal data

We collect personal information when you:

  • browse and interact with our website (https://pentopaper.org),
  • leave a comment,
  • use the social-media functionality,
  • send us a book-review request,
  • contact or interact with us in any other way.

We do so in order to constantly improve our services and to provide you with the best possible customer experience when you use our website or any of our services.


Information Disclosure

We do not knowingly sell or transfer any information about you to any third parties in order to facilitate their advertising to you. Every personal information you provide to us (either directly via our comments system, e-mails sent to us, our social-media functionality, or indirectly by browsing our website) is collected and processed in order to allow us to better understand the needs of our customers and to improve our services.

We share that information only with the third parties delivering a particular service to you for the purpose of making that service possible. We do not knowingly sell, rent, or share any information with any other third parties for advertising purposes.


Data Security

We deeply care for the confidentiality of all the information you provide to us. We also take all the necessary steps to ensure the safety and protection of such information as it is required by the regulations of the GDPR. All the personal data we process is collected with due care and protected against access by any unauthorized third parties.

We use an encrypted connection (SSL) in order to ensure the protection of data transmission between our website and your browser.

 

Who we share your personal data with and where we send your data

As it has already been mentioned in the sections above, we share your personal information with a handful of third parties, depending on the type of service we deliver to you:

  • A hosting provider – in order to store the necessary personal data on the server.
  • A company providing technical support for your website – in order to facilitate the website maintenance service that may require access to your personal data.

Additionally:

  • If you browse our website, information about your actions will be transferred to, and processed by, Google Analytics (you can read more about that in the section devoted to Google Analytics). We stress that we prohibit Google Analytics from collecting your full IP address.
  • If you leave a comment, it may be transferred to Akismet for the purpose of detecting spam messages (you can read more about that in the section devoted to Comments).
  • If you give your consent to our use of cookies on your device, the information will be shared with, and processed by, Cookiebot (you can read more about that in the section devoted to Cookies).
  • If you send us a book-review request or contact us via e-mail, your personal information will be stored and processed by our e-mail provider (you can read more about that in the section devoted to Correspondence and Book Review Requests).
  • If you decide to have a book reviewed by us, your personal data may be shared with the book reviewers cooperating with us, and who will make every effort to protect your personal data with due care.

The above-mentioned third parties process your personal data on the basis of sub-processing agreements with us that are in line with the GDPR. They guarantee the use of adequate protection measures and the safety of processed data as required by the law.

If the need arises, your personal data may be shared with law firms in order to allow them to provide us with legal assistance that may require access to your personal data.

Additionally, if necessary, your personal data may be made accessible to the institutions authorized to have access to such data according to the law such as the police, the security forces, the public prosecutor’s office, or the courts of law.

 

Sending personal data to third countries

Because our website is based in Poland, Europe, all the personal data we collect is being sent, stored, and processed there. All the entities located there, in Poland, and taking part in our providing you with our service guarantee the adequate level of safety and protection of your personal data that is in line with the requirements of the GDPR.

If you do not agree to the sending of your personal data to these countries, we advise you to cease using our services, especially those like sending us book-review requests and contacting us in any way.

 

THE PURPOSES AND INSTANCES OF DATA PROCESSING

Advertisements

You may see advertisements appear on our website, but they are non-personalized ads. They are not tailored expressly to you and your needs by means of any script gathering data about you, or on the basis of your browsing history. There is no such a script on our website. They work like traditional advertising mediums; their content has been previously scheduled and is in no way dependent on your former or current browsing habits or your behavior in the internet or on our website.

If you choose to click on advertisements located on Pen to Paper, you will be linked to particular websites provided by the advertisers (third-party advertisers). This Privacy Policy does not cover those websites’ privacy policies or cookie policies, nor are we responsible for those websites’ content, privacy practices, or the amount and type of data they collect. We also do not take responsibility for those websites’ actions or practices in general. We strongly encourage you to familiarize yourself with the privacy policies posted on those, and any, websites you browse.

 

Comments

When visitors leave comments on our website we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. Giving us that kind of data is voluntary, but necessary, to leave a comment on our website.

The personal data that you share with us is processed in order to allow you to leave a comment on our website. In this case, the legal basis for the processing of your personal data is your consent (Article 6, paragraph 1, subparagraph a) of the GDPR) resulting from the fact of your leaving a comment on our website.

An anonymized string created from your e-mail address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service’s privacy policy is available here: The Gravatar’s Privacy Policy. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Comments left on our website are checked through a spam detection service, Akismet, and thus your personal data is shared with Akismet for that purpose. You can read their privacy policy here: Akismet’s Privacy Policy.

We do not take any responsibility for any personal information or sensitive data that you may disclose to us or to other users of your own accord, unasked by us, either intentionally or unintentionally, while using our services or our website (through our website’s comments system, social-media functionality, book-review requests, or in any other way).

At any time, you can remove a comment you have left on our website.

 

E-mail correspondence with us

If you choose to contact us, you will share with us your personal data contained in the body of your e-mail, in particular your name and e-mail address. Your sharing that kind of data with us will be voluntary, but necessary, in order to establish contact between us. When you submit a review request to our website, your name, e-mail, and the details of your request are saved on the server. They are stored there to help us view, manage, and process your review request. Additionally, your personal data may be shared with the book reviewers cooperating with us, and who will make every effort to protect your personal data with due care.

In this case, your personal data is processed in order to allow you to establish contact with us, and the legal basis for the processing of your personal data is Article 6, paragraph 1, subparagraph a) of the GDPR, that is, your consent resulting from your initiating contact with us. The legal basis for the processing of your personal data after the contact is finished is our legitimate objective of archiving all our correspondence for our internal purposes (Article 6, paragraph 1, subparagraph f) of the GDPR).

Our correspondence may be subjected to archiving and we are unable to determine when it will be erased. You have a right to request to receive the history of our correspondence (if it has been archived), and to have it erased, unless we have a legitimate interest (taking precedence over your right) in retaining that correspondence, in particular to allow our defense against any actual or potential legal claims.

Please refrain from sending us any unnecessary personal data. That kind of personal data will not be stored by us, but deleted permanently. This applies, in particular, to any personal data being disclosed to us by means of your breaching the terms of this Privacy Policy, our Cookie Policy, or our Review Policy (e.g. when you send us, against our will, a physical copy of your book that, most likely, will have your return address written on the envelope).

 

Cookies

Our website uses cookies.

(Here is a quick rundown of the main issues related to our use of cookies. 
You can read the full text of our Cookie Policy here: Pen to Paper’s Cookie Policy)

Cookies are small text files that are placed on your device (a computer, tablet, or smart phone) which can be used by our website (first-party cookies) or third parties (third-party cookies). Cookies are used by websites to make a user’s experience more efficient. The law states that we can, by default, place cookies on your device if they are strictly necessary for the operation of our website. For all other types of cookies we need your permission.

Our website uses various types of cookies. Some cookies expire and are removed from your device the moment you leave our website (session cookies). Other cookies are stored on your device and allow us to recognize your browser (along with your preferences) every time you visit our website (persistent cookies). There are also cookies that are placed on your device by third-party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

If you want to learn more about cookies, you can read the following material: https://en.wikipedia.org/wiki/HTTP_cookie

Below you can find the detailed information about our use of cookies: 

Consent to the use of cookies
Upon your first visit to our website (or after you have erased cookie files stored on your device) a pop-up banner will appear, asking for your consent to our use of cookies. In the pop-up you can choose which cookies you accept and which you do not. There will be cookies essential to the functioning of our website, those responsible for tracking by Google Analytics (you can read about it in the Google Analytics section of this Privacy Policy), and others.

The cookie-banner service is provided to us by Cookiebot, which gathers, stores, and processes the data about your consent. Their privacy policy can be found here: Cookiebot’s Privacy Policy.

Prior to your giving consent, no cookies will be placed on your device, with the exception of the files indispensable to the functioning of our website (which is allowed by the law). You can always change or revoke your consent to our use of cookies. You can also access and modify the type of cookies being stored on your device in the settings of your browser (in the preferences panel of your browser you should be able to find the options necessary to change your browser’s cookie settings).

Remember that by limiting or disabling the use of cookies by your browser, you may encounter difficulties while browsing our website as well as other websites that use cookies.

If you leave a comment on our website you may opt-in to saving your name, e-mail address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to our website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

We have neither access to, nor control over, cookies used by websites or third parties advertising on, or liking from, our website, and this Privacy Policy does not cover their use of cookies.

First-party cookies
Those are cookie files that we use in order to ensure the proper functioning of our website. In those cookies is stored, among other things, your consent to our use of cookies on your device.

Third-party cookies
Our website, just as most modern websites, makes use of services provided by third parties which entails the use of cookies provided by such third parties. The details of our use of such cookies is explained below:

 

Google Analytics

Our website uses Google Analytics (provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The reason for it is our legitimate interest which is creating web statistics and analyzing the traffic on our website in order to learn how to provide the best possible service and reading experience to you, as our website’s visitor.

Google Analytics automatically gathers and sends page view events (and potentially video play events) over to Google servers (where they are also stored), and it shows us:

  • the type of your browser and your operating system,
  • the pages you visit,
  • the date and duration of your visit on a given page,
  • the bounce rate,
  • the page from which you came to our website,
  • your movements among the subpages of our website.

However, in compliance with the law, we prevent Google Analytics from collecting sensitive data like our visitors’ full IP addresses. To this end, we use the IP Anonymization feature, which shortens your IP address before sending it to Google (only under exceptional circumstances you IP address will be sent to Google in full and shortened there). Your anonimized IP address is being sent by your browser and is, in principle, not connected with other data used by Google. However, we do not take any responsibility for Google’s policy and the possible changes in it.

Upon your first visit to our website (or after you have erased cookie files stored on your device) a pop-up banner will appear, asking for your consent to our use of cookies—among them will be the ones used by Google Analytics. Prior to your giving consent, no cookies related to tracking will be placed on your device.

We would like to stress that by our use of the Google Analytics feature, we do not collect any data that may serve to identify you.

In order to use the Google Analytics feature, we have built into our website a special tracking code provided by Google. Google Analytics tracking code makes use of cookies provided by Google LLC, related to its Google Analytics feature. If you wish to prevent the use of tracking data by Google, you can download an opt-out plug-in they provide and install it in your browser. The plug-in can be found here: Google Analytics Opt-Out Plug-in.

The services of Google Analytics and Google Analytics 360 have obtained ISO 27001 certification. ISO 27001 certification is one of the most widely respected kinds of certification in the world, and it testifies to the fact that Google Analytics and Google Analytics 360 comply with the relevant requirements and regulations in their field.

In this Privacy Policy, we detail the use of cookies by Pen to Paper only and not by third parties like Google Analytics. For more information about the specific type of data they collect, please refer to the appropriate Google Analytics documentation. You can read it here: Google’s Privacy Policy and here: Google Analytics Answers. 

 

Akismet – spam detection service

We use the Akismet service to filter out spam in the comments section of our website. This service uses cookies provided by Automattic Inc. We do not have access to the type of data being stored in those cookies whose purpose is facilitating the proper functioning of this service. You can read their privacy policy here: Akismet’s Privacy Policy.

 

Media

If you upload images to our website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to our website can download and extract any location data from images on our website.

 

Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. 

We may embed content from third-party websites like YouTube. In this case, our website will use cookie files provided by Google LLC and related to the YouTube service (including DoubleClick cookies).

Whenever you watch an embedded video, Google is notified about it, even if you do not have a Google profile, or if you are not logged in. Such information is sent (along with your IP address) by your browser directly to Google servers, and is stored there.

If you are logged in your Google profile, Google will be able to link your visit to our website to your Google profile. The purposes and scale of the processing, storing, and using your personal data by Google, as well as your rights, the means of contact with them to obtain the answers to your questions, and the ways to make changes in their privacy settings have been explained in Google’s Privacy Policy. You can read it here: Google’s Privacy Policy.

If you object to Google’s gathering that kind of data about you and your visits to our website (related to the video files you watch or other types of content you browse) and linking it to your Google profile, you have to log out of your Google profile prior to the visit to our website. You can also entirely block the third-party functionalities which you can find on our website by using certain plug-ins installed in your browser, like the ones blocking scripts.

Cookies provided by YouTube are placed on your device only when you start watching an embedded video. If you object to the use of YouTube cookies, refrain from watching any videos embedded in our website.

 

Social Media

Our website allows you to share our content via social-media platforms like Twitter, Facebook, LinkedIn, and Reddit.

If you decide to use one of our social-media share buttons, your browser will establish a direct connection with the social-media provider of your choice. The content of the social-media plug-in is transferred directly by a given social-media provider to your browser and integrated with our website.

On account of this connection, the social-media provider is notified that your browser displays our website, even if you do not have a social-media profile, or if you are not logged in. That kind of information (along with your IP address) is sent by your browser directly to the given social-media provider, and is stored there.

If you choose to log into one of social-media platforms, a given social-media provider will be able to link your visit to our website to your social-media profile. If you use the social-media plug-in built into our website by clicking on a button “Like” or “Share”, a notification will be sent to the social-media provider of your choice and it will be processed and stored on its server.

By using the social-media functionality on our website, you share information with other users, with people added as contacts on the contact list of your social-media profile, as well as with the social-media platform itself via your social-media account. This action will no longer be covered by our Privacy Policy, but by the privacy policy of the social-media platform providing this service. The purposes and scale of the processing, storing, and using your personal data by social-media providers, as well as your rights, the means of contact with them to obtain the answers to your questions, and the ways to make changes in their privacy settings have been explained in the privacy policy of a given social-media provider. You can read it here:

If you object to social-media providers’ gathering that kind of data about you and your visits on our website and linking it to your social-media profile, you have to log out of your social-media profile prior to the visit to our website. You can also entirely block the social-media functionality which you can find on our website by using certain plug-ins installed in your browser, like the ones blocking scripts.

We do not take any responsibility for any personal information or sensitive data that you may disclose to us or to other users of your own accord, unasked by us, either intentionally or unintentionally, while using our services or our website (through our website’s comments system, social-media functionality, book-review requests, or in any other way).

 

Server logs

Our website is located on a server, which, as every server, generates logs. Such logs store information like the users’ IP addresses, the date, time, and length of a request, bytes served, user’s software (including the browser type and operating system). All that information is used by our hosting provider for the operational purpose only.

The information contained in server logs is not associated with particular individuals and is not used as a means of identifying the particular individuals browsing our website or using any of our services.

Server logs constitute an ancillary material used to help us manage our website more efficiently, and their content is not disclosed to anyone else than the individuals authorized to manage and maintain the server.


How long we retain your data

If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

 

Children online privacy protection

Our website and our services are intended for people who are, at least, 13 years old or older. Therefore, we do not knowingly or intentionally gather any kind of information from anyone under 13 years of age. If you are 13 years old and below and want to use our services, ask your parents to use them for you.

 

Changes and updates to this policy

We reserve the right to periodically review and update this Privacy Policy. When we do it, we will post the updated date at the top of the page.  

%d bloggers like this: