Privacy policy

Certain data will be processed:

• when you access the Service
• to resolve the technical request of your device
• to display the site
• to maintain the safety and security of our systems

This data is stored in so-called logs and can comprise the following:

• IP addresses
• your mobile device's Identifier for Advertising (IDFA)
• the type of computer or mobile device you are using, including the operating system and version
• the browser type you are using and your country
• referring and exit pages and URLs
• platform type
• the number of clicks on a page or feature, pages viewed and the order of those pages, the amount of time spent on particular pages or parts of pages
• domain names
• information collected for performance purposes (for example, average load, render time of pages, etc.)
  

Even though IP addresses and mobile identifiers are generally considered personal data, we cannot derive any conclusions about your identity from such data.

All of our pages are secured using SSL (Secure Socket Layer) technology, which encrypts data transmitted between our servers and your end devices. We also apply other suitable technical and organizational measures to protect your personal data.

If you choose to create a Member account on our Service, you will be required to provide your first and last name, email address, and a password. In some circumstances, you may be required to present additional information to demonstrate that you meet our registration criteria. You can also associate certain information we present to you with your account where that information belongs to you.

During the registration process or when updating your profile, you can choose to provide other information that can be used to identify and/or contact you. For example, you can include a profile picture (including from a selection of online images suggested to you), your personal website, or your location. You may be able or be required to provide additional information, including, for example, your occupation, vita, education, expertise or interests, , and previous and current roles and activities.

You can choose to log in to your Paperleap account using your Google account’s credentials. If you do, Google will share with Paperleap and we will store your name and email address. Find out more about the data processing and disclosure of the data by Google here. If you’d like to remove the connection between Paperleap and Google, please refer to your Google settings.

When you communicate with us, you may provide us with your name, contact details, and other personal data as part of your communication, as well as the content of your message itself. Similarly, when we communicate with you, we will process your personal data, such as your email address. For some of our emails, we also process information indicating whether you have opened or interacted with the email.

Many communications that you initiate through our Service (for example, sending an invitation to a non-member) will list your name in the header of the message. Other communications that you initiate through the Service, like a request for a full-text, will list your name as the initiator but will not include your email address. Once you have mutually connected with an individual, the contact information you choose to include in your Member profile will be accessible to that individual.

The personal data you provide in connection with registering for your Member account will be used to create, maintain, and secure your account and to suggest information to add to your profile (for example, images that may belong to you). By creating a Member account, you will benefit from functionalities and services that are not available to Visitors. Any personal data you provide in addition to the required data to register for an account facilitates your ability to get into contact with other Members, promote yourself, and receive relevant recommendations.

Because Paperleap is also a professional network, when you create an account your public profile is automatically enabled. This means that your account can be viewed by Visitors and indexed by search engines. If you want your profile to be visible to Members only, you can disable your public profile at any time. You can also determine the level of detail you disclose to other Members by choosing how much information to add to your profile.

This processing is necessary for the performance of the contract and its legal basis is Art.6 (1)(b) GDPR.

We process your personal data, including your profile information and your and others’ activities on the Service to provide the Service in a way that is tailored to your interests. For example, we provide dynamic web pages that are individually adapted to you. We derive learnings from Members’ interactions with tailored content and suggestions and subsequently take them into account to improve the experience. In some cases, we may take data such as your location, current IP address, and affiliation into account to determine which content may be more relevant to you or to tailor the availability of specific content based on a determination as to whether you are entitled or eligible to access that content.

Insofar as the processing is necessary for the performance of our contractual relationship, Art. 6 (1)(b) GDPR is the legal basis. Otherwise, we have a legitimate interest in processing this data in accordance with Art. 6 (1)(f) GDPR. We have a legitimate interest in providing the best user experience based on individual needs.

Depending on how you communicate with us, we may use your name, email address, telephone number, and additional information relating to your inquiry, such as the content of your previous correspondence or your account information, to respond to you and provide assistance.

Insofar as the processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract, Art. 6 (1)(b) GDPR is the legal basis. Otherwise, we have a legitimate interest in processing this data in accordance with Art. 6 (1)(f) GDPR. As a public-facing company, we have a legitimate interest in being able to receive, process, and respond to inquiries.

Provided you have not opted out or indicated that you do not want to receive transactional emails or push notifications from us, we will use your email address or the push notification capabilities of your mobile device to send you emails or push notifications about relevant developments on the Service or information relevant to your account.

You can opt out of receiving transactional emails or push notifications at any time by clicking the unsubscribe link within an email.

We will also process information about your interactions with such emails and notifications (for example, whether you opened the email and/or clicked on content within the email) for a better understanding of your preferences and interests and tailoring our communications to your needs.

Insofar as sending of transactional emails is necessary for the performance of our contractual relationship Art. 6 (1)(b) GDPR is the legal basis. Otherwise, we have a legitimate interest in processing this data in accordance with Art. 6 (1)(f) GDPR. Our legitimate interest in this regard is to keep you informed about relevant developments regarding Paperleap and your account. Additionally, we have a legitimate interest in the processing of interactions with transactional emails to better understand how these emails are used and to improve them accordingly.

We process your personal data in order to avoid its accidental or unlawful destruction, as well as its loss, alteration, or unauthorized disclosure. For example, we process the number of profile pages you and others view so as to detect and prevent data harvesting.

Insofar as the processing is necessary for compliance with our legal obligation to secure data from unauthorized loss and alteration, Art. 6 (1)(c) GDPR is the legal basis. Otherwise, we have a legitimate interest in processing this data in accordance with Art. 6 (1)(f) GDPR. Our legitimate interest lies in maintaining the security of your personal data.

As a Member or Visitor, you may be asked to participate in user research, such as a user interview or survey. Participation is voluntary. If you participate, the data processed will depend on the interview or survey in question. Usually, your email address and name will be processed, but it could also be the case that no personal data is processed. In each case, we will specifically inform you about the required data. We will use the generated data to learn more about our Members and Visitors, so that we can improve our Service.

Where we request consent, the legal basis is in accordance with Art. 6 (1)(a) GDPR. In all other cases, conducting user surveys is in our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest lies in improving our services through user feedback.

Your interaction with and interest in other Members’ activity is as valuable to them as it is to you. Therefore, we process information about reads of your activity and your interaction with other Members' activity. We use this information to provide Members with insights about interactions with their activity. For example, we may show read statistics that contain information about the number of reads in a given timeframe or country of origin .

Insofar as the processing is necessary for the performance of our contractual relationship, Art. 6 (1)(b) GDPR is the legal basis. Otherwise, we have a legitimate interest in processing this data in accordance with Art. 6 (1)(f) GDPR. Where we rely on our legitimate interest to offer these internal activity insights, we believe our aim to provide you and fellow Paperleap Members with statistics, and, where applicable, additional details about interactions, does not conflict with your expectations, interests, and rights. The described data processing, which is limited, is appropriate to achieve the desired objective of helping Members understand how their work is consumed and received.

We generate statistics for internal purposes in order to constantly improve the Service and its features. We also conduct research and development to maintain quality and improve our Service and the User experience.

Our legal basis for this processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. We have a legitimate interest in assessing and evaluating the traffic on our site to improve our Service. Such improvement is also in the interest of our Users as it allows them to always benefit from the best Service we can offer.

We may process personal data collected from publicly available sources or extracted from content provided by partners and match it with Members so that we can generate aggregated and/or de-identified information and analysis. We may use such aggregated and de-identified information for any purpose, including without limitation for research and marketing purposes and to improve our Service, and may also disclose such aggregated and de-identified information to any third parties, including our advertising or publisher partners.

Our legal basis for this processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. We have a legitimate interest in creating reports and analysis, developing marketing materials, understanding our Members better, and sharing this understanding with selected partners. Such aggregated and de-identified information does not include any personal data.

To the extent permitted by data protection laws, we may use your data for new purposes, such as conducting data analyses, further developing our Service and content, product development, optimization of business processes, and evaluation of service providers. We will only use your personal data for such new purposes where the new purposes were not yet determined or foreseeable at the time that your data was collected, and the new purposes are compatible with the purposes for which the data was originally collected. For example, new legal or technical developments and novel business models and services may lead to new processing purposes.

We may obtain a variety of information . We may also process information to create records that are useful to our Members, Users, and Visitors.

When we collect publicly available materials, we do not have a way of ensuring that personal data contained in such materials has been processed in accordance with applicable laws. However, if you notify us that your personal data contained in such materials is inaccurate or has been processed in violation of applicable data protection laws, we may delete it upon verification of your identity..

Our legal basis for this processing is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. The data processed is publicly available data and we need to process it in order to provide a correct and complete and accurate picture. Our legitimate interest is to provide a comprehensive and accurate repository of information that is relevant for our Members, Users, and Visitors. Without processing additional public data, we could not achieve these aims. Furthermore, since we offer the possibility to connect this data with an account, we provide Members a convenient way to establish an account that is as complete as possible, without the effort of manually adding the information themselves.

Our partners may provide us with data which may contain personal data. We make this content available on our Service in accordance with their instructions. We process certain personal data contained in this content, such as the names of the Authors.

In some scenarios, Users can take on tasks, roles, or responsibilities for a third-party partner on the Service. To enable us to display these roles, tasks, or responsibilities on the Service and, where applicable, connect them with Members’ profiles, Paperleap’s partners might provide data of those Authors or Members to us. We contractually oblige our partners to, if required, obtain all necessary consents and inform you prior to sharing any personal data with us. We will treat such data in accordance with this Privacy Policy.

The legal basis for these data processing activities is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interest is to provide a comprehensive and accurate repository of information and related tasks and roles that are provided to us by our partners. Furthermore, since we offer the possibility to connect this data with an account, we provide Members a convenient way to establish an account that is as complete as possible, without the effort of manually adding the information themselves.

We and service providers acting on our behalf store log files and use technologies such as cookies, web beacons, and pixels to collect information relating to you and your use of the Service.

Cookies are small files that enable us to store and collect specific information related to you and your use of the Service on your computer or other end devices. They help us to analyze the number of people who use the Service, usage frequency, User behavior, and advertising effectiveness, to increase security and tailor our Service and advertisements to your needs and preferences.

• We use so-called session cookies which are automatically deleted after your session on the website ends.
• We use persistent cookies to record information about repeat Users of the Service. Persistent cookies are designed to help us continually improve the products and services we offer and ensure the quality of our Service. Persistent cookies remain for a certain predefined period and are recognized by us when you return to the Service (or one of our partner sites).

You can edit the settings of your browser to prevent cookies from being stored, limit the storage of cookies to certain websites, or such that your browser informs you every time a cookie is sent. You can also delete cookies at any time. However, please note that if cookies are deactivated you will not be able to take advantage of some of Paperleap’s features. To learn how to delete cookies with the help of your browser, please consult your browser’s help materials.

In addition to cookies, we use so-called pixels, web beacons, clear GIFs, and other similar mechanisms (“Pixels”). A Pixel is an image file or link to an image file added to the website code (but not sent to your end device) or built into an email. Pixels are largely used for the same reasons as cookies, namely to analyze the number of people who use our Service or, if the User's email program allows HTML, to determine whether and when an email was opened. Pixels help us to check and optimize the effectiveness of our Service and offers as well as advertising campaigns served on the Service or sent to you via email. Pixels do not provide us with personal data. Pixels are usually used in conjunction with cookies. If you have deactivated the use of cookies in your browser, then Pixels will only report an anonymous website visit.

All information about cookies and comparable technologies that we only use with your consent under Art. 6 (1)(a) GDPR and the possibility to change your settings for cookies and similar technologies can be found here.

Some cookies are essential to the operation of our website and we have a legitimate interest pursuant to Art. 6 (1)(f) GDPR in using them. Our legitimate interest in this regard is based on the respective purpose of the cookie.

When we and our affiliated ad networks display advertisements on our Service, the following types of data may be used:

• performance data (such as the number of clicks on an advertisement)
• certain technical information (for example, IP addresses, cookie IDs, non-persistent device identifiers such as Identifiers for Advertising (IDFAs)
• your Paperleap profile information, activity, interaction with and consumption of content, including sponsored content and emails, and/or contextual information

We and our affiliated ad networks may collect this information through the use of tracking technologies like browser cookies and pixels (see explanations in section 5 (How we use technologies like cookies and pixels) above) and may use a single tracking technology or multiple tracking technologies at the same time. The information collected may be used to:

• measure how effective advertisements are
• offer you targeted advertising to personalize your experience by showing you advertisements that are more relevant to you
• undertake web analytics to analyze traffic and other User activity to improve your experience

Third-party advertisements on the Service may contain links to third-party properties that are not owned or controlled by Paperleap. We recommend that you proceed with caution when leaving the Service, and review any applicable terms and privacy policies. Paperleap is not responsible for any third party, or its affiliates or agents, failing to use your personal data in accordance with such third party's privacy policy, or any contractual or other legal obligations to which such third party, its affiliates or agents, may be subject.

Where we request consent, that is the legal basis for the display of advertising under Art. 6 (1)(a) GDPR. Details on data processing, our affiliated advertising networks, and the possibility of changing your settings for cookies and similar technologies can be found here. In all other cases, the display of advertising is in our legitimate interest under Art. 6 (1)(f) GDPR. Our legitimate interest lies in our economic interest in conducting direct marketing and displaying interest-based advertising.

We aim to suggest sponsored opportunities that are most relevant to our Members. In this context, we use, whether separately or combined, the personal data you provide, we collect, or we infer from your use of the Service and the Internet and contextual information about the page you are currently visiting. This enables us to display suggestions that are relevant to our User's and Member's profile, experience, and activity.

Our legal basis for this processing is our legitimate interest under Art. 6 (1)(f) GDPR. We aim to display the most relevant and helpful opportunities to you. To do this, we must take your interests, journey, and some of your personal data into account. We take great care in choosing the right partners and limiting the personal data we process. The personal data that we process for this purpose will not be shared with any third party except our technical service providers (see section 7 (Service providers) below). Given that we limit the data processed, do not share it with third parties, and process your personal data to display only relevant opportunities to you, we believe that it is our legitimate interest to monetize our platform. Our Service is a contribution to science as a whole.

We may use your email address to send you emails sponsored by our partners. We will also process information about your interaction with such emails, for example, whether you opened the email and/or clicked on content within the email.

Where we request consent, that is the legal basis for sending you sponsored emails under Art. 6 (1)(a) GDPR. You can unsubscribe from receiving sponsored emails at any time by clicking the unsubscribe link within any such email or visiting your Email Settings. In all other cases, the sending of sponsored emails is in our legitimate interest under Art. 6 (1)(f) GDPR. It is our legitimate interest to make the Service as useful and meaningful to you as possible, which may include helping you discover new products, offers, and services. In addition, these email campaigns help us monetize our Service so that we can continue our mission of making research accessible to all.

The following service providers and third parties that we use to provide the Service may process your personal data:

‍InMotion Hosting, Inc., 555 S. Independence Blvd.,. Virginia Beach, VA 23452, USA
InMotion Hosting helps us provide our Service by providing us with web hosting, cloud-based solutions and managed services. Our data are stored on InMotion Hosting's servers. For more information regarding Cloudflare and its data processing, see its Privacy Policy.

‍Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA
Cloudflare helps us to provide our Service in the fastest possible way by “copying” our Service and putting it on servers that are geographically as close as possible to your current location. Cloudflare also blocks threats and abusive bots and crawlers that negatively affect our bandwidth and server resources. Data is transferred to Cloudflare based on the European Commission's adequacy decision, the Data Privacy Framework. In addition, we have concluded Standard Contractual Clauses with Cloudflare. For more information regarding Cloudflare and its data processing, see its Privacy Policy.

We additionally provide information about the following third parties:

• In the course of obtaining technical, business, tax, legal, and similar services, we may provide access to or disclose data to selected third-party advisors, agents, and consultants. These third parties provide a variety of services, including consulting, data hosting and storage, advertising and marketing, website content and features, analytics, research, customer service, security, fraud prevention, tax, and legal services.
• Where applicable, your data may be processed by third parties listed in our consent modal. These parties might be advertisers or companies that help us disseminate advertisements, measure the performance of advertisements, and/or analyze your use of the Service. These third parties will not receive data that directly personally identifies you. The data disclosed is limited to identifiers such as IP addresses and cookie IDs. Your name, email address, and other directly identifying data will only be disclosed to these third parties if you explicitly allow us to disclose this data. Find out more here.
• We may disclose the information we collect to our affiliates and subsidiaries under common ownership or control for the purposes outlined in this Privacy Policy.
• We may disclose personal data in response to legal processes or when the law requires it (for example, in response to a court order or an order from a relevant national judicial or administrative authority under Art. 10 Regulation (EU) 2022/2065) or, to the extent permitted by applicable law, to protect the rights, property, or safety of Paperleap, the Service, Users of the Service (including you), and others.
• We may share information about you in connection with a sale or merger or in preparation of such transaction. Another company that buys us or part of our business has the right to use your information, but only to the extent permitted by law and in accordance with this Privacy Policy.
• We may include embedded content in our Service that is stored with third parties and can be accessed directly from our site. This includes content from:
  
  YouTube, provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94043, USA and for Users from the European Economic Area by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For more information regarding YouTube and its data processing, see its Privacy Policy.

We maintain an online presence in other social networks to provide information about our services and maintain contact with customers and other interested parties. When you visit our presence on other social networks, those networks may also process your personal data for their own purposes. For example, if you visit our company page on Facebook, Facebook may process your personal data for its own purposes.

The legal basis for data processing is Art. 6 (1)(f) GDPR, based on our legitimate interest in effective communication with users and customers. In addition, Art. 6 (1)(b) constitutes the legal basis if the communication concerns contractual or pre-contractual steps. The data may be processed on the basis of your consent under Art. 6 (1)(a). Otherwise, the legal basis for the processing carried out by the social networks under their control can be found in their respective privacy policies.

We have a presence on the following social networks:

‍Facebook and Instagram (Meta Platforms Inc. 1601 Willow Road, Menlo Park, California, 94025, USA; for European Economic Area and Switzerland: Meta Platforms Ireland Ltd, Serpentine Avenue, Block J, Dublin 4, Ireland)
Paperleap's Facebook and Instagram pages are operated based on an agreement on joint controllership under data protection law. You can find more information about data processing at Meta in its Privacy Policy.

‍X (X Corp., 1355 Market Street, Suite 900, San Francisco, California, 94103, USA; for European Economic Area and Switzerland: Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland)
You can find more information about data processing at X in its Privacy Policy.

‍LinkedIn (LinkedIn Corp., 1000 W. Maude Avenue, Sunnyvale, California, 94085, USA; for European Economic Area and Switzerland: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
‍Paperleap's LinkedIn page is operated based on an agreement on joint controllership under data protection law. You can find more information about data processing at LinkedIn in its Privacy Policy.

If you find content on Paperleap that you think violates Paperleap's policies or the law, you can report it to us. Links to report content are available on every page that contains user-generated content. Generally, you will be asked to provide your name and email address as part of your report, if the data cannot be inferred by your Member's account. In specific cases, we may use this information to ask you follow-up questions or to provide updates about your report. In some cases, where necessary and appropriate, we may also provide this information to the person who added the content you reported. For example, if you report a copyright infringement, we normally provide the copyright owner's name and email address to the reported party so they can understand the claim and reach out to the copyright owner with any questions.

The legal basis for this data processing is Art. 6 (1)(c) GDPR in conjunction with the relevant provisions of the Digital Services Act (DSA), in particular Art. 16 and 17 DSA.

Some of the service providers with which your personal data may be shared are located outside of the European Economic Area. In some of these countries, the level of data protection does not correspond with that of the European Union.

Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for the country, we have taken appropriate measures to ensure an adequate level of data protection for data transfer. These measures include, among others, the Standard Contractual Clauses of the European Union or binding internal data protection regulations. If these measures are not applicable we base the data transfer on the exceptions under Art. 49 GDPR, especially on your consent or the necessity of the transfer for the performance of our contract with you.

For Members, we generally store your personal data as long as your account is active.

Provided you can access your account, you can delete it yourself in your Account Settings at any time. If you request that we delete your account for you, we might ask for proof of identity before doing so, to protect you and others from accidental or unauthorized account deletion. Should there be doubts about your identity, we may not delete your account but instead remove it from public view until you can clearly verify your identity.

We reserve the right to delete accounts that are inactive for at least one year or where the contact email address for the account is no longer operational. We will attempt to notify you before doing so.

If you delete your account, it will be deleted from our productive systems and you won't be able to reactivate it later.

We may keep personal data if it is strictly necessary to comply with any legal or regulatory obligations, defend disputes, enforce our Terms of Service, and/or take other actions otherwise permitted by law.

In addition to your rights to withdraw any consent you may have granted or exercise any opt-out option we provide, you may be entitled to exercise some or all of the following rights:

• Right of access in accordance with Art. 15 GDPR. In particular, you can obtain information about the purposes of processing, categories of personal data, categories of recipients to whom your data has been or will be disclosed, planned storage period, and the origin of your data if it was not obtained directly from you.
• Right to correct inaccurate or complete incomplete personal data according to Art. 16 GDPR.
• Right to delete your personal data stored with us in accordance with Art. 17 GDPR, subject to legal or contractual retention periods or other legal obligations or rights that must be observed.
• Right to restrict the processing of your personal data in accordance with Art. 18 GDPR in the event that: you contest the accuracy of the data; the processing is unlawful but you oppose its deletion; we no longer need the personal data for the purposes of the processing but you need it for your assertion; it may be relevant to exercise or defend legal claims; or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
• Right to data portability in accordance with Art. 20 GDPR, to receive the stored personal data concerning you in a structured, commonly used, and machine-readable format, or request the transfer of this data to another responsible party.
• Right to lodge a complaint with the supervisory authority responsible for us or any other competent supervisory authority in a Member State, in particular with the supervisory authority responsible for you. The supervisory authority competent for Paperleap is: Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia 11, 00187 - Rome (Italy).

You may exercise the rights referred to above, pose any related questions, or make anycomplaints regarding data processing by contacting us at legal[at]paperleap.com.

The same and/or similar rights as laid out in this section might also be available to you under other jurisdictions, i.e. beyond the GDPR.

If you have any questions or concerns about this Privacy Policy, please email our privacy team at legal[at]paperleap.com.

To directly contact our data protection officer, please send a letter to:

Data Protection Officer
Paperleap by INTACT srl
Via Dieta di Bari 36
70121 Bari,
Italy

You can find additional information about security and privacy in our Help Center.

We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate business interests or to comply with a legal obligation. We may request you provide us with the information necessary to confirm your identity before responding to your request. You have a right to submit your request via an agent if the agent has your written permission. In such circumstances, we may still need to verify your identity separately. Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.

As explained in section 6 (Sponsored content on Paperleap), we allow certain third-party advertising providers to collect information about your device and online browsing activities for targeted advertising and related purposes, so that we can provide you with more relevant and tailored ads. This disclosure of your information to these third parties may be considered a “sale” of personal information under applicable laws in the United States or the "processing" or "sharing" of personal information for targeted advertising purposes.

You can opt out of our online disclosure of your personal information through cookie and pixel technology for purposes that could be considered “sales” for third parties' own commercial purposes, or “sharing” for purposes of targeted advertising. To do so, please click here. You can also submit a request to opt out of our disclosure of information other than through cookies or pixels that are subject to applicable opt-out rights by emailing us at legal[at]paperleap.com.

If you are a California resident, the California Consumer Privacy Act and its associated amendments (“CCPA”) require us to provide you with the following additional information about:

• The purpose for which we use each category of “personal information” (as defined in the CCPA) we collect.
• The categories of third parties to which we: (a) disclose such personal information for a business purpose; (b) “share” personal information for “cross-context behavioral advertising”; and/or (c) “sell” such personal information.

Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.

Our use of third-party online advertising services, which are described in detail in section 6 (Sponsored content on Paperleap) above, may result in the disclosure of online identifiers (for example, cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” or "sharing" under the CCPA.

We source, use, and disclose the categories of personal information we collect from and about you consistent with the various business purposes we describe throughout this Privacy Policy. See section 2 (Data we process), section 3 (How we use data), section 4 (How we use relevant publicly available data and data provided by our partners), section 5 (How we use technologies like cookies and pixels), section 6 (Sponsored content on Paperleap), and section 7 (Service providers) for more information.

A)Your choices regarding "sharing" and "selling"

You have the right to opt out of our “sharing” or “selling” of your personal information for purposes of online analytics and advertising through the use of cookies or pixels by clicking here. To opt out of the offline disclosure of your information to third parties for purposes other than through cookies or pixels, please email us at legal[at]paperleap.com.

B)Other CCPA rights

If we ever offer any financial incentives in exchange for your personal information, we will provide you with appropriate information about such incentives.

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. We do not use or disclose such information other than for disclosed and permitted business purposes for which there is no right to limit the use or disclosure under the applicable law.

In addition to the specific rights you have under California law as described in this section, you may have more general rights under the GDPR. See section 12 (Data subject rights) above for more information.

C)Retention of your personal information

Please see section 11 (Deleting your account and retention of personal data) above.

Please see section 13 (Contact information) above.