Last updated on February 15, 2024
Printful, Inc. (“we”, “our”, “us”, or “Printful”) respects the privacy of its users and is fully committed to protect their personal data and use it in accordance with data privacy laws. This Privacy Policy describes how we collect, use, and process any personal data that we collect from you—or you provide to us—in connection with your use of our website (www.printful.com) or our mobile apps and our print-on-demand services (collectively, “Services”). By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy.
If you are a resident of the United Kingdom or the European Economic Area, please see Additional Disclosure for European Residents below.
If you are a California resident, please see Additional Disclosures for California Residents below.
If you are a resident of Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, or any other state that enacts a materially similar privacy law to the states referenced, please see Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents below.
We do not knowingly collect, maintain, disclose, or sell personal information about users under the age of eighteen (18). If you are under the age of 18, please do not use our Services. If you are under the age of 18 and have used our Services, please contact us at the email address below so that we may delete your personal information.
1. Background
Printful provides Services both to its business customers, as well as directly to end users.
If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of Data Protection Laws, and we are the data “controller” or covered “business” as such terms are defined in the applicable Data Protection Law.
If you use our Services to execute orders and deliver products to third parties, you are considered a “Merchant”. When processing contact details, payment information and other information listed in Section 1 below directly related to the Merchant, we are the data controller or covered business. Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer, we are a “data processor” or “service provider” as such terms are defined in the applicable Data Protection Law. Where we act as a data processor we process information in accordance with our Data Processing Terms on behalf of our customers.
The term “Data Protection Law(s)” shall include any applicable data privacy or security law, including but not limited to the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019), the California Consumer Protection Act, the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, and all applicable amendments and regulations related to the foregoing.
2. Information Collected About Users and Merchants and How We Use It
The types of personal information we obtain and process about you depends on how you interact with us and our Services. This section provides the categories of information we may collect about you, and such categories are used in accordance with the disclosures in How We Use Your Data below.
-
Identifiers. Such information includes your name, postal address, shipping address, email address, and telephone number.
-
Payment Information. Such information includes information relating to billing and payment details (including first and last digits of your payment card).
-
Commercial Information. Such information includes information about Services you have purchased or considered, and your preferences.
-
Device and Unique Identifiers. Such information includes internet or other electronic network activity information, such as IP addresses, the device and browser you use, referring pages, time stamps, and cookies.
-
Geolocation Data. Such information includes non-precise location information that permits us to determine your location based on information provided in your IP address.
-
Audio Information. Such information includes recorded phone calls that we or our representatives participate in as allowed under applicable law.
-
Government Issued Identification. Such information includes images and data, which may appear on government-issued identity documents or identification cards.
-
Content. Information such as your communications with us and any other content you provide, such as social media profiles, images, videos, survey responses, comments, reviews, and testimonials.
3. How We Collect Your Data
We may collect data in a variety of manners as disclosed in this section.
-
Directly from You. We collect personal information you provide, such as when you make a purchase; register for an account or create a profile; contact us; respond to a survey; participate in a sweepstakes, contest, or other similar campaign or promotion; apply for a job; sign up to receive emails or newsletters, or otherwise engage in direct communication with us.
-
Using Online Tracking Technologies and Other Automatic Data Collection Technologies. When you visit our websites, use our Services, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as cookies. For more information, please see our cookies policy by clicking here.
-
From Merchants. We obtain information directly from Merchants that we may be providing services on behalf of.
-
From Social Media Platforms and Networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, LinkedIn, and Pinterest) in connection with our websites, we collect information that you disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
-
From Other Sources. We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.
4. How We Use Your Data
This section explains how we use your data and identifies the categories of information we collect and process in connection therewith.
-
Providing our Services. Where you are a User of our Services, we will use data collected as is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you.
For the aforementioned purposes, we collect and process Identifiers, Payment information, and Commercial information.
-
Legal Obligations. We may request some of the personal data indicated above to comply with applicable laws and in furtherance of our legal obligations and legitimate interest in ensuring that users and end customers are not the target of trade, financial, and economic sanctions, and do not appear on a sanctions-related list, including lists maintained by the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the U.S. Department of Commerce, the European Union, or Her Majesty’s Treasury of the United Kingdom. In addition, we may use such information to establish and exercise our rights, and to defend against legal claims.
-
Consent. There are instances where we collect specific information for a specific purpose based on your consent. This includes when you have given your consent when registering your account, when subscribing to our newsletter or blog, or shared your email address or other personal data with us to receive any other information (for example, our list of sub-processors).
In such instances, we will process identifiers such as your email address as necessary to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested.
For Merchants, we will not use the contact details of your customers to directly market or advertise our Services to them.
For information about how to unsubscribe to any emails, newsletters or other communications, please see Your Choices in Connection With Our Services below.
-
Conduct Analytics and Personalization. We use your information to conduct research and analytics, including to improve our Services. We also use your information to understand your interaction with our advertisements, Services, and our communications with you. We also use your information to personalize your experience, to save you time when you visit our websites and use our Services, to better understand your needs, and to provide personalized recommendations for our Services.
We obtain the location information you provide in your profile or your IP address. We use and store information about your location to provide features and to improve and customise the Services, for example, for Printful’s internal analytics and performance monitoring; localisation, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.
By using cookies and similar technology on our website, we may collect data such as information on your device, your preferences and information filled in while visiting our website, your interaction with the website, and other information used for analytical, marketing, and targeting activities (including unique visits, returning visits, length of the session, actions carried out in the webpage). Learn more about how we use cookies on with our Services by clicking here.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
-
Communications with you. We use your information to engage in communications with you, such as to respond to your requests, inquiries, issues, and feedback, to engage in meetings with Merchants, and to provide customer service.
When you call our customer support phone line, we may monitor or record the call to ensure the quality of our customer support. If you have a Printful account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it, if it will be needed to resolve disputes between you and us.
When you interact with our customer support through email or chat features which may be offered via third-party software, we may monitor or record the conversation to ensure the quality of our customer support. If you have a store account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it if it is needed to protect our legal interests or resolve disputes between you and us.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, and Content.
-
Security and Fraud Prevention. As it is in our legitimate interests to ensure our network security, we use your information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We also use your information to enforce our terms and procedures, prevent against security incidents, and prevent the harm to other users of our Services.
-
Improving the Services, Websites or Developing Other Products. We process certain information about the use of our Services and website to better understand how it is accessed, to improve our Services, and to develop new products and services. Such processing requires the collection of technical information, including information about how and when you access your account, the device and browser you use and the IP address and device data.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.
-
Marketing and Advertising. We use your information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email. We also use your information to show you advertisements for Services and to administer our sweepstakes and other contests.
For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, Commercial Information, and Geolocation Data.
5. Information Collected About Our Merchant’s Customers
In the course of providing products and services on our Merchant’s behalf, we collect and process certain information about individuals at the direction of such Merchants (“Customer Data”). Customer Data has historically included information such as personal data relating to the end user of our Services, any personal data in the printing content (where applicable), personal data revealed during the use of any Printful services, including name, email address, phone number, shipping address, and other information about the Merchant’s customers.
If you are a customer of the Merchant (an end user of our Services), the Merchant is the data controller with regard to your personal data contained in Customer Data and should provide you the information on how your personal data is collected and processed when using our Services. Please read the Merchant’s privacy policy for further information. The Merchant is your contact for any questions you have about how it handles your personal data.
6. Sharing Personal Data With Third Parties
The following details the types of third parties whom we share information with in connection with your use of the Services:
Service Providers. In order for Printful to provide you with our Services, we work with third parties who perform services on our behalf and with whom we share personal data to support our Services (“Service Providers”). Service Providers include:
-
Hosting and Online Services. Information you have provided to us during the use of our Services, including technical usage data, is shared for business purposes in our legitimate interests with third parties who provide hosting and server co-location services as well as data and cyber security services.
-
Manufacturing Services. Information you have provided to us during the use of our Services may be shared with third-party manufacturing services whom we engage to provide our Services to you.
-
Email Service Providers. Your email address and other contact details you have provided to us and your messages to our customer service is shared for business purposes in our legitimate interests with communication, email distribution, and content delivery services as well as customer support system providers.
-
Payment Processors. Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and financial advisors, advisors, so that we can provide our Services to you.
-
Analytic and Digital Marketing Providers. Information regarding your use of our Services and other information received from cookies and similar technology is shared with web analytics, session recording, and online marketing services.
If we provide marketing to you, information on your account, purchases and preferences can be shared with marketing services.
Legal Advisors, Legal Process, and Protection. Insofar as reasonably necessary, we may be required to share information with third parties to (1) comply with legal requirements or requests, including any subpoenas, claims, disputes or litigation, (2) protect our, or a third party’s, lawful interests, (3) enforce or apply our agreements; and (4) protect property or safety of us or others.
We will only share personal data to Service Providers that have undertaken to comply with obligations set out in applicable data protection laws.
Affiliates. We may share your personal data with our affiliates (companies within our corporate family), in our legitimate interests for business purposes.
Business Customers (i.e., Merchants). Where we provide Services on behalf of Merchants, we will provide certain information related to your orders and purchases.
In a Business Transfer. We may disclose or share your information as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.
Facilitating Requests. We share information at your request or direction, such as when you choose to share information with a social network about your activities using the Services.
Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see Your Choices In Connection With Our Services below.
If you are a resident of a jurisdiction that grants additional legal rights, please see the applicable disclosure, including the following:
7. Retention Periods
We may retain your personal data for as long as you have a Printful account or any of the abovementioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes.
If you have used our Services without creating a Printful account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of services, for example, for tax purposes.
After terminating your relationship with us by deleting your Printful account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers’ personal data) as necessary to comply with our contractual obligations with Merchants and legal obligations, as well as to resolve disputes between you and us (or Merchants and applicable customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).
We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws.
8. Information Security
We seek to use reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Printful account, limit access to your computer and browser by signing out after you have finished your session, and avoid providing us with any sensitive information.
9. Your Choices In Connection With Our Services
A. Account.
You may access, update, or remove certain information that you have provided to us through your account (log in here) or by sending an email to the email address set out in Contact Information below. We may require additional information from you to allow us to confirm your identity.
Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
B. Communications.
-
Emails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us at the email address set out in Contact Information below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Printful’s ongoing business relations.
C. Cookies and Tracking Technologies.
-
Cookies. See our Cookie Policy here for information about how to control cookies.
-
Do Not Track. Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to browser “do not track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
D. Analytics.
We use Google Analytics to conduct analytics of our Service. We provide you with the ability to exercise certain controls and choices about how we collect, use, share, and store your information. Google also provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Please note that your opt-out will only apply to the specific browser or device from which you opt-out.
E. Legal Privacy Rights.
You may have additional legal privacy rights under certain applicable laws, including but not limited to the California Consumer Privacy Act and other similar laws that may come into effect. For more information about your rights under these respective laws, please see the following sections where applicable:
For more information about how to exercise applicable legal rights, please see the section titled How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
10. Additional Disclosure for European Residents
If you are a User or data subject related to a Merchant located in the European Economic Area or the United Kingdom, you have certain rights with respect to your personal data in accordance with Data Protection Laws in the European Union and United Kingdom (collectively the “GDPR”).
A. Roles
GDPR distinguishes between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). As described in the Section entitled “Background” above, we may either be a controller or a processor depending on the circumstances.
Printful as a Controller: We are the data “controller” when we process information directly from Users to provide our Services such User that purchased the respective Services.
Printful as a Processor: We are a processor where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer. Where we act as a processor we process information in accordance with our Data Processing Terms on behalf of our customers.
B. Lawful Basis
The GDPR requires a “lawful basis” for processing personal data. Our lawful bases include where: (i) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or customers; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; or (iv) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, provided that your interests and fundamental rights and freedoms do not override our interests.
C. Data Transfers
All the information you provide may be transferred or accessed by our parent company in the United States and our affiliate companies and subsidiaries in other countries, such as Latvia, Poland, Spain, and the UK and our Service Providers (as described above) for the provision of our Services as described in this Privacy Policy. When we transfer your information globally, we take necessary measures to ensure appropriate protection of your information, including, as applicable, entering into the European Commission’s Model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses) and any equivalent clauses issued by the relevant competent authority of the UK.
D. Your Data Subject Rights
If you are a data subject according to the GDPR, subject to certain conditions you have the right to:
-
access, rectify, or erase any personal data we process about you;
-
data portability, meaning the ability to receive your personal data in a structured, commonly used machine-readable format and ability to transfer such data another third party of your choice;
-
restrict or object to our processing of personal data we process about you; and
-
where applicable, withdraw your consent at any time for any data processing.
For more information about how to exercise applicable legal rights, please see the section titled How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
GDPR Complaints
If you have a complaint about our use of your personal data or response to your requests regarding your personal data, please see the section entitled “Complaints” below.
In addition to the contact information in the Section “Contact Information” below, please contact our:
European Representative
Data Protection Officer
11. Additional Disclosures for California Residents
All terms and phrases used under this section have the same meaning as those phrases are defined under the California Consumer Privacy Act and its implementing regulations, as amended (collectively, the “CCPA”).
Under the CCPA, California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.
We are both a “business” and a “service provider” under the CCPA, depending on how you interact with us. This section applies only to personal information we collect in our role as a business. Where we act on a Merchant’s behalf to fulfil an order with regard to the Merchant’s customer, we are a Service Provider under the CCPA. Please read the Merchant’s privacy policy for further information on how to exercise your rights under the CCPA. The Merchant is your contact for any questions you have about how it handles your Personal Information.
A. Notice at Collection
To learn more about the categories of personal information we collect about California residents, please see Information Collected About Users and Merchants above.
For more information about how we use those categories of personal information, please see How We Use Your Data above.
For more information about how we collect categories of personal information, please see How We Collect Your Data above and our cookies policy found here.
To learn more about how we disclose categories of personal information, and the categories of third parties with whom we disclose such information, please see Categories of Personal Information Disclosed and Categories of Recipients below.
To learn more about how long we keep your information, please see Retention Periods above.
B. Categories of Personal Information Disclosed and Categories of Recipients
The following disclosure describes the categories of information that we disclose to the categories of recipients of such disclosure. For more information about the third parties we disclose information to, please see Sharing Personal Data With Third Parties above.
-
Service Providers. The type of data we share depends on the type of service provider. The below summary details the types of service providers and related information shared:
-
Hosting and Online Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
-
Manufacturing Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
-
Email Service Providers. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.
-
Payment Processors. We may disclose Identifiers, Device And Unique Identifiers, and Payment Information.
-
Analytic and Digital Marketing Providers. We may disclose Device And Unique Identifiers and Geolocation Data.
-
-
Legal Advisors, Legal Process, and Protection. Any collected information identified in Information Collected About Users and Merchants that is reasonably required to be disclosed and does not violate any legal or contractual obligation may be disclosed in accordance with such request and/or requirement.
-
Affiliates. We may disclose any of the information identified in Information Collected About Users and Merchants with our Affiliates so where it necessary for the legitimate interest including appropriate business purposes of Printful and its Affiliates in accordance with Data Protection Laws.
-
Business Customers (i.e., Merchants). We may disclose Identifiers and Commercial Information.
-
In a Business Transfer. We may disclose any of the information identified in Information Collected About Users and Merchants in connection with a business transfer where it necessary for the legitimate interest including appropriate business purposes of Printful and its Affiliates.
-
Facilitating Requests. We may disclose or make appropriate information identified in Information Collected About Users and Merchants to facilitate your requests reasonably in accordance with the CCPA. With respect to social networking requests, categories of information shared are Identifiers, Device And Unique Identifiers, Geolocation Data, and any applicable Content associated with the request.
C. Your Legal Rights Under the CCPA
If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
-
Right to Know Request. Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:
1. the categories of personal information about you that we collected;
2. the categories of sources from which the personal information was collected;
3. the purpose for collecting personal information about you;
4. the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
5. the specific pieces of personal information we collected about you.
You may make a verifiable consumer request to know your personal information twice per twelve (12) month period.
-
Right to Access. You have a right to access the personal information that we collected from you in accordance with the applicable law.
-
Right to Delete Request. Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.
-
Right To Correct. Under the CCPA, you have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
-
Right to Opt-Out of the Sale or Sharing of Personal Information. You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. Making Personal Information (such as online identifiers or browsing activity) available to these companies is considered a “sale” under the CCPA.
You may also opt-out by using an opt-out preference signal, such as the Global Privacy Control (GPC) on your browser.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
D. Notice of Disclosure for a Business Purpose
To learn more about the categories of personal information we have disclosed for a business purpose, and the categories of third parties with whom we’ve disclosed such information, please see How Do We Disclose Your Information? above.
E. Notice of Use of Sensitive Personal Information
We do not use California resident sensitive personal information for any purpose other than is permissible under the CCPA. Specifically, we do not use sensitive personal information of California residents to derive characteristics about California residents.
F. Notice of Financial Incentives
We offer our User and Merchants certain discount opportunities that may be considered a “financial incentive” or “bona fide loyalty program” under applicable Data Protection Laws (the “Program”). Such a Program may include discounts or coupons provided when you sign up to receive such discounts or coupons, which typically requires you to provide your name and contact information (such as email address), or participation in a survey. We consider the value of your personal information to be related to the value of the discounted products or services, or other benefits that you obtain or that are provided in connection with the Program, less the expense we incur offering such opportunity.
You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Please review any applicable terms and conditions provided in connection with such Program.
12. Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents
Under the state laws including the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act, and other similar laws that may be enacted in the future (each a “Heightened U.S. Privacy Law”) applicable residents are afforded certain rights regarding the data we have collected about them. This notice describes how we collect, use, and share your Personal Data in our capacity as a “Controller” under such respective Heightened U.S. Privacy Law, and the rights that you have with respect to your Personal Data, including sensitive personal data. For purposes of this section, “Personal Data” and “sensitive data” have the meanings given in the respective Heightened U.S. Privacy Law and do not include information excluded from such respective Heightened U.S. Privacy Law’s s respective Heightened U.S. Privacy Law general, personal data is information reasonably linkable to an identifiable person.
A. Notice of Collection
To learn more about the categories of personal information we collect about you and how we use it, please see Information Collected About Users and Merchants and How We Use Your Data above. To learn more about the categories of third parties with whom we may share your personal information, please see How We Sharing Personal Data With Third Parties above.
In addition, we may collect and/or use additional types of information after providing notice to you and obtaining your consent to the extent such notice and consent is required by Heightened U.S. Privacy Laws.
B. Your Rights Under Heightened U.S. Privacy Laws
If you are a resident of a state with a Heightened U.S. Data Privacy Law, the processing of certain personal information about you may be subject to the respective Heightened U.S. Data Privacy Law. Where the Heightened U.S. Data Privacy Law applies, this section provides additional privacy disclosures and informs you of key additional rights as a resident of such state. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the Heightened U.S. Data Privacy Law.
-
Right to Access Information/Correct Inaccurate Personal Data. You have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it, and the third parties and service providers with whom we share it. Additionally, you have the right to correct inaccurate or incomplete Personal Data. You may submit such a request as described below.
-
Right to Deletion of Personal Data. You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request as described below. We may have a reason under the law why we do not have to comply with your request, or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.
-
Right To Correct. You have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.
-
Right to Opt-Out of Sale of Personal Data to Third Parties. You have the right to opt out of any sale of your Personal Data by Printful to third parties. We do not sell Personal Data to third parties for their own direct marketing purposes.
-
Right to Portability. You have the right to request a copy of the Personal Data that you previously provided to us as a Controller in a portable format. Our collection, use, disclosure, and sale of Personal Data are described in our Privacy Policy.
-
Right to Opt-In to Processing of Sensitive Data. Before we collect and process sensitive personal information, we will obtain your opt-in consent as required under applicable law.
-
Right to Opt-Out of Targeted Advertising. You have the right to opt-out of Targeted Advertising based on your Personal Data obtained from your activities over time and across websites or applications.
-
Right to Opt-Out of Profiling. You have the right to opt-out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.
-
Right to Appeal. If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by sending an email to privacy@printful.com that you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.
These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.
13. How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws
If you are an applicable resident to whom the Data Protection Laws apply to, you may contact us to exercise your rights in accordance with the below procedures:
A. Verification Requirements
For certain requests, we may require specific information from you to help us verify your identity and process your request. Depending on your request, we will ask for information such as your name, address, phone number and account number (to the extent available) used in connection with your account or applicable purchases, and may ask for government-issued ID, or date of birth. If we are unable to verify your identity, we may deny your requests to know or delete.
B. Requests to Know, Access and Delete Information
If the Data Protection Laws apply to you, you may exercise your right to know, access or delete information through any of the following means:
-
Account Settings: As provided in the Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Printful account.
-
Email Us: You may make a request by emailing us at privacy@printful.com
C. Correction Requests
You can correct information related to your account through the following means:
-
Account Settings: As provided in Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Printful account.
-
Email Us: You may make a request by emailing us at privacy@printful.com
D. Right to Opt-Out of Sale, Profiling, and Context-Based Behavioral Advertising
The use of certain third-party providers and their cookies or other tracking technologies for such third parties’ commercial use or profiling or cross-context behavioral advertising must be capable of opt-out. However, as stated in this Privacy Policy, we do not sell or share your information to third parties for these purposes, and therefore, we do not offer any opt-out right.
If you believe that we are forwarding personal information to a third party and it is using it in a manner that exceeds such third party’s processing on our behalf as a service provider or processor (as those terms are understood under applicable law), please contact us at privacy@printful.com so that we may look into the matter further.
E. Right to Portability
If you wish to receive your personal data in a machine-readable format, please contact us at privacy@printful.com. We may provide you instructions on how to access your own information and download it yourself, or otherwise will work with you to provide you your personal data in accordance with applicable Data Protection Law.
If applicable Data Protection Law does not provide you with the right of portability, we may deny your request.
F. Authorized Agents
Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access or delete your personal information. Use of an authorized agent must comply with the CCPA and Heightened U.S. Privacy Law as applicable, including that you must provide the authorized agent written and signed permission to submit such request. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will still have to verify your identity directly with us in accordance with the applicable law.
G. Responding to Requests as a Controller or Covered Business
Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly within the timer period allowed under the applicable law. We aim to fulfill all verified requests within 45 days pursuant to the to the CCPA and most Heightened U.S. Privacy Laws, unless required to respond sooner. For example, if you live in Europe, we aim to respond within 30 days as required by law. If necessary, extensions as allowed under applicable law (generally for an additional 45 days) may be required and will be accompanied by an explanation for the delay.
Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by applicable law.
H. Responding to Requests as a Processor or Service Provider
If your personal data has been processed by us on behalf of a Merchant and you wish to exercise any rights you have with such personal data, please inquire with such Merchant directly. If you wish to make your request directly to us, please provide the name of Merchant on whose behalf we processed your personal data. We will refer your request to that Merchant, and will support them to the extent required by applicable Data Protection Law in responding to your request.
14. Links to Third-Party Sites
Our Services may contain links to other websites or services. Please note that these links are provided for your own convenience and information, and the websites and services may operate independently from us and have their own privacy policy notices, which we strongly suggest you review.
15. Privacy Policy Changes
Any changes we make to this Privacy Policy in the future will be posted on this page. Therefore, we encourage you to check this page frequently from time to time.
16. Complaints
If you are a User that has directly purchased our Services from us and believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.
If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.
17. Contact Information
If you have any questions about your personal data or this Privacy Policy, please contact us by email at privacy@printful.com, or by using the contact details below:
Users outside of the European Economic Area:
Printful Inc.
Attn: Data Protection Officer
Address: 11025 Westlake Dr
Charlotte, NC 28273
United States
Users of the European Economic Area:
AS “Printful Latvia”
Attn: Data Protection Officer
Address: Raina Bulvaris 25
Riga, LV-1050
Latvia