Privacy Policy.

This Privacy Policy provides insights into how Printo utilizes your personal data when you visit our website, engage with us, or acquire our products and services. It also clarifies your privacy rights and the legal safeguards in place. We urge you to carefully review this Privacy Policy, along with any other privacy policies we may present, to ensure full comprehension of how and why we employ your data.

As of the last update on September 10, 2021, historic versions can be acquired upon request. Should you have any questions or wish to exercise your privacy rights, please follow the instructions provided in this Privacy Policy under “How to Contact Printo About Privacy.”

Our website offers print goods and services designed primarily for business users, ranging from startups and independent designers to larger organizations. Please note that this website is not intended for children, and we do not knowingly collect data pertaining to children.

RPI serves as the data controller for this website and is responsible for the management of personal data carried out by or on behalf of Printo. RPI and Printo collaborate closely to deliver exceptional print goods and services to customers worldwide. At times, they may jointly act as data controllers.

Whenever we mention “Printo,” “we,” “us,” or “our” in this Privacy Policy, we are referring to the relevant company within the Printo/RPI group responsible for processing your data.

Personal data, or personal information, encompasses any information related to an individual that can lead to their identification. It excludes data where the identity has been anonymized (anonymous data).

We gather various details about our esteemed customers and website visitors, categorized as follows:

Identity Data: This includes titles, first names, last names, usernames, or similar identifiers, along with an encrypted version of your login/password. If you interact with us through social media, this may encompass your social media username.

Contact Data: Billing address, delivery address, email address, and telephone numbers.

Financial Data: Payment card details.

Transaction Data: Information regarding payments to and from you, as well as other details about products and services you have acquired from us.

Profile Data: This comprises your username, password, purchases or orders made by you, preferences, feedback, survey responses, and any additional profile data we have added (e.g., analytics and profiling).

Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone settings, location, browser plug-in types and versions, operating system and platform, and other technological information related to the devices you use to access our website.

Usage Data: Information about your interactions with our website, products, and services.

Tracking Data: Information collected about you through cookies and similar tracking technologies, including web beacons, pixels, and mobile identifiers.

Marketing and Communications Data: Preferences concerning direct marketing from us and third parties, as well as your communication preferences.

Additionally, we gather, employ, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated Data may be derived from personal data but does not reveal your identity directly or indirectly. For instance, we may aggregate Usage Data to determine the percentage of users accessing a specific website feature.

Please note that we do not collect any Special Categories of Personal Data about you, including information about your race, ethnicity, religious beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, genetic and biometric data, or criminal convictions. We treat all personal data included in designs or products on rpiuae.ae as ordinary personal data.

Should you choose not to share personal data with us or decline certain contact permissions, we may be unable to provide the requested products and services.

We employ various methods to collect data from and about you, including:

Direct Interactions: You may furnish us with your Identity, Contact, and Financial Data by completing forms or corresponding with us via post, phone, email, chat, or social media. This includes personal data you provide when you:

• Make inquiries or request information.
• Create an account on our website.
• Order our products or services.
• Interact with us on social media.
• Participate in contests, promotions, or surveys.
• Contact customer services.
• Leave comments or reviews on our products or services.

Automated Technologies or Interactions: As you engage with us either through printo or rpi, we may automatically gather Technical Data about your devices, browsing activities, and patterns. We may also collect Tracking Data when you utilize our website or click on our advertisements, including those displayed on third-party websites.

Third Parties or Publicly Available Sources:

We may receive personal data about you from various third-party sources, including:

• Technical Data and/or Tracking Data from analytics providers, advertising networks, and search information providers.
• Contact, Financial, and Transaction Data from providers of payment and fraud prevention services.
• Identity and Contact Data from data partners.
• Data from third parties with legal permission or your consent to share your personal data with us, such as through social media or review platforms.
• Please note that we rely on different legal bases for processing your personal data. We primarily use your personal data under the following circumstances:

Contractual Necessity: When it is necessary to perform or enter into a contract with you (e.g., product purchases).

Legitimate Interests: When processing is required for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override these interests (e.g., fraud screening).

Legal Obligations: When we need to comply with legal or regulatory obligations (e.g., maintaining sales records for tax compliance).

Consent: We use consent as a legal basis for processing your personal data only when required by law, such as for certain direct marketing communications. You have the right to withdraw consent at any time.

The table below outlines all the ways we intend to utilize personal data, along with the legal bases on which we rely, and our legitimate interests, where applicable. It is important to note that we may process your personal data under multiple legal grounds, depending on the specific purpose.

We do not engage in automated decision making.

For inquiries or clarifications about this matter, please do not hesitate to contact us (refer to “How to Contact Printo About Privacy”).

We utilize your Identity, Contact, Technical, Tracking, Usage, and Profile Data to create a profile that helps us determine your potential interests and preferences. This allows us to present you with relevant products, services, and offers. We refer to this as “direct marketing.”

Our direct marketing efforts may include communication via email, phone, text, or postal services. For instance, you may receive Printo’s newsletter in your inbox or discover exciting promotions in your mailbox.

On our website, we strive to provide clear information regarding our actions and the communications you will receive. Whether it’s your decision to subscribe to Printo’s newsletter, create an account, or embark on the purchase journey, we make our intentions transparent. You have the right to change your mind and opt out at any time (although we sincerely hope you’ll stay and explore our offerings). The unsubscribe link at the bottom of our communications is the easiest way to opt out.

Please be aware that you may encounter Printo advertisements across various platforms, some of which may not rely on personal data. In such cases, we may secure advertising space through traditional means, both online and in the real world.

However, there are specific scenarios where our marketing efforts may be directed toward you:

• Emails: For instance, receiving Printo’s newsletter.
• Text Messages: Including discount codes.
• Promotions by Post: Such as attractive shipping offers or promotions from our trusted retail partners.
• Phone Calls: To provide relevant information for you and your business.

We partner with Abacus Alliance to deliver product offers by post from reputable retail partners. These partners operate in categories such as clothing, collectibles, food and wine, gardening, gadgets and entertainment, health and beauty, household goods, and home interiors.

Furthermore, we collaborate with partners to enhance the reach of our advertisements through analytics and retargeting. Tracking Data, including cookies, assists us in delivering online advertisements that we believe align with your interests. Please be aware that retargeting, which may result in you seeing familiar product designs, is one of the outcomes.

Cookies play a vital role in our advertising efforts. They help us deliver personalized website and social media advertising that matches your interests. The cookies used for this purpose are typically placed on our website by specialized organizations. This is why you may encounter familiar business card designs after visiting rpiuae.ae.

Cookies also provide insights into whether you have viewed a specific advertisement and the time elapsed since your last viewing. This is essential for assessing the effectiveness of our advertisements and controlling the frequency of ad displays to prevent excessiveness. Cookies also help us identify whether you have opened a marketing email to ensure we only send you relevant content.

For more details about Tracking Data, particularly cookies, please refer to the “Cookies” section below.

Please note that when you use printo.ae or rpiuae.ae, your device or browser may receive cookies from third parties. This occurs when you engage with embedded content or social network links. We want to emphasize that we do not have access to or control over cookies used by these companies or third-party websites. We recommend reviewing the privacy policies of third-party websites for further information on their cookies and management.

You have the option to configure your browser to reject all or some cookies or to alert you when websites attempt to set or access cookies. However, please be aware that disabling or rejecting cookies may result in certain parts of our website becoming inaccessible or functioning improperly.

We may share your personal data with the following parties for the purposes outlined in this Privacy Policy. We may also share your personal data if permitted by law.

We may share personal data with the following categories of third parties:

Suppliers and service providers (e.g., technology service providers, payment processing, and fraud prevention providers, manufacturers, and postal and courier services)

• RPI group companies
• Auditors and professional advisers, including bankers, lawyers, accountants, and insurers
• Government, regulators, and law enforcement

Additionally, we may share data with third parties in cases where we decide to sell, transfer, or merge parts of our business or assets. Alternatively, we may pursue acquisitions or mergers with other entities. If a change in our business structure occurs, the new owners may use your personal data in accordance with this Privacy Policy.

We require all third parties to uphold the security of your personal data and process it in compliance with the law. We do not permit our third-party service providers to use your personal data for their own purposes, and we only allow them to process your personal data for specified purposes and under our instructions.

RPI engages third-party payment processors, namely Digital River World Payments and PayPal, to manage payments for products and services via our website. All online transactions rigorously adhere to Payment Card Industry (PCI) data security standards. Your billing information, used exclusively by these payment processors for fraud protection purposes, is encrypted before transmission to them.

For Digital River World Payments, if you opt to have your card details stored for convenience and the payment is successful, RPI retains information such as the card type, a Masked PAN (comprising only the first 6 and last 4 digits), the card’s expiry date, and an associated token. We retain this data to facilitate identification of your stored card and its use for subsequent payments on RPI. You have the option to delete this stored information via the payment form on our website. Additionally, we maintain the last 4 digits and card type separately to identify transactions made with a specific card.

For PayPal, we store only the tokens essential for transaction identification, issuing refunds, and tracking transactions conducted through PayPal.

Whenever we transfer your personal data outside the European Economic Area (EEA), we adhere to applicable data protection laws. We employ various mechanisms for international transfers, including:

• Transfers to countries officially deemed to offer an adequate level of personal data protection by the European Commission.
• Use of specific contracts approved by the European Commission, which afford personal data the same protection as in Europe (referred to as “EU Model Clauses”).
• When working with providers based in the United States, we transfer data to them if they are part of the Privacy Shield, which mandates comparable personal data protection standards between Europe and the United States. If a provider is not EU-US Privacy Shield certified, we may still employ the EU Model Clauses.

We share your personal data with RPI Group entities, which involves transferring data outside the EEA. This is carried out using the EU Model Clauses.

Many of our external third-party providers are located outside the EEA, and their processing of your personal data entails cross-border data transfers.

To prevent unauthorized access, accidental loss, or improper use of your personal data, we have implemented suitable security measures. Additionally, we restrict access to your personal data to authorized personnel, agents, contractors, and other third parties who require it to fulfil their duties. These parties may only process your personal data based on our instructions and are bound by confidentiality obligations.

We have established procedures for addressing potential personal data breaches and will promptly notify you and relevant regulators of any such breaches when required by law.

Our website may feature links to third-party websites, plug-ins, and applications, such as the ability to sign in via Facebook. Clicking on these links or enabling connections may allow third parties to collect or share data about you. We do not control these third-party websites and disclaim responsibility for their privacy policies. When leaving our website, we urge you to review the privacy policy of each website you visit.

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting obligations.

The retention period for personal data is determined by considering various factors, such as the nature and sensitivity of the data, potential risks from unauthorized use or disclosure, purposes for processing, whether alternative means can achieve these purposes, and applicable legal requirements.

By law, we must retain basic customer information (including Contact, Identity, Financial, and Transaction Data) for six years following the cessation of your customer status for tax compliance purposes.

We also promise to allow you to revisit our website and re-print previously ordered products in the future. Therefore, unless you actively delete this information, we will retain it to fulfil our commitment to you.

In some instances, you may request the deletion of your data; please refer to “Your Legal Rights” below for further details.

We may anonymize your personal data (making it impossible to associate with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

If you are within the European Union and subject to the General Data Protection Regulation (GDPR), you possess rights under data protection laws regarding your personal data:

The Right to Be Informed: You have the right to know how we use your personal data, which we fulfill through this privacy policy.

The Right of Access: You can request access to a copy of the personal data we hold about you (a “data subject access request”).

The Right to Rectification: If your personal data is incomplete or inaccurate, you can request corrections.

The Right to Erasure (Right to Be Forgotten): In certain circumstances, you can request the deletion of your personal data (unless there are overriding legal reasons for us to retain it).

The Right to Restrict Processing: In certain situations, you can ask us to suspend processing your personal data.

The Right to Data Portability: You can request a copy of your personal data in a commonly used format (e.g., .csv).

The Right to Object: You can object to our processing of your personal data in specific cases (e.g., direct marketing).

Rights Related to Automated Decision Making and Profiling: You have the right to transparency regarding any profiling we conduct or any automated decision-making.

To exercise any of these rights or seek clarification, please contact us as detailed in the “How to Contact Printo About Privacy” section.

To exercise any of these rights or seek clarification, please contact us as detailed in the “How to Contact Printo About Privacy” section.

You will not incur a fee to access your personal data or exercise your rights, except in cases of manifestly unfounded, repetitive, or excessive requests, where we may charge a reasonable fee or refuse to comply. In such circumstances, we will inform you accordingly.

We may need to request additional information from you to confirm your identity and ensure your right to access personal data (or exercise other rights). This serves as a security measure to prevent unauthorized data disclosures. We may also reach out to collect further details to expedite our response.

We endeavour to address all legitimate requests within one month. However, if your request is particularly complex or numerous, it may take longer. In such cases, we will notify you and provide updates on our progress.

If you believe we have not addressed your concern appropriately or require further assistance, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the United Kingdom’s supervisory authority for data protection issues.

This Privacy Policy was last updated on September 10, 2021. Historic versions of this policy are available upon request.

We may occasionally amend this policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this policy periodically for updates. Whenever changes are significant and require your consent under applicable data protection laws, we will notify you of such changes. However, we recommend checking this page regularly for the latest information regarding our privacy practices.

For any inquiries about this Privacy Policy or to exercise your rights, please contact us directly.

We aim to resolve your privacy concerns swiftly and efficiently. However, if you feel that your issue has not been adequately addressed, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, the supervisory authority is the Information Commissioner’s Office (ICO).

Thank you for choosing Printo. We value your trust and look forward to serving you.