Last updated: 6 May, 2026

This Privacy Policy explains how PaperFocusCo collects, uses, stores, shares, and protects personal data when you visit https://paperfocusco.com/, create an account, place an order, contact us, or otherwise interact with the Website.

The Website is owned and operated by PAPER FOCUSCO LTD, a company registered in the United Kingdom under company registration number 17173581, with its registered office at 12 Hammersmith Grove, London, United Kingdom, W6 7AP.

By using the Website, creating an account, placing an order, or contacting us, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.

1. About This Privacy Policy

This Privacy Policy applies to all users of the Website, including visitors, registered customers, and customers who purchase office supplies from PaperFocusCo.

PaperFocusCo sells office supplies, stationery, paper products, writing tools, cartridges, notebooks, rulers, desk accessories, and related physical goods.

2. Data Controller

For the purposes of applicable data protection laws, including the UK GDPR and the Data Protection Act 2018, the data controller responsible for your personal data is:

PAPER FOCUSCO LTD
Company Registration Number: 17173581
Registered Address: 12 Hammersmith Grove, London, United Kingdom, W6 7AP
Website: https://paperfocusco.com/
Email: [email protected] 

As data controller, PaperFocusCo determines why and how your personal data is processed.

3. Personal Data We Collect

We may collect different types of personal data depending on how you use the Website.

Account Information

Because purchases on the Website are available to registered customers only, we may collect information required to create and manage your account, including:

  • full name;
  • email address;
  • password or login credentials;
  • billing address;
  • delivery address;
  • telephone number, where required;
  • account preferences;
  • order history;
  • customer account activity.

Passwords are not intended to be visible to PaperFocusCo in plain text. Passwords should be stored through secure account systems.

Order and Purchase Information

When you place an order, we may collect and process information necessary to fulfil your purchase, including:

  • products ordered;
  • order number;
  • order date;
  • order value;
  • selected delivery method;
  • delivery address;
  • billing address;
  • selected currency;
  • invoice details;
  • order status;
  • dispatch and tracking information;
  • return, refund, or cancellation information.

Contact and Support Information

If you contact us by email, contact form, or any other support channel, we may collect:

  • your name;
  • email address;
  • order number, where relevant;
  • message content;
  • attachments or photographs you provide;
  • return or refund explanation;
  • support history;
  • any other information you choose to send to us.

For example, if you request a return, we may ask for your order number, product details, photographs of the product and packaging, and an explanation of the issue.

Delivery Information

To arrange delivery, we may process:

  • recipient name;
  • delivery address;
  • telephone number, where required by courier;
  • delivery method;
  • delivery zone;
  • courier tracking information;
  • delivery instructions;
  • customs or import-related information where required.

Technical and Website Usage Information

When you use the Website, we may collect technical information such as:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • pages viewed;
  • time and date of visit;
  • referring website;
  • approximate location based on IP address;
  • cookie identifiers;
  • shopping basket activity;
  • checkout activity;
  • security logs;
  • error logs.

This information may be collected through cookies, server logs, analytics tools, security tools, or similar technologies.

Cookie and Preference Information

We may collect information about:

  • cookie consent choices;
  • selected currency;
  • language or region preferences;
  • basket contents;
  • website display preferences;
  • analytics consent;
  • marketing consent, where applicable.

More information is available in our Cookies Policy.

4. Payment Data

All payments are processed securely by a third-party payment provider.

PaperFocusCo does not collect, store, or process full payment card details directly. This means we do not store your full card number, CVV, or complete payment authentication details on our own systems.

When you make a payment, you may be redirected to or interact with the secure systems of the payment provider. The payment provider may process payment information in accordance with its own terms, privacy policy, security requirements, and legal obligations.

PaperFocusCo may receive limited payment-related information from the payment provider, such as:

  • payment confirmation;
  • payment status;
  • transaction reference;
  • payment failure notice;
  • refund confirmation;
  • fraud or risk status where relevant.

We use this information to process your order, confirm payment, manage refunds, detect fraud, and maintain accurate order records.

5. How We Use Personal Data

We use personal data for the following purposes.

To Create and Manage Customer Accounts

We process account information to allow customers to register, log in, manage their details, place orders, view order information, and use account features.

To Process Orders

We use order information to confirm your purchase, issue an invoice, process the order, prepare products, arrange delivery, send dispatch emails, and provide order updates.

After you place an order and payment is confirmed, we send an order confirmation email with an invoice. Once the order has been processed and dispatched, we send a second email confirming shipment, including tracking details where available.

To Deliver Products

We use delivery information to arrange shipment, calculate delivery options, provide courier information, manage failed deliveries, and respond to delivery-related questions.

Where international delivery is involved, we may process information needed for customs, import, courier, or compliance purposes.

To Handle Returns and Refunds

We process return and refund information to review return requests, confirm eligibility, provide return instructions, inspect returned products, process approved refunds, and resolve customer support issues.

To Communicate With Customers

We use contact details to respond to enquiries, provide customer support, send order updates, notify you about delivery or return matters, and deal with complaints or legal requests.

To Maintain Website Functionality

We use technical information to operate the Website, maintain account login, keep basket functionality working, support checkout, remember selected currency, manage cookie preferences, and improve website reliability.

To Protect the Website and Prevent Fraud

We may process personal data to detect, prevent, and investigate fraud, misuse, unauthorised access, suspicious activity, spam, security threats, payment abuse, return abuse, and breaches of our Terms & Conditions.

To Comply With Legal Obligations

We may process personal data to comply with accounting, tax, audit, consumer protection, data protection, payment security, sanctions, delivery, customs, and other legal requirements.

To Improve the Website

We may use analytics and performance information to understand how customers use the Website, improve product pages, improve checkout, fix errors, improve loading speed, and make the customer experience more effective.

6. Legal Bases for Processing Personal Data

We process personal data only where we have a lawful basis to do so.

The legal bases we may rely on include:

Contract

We process personal data where it is necessary to enter into or perform a contract with you. This includes account registration, order processing, invoicing, delivery, returns, refunds, and customer support related to your purchase.

Legal Obligation

We process personal data where necessary to comply with legal duties, including tax, accounting, consumer protection, customs, data protection, fraud prevention, and regulatory requirements.

Legitimate Interests

We may process personal data where necessary for our legitimate business interests, provided your rights and interests do not override those interests.

This may include fraud prevention, website security, customer support, business record keeping, service improvement, account protection, and internal administration.

Consent

We rely on consent where required, such as for certain cookies, analytics, marketing communications, or optional data uses.

You may withdraw consent at any time where processing is based on consent.

7. Customer Responsibility for Information Provided

You are responsible for ensuring that the personal data you provide is accurate, complete, current, and suitable for the purpose for which it is provided.

This includes your email address, delivery address, billing details, phone number, account information, and order information.

If you provide incorrect or incomplete information, we may be unable to process your order, send your invoice, respond to your enquiry, deliver your products, process your return, or issue important updates.

8. Sharing Personal Data With Third Parties

We may share personal data with trusted third parties where necessary to operate the Website, process orders, provide services, comply with legal obligations, or protect our business.

These third parties may include:

  • payment providers;
  • delivery companies and couriers;
  • IT hosting providers;
  • website service providers;
  • analytics providers;
  • fraud prevention and security providers;
  • email and communication service providers;
  • accounting and tax advisers;
  • legal advisers;
  • regulatory authorities, courts, law enforcement, or public authorities where required;
  • customs authorities or import-related service providers where required for international delivery.

We only share personal data where necessary and appropriate for the relevant purpose.

Third-party service providers are expected to process personal data securely and only in accordance with applicable data protection requirements.

9. Third-Party Payment Providers

Payments are made through third-party payment providers. PaperFocusCo does not collect or store full payment card details directly.

The payment provider may collect and process payment data, authentication information, fraud prevention data, device information, and transaction information. Such processing may be governed by the payment provider’s own privacy policy and legal obligations.

We recommend that you review the payment provider’s privacy information during checkout.

10. Strong Customer Authentication and PSD2

Online card payments may be subject to Strong Customer Authentication (SCA) and payment security checks.

SCA is designed to improve the security of electronic payments and reduce payment fraud. It may require customers to confirm their identity using two or more authentication elements, such as something they know, something they possess, or something that is part of them.

In practice, this may include verification through a banking app, one-time passcode, card issuer approval, biometric confirmation, password, security code, or other method required by the card issuer or payment provider.

PaperFocusCo does not control all SCA checks. Authentication is usually handled by your bank, card issuer, or third-party payment provider.

Where PSD2, SCA, or equivalent payment security requirements apply, the payment provider and card issuer may require additional verification before payment is completed. If authentication fails or payment is not authorised, we may be unable to process the order.

11. International Transfers of Personal Data

Your personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom or the European Economic Area.

This may occur where we use service providers, hosting providers, analytics tools, payment providers, support systems, security tools, or other business partners located outside the UK or EEA.

Where personal data is transferred internationally, we take steps to ensure that appropriate safeguards are used in accordance with applicable data protection laws.

These safeguards may include:

  • adequacy regulations or adequacy decisions;
  • standard contractual clauses;
  • international data transfer agreements;
  • contractual data protection obligations;
  • technical and organisational security measures;
  • other lawful transfer mechanisms available under applicable law.

We aim to ensure that your personal data remains protected when transferred outside the UK or EEA.

12. Data Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.

These measures may include:

  • secure website connections where available;
  • encryption or secure transmission technologies;
  • restricted access to personal data;
  • account authentication controls;
  • security monitoring;
  • fraud prevention checks;
  • internal access controls;
  • staff confidentiality requirements;
  • secure service provider selection;
  • regular review of security practices;
  • ongoing security assessments.

We also aim to maintain internal procedures designed to reduce the risk of accidental or unlawful access, loss, alteration, disclosure, or destruction of personal data.

However, no website, online service, payment system, or data transmission method can be guaranteed to be completely secure. You are responsible for keeping your account login details confidential and for notifying us if you suspect unauthorised access to your account.

13. GDPR and Data Protection Compliance

We process personal data in accordance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

We aim to follow key data protection principles, including:

  • lawfulness, fairness, and transparency;
  • purpose limitation;
  • data minimisation;
  • accuracy;
  • storage limitation;
  • integrity and confidentiality;
  • accountability.

We implement appropriate technical and organisational measures to protect personal data and support compliance. These may include internal reviews, staff awareness, access controls, security procedures, data protection assessments where appropriate, and regular review of how personal data is handled.

We do not sell personal data.

14. Your Data Protection Rights

Depending on your location and applicable law, you may have rights in relation to your personal data.

These rights may include:

Right of Access

You may request a copy of the personal data we hold about you.

Right to Rectification

You may ask us to correct inaccurate or incomplete personal data.

Right to Erasure

You may ask us to delete your personal data in certain circumstances.

Right to Restrict Processing

You may ask us to restrict how we use your personal data in certain circumstances.

Right to Object

You may object to certain types of processing, including processing based on legitimate interests or direct marketing.

Right to Data Portability

Where applicable, you may request that certain personal data be provided in a structured, commonly used, machine-readable format.

Right to Withdraw Consent

Where we rely on consent, you may withdraw your consent at any time.

Right to Complain

You may have the right to complain to a data protection authority if you believe your data protection rights have been infringed.

In the UK, the relevant authority is the Information Commissioner’s Office (ICO).

To exercise your rights, contact us at [email protected]

We may need to verify your identity before responding to a request.

15. Restricted Countries and Compliance Checks

We do not provide services, sell products, or process deliveries to restricted countries, regions, territories, persons, entities, or addresses where this would breach applicable law, sanctions, trade restrictions, courier rules, payment provider requirements, or internal compliance procedures.

We may process personal data to check whether an order, account, payment, delivery address, or user activity may involve a restricted country or prohibited transaction.

Where necessary, we may refuse or cancel an order, restrict an account, or share information with relevant service providers or authorities to comply with legal obligations.

16. Links to Third-Party Websites

The Website may contain links to third-party websites, payment pages, courier tracking pages, manufacturer websites, or other external services.

We are not responsible for the privacy practices, security, content, or policies of third-party websites.

You should review the privacy policies of any third-party services you use or access through the Website.

17. Governing Law

This Privacy Policy is governed by the laws of the United Kingdom, subject to any mandatory rights that may apply to you under local data protection laws.

18. Contact Us

If you have any questions about this Privacy Policy, personal data processing, cookies, payment data handling, or your data protection rights, please contact us:PAPER FOCUSCO LTD
Company Registration Number: 17173581
Registered Address: 12 Hammersmith Grove, London, United Kingdom, W6 7AP
Email: [email protected]