Privacy Policy

Last Updated: 17th May 2018

This page sets out our privacy policy, including how we collect and process data received from you on our website and through providing our Services as a digital studio.

This privacy policy references GDPR. For the avoidance of doubt, this relates to General Data Protection Regulation 2016/679 of the European Parliament, concerning the protection of natural persons with regards to the processing of personal data and on the free movement of such data.

Who controls and processes your data

We are Papertank Limited, a company incorporated in Scotland under the Companies Acts with Registered Number SC397013.

Our data controller contact details are:

  • Contact Name: David Rushton
  • Contact Email:
  • Contact Phone: 0141 552 6954.

What we may collect

We may collect and process the following data about you through our website, our e-mail correspondence, accounting and other business and project related communications.

  • Information you put into our contact form or other input forms.
  • A record of any correspondence between us.
  • Details of contracts and projects we enter into while providing our Services.
  • Accounting and invoice details for transactions we process while providing our Services.
  • Information about your device (e.g. your IP address, web browser, operating system) for system administration, debugging and aggregate reporting.

We take the privacy and security of your data seriously, and we are bound under GDPR to ensure that your personal data is processed lawfully, fairly and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following core basis applies:

  • You have given consent to the processing of your personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which we are subject;
  • Processing is necessary to protect the vital interests of you or of another person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our credit card payment processing, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.


Our website uses cookies or similar technology to collect information about your access to the site. Cookies are pieces of information that include a unique reference code that a website transfers to your device to store and sometimes track information about you.

A few of the cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the site and will last for longer.

Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can prevent the setting of cookies by adjusting the settings on your browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the site.

Our cookies will be used for: Performance and measurement – collecting statistical information about how our users use the site so that we can improve the site and learn which parts are most popular to users.

How we use the data we collect

We use information about you to:

  • Present site content effectively to you.
  • Carry out our Services with you as a client.
  • Tell you about our Services, updates and projects.

If you don’t want to be contacted with updates, please contact us any any point or use the unsubscribe link on newsletter e-mails.

In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section and policy, you can let us know at any time by contacting us at, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide our services to you, both now and in the future.

In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.

Where we store your data

We store your collected data on servers within the European Economic Area (EEA). Your data may, however, be transferred and processed outside the EEA – e.g. to our trusted partners for email delivery or payment processing. By giving us your personal data, you agree to this storage and transfer arrangement. We make every reasonable effort to keep your data secure.

We only keep your personal data for as long as we need to in order to use it as described above, and/or for as long as we have your permission to keep it. In any event, we conduct regular reviews to audit recorded personal data, and your personal data will be deleted if we no longer need it.

When we disclose your information

We disclose your data and personal information in the following cases:

  • If our company is purchased, we will disclose your information to the buyer.
  • We can disclose if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
  • We can exchange information with others to protect against fraud or criminal activity.
  • We also contract trusted third parties to supply certain services to you on our behalf. These may include payment processing, search index tools, reporting, email delivery providers and our accounting software. In some cases, third parties may require access to some or all of your data and personal information. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data is handled safely, securely and accordance with your rights, our obligations and the obligations of the third party under GDPR and privacy law.

Third parties we use which may have access to your information include:

  • Email Delivery: Mailgun (
  • Email / Hosting: Cloud Above / SW Broadband (
  • Accounting Software: Freeagent (
  • Error Handling: Sentry (
  • Server Management: Laravel Forge (
  • Data Backups: Amazon Web Services (
  • Analytics: Google (

Your rights

You can ask us not to use your data for communications or marketing. You can do this by using the relevant unsubscribe links, or by contacting us at any time at

Under the GDPR, you have the right to:

  • request access to, deletion of or correction of, your personal data held by us at no cost to you;
  • request that your personal data be transferred to another person (data portability);
  • be informed of what data processing is taking place;
  • restrict processing;
  • to object to processing of your personal data; and
  • complain to a supervisory authority.

To enforce any of the foregoing rights or if you have any other questions about our site or this Privacy Policy, please contact us at

Links to other sites

Please note that our terms and conditions and our policies will not apply to other websites that you visit via a link from our site, nor to websites who link to us. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

Changes to this policy

If we change our Privacy Policy, we will post the changes on this page. For new ways in which we use your data, we will email you and/or show an additional consent checkbox the next time you login or use our service.