General Terms & Conditions and Privacy Policy
General Terms & Conditions
General Terms and Conditions of Paperfold, LF 1/22, South S. K. Puri, Boring Road, Patna 800 001,
Tel.: + 91 (0) 84099 05747, Fax.: +91 (0), Email: legaldesk@paperfold.co
Effective as of November 2023
Clause 1: Applicability, conclusion of contract
(1) Paperfold, doing business at LF 1/22, South S. K. Puri, Boring Road, Patna 800 001, (referred to hereinbelow as “Provider”) offers services in particular via its Online Shop at https://paperfold.co and via the customer portal integrated in the Online Shop (referred to as both the Online Shop and the customer portal hereinbelow as “Online Shop”).
(2) The present General Terms and Conditions (referred to hereinbelow as “GTCs”) apply to all contracts concluded between the Provider and the customer via the Online Shop as well as to all contracts for which the applicability of these GTCs has been agreed between the parties otherwise than via the Online Shop.
(3) Any deviating, contravening or supplemental terms and conditions of a customer will not become a component part of the contract unless this has been expressly agreed in writing. The same will apply even if service is rendered in the knowledge that this contravenes the corresponding GTCs in place with the customer.
(4) Individual Agreements made between the Provider and the Customer, e.g. during the order process, precede over these GTCs in the area of the respective individually agreed contractual condition (see; (Indian Contract Act, 1872 )) and are supplemented by these GTCs.
(5) The range of services on offer in the Online Shop is intended for consumers and businesses, unless specified otherwise in the Online Shop. A “consumer” means every natural person who enters into a legal transaction for purposes that predominantly are outside his or her trade, business or profession. A “business“ means a natural or legal person or a partnership with legal personality who or which, when entering into a legal transaction, acts in exercise of his or its trade, business or profession.
(6) If the customer is a business, the following applies: The present GTCs will also apply to any future contractual relations between the Provider and the customer, even if no separate, renewed reference to the GTCs has explicitly been made.
(7) By clicking on the button “Order/Subscribe & Pay” in the Online Shop, the customer makes a binding offer to purchase. Directly after having made said offer to purchase, the customer will receive an email confirming receipt of the order. The order confirmation does not yet constitute acceptance of the offer to purchase, however. Rather, the contract will not come into being until the customer receives another email containing access data for the service ordered.
(8) Contracts are concluded in the English and Hindi language. In case of ambiguities, the English-language version of the contract will take precedence.
(9) The contractual provisions agreed will be stored by the Provider.
(10) The Provider reserves the right to amend the present GTCs insofar as required in order to adapt them to changed legal or technical framework conditions. The Provider will notify the customer of such amendments via email, whereby the amended passages will be highlighted. All amendments will be considered approved unless the customer lodges an objection in text form within six weeks of receiving notice of the amendments. Along with the notification of amendments made, the Provider will also supply the customer with separate instructions on the right to lodge an objection and on the legal consequences of remaining silent.
Clause 2: Services of the Provider
(1) The scope of the Provider’s main service obligations results from the service description in the Online Shop.
(2) The customer may select among the server locations shown in the Online Shop or leave the selection up to the Provider. If the server location “The Republic of India” is not the one selected, then the customer will have the option to agree to Indian Standard Contractual Clauses with the Provider, along with an agreement on data processing as per the Digital Personal Data Privacy Act, 2023.
(3) Unless expressly agreed otherwise, the Provider is entitled to also have the services that it owes under the contract delivered by technically qualified in-house personnel and/or by third parties. Insofar as active cooperation by the customer is required – e.g. when a webspace package or other data stored on the Provider’s servers is to be transferred onto a different server – the customer must cooperate in keeping with the Provider’s instructions within a reasonable, pre-specified deadline.
(4) The Provider is free to duly adapt its services so as to reflect technical advances and/or a changed legal environment, which may occur at any time, provided this does not cause a shortfall in the agreed scope and quality of the contractually owed service. This includes outsourcing the services to another data center within the server location selected by the customer or – if the selection has been left up to the Provider – to some other server location operated by the Provider.
(5) If the agreed contractual service also includes the provision of Dedicated Servers and Paperfold Cloud Security & Monitoring Services, including the Material or Physical Properties installed at the consumers premises, then the customer will only be entitled to use a device or appliance having the features listed in the product category ordered. The Provider will determine, at its free discretion, the specific hardware and the features of the product category ordered. Insofar as the customer is to be provided with one or more fixed IP addresses in the context of Dedicated Servers, the Provider reserves the right to modify the IP address or addresses, made available to the customer if this becomes necessary for technical or legal reasons. The Provider will notify the customer about any such changes, and specifically about any modifications made to the IP addresses.
(6) The Provider is under obligation to back up data only if and insofar as this is expressly stipulated in the service description of the services offered.
(7) If the Provider delivers additional services without charging a corresponding remuneration, then the customer has no claim to such services. The Provider is entitled to cease providing any such services previously provided at no charge, to modify them or to make them subject to charge following a reasonable period. The Provider will give the customer timely advance notice about any such cessation, modification or subjection to charge.
(8) The Provider’s obligation to render technical support to the customer is limited to what has been contractually agreed. The Provider does not offer any further going, free-of-charge support services to the customer. The Provider does not provide any direct support to customers of the customer, unless specifically agreed otherwise in writing.
Clause 3: Duties of the customer
(1) Upon conclusion of contract, the customer is to notify the Provider of the following data:
Name and postal address, email address, and telephone number of the customer, whether the customer qualifies as a consumer or a business; the GST/VAT ID number (if existing); the name of the contact person (for a business).
Name, postal address, email address, telephone and fax number of the technical contact person for each domain ordered.
The name, postal address, email address, telephone and fax number of the administrative contact person for each domain ordered.
Also, if the customer provides own name servers: the IP addresses of the primary and secondary name servers, including the names of said servers.
(2) The customer warrants that the data communicated to the Provider are correct and complete. This particularly applies to the declaration regarding the customer’s status as a consumer or a business.
(3) The customer enters into obligation to notify the Provider without undue delay of any changes in the data communicated, and to confirm said data within seven (7) days of receiving a legitimate and justified data-related enquiry from the Provider.
(4) The Provider is entitled, to require the Customer at its own discretion to provide special evidence/important data, especially but not limited to when there is reasonable suspicion to doubt the Customer’s identity.
(5) The Provider reserves the right not to conclude contracts with Customers from the following countries and territories: North Korea, Russia, Syria, Sudan, Iran, Cuba, and the so called People’s Republics of Donetsk and Luhansk and Crimea. The Customer undertakes not to use the Provider’s services, neither directly nor indirectly, if the Customer is located in these countries or territories. Furthermore, the Customer undertakes not to distribute the Provider’s services to third parties from the above-mentioned countries or territories.
The Provider expressly points out that a violation of this undertaking could trigger legal consequences such as claims to compensation for damages and/or the exercise of special termination rights to which the Provider is entitled within the meaning of Clause 5 (3) of these GTCs.
The Provider reserves the right to adjust the list of countries and territories mentioned above at its own discretion as a result of changes in factual and political circumstances. The Provider will inform the affected customers of any adjustment with reasonable notice in advance. The Provider reserves the right for the subsequently included countries and territories not to conclude contracts with customers originating from there. The obligations and legal consequences stipulated in these GTCs, such as, in particular but not limited to, claims for compensation and the Provider’s special termination rights, also apply to customers form countries and territories subsequently included.
(6) The Provider will perform an ongoing sanctions-list-screening based on the data communicated by the Customer to ensure that the Customer is not subject to applicable government sanctions. A Customer is affected by applicable government sanctions within the meaning of this provision if the Provider cannot reliably ensure that the Customer is not a natural person or company that is listed on so-called sanctions lists and is thus subject of applicable government sanctions.
In this context, the Provider reserves the right not to conclude contracts with customers affected by government sanctions.
(7) The customer is under obligation to properly back up the relevant data on a regular basis. This also applies if the customer has agreed special backup measures with the Provider.
(8) The Provider expressly points out that the obligations set forth in these GTC are subject to legal consequences, such as claims for compensation for damages and/or the Provider reserves the right to exercise the special termination rights to which he is entitled within the meaning of Clause 5 (3) of these GTC.
Clause 4: Payment terms
(1) The due dates for remuneration amounts will depend on the service in question and on the respective contractual term. If the customer selects a contractual term of one month for the services, then the total price will fall due immediately. If a contractual term of committed usage of twelve months or more is selected, then the payments will follow an upfront cost along with the installment schedule specified during the ordering process. The upfront cost and first installment payment will fall due immediately. Each of the subsequent installment payments will fall due on the first of the respective month. In the case of domain and webspace packages, the total price will fall due immediately. If the customer’s place of regular abode is located outside India, then payment for all the services of the Provider will fall due immediately.
(2) The customer may elect to render payment via bank transfer, credit card, PayPal or Vouchers. For payments within India, the customer may also make use of the NACH Mandate direct-debit procedure. However, the direct-debit procedure may not be used for the first payment by a customer who has not previously ordered services via the Online Shop.
(3) Payment may be made in any of the currencies indicated in the Online Shop. The customer is not entitled to change the currency selected at commencement of contract during the contractual term.
(4) Except in the case of bank transfers, the amount owed will be debited against the selected means of payment on the applicable due date.
(5) The Provider will credit any monetary reimbursements owed towards the same account or means of payment that was used by the customer. If repayments of money would violate applicable law, repayment is excluded. This is particularly the case if the customer originates from one of the countries and territories defined in these GTC 3 (5) or if the customer is subject to applicable government sanctions as defined in these GTC 3 (6).
(6) For purposes of NACH Mandate direct-debit procedures, the customer consents to having the pre-notification period shortened to one day.
(7) The Provider may make its contractual service contingent on payment in full of the total price or, if instalment payments have been agreed, on payment of the first instalment.
(8) Insofar as the Provider has been commissioned by the customer to render services that go beyond the tasks and duties set out in the present GTCs and in the service description (e.g. software configurations, correction of bugs or problems not caused by the Provider, etc.) the Provider will be entitled to appropriate remuneration calculated in the individual case.
(9) The provider may adjust the prices at any time in line with market developments. A price increase generally requires the consent of the customer. However, in the event of price increases within the scope of contractual relationships with the Provider, the Customer shall have a special right of termination, which the Customer must exercise within a reasonable period of time specified by the Provider in the individual case after receiving the price increase notification. The consent by the Customer to the price increase is considered granted if he does not exercise his special right of termination within the aforementioned period. The price changes shall then become an effective part of the contract at the announced time.
(10) In the event of a change in the statutory Goods & Services Tax, respectively in its method of calculation, the Provider will be entitled to adjust its remuneration amounts accordingly.
(11) In the event of rejected direct debits or payment chargebacks for which the customer is responsible, the Provider will charge a penalty fee in accordance with the actual incurred costs, unless the customer can demonstrate that the actual damage incurred was either non-existent or significantly lower than claimed.
(12) If the customer defaults on a payment, the Provider will have the right to suspend the contract for services until the amount in arrears has been paid. The suspension will also entitle the Provider to re-allocate any services that are cost-intensive for the Provider and that were in use up to that point by the defaulting customer. In this event, a loss of data cannot be ruled out, for example when a server is re-assigned to new customers. If a server, respectively webspace package, is re-activated, a re-activation fee appropriate to the individual case will fall due.
(13) The Provider is entitled to request a CIBIL report on the customer’s identity & address if and for as long as the customer defaults on a greater than negligible amount and if the customer has failed to notify the Provider of a change in address in breach of the customer’s obligations to cooperate pursuant to Clause 3 of the present GTCs, or if justified doubts arise as to the customer’s creditworthiness. In such cases, the customer will be charged the costs which the Provider incurs for each justifiably requested CIBIL report on the customer’s identity & address. However, the customer will not be responsible for these costs, respectively for their full amount, if the customer can demonstrate that the actual damage incurred by the provider was non-existent or significantly lower than the cost amount claimed.
(14) If a contract concluded with the customer does not entail any obligation to make advance payment or insofar as the Provider renders other, for-charge services not covered by the foregoing provisions, then all remuneration amounts (plus taxes at the statutory rate) will fall due without deduction according to the terms of payment on the invoice.
Clause 5: Contractual term, withdrawal and termination
(1) Insofar as no deviating provisions have been agreed, all contracts concluded between the customer and the Provider will have an initial term of either periods of one month, three months, six months, twelve months or committed usage of more than twelve months or the period for delivery and completion of products & services offered according to their nature mentioned in the description, depending on which product and/or service and term the customer selects. Notwithstanding the foregoing, the initial term for the order of a domain and DNS package invariably will be 12 months. The initial term will commence once the access data for the selected service are made available. The contractual term will be extended by an additional period equivalent to the one selected for the initial term (“Extension Period”), so long as neither party has declared termination observing a notice period of four weeks until the end of the initial term or of an Extension Period. In the current month, notice of termination can be given at the end of the month at the earliest.
(2) The customer must declare termination by way of the customer-account login (https://iam.paperfold.co) or by means of a text-form declaration (e.g. via fax or email).
(3) Each party reserves the right to terminate for good cause (without having to observe a notice period). Good cause particularly is considered given if the customer, despite having received a payment reminder, remains in default of a cardinal payment obligation or in culpable breach of the provisions of these terms and conditions, especially but not limited to the obligations mentioned under Clauses 3, 4, 6, 7 and/or 9.
The Provider reserves the right of termination (without notice period) for cause, in particular for the following violations of Clause 3 of these GTCs:
The Provider becomes aware or has reasonable suspicion that the Customer originates from one of the countries or territories mentioned in Clause 3 (5) of these GTCs and uses services of the Provider directly or indirectly;
The Provider becomes aware or has reasonable suspicion that the Customer is reselling the Provider’s services to the countries and territories listed in Clause 3 (5) of these GTCs;
The Provider becomes aware of or has reasonable suspicion that the Customer is subject to government sanctions as defined in Clause 3 (6) of these GTCs. For the avoidance of doubt, the Parties agree that the Provider shall have the right to terminate the Agreement for cause in cases where the Customer (a) is already affected by governmental sanctions within the meaning of Clause 3 (6) of these GTCs at the time of the conclusion of the agreement but the Provider becomes aware of this later on or (b) gets affected by governmental sanctions within the meaning of Clause 3 (6) of these GTCs after the conclusion of the Agreement due to a change in the Customer’s status or due to a change in the applicable governmental sanctions.
(4) Termination of the contracts concluded between the Provider and the customer will not have any effect on the registration of an internet domain or on the corresponding agreement concluded with the registration organization. Insofar as the customer wishes to terminate the registration agreement, the customer must make an express declaration to this effect vis-à-vis the Provider (see Clause 8).
(5) Consumers have the right to withdraw from their declared intention to enter into a contract within fourteen (14) days without having to state grounds. You will find additional details on your right of withdrawal here: https://www.paperfold.co/terms-of-withdrawal-from-service/. The right of withdrawal does not apply for businesses.
Clause 6: Rights of third parties
(1) The customer expressly warrants that the provision or publication of the contents which the customer uploads and/or of the websites which are created on the customer’s behalf by the Provider in accordance with the customer’s instructions do not contravene Indian law or any potentially deviating laws of the country in which the customer’s registered seat is located, particularly including copyright laws, data protection laws, and the laws governing unfair competition. The customer furthermore warrants that the content provided or published does not violate public morals, does not contain any pornographic or obscene materials, does not incite racial hatred, does not infringe upon human dignity, does not endanger children or adolescents, and is not insulting or discriminatory. This also applies to third party websites to which the customer installs a link, has a link installed or tolerates a link.
(2) If the Provider receives a complaint from a third party alleging that content on a customer’s website infringes on the rights of said third party, and if the complaint is sufficiently specific to allow the alleged infringement to be confirmed solely on the basis of the third party’s allegations– i.e. without a thorough legal and factual evaluation – then the Provider will forward the third-party complaint without undue delay to the customer, who is to provide a statement of position. The Provider will grant the customer a reasonable deadline for stating such position. If no statement of position is made within this deadline, the Provider will be entitled to assume that the third-party complaint has merit and will be entitled to delete the content giving rise to the complaint, block web space packages or server or to exclude them from access in any other appropriate way. If the customer calls the merits of the complaint into question in substantiated manner and if this gives rise to justified doubts, then the Provider will inform the third party accordingly and, if the Provider considers this appropriate, will request evidence to prove the alleged infringement of rights. If the third party fails to take a position in response or if the third party fails to produce any required evidence, then the Provider will assume that the third-party complaint is without merit. If the third party issues a statement of position which shows an infringement of its rights or if the third party provides evidence to such infringement, also taking account any exculpatory statements of the customer, then the Provider will be entitled to delete the content giving rise to the complaint, block web space packages or server or to exclude them from access in any other appropriate way. The customer’s payment obligations remain unaffected in this case.
(3) The foregoing paragraphs apply accordingly to all other services offered by the Provider and that enable the customer to publish data of whatever kind.
Clause 7: Industrial property rights; copyrights
(1) It is expressly agreed that all rights to the services of the Provider rendered during the contractual term, namely software, know-how, trademarks or other protected rights will be retained in full by the Provider. In the course of the contractual term, the customer enjoys a non-exclusive, non-transferrable, non-sublicensable usage right to the contractually agreed services. This also applies in the event that customer-specific customizations have been made.
(2) Insofar as contractually agreed services can be used only subject to the industrial property rights or copyrights of third parties, the relevant third-party terms and conditions will invariably have supplemental effect. This also applies to open-source software, whose terms and conditions will be communicated to the customer by the Provider upon request.
Clause 8: Internet domains
(1) Insofar the scope of the services of the Provider encompasses the procurement or administration of an internet domain, the Provider merely serves as intermediary vis-à-vis the respective organization responsible for issuing the domain (“Registration Organization”). From such contracts between the customer and the Registration Organization only the customer is entitled and obliged. In such case, all terms & conditions in place with the respective Registration Organization likewise will become a component part of the contract without the need to conclude a separate agreement.
(2) The Provider has no influence on the domain-issuing process. Thus, the Provider in no way is able to warrant that the domains requested on behalf of the customer and delegated to the customer will be free of third-party rights, that they will be unique, or that they will exist in a sustained fashion. This also applies to subdomains issued under the Provider’s domain.
(3) If the customer is called upon to surrender an internet domain by a third party because it allegedly infringes third-party rights, then the customer must notify the Provider without undue delay. In such case, the Provider will be entitled to surrender the internet domain on behalf of the customer if the demand for surrender is justified.
(4) If the customer wishes to terminate the registration agreement for a domain, the customer must notify the Provider in text form at least three months before the registration agreement’s expiry. Failure to so give notice will mean that the registration agreement continues in effect in keeping with the regulations of the Registration Organization.
(5) If the contractual relationship with the Provider is terminated on whatever grounds, the customer will be under obligation to effect a domain changeover in a timely manner. If this is not done, the Provider will be free to transfer administration of the domain to the Registration Organization, assuming it agrees; alternatively, the Provider may ask the customer for a statement of position on the matter and, if no such statement is received, may release the domain.
Clause 9: Unauthorized forms of use
(1) Unless otherwise agreed, the following types of content or the performance of the following actions are expressly prohibited:
Spamming mails or webpages that are associated with any type of spamming;
IRCd, the service for Internet Relay Chat and/or Internet Calling and/or VOIP, the service for voice over ip address.
Any scripts and programs that could potentially impair and/or disrupt the function of the server or other services located within the Provider’s network or on the internet.
Any scripts and programs that could potentially extensively wear and/or tear Provider’s hardware or bandwidth.
The Provider is entitled, at its own discretion, to define certain regulations and limit values, the violation or exceeding of which generally assumes to be a violation of the above-mentioned principles. It is up to the customer to provide corresponding proof that a violation of the above mentioned principles does not exist despite the violation of certain regulations or exceeding of certain limit values.
(2) The following applies to webspace packages in particular: The customer will be under obligation to structure the internet website so as to prevent overloading of the server, e.g. by CGI scripts/PHPs scripts, which require extensive computing power and a disproportionate volume of working memory. “Overloading” means usage of the aforementioned resources that is so intensive as to cause a noticeable and significant disruption, or even breakdown, in the operations of a server of the Provider. The Provider will be entitled to limit correspondingly the resources for websites that do not fulfill the aforementioned requirements.
(3) If the customer breaches a provision of paragraphs 1 and/or 2 the Provider will be entitled to restrict the webspace package/the server/devices/appliances, in its use and/or immediately impose a block on the webspace package /the server/devices/appliances, until the breach of paragraph 1 and/or 2 is remedied. This will also be possible if the webpages/servers/devices/appliances of the customer clearly impair the functionality or accessibility of other webpages on the server (in the case of webspace packages) or of other servers/devices/appliances within the Provider’s network. The customer will be notified of the imposition of such a block.
(4) The Provider is entitled to immediately block any webspace packages, servers, devices and appliances that are being used to operate the “TOR” service, insofar as the Provider has become aware that the server or package is being used unlawfully.
(5) In the event a justified block is imposed, responsibility for any resulting breach of contractual obligations will lie not with the Provider but exclusively with the customer. The Provider’s claim to receive remuneration will invariably continue in effect during the full remainder of the contractual term.
Clause 10: Server administration
(1) The Provider grants the customer full and exclusive administration rights for the server made available to the customer. Only the customer has access to the server’s individual administration password. The Provider has no access to the password and thus is unable to administer the customer’s server. This means that the customer is solely and exclusively responsible for administering and securing the server at the customer’s own risk and expense. It is incumbent on the customer to install the required security software and to remain regularly updated on newly discovered security gaps and to independently close such gaps. Installing the maintenance programs or other software that the Provider recommends or makes available will not release the customer from this obligation. The customer also is under obligation to configure the programs used by the customer such that they boot up automatically whenever the hardware or the operating system is started. Clause 2 paragraph 5 applies correspondingly.
(2) Insofar as necessary and reasonable, the customer will assist with configuration modifications, e.g. by re-inputting access data or through simple adaptations of the customer’s systems.
Clause 11: Performance undertakings
(1) The Provider will ensure that the physical connectivity of the object storage infrastructure, webspace packages, dedicated servers, virtual dedicated server, VPS, devices and appliances is available at an annual average rate of 95%. This will not include periods in which the servers are unavailable online due to technical reasons or other problems that lie outside the Provider’s sphere of influence (force majeure, culpable conduct on the part of third parties or the customer, etc.), nor periods in which the Provider performs necessary maintenance work after giving timely advance notice.
(2) The servers and storage infrastructure located in the Provider’s data centers and the servers, storage infrastructure, devices and appliances provided to the customer (when services require as such), located at customers premises, for rendering the services are connected to the internet via a complex network infrastructure. The data traffic is channeled through various active and passive network and computing components (e.g. routers, switches, antennas), each of which permit only a fixed maximum data-throughput rate. This means that data-traffic capacities for individual servers or parts of the storage infrastructure may be limited at certain points and may not conform to the notional maximum bandwidth at the switch port and at consumers location. Unless expressly agreed otherwise, the Provider cannot guarantee the level/volume of the bandwidth that will actually be available for an individual server or parts of the storage infrastructure, but will instead make bandwidth available in accordance with the technical performance capacity of the data center and at the location of customers premise, while making due allowance for the performance obligations owed to other customers.
(3) Customers are able to use the Provider’s products and services for a large and non-determinable number of different applications while deploying various software programs for this purpose at their free discretion. This gives rise to many millions of possible configurations for the servers. The multiplicity of these possibilities makes it impossible for the Provider to guarantee the product’s and service’s serviceability or compatibility for specific forms of usage.
Clause 12: Data protection
(1) The Provider renders its services in compliance with Indian Data Protection Laws (The Information Technology Act, 2000), (The Digital Personal Data Protection Act, 2023), (The Telecom Regulatory Authority of India Act, 1997), which aligns with laws of other countries or union like, EU Regulation 2016/679 (General Data Protection Regulation).
(2) The Provider is free to process personal data relating to the customer without any further-reaching consent, insofar as this is required to establish and implement the contract or for billing purposes. For additional details, please see the Provider’s Data Privacy Policy: https://www.paperfold.co/paperfold-gtc-and-privacy-policy/#privacy-gtc .
(3) Insofar as the customer also wishes to process personal data in conjunction with the services of the Provider, the customer will remain the sole “Data Fiduciary” and/or “Data Principal” enabled by the “Consent Manager” within the meaning of data-protection laws, (Customer, referred to hereinbelow as “controller”). The Provider will process the personal data as a “Data Processor” (referred to hereinbelow as “processor”), acting for a controller within the meaning of Chapter 1, Article 2 (k) of The Digital Personal Data Protection Act, 2023 (DPDP), insofar as an agreement on data processing on behalf a controller is concluded. The customer is hereby advised that the Provider essentially has no way of determining whether or not the customer is even processing the personal data of third parties, or which categories of personal data of data subjects, if any, are being processed, or the manner or purpose of such processing. Thus, the customer is under obligation to give the Provider the required information regarding such data processing. The Provider will offer the customer the opportunity, via the customer portal, to conclude an “agreement on data processing on behalf of a controller,” if appropriate supplemented by Indian Standard Contractual Clauses for countries other than India, if the server location selected is in a state that is not in India. So long as the customer has not sent the Provider, via the customer portal, an “agreement on data processing on behalf of a controller” containing the necessary information, the Provider will assume that the customer is not processing any third-party personal data in conjunction with the Provider’s services. In such case, the Provider will not take any measures on the basis of data protection law.
(4) The Provider hereby expressly advises the customer that, given the current state of technology, it is impossible to fully guarantee data protection for data transfers performed via open networks like the internet. The customer is hereby advised that, depending on the ordered hosting service, the Provider has the technical means to at any time inspect the data that the customer has stored on the server, insofar as the customer does not use a secure data-encryption system. Other users of the internet may also be able, under certain circumstances, to circumvent network security in unauthorized fashion and to control message traffic, insofar as the customer does not transfer data in a securely encrypted manner.
Clause 13: Liability, limitation of liability, force majeure
(1) The Provider will be liable in keeping with the applicable statutory provisions for any damage caused by willful or grossly negligent conduct on the part of the Provider or of its vicarious agents.
(2) In cases of simple negligence, the Provider will be liable for the following:
(a) Injury to life, limb or health; and
(b) Damage resulting from a breach of a cardinal contractual obligation, but only in an amount limited to the damage that was foreseeable and typical for the type of contract involved. Cardinal contractual obligations are ones the fulfillment of which is indispensable to the proper fulfillment of a contract and which can normally be expected in good faith by the customer.
(3) The limitations of liability set forth under paragraph 2 above will not apply insofar as the Provider has fraudulently concealed a defect or has assumed a guarantee for claims under The Indian Contract Act, 1872, The Sale of Goods Act, 1930, or for breaches against The Digital Personal Data Protection Act, 2023.
(4) The regulations of the Digital Personal Data Protection Act, 2023 will remain unaffected, insofar as the matter falls within the Act’s scope of application.
(5) If the Provider is prevented from rendering its contractual services due to force majeure (i.e. events that lie beyond the control of either party, such as wars, uprisings, (terrorist) attacks, epidemics, natural disasters or strikes), then the Provider will be released from its service obligations for the duration of the force majeure and the customer will be released from the obligation to render counter-performance. The contractual term will be extended by the period of interruption caused by the force majeure. If the force majeure is expected to last longer than three months, then either party may terminate the contract.
Clause 14: Release from liability
For purposes of the relationship with the Provider, the customer undertakes to release the Provider from liability of any third-party claims resulting from unlawful actions by the customer or due to substantive errors in the information provided by the customer. This applies particularly, but not limited to, to violations of copyright law, data-protection law, and competition law as well as to violations of the obligations set forth in Clauses 3, 6, 7, and 8 of the present GTCs. The Provider has no obligation to review the customer’s internet sites for potential violations of the law.
Clause 15: Applicable law, place of jurisdiction
(1) The laws of The Republic of India apply; the UN Convention on the International Sale of Goods (CISG) expressly is precluded. If the customer is a consumer, then any mandatorily applicable regulations of India will remain unaffected irrespective of their place of abode.
(2) If the customer is a merchant within the meaning of The Mercantile Law of India, if the customer is a legal entity under public law or if the customer is a special assets under public law, then the exclusive place of jurisdiction for any disputes arising from the contractual relationship will be the Provider’s registered seat. The same applies accordingly if the customer is a business. Any statutory provisions that take precedence, particularly those governing exclusive spheres of responsibility, will remain unaffected.
Clause 16: Final provisions
(1) All declarations on the part of the Provider may be forwarded to the customer electronically. This also applies to statements of account relevant to the contractual relationship.
(2) The customer may not offset own claims against the Provider unless these have been acknowledged or finally and conclusively affirmed by a court of law.
(3) The Provider has the right to name the customer as a reference customer and to list the customer as such, whereby this will not entail any obligation to pay remuneration to the customer.
(4) If one or more provisions of the present GTCs should be or become ineffective or unenforceable, then this will not affect the enforceability of the remaining provisions. In such case, the parties will agree on an amendment that corresponds to the purpose that was actually intended, also in economic terms. The same applies in the event of the present GTCs having remained silent on any given matter.
(5) The Indian Law offers a system for the out-of-court dispute resolution (ADR). We are neither obligated nor willing to participate in the out-of-court dispute-resolution procedure.
Clause 17: License terms for Microsoft products
(1) Insofar as the customer has selected a software product of the Microsoft company (e.g. Windows servers, SQL servers etc.) for installation on the customer’s server, the provisions of the so-called “Microsoft Service Provider Use Rights” (SPUR) as well as the so-called “End User License Terms” (EULT) – which apply to the Provider as part of the Microsoft “Service Provider License Agreement” – will have supplemental applicability insofar as the customer could influence their application, respectively could violate them by the use of the software. The customer agrees to comply with the corresponding provisions and will be responsible for ensuring their correct application. These provisions may restrict or prevent the serviceability on the Provider’s servers of Microsoft product licenses that the customer has obtained elsewhere.
(2) If a software product from the Microsoft company is ordered by the customer, then the Provider will make a corresponding license available on the basis of a Service Provider License Agreement so as to permit the customer to use the product on a monthly basis. This will restrict the permission to use the installed product, e.g. a delivered operating system, in certain aspects. In particular, it will prohibit the use of Microsoft products for which additional or other licenses are required pursuant to the SPUR or EULT. The customer enters into obligation to comply with these restrictions independently and assumes liability towards both the Provider and Microsoft for any wrongful usage.
Here you will find the relevant terms: https://www.paperfold.co/microsoft-terms-of-use/ .
Privacy Policy
1. General information
If you would like an introduction to the topic of data protection and the Digital Personal Data Protection Act, 2023, you may find further information on the website about the Indian Data Protection Regulations, available at https://www.paperfold.co/legality/#idpdp .
This privacy policy will provide you information on how we use your personal data.
2. Information regarding data processor, data fiduciary and data protection officer
2.1. Paperfold, LF 1/22, South S. K. Puri, Boring Road, Patna 800 001, is the ‘data processor’ and “data fiduciary” (for specific mentioned services opted by you) and as such responsible for the processing of your personal data. You can reach us for general questions either by phone at + 91 (0) 84099 05747 or by e-mail at info@paperfold.co. Further information may be found on our website at https://www.paperfold.co/faqsinfo/.
2.2. For questions on data protection or exercising your rights under data protection law (see Section 4), you may contact our data protection officer either by post at Paperfold, LF 1/22, South S. K. Puri, Boring Road, Patna 800 001 or by email at legaldesk@paperfold.co
3. Activities, in which we process your personal data
3.1. Visiting our website
If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows:
3.1.1. For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, screen resolution, the page or file accessed, as well as the access status (successful or error code) for each page view of all website visitors.
The processing is technically necessary to enable the use of our website (Chapter II, Article 7, of DPDP Act, 2023).
The data is deleted after the end of your visit to our website, unless specific data is further processed for one or more of the purposes described in this privacy notice.
3.1.2. For the purpose of detecting and blocking attacks on our website and the technical infrastructure (e.g. hacking, denial of service attack), we process personal data including identification data, connection data or localization data (including IP addresses).
This processing is necessary to pursue our legitimate interest to take protective measures against attacks (Chapter II, Article 7, of DPDP Act, 2023).
The personal data will be processed by Cloudflare Inc., 101 Townsend St San Francisco, CA 94107 under a data processing agreement (Chapter II, Article 8, Section 2 of DPDP Act, 2023).
3.1.3. The data is deleted no later than two (2) years after the end of your visit to our website, unless an attempted attack is detected. In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.
Visitors of our website have the right to object to the use of these cookies as described below in sect. 4.2.3.
3.1.4. For the purpose of providing our website we use various software and cloud platforms i.e. Google Cloud Platform, Amazon Web Services, Microsoft Azure, Oracle, etc., ( see; https://www.paperfold.co/legality/#dplist ) under a data processing agreement (Chapter II, Article 8, Section 2 of DPDP Act, 2023). Each visit to our website will be handled or delivered through platforms who processes information, which may include; IP addresses, system configuration information, and other information about traffic to and from our website, for the purpose of operating, maintaining and improving service. This data can help to detect new threats, identify malicious third parties, and provide more robust security protection.
The processing of this data is technically necessary to enable the use of our website (Chapter II, Article 8, Section 2 of DPDP Act, 2023).
3.1.5. We use cookies on our website. Cookies are small text files. They allow us to store specific visitor-related information in the context of the use of our website. You can find details of our cookie policy at: https://www.paperfold.co/cookie-policy/ .
3.2. Website Registration
a) For the purposes of providing you access to and use of the functionality of our website that requires registration, such as the user and customer portal or leaving comments on the website, we process the IP address, first name, last name, gender, postal address and country, email address, status as private individual or business representative, and in case of business registration also the trade-name of the business and tax ID number or similar business identification information.
This processing is necessary to enable the use of some functionality of our website (Chapter II, Article 7 and 8, of DPDP Act, 2023). For individuals who are not party to the contract, but represent a company, the legal basis is Chapter II, Article 7 and 8, of DPDP Act, 2023.
We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for identification and access to the functions of the website requiring registration.
Individuals representing a business have the right to object to data processing as described below in sect. 4.2.3.
b) For the purpose of verifying customer identity, we process the IP address, first name, last name, gender, postal address and country, email address, status as private individual or business representative, and in case of business registration also the trade-name of the business and tax ID number or similar business identification information.
This processing is necessary to ensure the identity of our customer and to enable the use of our website (Chapter II, Article 7 and 8, of DPDP Act, 2023). For individuals who are not party to the contract, but represent a company, the legal basis is Chapter II, Article 7 and 8, of DPDP Act, 2023.
We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for identification and access to the functions of the website requiring registration.
Individuals representing a business have the right to object to data processing as described below in sect. 4.2.3.
3.3. Website comment function
For the purpose of displaying the username together with a comment left on our website or the blog, as well as identifying the author of a comment in case of later complaints about the content of the comment, we process the IP-address of the machine used to send the comment, and if available the email-address and/or username of the author of the comment.
Registered users may subscribe to comment feeds, in which case we use the email-address to send new comments and responses by email.
The processing is necessary to pursue our legitimate interest to protect ourselves and our users from unlawful content on our website and enable a community environment by displaying the usernames (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We retain the IP-addresses, the email-address and/or username for as long as the comment is stored and visible on our website, or until the registered user has unsubscribed from the comment feed.
Authors of comments have the right to object to data processing as described below in sect. 4.2.3. This right may also be exercised by using the anonymous commenting function.
3.4. Email advertisement
For the purpose of processing email communication with customers about industry news and advertisement for our own products and services, such as information about promotions, new product launches and new offers, we process the email-address of our customers.
This processing is based on the customer’s consent (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We retain the email-address until consent is withdrawn. The processing of the email-address for this purpose is restricted after withdrawal of consent, and the email-address is deleted unless it is also processed for other purposes.
The customer has the right to withdraw consent as described below in sect. 4.2.4. Subscriber may also withdraw consent by unsubscribing from the mailing by using the “unsubscribe” link contained in every advertisement mailing.
3.5. Email newsletters
For the purpose of sending email newsletters with information about industry news and advertisement for our own products and services, such as information about promotions, new product launches and new offers, we process the email-address of the subscriber.
This processing is based on the subscriber’s consent (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We retain the email-address until consent is withdrawn. The processing of the email-address for this purpose is restricted after withdrawal of consent, and the email-address is deleted unless it is also processed for other purposes.
The subscriber has the right to withdraw consent as described below in sect. 4.2.4. Subscriber may also withdraw consent by unsubscribing from the newsletters by using the “unsubscribe” link contained in every newsletter mailing.
3.6 Application for job vacancy
By submitting an application on our recruiting page or to us via email, the applicant declares that he wishes to take up an employment with us. We process and store all personal data provided by the applicant exclusively for the purpose of the job search/application.
In particular the following data are collected: name (first and last name), address, e-mail address, telephone number, LinkedIn-Profile (optional), channel (how the applicant became aware of us).
You also have the option to upload documents such as cover letter, CV and references. These may include further personal data such as date of birth, address, etc.
If provided by the applicant, we also process special categories of personal data, for example information on handicaps, ethnic origin or biometric data (handwritten signature).
The processing of the aforementioned personal data is necessary as a pre-contractual measure. We use the provided personal data for the application process (assessment and qualification for the position). The processing is based on Chapter II, Article 7 (i), of DPDP Act, 2023.
Where special categories of data are provided voluntarily by the applicant, processing is based on Chapter III of DPDP Act, 2023. By providing the special categories of personal data concerned, the applicant consents to the processing.
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Paperfold, LF 1/22, South S. K. Puri, Boring Road, Patna 800 001), on various platforms which offers a human resource and applicant management software solution (/). In this context, Paperfold is the data processor under Chapter 1, Article 2 (k) of the DPDP Act, 2023. In this case, the processing is based on an agreement for the processing of orders by Paperfold as the data fiduciary under Chapter 1, Article 2 (i) of the DPDP Act, 2023.
The data contained in the application letter is made available to our HR-department and the decision makers for the respective job vacancy.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
We retain the data until six months after a decision on filling the job vacancy is communicated to the applicant. After this period we will delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
The applicant has the right to withdraw consent to processing of voluntarily provided special categories of data as described below in sect. 4.2.4.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
3.7 Talent pool
For possible consideration for future job vacancies, we process all personal data provided by applicants either for a job application (see above sect. 3.6) or as an unsolicited application (concerning the categories of data described above in sect. 3.6) to decide on whether to consider an applicant for any available job vacancies.
The processing is based on the applicant’s express consent (Chapter II, Article 7 (i), of DPDP Act, 2023).
We retain the data for 6 month or until consent is withdrawn, whichever is earlier. The application letter and the data contained therein is then erased, returned to the applicant or destroyed, unless the applicant has renewed consent (e.g. upon our request) or data is further processed for employment purposes.
The applicant has the right to withdraw consent to processing as described below in sect. 4.2.4
3.8. Order processing
For the purpose of processing customer orders of our products and services and commissioning the products and services for delivery, we process the personal data provided during website registration (see above sect. 3.2) and the status of the customer’s payments.
The processing is necessary to perform the contract with the customer (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We retain the personal data until after termination of all contracts with the customer. Then processing for this purpose is restricted. The data is deleted after all mandatory retention periods have expired.
3.9. Fraud prevention
For the purpose of protecting against attempts at payment fraud or misuse of our products and services for unlawful uses (e.g. spamming, hosting illegal content), we process the personal data provided during website registration (see above sect. 3.2). We transfer IP address to Maxmind Inc., seated in 14 Spring Street, 3rd Floor, Waltham, MA 02451 USA for the purpose of determining if this is a proxy address.
The processing is necessary to pursue our legitimate interest of fraud prevention (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We will retain the data until you ask us to delete your user account. After that the processing of the data will be restricted and no longer used for fraud prevention.
3.10. Payment processing
For the purpose of processing payments for products and services we process the personal data provided for website registration (see above sect. 3.2) and the account information provided by the customer, the products and services ordered and the amounts incurred. Unless the customer prepays the remuneration for the entire contract duration by bank transfer, the data is transferred to the respective payment processing provider selected by the customer, for example Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland.
The processing and transfer are necessary to perform the contract with the customer (Chapter II, Article 7 and 8, of DPDP Act, 2023).
We retain the account information for the lifetime of the customer account + 6 months. Then processing is restricted for this purpose and deleted after all mandatory retention periods have expired.
3.11. Customer and product support
To process all customer or product support inquiries that reach us by email or phone, we process the name, address, email address, telephone number and other personal data communicated in the e-mail as well as information on the content of the request.
The processing is necessary to handle the request or inquiry (Chapter II, Article 7 and 8, of DPDP Act, 2023).
Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the request. The data is deleted after all mandatory retention periods have expired.
4. Your data subject rights
4.1. You may at any time exercise your rights as a data subject by contacting us by mail or e-mail to our address mentioned in section 2.2. Please keep in mind that we do not answer any inquiries about personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty.
4.2. You have the following rights with respect to your personal data:
4.2.1. You may exercise your right of access the right to rectification, the right to erasure and the right to restriction of processing, i. e. blocking for certain purposes, at any time, if the respective statutory prerequisites are met.
4.2.2. Your right to data portability (DPDP) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format.
4.2.3. You have the right to object to processing (Chapter III, Article 12 of DPDP Act, 2023) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (Chapter II, Article 7 and 8, of DPDP Act, 2023), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests. You may object to processing by sending us an email to the address stated in sect. 2.2, and we may advise you of additional ways to object to processing for each specific processing activity in sect. 3.
4.2.4. You have the right to withdraw consent you have given us to process your personal data (Chapter III, Article 12 of DPDP Act, 2023). You may withdraw your consent at any time and without need to give any reason, either for all processing or limited to specific processing of your data that is based on your consent. Withdrawal of consent will be effective immediately and for any future processing. The lawfulness of processing before withdrawal of consent remains unaffected. You may withdraw consent by sending us an email to the address stated in sect. 2.2, and we may advise you of additional ways to withdraw consent for each specific processing activity in sect. 3.
4.3. You also have the right to contact the competent data protection supervisory authority for questions or complaints regarding the processing of your personal data. You may find information on how to contact the supervisory authority at https://www.paperfold.co/legal-contacts/ .
5. “Personally Identifiable Information”
refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, including, but not limited to, name, address, phone number, fax number, email address, financial profiles, social security number, and credit card information. Personally Identifiable Information does not include information that is collected anonymously (that is, without identification of the individual user) or demographic information not connected to an identified individual.
6. Google AdSense & DoubleClick Cookie
Google, as a third party vendor, uses cookies to serve ads on our Service.
7. Cookies
A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
8. Cookies Used on the Site
Cookies are used for a variety of reasons. We use Cookies to obtain information about the preferences of our Visitors and the services they select. We also use Cookies for security purposes to protect our Authorized Customers. For example, if an Authorized Customer is logged on and the site is unused for more than 10 minutes, we will automatically log the Authorized Customer off. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using https://paperfold.co , with the drawback that certain features of website may not function properly without the aid of cookies.
9. Cookies used by our service providers
Our service providers use cookies and those cookies may be stored on your computer when you visit our website. You can find more details about which cookies are used in our cookies info page.
10. Use of login information
Paperfold uses login information, including, but not limited to, IP addresses, ISPs, and browser types, browser version, pages visited, date and time of visit, to analyze trends, administer the Site, track a user’s movement and use, and gather broad demographic information.
11. Partners or service providers having access to Personally Identifiable Information from Visitors and/or Authorized Customers on the Site
Paperfold has entered into and will continue to enter into partnerships and other affiliations with a number of vendors. Such vendors may have access to certain Personally Identifiable Information on a need to know the basis for evaluating Authorized Customers for service eligibility. Our privacy policy does not cover and state their collection or use of this information.
12. Security of Personally Identifiable Information
All of our employees are familiar with our security policy and practices. The Personally Identifiable Information of our Visitors and Authorized Customers is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis. Sensitive information, such as credit card numbers or social security numbers, is protected by encryption protocols, in place to protect information sent over the Internet. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering, and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to Visitors or Authorized Customers for any such occurrences.
13. Deletion or deactivation of Personally Identifiable Information collected by the Site
We provide Visitors and Authorized Customers with a mechanism to delete/deactivate Personally Identifiable Information from the Site’s database by contacting. However, because of backups and records of deletions, it may be impossible to delete a Visitor’s entry without retaining some residual information. An individual who requests to have Personally Identifiable Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personally Identifiable Information relating to that individual in any way moving forward.
14. Children’s Privacy
Our Service does not address “Children”, anyone under the age of 18 years , and we do not knowingly collect personally identifiable information from children under 18 years. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please get in touch with us immediately in the contact details provided. If we come to know that children below 18 years have provided personal information, we will delete the information from our servers immediately.
15. Compliance With Laws
Disclosure of Personally Identifiable Information to comply with the law. We will disclose Personally Identifiable Information in order to comply with a court order or subpoena or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our Visitors and Authorized Customers.
16. Changes in Privacy Policy
We will let our Visitors and Authorized Customers know about changes to our privacy policy, through emails and/or by posting such changes on our Website. However, if we are changing our privacy policy in a manner that might cause disclosure of Personally Identifiable Information that a Visitor or Authorized Customer has previously requested not be disclosed, we will contact such Visitor or Authorized Customer to allow such Visitor or Authorized Customer to prevent such disclosure.
17. Links
Our Website and web platforms, contains links to other websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.
18. Contact Us
If you have any questions about this Privacy Policy, please contact us at legaldesk@paperfold.co