Data Processing

These Data Processing Terms form part of the Terms of Service or other agreement between and its affiliated companies and Merchants regarding our services. These Terms are binding between and Merchants and constitute a data processing agreement. If you do not agree to these Terms, do not use the Site and the Service.

1. Definitions

1.1. The agreement means an agreement entered into by and the Merchant regarding the use of Service.

1.2. Data means the personal data of the recipients of the Merchant’s products, including the Merchant’s customers, as well as personal data of the Merchant’s representatives, which via the use of Site and Service are provided to by the Merchant.

1.3. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.4. Merchant means any person, be it a legal entity or natural person, that uses Service to execute orders or deliver its products to recipients, including the Merchant’s customers.

1.5. Service means online store, promotion services offered by to Merchants.

1.6. The terms “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Supervisory Authority” used in these Terms have the meanings given in the GDPR.

2. The subject of the Terms

2.1. These Terms govern the agreement between and the Merchant in respect of the processing of Data transferred to by the Merchant.

2.2. The Merchant acquires Data and via the use of Site. The Merchant is a Controller of this Data and as the Processor only processes this Data on behalf of the Merchant.

2.3. The Merchant hereby instructs to process the Data as prescribed by these Terms, including the transfer of such Data to any country as may be reasonably necessary for the provision of the Service or otherwise for the compliance with the Agreement or applicable law.

3. Details of Processing

3.1. Categories., on behalf of the Merchant, processes the Personal Data of the Merchant’s customers and the Merchant’s representatives that are registered under the Merchant’s account.

3.2. Types. processes the following information received from Merchants that might contain Personal Data: name, email address, phone number, shipping information.

3.3. Nature and purpose. processes Data in accordance with these Terms in order to provide the Merchant the Service and otherwise ensure fulfillment of the obligations set out in the Agreement between the Merchant and if such fulfillment involves the processing of Personal Data. only has access to the information that has been provided by the Merchant.

3.4. Duration. Data will be processed for the duration of the Agreement.

4. Rights and obligations

4.1. shall ensure that Data processing under these Terms is carried out in accordance with all applicable laws and regulations in respect of data protection, including the GDPR.

4.2. The Merchant is responsible for the legality of processing the Data. The Merchant confirms that the Data transferred to has been obtained by the Merchant on the lawful basis as prescribed by the GDPR and other applicable laws and regulations in respect of data protection and that the Merchant is entitled to provide the Data to

4.3. The Merchant shall not submit to any Personal Data that is not necessary for the use of the Service, and any Personal Data if the Merchant has no lawful basis and/or no valid purpose for processing such Personal Data.

4.4. The Merchant confirms that these Terms contain sufficient instructions to regarding the processing of Data, as well as the scope and purposes.

4.5. If reasonably necessary, the Merchant may provide with additional instructions regarding the processing of Data other than those prescribed by these Terms. Such additional instructions must be reasonably enforceable, properly documented and in compliance with applicable laws and regulations regarding data protection, and must also be accepted by

4.6. shall not be liable for any claims or complaints from Data Subjects regarding any action taken by as a result of acting in accordance with instructions received from the Merchant.

4.7. The Merchant shall be responsible for the accuracy of Data and keeping it up to date and shall inform in case of any changes in the provided Data.

4.8. shall process the Data on behalf of the Merchant and shall always follow the Merchant’s instructions prescribed by these Terms, the Agreement or otherwise provided to Printful in accordance with these Terms.

4.9. confirms that the processing is performed in compliance with the requirements prescribed by the GDPR and other applicable laws and regulations in respect of data protection, has implemented appropriate technical and organizational measures and while processing the Data ensures the protection of the Data Subjects’ rights.

5. Sub-Processors

5.1. For to be able to meet its obligations prescribed by the Agreement and to administer and provide the Service, the Merchant hereby authorizes to engage sub-processors and transfer the Data to such sub-processors.

5.2. When processing the Data on behalf of the Merchant, uses sub-processors that provide us with different services such as hosting and server co-location services, postal and courier delivery services, and our financial and legal advisors, among others.

5.3. hereby confirms that it uses only such sub-processors that are able to guarantee that they have implemented appropriate technical and organizational measures in accordance with the GDPR and other applicable laws and regulations regarding data protection.

5.4. hereby confirms that our sub-processors are contractually or otherwise in a binding form required to comply with the same data processing obligations as prescribed by these Terms.

5.5. may transfer the Data to sub-processors that are located outside the European Economic Area (“EEA“). confirms that the Data are transferred only to such sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring an adequate level of protection, or otherwise is able to provide appropriate safeguards and always provided that enforceable rights and effective legal remedies are available for Data Subjects.

6. Assistance

6.1. Considering the nature of the processing, will assist the Merchant with the provision of technical or organizational measures, insofar as possible, for the fulfillment of the Merchant’s obligations as the Controller in relation to:

  1. Any requests from the Data Subjects in respect of access to, or the rectification, erasure, restriction, portability, blocking or deletion of their Personal Data that processes on behalf of the Merchant. In the event that a Data Subject sends such a request directly to, will promptly forward such request to the Merchant; and

  2. The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such Personal Data breaches; and

  3. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.

7. Data Security

7.1. By taking into account the state of the art, costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the respective risk.

7.2. monitors and ensures that all of authorized personnel involved in the Processing of Data provided to us have committed themselves to confidentiality obligations.

7.3. confirms that rights of access to its authorized personnel are always provided only to the minimum extent necessary for fulfillment of the obligations arising from the Agreement.

8. Audit

8.1. Upon the Merchant’s written request, shall provide sufficient information to demonstrate compliance with obligations laid down in these Terms and applicable laws and regulations. This information shall be provided to the extent that such information is within control and is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

8.2. If the information provided upon the Merchant’s request in the Merchant’s reasonable judgment is not sufficient to confirm compliance with these Terms, then agrees to allow for and contribute to data processing audits.

8.3. Such audits are allowed to be carried out by an independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Merchant and

8.4. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided only at the expense of the Merchant, and we reserve the right to charge the Merchant for any additional work or other costs incurred by us in connection with the Merchant using such rights. The Merchant has rights to request the audit once every 2 years.

8.5. The auditor will have to sign a confidentiality agreement, which includes an obligation not to disclose business information in its audit report, and the final report will also have to be provided to

9. Deletion of Data

9.1. Unless otherwise required by applicable law, has no obligation to store the Merchant’s Data after termination of the contractual relationship with and deletion of the Merchant’s account.

9.2. At the choice of the Merchant, will delete or return all the Data to the Merchant after the end of the contractual relationship relating to the processing of Data and shall delete existing copies, unless applicable law requires the Merchant to store such Data.

10. Modifications reserves the right, at its discretion, to modify these Terms at any time. The Merchant shall be responsible for reviewing and becoming familiar with any such modifications. Use of the Service by the Merchant following such notification constitutes the Merchant’s acceptance of the changes in these Terms.