We are pleased to welcome you as an Interactive Paper user. We store certain data so that our products and services function flawlessly and a great user experience is possible. With the following privacy policy, we would like to give you an insight into what data we collect, for what purposes this data is collected and what choices you have as a user.
What is Interactive Paper?
At Interactive Paper GmbH, we're redefining the communication landscape by seamlessly blending the digital and analog worlds. Our pioneering product, Interactive Paper, leverages cutting-edge technologies like NFC and QR Codes to create a unique interactive experience. When you engage with these technologies, such as scanning a QR code or using NFC to access a link on your mobile device, this policy becomes applicable. Interactive Paper GmbH not only facilitates innovative campaign design and content creation but also provides detailed data reports to comprehensively analyse user engagement. Our commitment is to bridge the gap between tactile and digital, offering an unparalleled user experience.
Privacy Policy
To further enhance the privacy and security of our users' data, we have ceased all data processing activities outside the European Union. We have implemented our own data tracking system, which operates exclusively within EU borders. This ensures that all data processing activities are in full compliance with the EU General Data Protection Regulation (GDPR), providing an added level of data protection and peace of mind for our users. Our commitment to data security and privacy is paramount, and we continuously work to align our practices with the highest standards set by the GDPR.
When you load an Interactive Paper, basic technical data is automatically recorded in our web server log files: your IP address, browser type and version, operating system, the URL of the referring site (if applicable), and the date and time of your visit. These log files are retained for two weeks before being automatically deleted. The collection and processing of this data is based on Art. 6(1)(f) GDPR (legitimate interest in the seamless and secure operation of our service). While we do not actively share this data, it may be accessed in cases of legal investigations or unauthorised activities.
Whether your IP address is additionally used for analytical purposes — for example to derive your approximate geographic location — depends on which tracking layers have been activated for the respective campaign and on the consent choices you make in the cookie preferences. The layer-specific sections below describe in detail what additional data, if any, is processed in each scenario.
Your rights under GDPR
In accordance with the provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG), you have the following rights in principle:
Right of access (Art. 15 GDPR) — you may request a copy of the personal data we hold about you, including the categories of data, the purposes of processing, and the recipients
Right to correction (Art. 16 GDPR)
Right to cancellation ("Right to be forgotten") (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to be notified — duty to provide information in connection with the correction or erasure of personal data or limitation of processing (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right of objection (Art. 21 GDPR)
Right not to be subjected to a decision based solely on automated processing — including profiling (Art. 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the data protection authority whose website you can find at https://www.dsb.gv.at/ .
Secure Data Transmission
For the secure transfer of data over the internet, our website employs HTTPS, in line with the GDPR's mandate for data protection through technology design (Art. 25(1) GDPR). This security measure is reinforced through the use of TLS (Transport Layer Security), a robust encryption protocol that safeguards the confidentiality of data as it travels across the internet. The presence of a small lock icon in the upper left corner of your browser, along with the use of the 'https://' prefix in our web address, are indicators of this secure data transmission method.
Sub-processors
To ensure the highest standards of security and performance for our services, we rely on the following sub-processors when delivering our offerings. All sub-processors are bound by Data Processing Agreements (DPAs) and process data strictly under our instruction and in compliance with the GDPR. Where data is transferred outside the European Economic Area (EEA), appropriate safeguards are in place pursuant to Art. 46(2)(c) GDPR (EU Standard Contractual Clauses, Commission Implementing Decision 2021/914/EU).
Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) — Server hosting and infrastructure for the Interactive Paper webtool platform. Data location: Germany (EU). Data processed: anonymised session IDs, usage analytics, web server logs.
DigitalOcean, LLC (Frankfurt, Germany data center) — Cloud hosting and infrastructure services. Data location: Frankfurt, Germany (EU). Data processed: anonymised session IDs, application data, web server logs.
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) — Google Analytics Data API for server-side geolocation enrichment (country, city, region, continent) based on anonymised session IDs. Used only when Layer 2 (Location tracking) is activated for the campaign and the end user has consented to "Cookies for statistics". Data may be processed on Google servers in the USA. Transfer mechanism: EU Standard Contractual Clauses (Art. 46(2)(c) GDPR, Commission Decision 2021/914/EU), supplemented by your explicit consent. Data processed: anonymised session ID, approximate geolocation derived from IP address. No browser-side tracking scripts are used; no Google cookies are set.
Grunewald GmbH (Germany) — Address data processing for postal dispatch of Interactive Paper physical products. Data location: Germany (EU). Data processed: recipient name and postal address (only where applicable to physical product delivery).
Oliver Homrich e.K. (Germany) — Address data processing for postal dispatch. Data location: Germany (EU). Data processed: recipient name and postal address (only where applicable to physical product delivery).
Artisan Colour, Inc. (United States) — Print production and postal dispatch within the United States. Transfer mechanism: EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Data processed: recipient name and postal address (only where applicable to US-based physical product delivery).
All sub-processors listed above process end-user data exclusively on behalf of Interactive Paper GmbH and solely for the purposes described. They have no right to use your data for their own purposes.
Cookies in general
Our website utilises an HTTP cookie to store specific information relevant to each user. A cookie is essentially a small packet of data exchanged between your web browser and our web server. While it appears as random data to the browser and server, it is crucial for the web application to function effectively.
We strictly use a single first-party cookie, aligning with legal requirements. This cookie serves both an essential and an analytical purpose: it is necessary for the fundamental operation of our website, and — when you actively consent to statistics tracking — it also enables the collection of anonymised usage data to enhance the user-friendliness of our mobile websites and to gather data on consumer and user behavior, which we then analyse and share with our clients.
The cookie remains on your device for one year unless you manually delete it. Its purpose is to enable our website to recognise your browser during subsequent visits via an anonymised session ID.
Managing Cookies and Your Preferences
Understanding and managing the cookies saved in your browser is crucial for maintaining control over your personal data. Each browser offers different methods for viewing, managing, and deleting cookies. Below are guides for some commonly used browsers:
Google Chrome: To view, enable, disable, or delete cookies in Chrome, go to Settings > Privacy and security > Cookies and other site data. You can choose to block third-party cookies, clear cookies when you close the browser, or block cookies entirely.
Mozilla Firefox: In Firefox, you can manage cookie settings by going to Options > Privacy & Security. Under the 'Cookies and Site Data' section, you have options to clear cookies, set exceptions for specific websites, and choose how cookies are handled.
Apple Safari: Safari users can manage cookies by going to Safari > Preferences > Privacy. Here, you can choose to block all cookies, see which websites have stored cookies, and remove individual or all cookies.
Microsoft Edge: In Edge, cookies can be managed by navigating to Settings > Site permissions > Cookies and site data. Here, you can allow or block cookies, set specific rules for sites, and clear cookies.
Impact of Disabling Cookies
Please be aware that setting up your browser to block or alert you about cookies may affect your browsing experience. Some website features and services may not function properly without cookies. For instance, you might not be able to log in to certain sites, or preferences saved on websites might be lost. We recommend that you review your cookie settings periodically to ensure they align with your privacy preferences and browsing needs.
Purpose: This cookie stores an anonymised session ID (UUID) to identify returning visitors across multiple page views. It does not contain any personally identifiable information. The cookie itself is essential for the basic functionality of the web application; when you actively consent to statistics tracking, the same session ID is also used to associate anonymised analytical data with your session (see the Layer 2 sections below).
Consent: The cookie itself is strictly necessary and set on the legal basis of Art. 6(1)(f) GDPR — no consent is required for it, and it is set before any consent choice can be recorded (since it is the mechanism that stores your preferences). The session ID inside the cookie may additionally be used for analytics — that additional use requires your explicit consent under Art. 6(1)(a) GDPR and can be withdrawn at any time through the cookie settings on this page.
Additional data collected with consent to statistics
When you actively consent to "Cookies for statistics" in the cookie preferences, additional analytical data may be collected in connection with the webtool_user cookie. The specific data categories depend on which tracking layers have been activated for the campaign by the operator — please refer to the Layer 2 and Layer 2 (Location) sections below for the full list of data points. This data is linked to the anonymised session ID and used exclusively for analytical purposes. If you decline statistics tracking in the cookie preferences, no analytical data is collected.
Layer 1: this is only seen, when Layer 1 is activated.
Essential Cookie Functionality (Layer 1)
When only Layer 1 is activated for this campaign, Interactive Paper sets exclusively the essential webtool_user cookie described above. This cookie is strictly necessary for the basic technical operation of the web application: it stores an anonymised session ID (UUID) so that the application can recognise your browser across page views and so that your cookie preferences can be remembered.
At Layer 1, no analytical, behavioural, location or personalised tracking data is collected beyond the essential web server logs and the webtool_user cookie described in the sections above. The webtool_user cookie is set on the legal basis of Art. 6(1)(f) GDPR (legitimate interest in the basic technical operation of the service); no separate consent is required for it.
If analytical tracking, statistics, location enrichment or personalised features are required, the campaign operator must activate the corresponding higher layers (Layer 2 or Layer 3), and your explicit consent must be obtained through the cookie preferences.
Layer 2: this is only seen, when Layer 2 is activated.
Click Behavior, Web Application Data and User Session Analysis (Layer 2)
When Layer 2 is activated for this campaign and you actively consent to "Cookies for statistics" in the cookie preferences, we collect anonymised analytical data linked to the session ID stored in the webtool_user cookie. The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time through the cookie settings on this page.
The following categories of data are collected:
Click behavior and device data
User actions on different page elements, time duration spent on each page, frequency of visits to specific pages, language settings of the web browser used, device type, brand and model, as well as operating system and browser family.
User session data
The frequency of your visits to our pages, the duration of your stay on each page, and how your click behavior correlates with your user session.
Web application interaction data
We additionally gather data from the web applications accessed through Interactive Paper:
Quiz: This tool displays questions and provides personalised results based on your responses. We record the number of times each question is clicked and the tally of obtained results.
Survey: This application presents questions leading to custom results tailored to your responses. We track the number of clicks per question and the count of results.
Tile Menu: This feature displays various clickable tiles. We collect data on the frequency of tile clicks and the time spent on each tile.
Video: This webtool plays video content. We record which segments of the video were watched (start and end times per segment) and the total watch time.
All of this data is linked to your anonymised session ID and used solely for analytical purposes to improve the user experience. If you decline statistics tracking in the cookie preferences, none of this data is collected.
Layer 2 (Location): this is only seen, when Layer 2 (location tracking) is activated.
Location Tracking (Layer 2 — Location)
If location tracking is enabled for the respective campaign and you have consented to "Cookies for statistics", we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The data processing is carried out server-side — no Google Analytics tracking scripts are loaded in your browser and no additional cookies are set by Google. We use the Google Analytics Data API to enrich the anonymised usage data collected via the webtool_user cookie with geolocation information. The following data is determined and stored based on your anonymised session ID:
Country
City
Region
Continent
This geolocation data is processed exclusively for analytical purposes to provide aggregated location-based usage statistics. It is not used to identify individual users. Google processes data on our behalf and is contractually obligated not to use the data for its own purposes. Data may be transferred to Google servers in the USA. The legal basis for this international data transfer is Art. 46(2)(c) GDPR (EU Standard Contractual Clauses, Commission Implementing Decision 2021/914/EU), supplemented by your explicit consent pursuant to Art. 6(1)(a) GDPR. You can find more information about data protection at Google at https://policies.google.com/privacy. If you do not consent to statistics tracking in the cookie preferences, no data will be transmitted to Google Analytics and no geolocation data will be collected.
Layer 3: this is only seen, when Layer 3 is activated.
Collection and Processing of Personal Data (Layer 3)
We collect personal data only with your consent, which is indicated when you accept this policy. You can manage your preferences regarding 'Usage Data and Personalised Tracking' through the cookie settings on our website. Additionally, you have the option to delete all data associated with you and your user ID by using the 'Delete my data' feature at the bottom of our page.
Personal Data Submission
When you provide personal data on our website — for example your name, email address, postal address, or other details via forms — we treat this information with utmost confidentiality. In some campaigns, Interactive Paper materials are personalised: the unique QR code or NFC link printed on your individual mailing carries a parameter that identifies you to the campaign operator. In such personalised campaigns, your interaction data is associated with your name once you accept the Cookie & Privacy Policy.
Use of Personal Data
The personal data you submit is used for the specific purposes outlined at the time of collection, such as responding to inquiries, processing your requests, or for service-related communications. We also record IP addresses for security and functional improvement of our website, treating them with the same level of confidentiality as other personal data.
Disclosure to Third Parties
In a Layer 3 personalised campaign, the campaign operator who commissioned the campaign receives the personal data you have provided, linked to your interaction history — see the 'Third-Party Access Details' section below for the full scope. Beyond this disclosure, we do not share your personal data with other third parties unless you give your explicit consent (for example, when participating in a third-party sweepstake on our site).
Data Collection and Legal Basis
'Personal data' under GDPR refers to any information that can identify and be traced back to you. In a Layer 3 campaign, the personal data you submit (via forms or via a personalised campaign URL) constitutes such identifying information. We process this data exclusively on the legal basis of your explicit consent pursuant to Art. 6(1)(a) GDPR, which you provide when accepting this Cookie & Privacy Policy. You retain full control: you can withdraw your consent at any time and request deletion of all data linked to you via the 'Delete my data' feature on this page.
Individual Tracking and Use of Personal Data
Where Layer 3 is active, the analytical data already described in the Layer 2 sections (click behaviour, device data, session data, web application interactions, and where applicable location data) is additionally linked to the personal data you have provided — for example your name supplied via a contact form or via a personalised campaign URL. This allows the campaign operator to see how individually identified recipients have engaged with the campaign. We work with third-party service providers under strict contractual obligations to ensure the confidentiality and security of your data, and we process this data only on the legal basis of your explicit consent pursuant to Art. 6(1)(a) GDPR.
Right to Withdraw Consent
Where our processing of your data is based on your consent (in particular: statistics tracking, location enrichment, and the collection of personal data described in the Layer 2 and Layer 3 sections), you have the right to withdraw your consent at any time pursuant to Art. 7(3) GDPR. The simplest way is to use the cookie settings on this page. Alternatively, you can email us at office@interactivepaper.com. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Details on Data Retention Periods
Data is retained only as long as necessary for the purpose for which it was collected. The specific retention periods are: web server log files — 2 weeks; the webtool_user cookie — 1 year (or until you delete it from your browser); analytical data linked to anonymised session IDs (Layer 2 and Layer 2 (Location)) — maximum 2 years; personal data submitted via forms or via personalised campaign URLs (Layer 3) — until you request deletion or until the legal basis for processing ceases, whichever comes first. After the applicable retention period, data is permanently deleted from our systems, in line with the data minimisation principle of Art. 5(1)(c) GDPR.
Updates and Changes to the Policy
Our privacy policy may be subject to updates or changes to reflect new legal requirements, technological advancements, or changes in our data processing practices. To ensure that you are always aware of the most current version of our privacy policy, we will notify you of any significant updates or changes.
Upon any significant update or change to our privacy policy, you will be promptly informed via the reappearance of the cookie consent window during your next visit to our website. This method ensures that you are immediately aware of any changes and can review the updated policy.
Data Transmission Security Caution
We wish to highlight that transmitting personal information via email is not without risks. The secure transmission and protection of your data sent through email cannot be guaranteed by us. Therefore, we strongly advise against the transmission of confidential information via unsecured email channels.
Third-Party Access Details
Our clients (the campaign operators who commission Interactive Paper campaigns) receive access to campaign data via the Interactive Paper management platform. By default this consists of aggregated, anonymised analytics — for example total visits, engagement metrics, and geolocation breakdowns at city or country level. Where Layer 3 (lead tracking) is active, clients additionally receive the personal data you have explicitly provided, linked to your interaction history. Client access is governed by Data Processing Agreements (DPAs) pursuant to Art. 28 GDPR; clients are bound by confidentiality obligations and may use the data only for the campaign purposes you have consented to.
Data Deletion
You can request the deletion of your data unless it conflicts with our legal data retention obligations. Data that is no longer necessary for its initial purpose and not subject to legal retention will be deleted. If data cannot be deleted due to legal requirements, its processing will be restricted, meaning the data will be blocked and not used for other purposes.
Right of objection
You have the right to object to the processing of your personal data at any time. If you seek to correct, block, delete, or acquire information about your personal data, have questions about data collection, processing, or use, or wish to withdraw consent, please contact us at office@interactivepaper.com or use the deletion button provided on our website.