Paper River Privacy Policy for CloudPack
January 2018
Thanks for entrusting Paper River with your handling your scanned documents and your personal information. Your privacy is important to us and holding onto your private information is a serious responsibility. Our services and products can only exist if our customers trust us and our customers can be sure their data is secure. Thus, privacy has the highest priority for us and we want you to know how we're handling it.
The cloudpack.paper-river.co.uk website and CloudPack connector for ShareScan are developed and maintained by Paper River Consulting Ltd. If you do not agree to our Privacy Policy and the other terms stated below, please do not use our products or services and please do let us know about your concerns. We reserve the right to change our Privacy Policy and other terms stated below at any time. If changes occur, we will clearly indicate such alterations at the top of this page with the date of modification.
The Policy
This privacy policy is for this website: cloudpack.paper-river.co.uk and the CloudPack connector for ShareScan which are developed and maintained by Paper River Consulting Ltd., The Nexus Building, Broadway, Letchworth Garden City, Hertfordshire, SG6 3TA, UK. The policy governs the privacy of the users of this website and the connector and those who choose to use them. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations).
This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhere to. Additionally, it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer / device in order to serve it to you. Our contact information is provided on the following page http://www.paper-river.com/About-Us.php if you have any questions.
The DPA & GDPR May 2018
Paper River and this website comply with the DPA (Data Protection Act 1998) and already comply with the GDPR (General Data Protection Regulation) which comes into effect from May 2018. We will update this policy accordingly after the completion of the UK's exit from the European Union.
Use of Your Personal Data
We use your personal data to provide our service only.
When you register on the site we store:
- Your registration details – your username, your name, your email address, company name, address and phone number.
- We also store the names and email addresses for the users you set up on the system.
The password you create as part of your login credentials is encrypted for storage. This refers to the specific password you provided as part of your registration on the site and is not your Google Drive or other passwords which we do not require nor store.
We may log your IP address and time of access to prevent abuse of our service and for broad demographic analysis. We do not link this information to any personally identifiable information. We do not collect any data from your uploaded files.
Why do we collect this?
- We need your User Personal Information to create your account, and to provide the services you request.
- We use your User Personal Information, specifically your user name, to identify you on the website.
- We use your email address to communicate with you only for reasons you’ve approved in direct association with the use of this website. We do not pass on your email address or those of your users to any third-party unless required to by law or we have previously requested your direct consent.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.
At this point it is emphasized that we do not read or collect content, metadata or other data from the documents that are scanned and uploaded using the connector.
Token Storage
The website stores and manages Google Drive OAuth access tokens for your users:
- Paper River will only store any User Access Tokens until the time they are first used. After that, any refresh tokens will only be stored on the customers systems.
- Any Access Tokens that are stored will be encrypted
Handling of Your Scanned and Uploaded Files
We do not have access to your scanned and uploaded documents.
This website only provides a token management capability for your users and is not involved in the process of uploading your documents to Google Drive or other cloud storage system.
When you are using the CloudPack connector in ShareScan to upload your documents, the scanned documents are handled by the connector software installed on the server in your own environment. None of the data associated with your Google Drive or other cloud storage systems is made available to Paper River or other third parties in anyway. The connector only enables you to browse your folders and upload the scanned documents to those folders using the systems’ official APIs. The connector does not facilitate any other form of data sharing or transmission.
Thus the security of the scanned documents is the responsibility of the administrators of your network and servers, in the same way as it is for other documents and application installed into your own environment.
Sharing Your Data
We do not share your data or files.
Your personal data and your uploaded files will not be given out our sold to anyone. The website can be used to generate notification emails for your users, but this if fully under your control. Please note that we may have to provide your data to the law enforcement authorities (for example, the police) at their request.
Modifying or Deleting Your Data
You can modify or delete your personal data or users you have set up on the website on your own at any time.
Security
We do a lot to make our service as secure as possible.
We are committed to protect your personal data and your files. All transfers from and to this website are SSL encrypted. The server for this website is located in the European Union, and is protected from unauthorised access by third parties.
Cookies
We need them to provide our services.
This website stores so-called cookies in order to be able to offer you a comprehensive range of functions and to make it easier to use our website. Cookies are small files which are stored on your computer with the help of the internet browser. If you do not want to use cookies, you can prevent cookies from being stored on your computer using the corresponding settings on your internet browser. Please note that this may restrict the functional capability and the range of functions of our offer.
Third-Party Widgets and Plugins
We do not currently use any third-party widgets or plugins on this website.