We do not knowingly collect, maintain, disclose, or sell the personal information about users under the age of sixteen (16). If you are under the age of 16, please do not use our Services. If you are under the age of 16 and have used our Services, please contact us at the email address below so that we may delete your personal information.
If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of the General Data Protection Regulation (“GDPR”), we are the data controller.
If you use our Services to execute orders and deliver products to third parties, you are to be considered as the “Merchant” and with regard to your contact details and the other data listed in Section 1 below, we are the data controller. Where we act on a Merchant’s behalf to fulfil an order with regard to the Merchant’s customer, we are a data processor: please see our Data Processing Terms.
1. Information we collect
1.1. Information collected about Users and Merchants and how we use it
Where you are a User and it is necessary for us to fulfil our contract with you or where it is in our legitimate interests to provide our Services, we will conﬁrm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you. For the aforementioned purposes, we collect information that may contain the following personal data:
- Company name;
- Shipping information;
- Email address and phone number;
- Payment and billing information (payment method details, first and last digits of your payment card);
- Order handling information
If you have given your consent when registering your account, when subscribing to our newsletter or blog, or shared your email address or other personal data with us to receive any other information (for example, our list of sub-processors), we will process your email address to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested. At any point in time you can unsubscribe from receiving the above-mentioned information in our email footers and through your notiﬁcation settings on Printful. For Merchants, we will not use the contact details of your customers to directly market or advertise our Services to them.
When you call our customer support phone line, we may monitor or record the call to ensure the quality of our customer support. If you have a Printful account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it, if it will be needed to resolve disputes between you and us.
As it is in our legitimate interests to ensure our network security, give you access to and to improve our Services, we also collect the following technical usage data:
- How and when you access your account;
- Information about the device and browser you use;
- IP address and device data.
1.2. Information collected about our Merchant’s Customers
Where we act on a Merchant’s behalf to fulfil an order with regard to the Merchant’s customer (i.e. an end user of our Services), we are a data processor and we collect information relating to the Merchant’s customer, such as personal data relating to the end user of our Services, any personal data in the printing content (where applicable), personal data revealed during the use of any Printful services, including name, email address, phone number, shipping address, and other information about the Merchant's customers.
2. Sharing personal data with third parties
In order for Printful to provide you with our Services, we work with third parties (“Third Party Service Providers”) with whom we share personal data to support these Services.
Information you have provided to us during the use of our Services, including technical usage data, is shared with third parties who provide hosting and server co-location services as well as data and cyber security services.
Your email address and other contact details you have provided to us and your messages to our customer service is shared with communication, email distribution, and content delivery services as well as customer support system providers.
Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and ﬁnancial advisors.
Information regarding your use of our website and other information received from cookies and similar technology is shared with web analytics, session recording, and online marketing services.
Information on your account, purchases and preferences can be shared with marketing services.
Insofar as reasonably necessary to defend our legal rights, we may share your personal data with our legal advisors.
We will only share personal data to Third Party Service Providers that have undertaken to comply with obligations set out in applicable data protection laws.
In certain circumstances, we are required to share information with third parties to comply with legal requirements or requests, as well as to protect our, or a third party’s, lawful interests. We will also disclose your information to third parties in and outside your country only to the extent allowed by applicable law, including:
- to a prospective purchaser or purchaser that acquires all or substantially all of us or our business;
- to a third party in the event that we sell or buy any business or undergo a merger, in which case we may disclose your information to the prospective buyer of such business; and
- to a third party if we sell, buy, merge or partner with other companies or businesses, undergo a reorganisation, bankruptcy, or liquidation; or otherwise undertake a business transaction or sell some or all of our assets. In such transactions, your information may be among the transferred assets.
3. Retention periods
We may retain your personal data for as long as you have a Printful account or any of the abovementioned legal basis for personal data processing still exists. For example, if you unsubscribe to our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes. If you have used our Services without creating a Printful account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of services, for example, for tax purposes.
After terminating your relationship with us by deleting your Printful account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers' personal data) as necessary to comply with our legal obligations, to resolve disputes between you and us (or you and your customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests.
4. Data subject's rights
If you are a User or Merchant located in the European Economic Area or the United Kingdom, in accordance with European Union and United Kingdom data protection regulations, you have certain rights with respect to your personal data. You have the right to request access to your personal data; in certain circumstances to correct, amend, delete, or restrict the use of your personal data by logging into your Printful account or by reaching us using the contact information provided below. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we are not required to process your data to meet a contractual or other legal requirement). These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to retain or have compelling legitimate interests in retaining.
Furthermore, if you believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.
5. Information security
We seek to use reasonable organizational, technical, and administrative measures to protect the conﬁdentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Printful account, limit access to your computer and browser by signing out after you have ﬁnished your session, and avoid providing us with any sensitive information.
6. International transfers of data
7. California privacy rights
If you are a resident of the State of California and you have provided your personal information to us, you have certain rights under the California Consumer Privacy Act of 2018 (“CCPA”). You have the right to request that we disclose what personal information we collect, use, disclose, and sell. Contact us to exercise your right to know. You have the right to request deletion of your personal information we collect and maintain. You can exercise this right by deleting your account in your account Settings. In case you delete your account we will only retain information regarding your purchases and payments to comply with our legal obligations. We will verify requests to exercise your California Privacy Rights requiring you to log into your Printful account. You have the right not to be discriminated against by us for exercising any of your rights under the CCPA.
We disclose your personal information to third parties for the commercial purpose of providing you interest-based advertising. You have the right to opt out of the sale of your personal information by declining our cookies or by deleting all cookies stored in your browser and setting up your browser to block cookies being saved.
To request or delete data, log in to your Printful account, or complete this form if not registered with Printful.
8. Privacy Shield Notice
Printful, Inc. is located in the United States, so your information may be processed in the United States. As our affiliates are also located in the EU, we are also bound by GDPR.
Printful participates in and has certified with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (hereinafter - Privacy Shield) regarding the collection, use, retention and other processing activities of your personal data that is transferred from the EU, UK or Switzerland to the United States.
You can find out more about the Privacy Shield principles and verify our registration information here by searching for “Printful”.
In accordance with the Privacy Shield, Printful is responsible for (a) processing your Personal data originating in EU, UK or Switzerland in accordance with the principles of Privacy Shield and (b) any onward transfers to third party acting as an agent on our behalf. We ascertain that any such agent will process your information only for a limited and specified purpose, in a manner consistent with the Privacy Shield and provide at least the same level of privacy protection as required by the Privacy Shield. If such agents, which we have engaged to process your personal data on our behalf, fail to do so, we remain liable in accordance with the Privacy Shield, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to the Privacy Shield, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield, Printful commits to resolve complaints about our collection or use of your personal information. EU, UK and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Printful at firstname.lastname@example.org.
Printful has further committed to refer unresolved Privacy Shield complaints to American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit American Arbitration Association for more information or to file a complaint. The services of American Arbitration Association are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
10. Contact information
The version of this Policy is effective March 6, 2020.