Version 1.12.00, effective as of October 18th, 2024.

Novelty Writing Ltd ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use Papyrus 12 ("Software") and our related services ("Services"). By using our Software and Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Please read this Privacy Policy carefully to understand our policies and practices regarding your personal data and how we will treat it. If you do not agree with our policies and practices, you should not use our Software and Services.

1. Definitions

For the purposes of this Privacy Policy, the following terms are defined as follows:

• "Personal Data": Any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, or online identifier.

• "Processing": Any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.

• "Services": The Papyrus 12 Software and any related services provided by Novelty Writing Ltd.

• "User Content": Any content you create, upload, submit, store, send, receive, or display using our Services, including manuscripts, notes, images, and other materials.

2. Data We Collect

We collect various types of information from and about users of our Software and Services, including:

A. Personal Data You Provide to Us

When you use our Software or Services, you may provide us with certain Personal Data, including:

• Contact Information: Such as your name, email address, postal address, and phone number when you register an account, purchase a license, or contact us for support.

• Account Credentials: Username and password for your account.

• Payment Information: Billing address and payment method details (e.g., credit card information), which are processed by our third-party payment processors (we do not store full payment card details).

• User Content: Texts, images, posts, and other content when you submit User Content for public display (see Terms of Service 4.5.2). For User Content that you store privately within the Software or in your account, we collect only the minimum amount of necessary information required to provide the Services accordingly.

• Correspondence: Records of your communications with us, including support requests and feedback.

B. Data Collected Automatically

When you use the Software or visit our website, we may automatically collect certain information about your device and usage, including:

• Technical Data: IP address, operating system, device type, browser type, and system configurations.

• Usage Data: Details about how you use our Software and Services, such as features used, pages visited, time spent on pages, and other analytical data.

• Cookies and Similar Technologies: Information collected through cookies, web beacons, and other tracking technologies (see Section 10 below).

3. How We Use Your Data

We use your Personal Data for the following purposes:

A. To Provide and Maintain Our Services

• To register you as a user and create your account.

• To provide access to and ensure the proper functioning of our Software and Services.

• To process transactions and deliver products and services you have requested.

B. To Improve and Personalize Your Experience

• To understand how you use our Software and Services and to improve their functionality and user experience.

• To develop new features, products, or services.

• To personalize content and recommendations based on your preferences and usage.

C. To Communicate with You

• To send you administrative information such as updates, security alerts, and support messages.

• To respond to your inquiries, support requests, and feedback.

• To send you promotional communications (with your consent, where required by law).

D. For Legal and Compliance Purposes

• To comply with legal obligations and respond to lawful requests from public authorities.

• To enforce our Terms of Service and End User License Agreement.

• To protect our rights, privacy, safety, or property, and/or that of you or others.

Legal Bases for Processing

We process your Personal Data based on the following legal grounds under the GDPR:

• Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.

• Consent: Where you have given explicit consent to the processing of your Personal Data for specific purposes (e.g., receiving marketing communications).

• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our Services, ensuring security), provided that such interests are not overridden by your rights and interests.

• Legal Obligations: Processing is necessary for compliance with a legal obligation to which we are subject.

4. Data Sharing and Disclosure

We may share your Personal Data in the following circumstances:

A. With Service Providers

We may disclose your Personal Data to third-party service providers who perform services on our behalf, such as:

• Payment Processors: To process payments securely.

• Cloud Storage Providers: For data storage and management.

• Analytics Providers: Only with user consent. To analyze usage of our Services.

• Customer Support Services: To provide customer assistance.

These service providers are contractually obligated to protect your Personal Data and use it only for the purposes for which it was disclosed.

B. For Legal Obligations and Protection

We may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation or respond to lawful requests by public authorities.

• Protect and defend our rights or property.

• Prevent or investigate possible wrongdoing in connection with the Services.

• Protect the personal safety of users of the Services or the public.

• Protect against legal liability.

C. Business Transfers

In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be shared or transferred as part of such a transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your Personal Data.

D. With Your Consent

We may disclose your Personal Data for other purposes with your explicit consent.

5. International Data Transfers

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

A. Transfers Outside the European Economic Area (EEA)

When we transfer Personal Data from the EEA to countries not deemed adequate by the European Commission, we use appropriate safeguards, such as:

• Standard Contractual Clauses: We implement the European Commission's Standard Contractual Clauses for transfers of Personal Data to third countries.

• Consent: Where appropriate, we may obtain your explicit consent for such transfers.

B. By Using Our Services

By using our Services and providing your Personal Data, you consent to the transfer of your Personal Data to countries outside your country of residence.

6. Data Security

We take reasonable and appropriate measures to protect your Personal Data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption: Data encryption in transit and at rest where applicable.

• Access Controls: Restricting access to Personal Data to authorized personnel.

• Regular Monitoring: Monitoring our systems for potential vulnerabilities and attacks.

User Responsibilities

• Account Security: You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

• Security Measures: While we strive to protect your Personal Data, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.

7. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Criteria

• Legal Obligations: To comply with legal, tax, and accounting requirements.

• Contractual Obligations: As long as your account is active or as needed to provide you with our Services.

• Legitimate Interests: For as long as necessary to fulfill our legitimate business interests, such as improving and developing our Services.

When we have no ongoing legitimate need to process your Personal Data, we will either delete or anonymize it.

8. Your Rights

Under applicable data protection laws, you have the following rights regarding your Personal Data:

A. Right of Access

You have the right to request confirmation as to whether we process your Personal Data and, if so, to request a copy of the Personal Data we hold about you.

B. Right to Rectification

You have the right to request the correction of inaccurate or incomplete Personal Data we hold about you.

C. Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion of your Personal Data when:

• The data is no longer necessary for the purposes for which it was collected.

• You withdraw consent on which the processing is based.

• You object to the processing, and there are no overriding legitimate grounds.

• The data has been unlawfully processed.

• The data must be erased to comply with a legal obligation.

D. Right to Restrict Processing

You have the right to request that we restrict the processing of your Personal Data under certain conditions.

E. Right to Data Portability

You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

F. Right to Object

You have the right to object to the processing of your Personal Data based on legitimate interests, and to processing for direct marketing purposes.

G. Right to Withdraw Consent

If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time.

H. Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@papyrus.de. We may need to verify your identity before fulfilling your request.

Right to Lodge a Complaint

If you believe that our processing of your Personal Data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence.

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and use Personal Data about you, including to serve interest-based advertising. For more information about the types of cookies we use and how to manage your cookie preferences, please refer to our Cookie Policy.

A. What Are Cookies

Cookies are small data files stored on your device when you visit a website. They are widely used to make websites work or to work more efficiently, as well as to provide information to the site owners.

B. Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our website and Services.

• Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.

• Functionality Cookies: Used to recognize you when you return to our website.

• Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed.

C. Managing Cookies

You can manage cookies through your browser settings. However, disabling cookies may affect the functionality of our website and Services.

10. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect Personal Data from children under 16. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child under 16 has provided us with Personal Data, please contact us at privacy@papyrus.de.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every website you visit.

We use third-party services to enhance our Services. These third parties may collect information sent by your browser as part of a web page request, such as cookies or your IP address.

A. Analytics and Advertising

We use services like Google Analytics and Facebook Pixel to analyze user behavior and improve our Services. These services may collect data about your interactions with our website.

• Google Analytics: Used to collect information about how visitors use our website. For more information on Google's privacy practices, visit Google Privacy Policy.

• Facebook Pixel: Used to track conversions from Facebook ads and optimize ads. For more information, visit Facebook Data Policy.

B. Advertising Services

We may use Google Ads and other advertising networks to display ads. These services may use cookies and similar technologies to display personalized ads.

C. Managing Third-Party Services

You can opt-out of certain data collection and use by adjusting your browser settings or using opt-out features provided by these services.

D. Web Fonts and Plugins

We use web fonts provided by Google Fonts and Font Awesome to ensure consistent and visually appealing text display. When you access a page, your browser loads the required web fonts into your browser cache to display texts correctly. This involves a connection to servers that may collect your IP address.

• Google Fonts: For more information, visit Google Fonts Privacy FAQ.

• Font Awesome: For more information, visit Font Awesome Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Version" and "Effective Date" at the top of this Privacy Policy. If the changes are significant, we may also provide a more prominent notice or obtain your consent as required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your Personal Data.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us. For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller is: Novelty Writing Ltd, Sofokleous 4, 4193 Ypsonas, Cyprus. Email: privacy@papyrus.de

14. Supervisory Authority

If you are located in the European Economic Area (EEA) and believe that your Personal Data has been processed in violation of applicable laws, you have the right to lodge a complaint with your local data protection authority.