Printfection prioritizes consumer trust. We know that personal data is important to both our customers and recipients which may receive promotional items from our customers. That is why we keep personal data private and safe.
Printfection helps customers and recipients maintain control of their privacy and data security in a myriad of ways:
- Disclosure of Personal Data: Printfection only discloses Personal Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Trust: Printfection has developed security protections and control processes to help our customers and recipients ensure a secure environment for their information.
- Customer Access Management: We do not access or use customer content for any purpose other than providing, maintaining and improving the Printfection services and as otherwise required by law.
- Recipient Data Management: Printfection provides a process for recipients who may not have accounts with Printfection to write in and have their personal data removed upon request.
What is Personal Data?
Personal Data is any information, which is stored in or transmitted via the Printfection services, by, or on behalf of, our customers and their recipients. It typically will include a recipient’s name, address, and phone number which are all necessary for Printfection to deliver the promotional items to the recipients.
Who owns and controls Personal Data?
From a privacy perspective, the Customer is the controller of Personal Data, and Printfection is a processor. This means that throughout the time that a Customer subscribes to services with Printfection, the Customer retains ownership of and control over Personal Data in its account.
Who are Printfection’s sub-processors?
Printfection works with a number of third parties to provide the application and printing, fulfillment and shipping services.
How does Printfection use Personal Data?
We use Personal Data to help improve our services and for the delivery of promotional items to recipients that place orders or are identified by our customers as individuals that should receive promotional items.
Where will Personal Data be stored?
Printfection has data centers in the United States. Personal Data managed by Printfection is only stored in the United States, however some third parties used to print or ship your promotional items may store their data outside of the United States.
How does Printfection Respond to Information Requests?
Printfection recognizes that privacy and data security issues are top priorities for customers.
How does Printfection respond to legal requests for Personal Data?
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal data to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information with relevant law enforcement agencies or public authorities if we believe it to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Master Subscription Agreement, or as otherwise required by law.
The EU Data Protection Directive (also known as “Directive 95/46/EC“) addresses the processing of personal data and the free movement of such data. Broadly, this Directive sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.
Directive 95/46/EC established the Article 29 Working Party (“WP29”), which is comprised of representatives from the data protection authorities of all the EU Member States as well as from the European Commission. WP29 works to harmonize the application of data protection rules throughout the EU and also advises the EU Commission on the adequacy of data protection standards in non-EU countries.
How does the EU Directive apply to Customers and Recipients?
Printfection customers which collect and store personal data are considered data controllers under Directive 95/46/EC. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including Directive 95/46/EC and the GDPR as of May 25, 2018.
What are the “Model Clauses”?
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”) which provide a data controller a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”). If you believe that our customers are using providing your data to us in error, and your are located in the EU, we encourage you to seek any remedies that may be available to you through the EEA.
Does Printfection replicate the Personal Data it stores?
Printfection periodically replicates data for purposes of archival, backup and audit logs. We use Amazon Web Services (AWS) to store some of the information that is backed up, such as database information and attachment files.
Since our inception, Printfection’s approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.
If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To be compliant we have put in place systems and processes that will allow us to:
- Respond to requests from data subjects to correct, amend or delete personal data.
- Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
- Demonstrate compliance with the GDPR as pertaining to Printfection’s Services.
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
What implications does GDPR have for organizations processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
How has Printfection been preparing for the GDPR?
Printfection will be compliant with the GDPR when it becomes enforceable in May 2018. Our privacy team is reviewing Printfection’s current product features and practices to ensure we are able to support our customers with their GDPR compliance requirements.
Does Printfection currently provide any product specific features/functionality in its product to assist us with our GDPR compliance program?
- Printfection customers can view all Personal Data collected by viewing their reports in their account. Printfection customers can email Printfection at firstname.lastname@example.org to request their recipients’ information be removed.
- Printfection recipients can email Printfection at email@example.com to request access to their information or to request their information be removed.
Is Printfection certified under the Privacy Shield?
Printfection has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to the U.S. Department of Commerce and has been added to the Department of Commerce’s list of self-certified Privacy Shield participants. Our certifications confirm that we comply with the Privacy Shield Principles for the transfer of European and Swiss personal data to the United States.
This is great news for our customers, providing them with an even better data transfer mechanism than the former U.S.-EU and U.S.-Swiss Safe Harbor Frameworks. Printfection moved quickly to adopt the Privacy Shield principles as part of our ongoing commitment to privacy and protecting our customers’ data.