Privacy Policy

page1image1265122656

Printful, Inc. (“we”, “our”, “us”, or “Printful”) respects the privacy of its users and is fully committed to protect their personal data and use it in accordance with data privacy laws. This Privacy Policy describes how we collect, use, and process any personal data that we collect from you—or you provide to us—in connection with your use of our website (www.printful.com) or our mobile apps and our print-on-demand services (collectively, “Services”). By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy.

If you are a resident of the United Kingdom or the European Economic Area, please see Additional Disclosure for European Residents below.

If you are a California resident, please see Additional Disclosures for California Residents below.

If you are a resident of Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, or any other state that enacts a materially similar privacy law to the states referenced, please see Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents below.

We do not knowingly collect, maintain, disclose, or sell personal information about users under the age of eighteen (18). If you are under the age of 18, please do not use our Services. If you are under the age of 18 and have used our Services, please contact us at the email address below so that we may delete your personal information.

1. Background

Printful provides Services both to its business customers, as well as directly to end users.

If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of Data Protection Laws, and we are the data “controller” or covered “business” as such terms are defined in the applicable Data Protection Law.
If you use our Services to execute orders and deliver products to third parties, you are considered a “Merchant”. When processing contact details, payment information and other information listed in Section 1 below directly related to the Merchant, we are the data controller or covered business. Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer, we are a “data processor” or “service provider” as such terms are defined in the applicable Data Protection Law. Where we act as a data processor we process information in accordance with our Data Processing Terms on behalf of our customers.

The term “Data Protection Law(s)” shall include any applicable data privacy or security law, including but not limited to the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019), the California Consumer

page1image1263099296 page1image1263099584 page1image1263099936page1image1263100224 page1image1263100512 page1image1263100800page1image1263101216

Printful 2024 1

Printful

page2image1263323040

Protection Act, the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act, and all applicable amendments and regulations related to the foregoing.

2. Information Collected About Users and Merchants and How We Use It

The types of personal information we obtain and process about you depends on how you interact with us and our Services. This section provides the categories of information we may collect about you, and such categories are used in accordance with the disclosures in How We Use Your Data below.

Identifiers. Such information includes your name, postal address, shipping address, email address, and telephone number.

Payment Information. Such information includes information relating to billing and payment details (including first and last digits of your payment card).

Commercial Information. Such information includes information about Services you have purchased or considered, and your preferences.

Device and Unique Identifiers. Such information includes internet or other electronic network activity information, such as IP addresses, the device and browser you use, referring pages, time stamps, and cookies.

Geolocation Data. Such information includes non-precise location information that permits us to determine your location based on information provided in your IP address.

Audio Information. Such information includes recorded phone calls that we or our representatives participate in as allowed under applicable law.

Government Issued Identification. Such information includes images and data, which may appear on government-issued identity documents or identification cards.

page2image1368431552 page2image1368431840 page2image1368432192 page2image1368432480 page2image1368432768 page2image1368433056 page2image1368433472page2image1368433760 page2image1368434048

Printful 2024 2

Printful

page3image1263332128

Content. Information such as your communications with us and any other content you provide, such as social media profiles, images, videos, survey responses, comments, reviews, and testimonials.

3. How We Collect Your Data

We may collect data in a variety of manners as disclosed in this section.

Directly from You. We collect personal information you provide, such as when you make a purchase; register for an account or create a profile; contact us; respond to a survey; participate in a sweepstakes, contest, or other similar campaign or promotion; apply for a job; sign up to receive emails or newsletters, or otherwise engage in direct communication with us.

Using Online Tracking Technologies and Other Automatic Data Collection Technologies. When you visit our websites, use our Services, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as cookies. For more information, please see our cookies policy by clicking here.

From Merchants. We obtain information directly from Merchants that we may be providing services on behalf of.

From Social Media Platforms and Networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, LinkedIn, and Pinterest) in connection with our websites, we collect information that you disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.

From Other Sources. We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We also create information based on our analysis of the information we have collected from you.

4. How We Use Your Data

This section explains how we use your data and identifies the categories of information we collect and process in connection therewith.

page3image1368786544 page3image1368786832 page3image1368787184 page3image1368787472page3image1368787760 page3image1368788048page3image1368788464

Printful 2024 3

Printful

page4image1265264400

Providing our Services. Where you are a User of our Services, we will use data collected as is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you.

For the aforementioned purposes, we collect and process Identifiers, Payment information, and Commercial information.

Legal Obligations. We may request some of the personal data indicated above to comply with applicable laws and in furtherance of our legal obligations and legitimate interest in ensuring that users and end customers are not the target of trade, financial, and economic sanctions, and do not appear on a sanctions-related list, including lists maintained by the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the U.S. Department of Commerce, the European Union, or Her Majesty’s Treasury of the United Kingdom. In addition, we may use such information to establish and exercise our rights, and to defend against legal claims.

Consent. There are instances where we collect specific information for a specific purpose based on your consent. This includes when you have given your consent when registering your account, when subscribing to our newsletter or blog, or shared your email address or other personal data with us to receive any other information (for example, our list of sub-processors).

In such instances, we will process identifiers such as your email address as necessary to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested.

For Merchants, we will not use the contact details of your customers to directly market or advertise our Services to them.

For information about how to unsubscribe to any emails, newsletters or other communications, please see Your Choices in Connection With Our Services below.

Conduct Analytics and Personalization. We use your information to conduct research and analytics, including to improve our Services. We also use your information to understand your interaction with our advertisements, Services, and our communications with you. We also use your information to personalize your experience, to save you time when you visit our websites and use our Services, to better understand your needs, and to provide personalized recommendations for our Services.

We obtain the location information you provide in your profile or your IP address. We use and store
Printful 2024 4

page4image1369457760 page4image1369458048 page4image1369458400 page4image1369458688 page4image1369458976 page4image1369459264 page4image1369459680page4image1369459968 page4image1369460256

Printful

page5image1265261696

information about your location to provide features and to improve and customise the Services, for example, for Printful’s internal analytics and performance monitoring; localisation, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.

By using cookies and similar technology on our website, we may collect data such as information on your device, your preferences and information filled in while visiting our website, your interaction with the website, and other information used for analytical, marketing, and targeting activities (including unique visits, returning visits, length of the session, actions carried out in the webpage). Learn more about how we use cookies on with our Services by clicking here.

For the aforementioned purposes, we collect and process Device and Unique Identifiers.

Communications with you. We use your information to engage in communications with you, such as to respond to your requests, inquiries, issues, and feedback, to engage in meetings with Merchants, and to provide customer service.

When you call our customer support phone line, we may monitor or record the call to ensure the quality of our customer support. If you have a Printful account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it, if it will be needed to resolve disputes between you and us.

When you interact with our customer support through email or chat features which may be offered via third-party software, we may monitor or record the conversation to ensure the quality of our customer support. If you have a store account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it if it is needed to protect our legal interests or resolve disputes between you and us.

For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, and Content.

Security and Fraud Prevention. As it is in our legitimate interests to ensure our network security, we use your information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We also use your information to enforce our terms and procedures, prevent against security incidents, and prevent the harm to other users of our Services.

Improving the Services, Websites or Developing Other Products. We process certain information about the use of our Services and website to better understand how it is accessed, to improve our Services, and to develop new products and services. Such processing requires the collection of technical information, including information about how and when you access your account, the

page5image1369900784 page5image1369901072 page5image1369901424 page5image1369901712 page5image1369902000 page5image1369902288page5image1369902704page5image1369902992

Printful 2024 5

Printful

page6image1370021600

device and browser you use and the IP address and device data.
For the aforementioned purposes, we collect and process Device and Unique Identifiers.

Marketing and Advertising. We use your information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email. We also use your information to show you advertisements for Services and to administer our sweepstakes and other contests.

For the aforementioned purposes, we collect and process Identifiers, Device and Unique Identifiers, Commercial Information, and Geolocation Data.

5. Information Collected About Our Merchant’s Customers

In the course of providing products and services on our Merchant’s behalf, we collect and process certain information about individuals at the direction of such Merchants (“Customer Data”). Customer Data has historically included information such as personal data relating to the end user of our Services, any personal data in the printing content (where applicable), personal data revealed during the use of any Printful services, including name, email address, phone number, shipping address, and other information about the Merchant’s customers.

If you are a customer of the Merchant (an end user of our Services), the Merchant is the data controller with regard to your personal data contained in Customer Data and should provide you the information on how your personal data is collected and processed when using our Services. Please read the Merchant’s privacy policy for further information. The Merchant is your contact for any questions you have about how it handles your personal data.

6. Sharing Personal Data With Third Parties

The following details the types of third parties whom we share information with in connection with your use of the Services:

Service Providers. In order for Printful to provide you with our Services, we work with third parties who perform services on our behalf and with whom we share personal data to support our Services (“Service Providers”). Service Providers include:

Hosting and Online Services. Information you have provided to us during the use of our Services, including technical usage data, is shared for business purposes in our legitimate interests with third parties who provide hosting and server co-location services as well as data and cyber security services.

page6image1370282768 page6image1370283056 page6image1370283408 page6image1370283696 page6image1370283984 page6image1370284272 page6image1370284688page6image1370284976

Printful 2024 6

Printful

page7image1265272112

Manufacturing Services. Information you have provided to us during the use of our Services may be shared with third-party manufacturing services whom we engage to provide our Services to you.

Email Service Providers. Your email address and other contact details you have provided to us and your messages to our customer service is shared for business purposes in our legitimate interests with communication, email distribution, and content delivery services as well as customer support system providers.

Payment Processors. Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and financial advisors, advisors, so that we can provide our Services to you.

Analytic and Digital Marketing Providers. Information regarding your use of our Services and other information received from cookies and similar technology is shared with web analytics, session recording, and online marketing services.

If we provide marketing to you, information on your account, purchases and preferences can be shared with marketing services.

Legal Advisors, Legal Process, and Protection. Insofar as reasonably necessary, we may be required to share information with third parties to (1) comply with legal requirements or requests, including any subpoenas, claims, disputes or litigation, (2) protect our, or a third party’s, lawful interests, (3) enforce or apply our agreements; and (4) protect property or safety of us or others.

We will only share personal data to Service Providers that have undertaken to comply with obligations set out in applicable data protection laws.

Affiliates. We may share your personal data with our affiliates (companies within our corporate family), in our legitimate interests for business purposes.

Business Customers (i.e., Merchants). Where we provide Services on behalf of Merchants, we will provide certain information related to your orders and purchases.

In a Business Transfer. We may disclose or share your information as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.

Facilitating Requests. We share information at your request or direction, such as when you choose to share information with a social network about your activities using the Services.

Notwithstanding the above, we may share information that does not identify you (including information Printful 2024 7

page7image1371740016 page7image1371740304 page7image1371740656 page7image1371740944 page7image1371741232page7image1371741520

Printful

page8image1371846384

that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see Your Choices In Connection With Our Services below.

If you are a resident of a jurisdiction that grants additional legal rights, please see the applicable disclosure, including the following:

Additional Disclosure for European Residents Additional Disclosures for California Residents

Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents

7. Retention Periods

We may retain your personal data for as long as you have a Printful account or any of the abovementioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of the personal data for such purposes.

If you have used our Services without creating a Printful account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to provision of services, for example, for tax purposes.

After terminating your relationship with us by deleting your Printful account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers’ personal data) as necessary to comply with our contractual obligations with Merchants and legal obligations, as well as to resolve disputes between you and us (or Merchants and applicable customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).

We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws.

8. Information Security

We seek to use reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your Printful account, limit access to your computer and browser by signing out after you have finished your session, and avoid

page8image1372114016 page8image1372114304 page8image1372114656 page8image1372114944page8image1372115232 page8image1372115520page8image1372115936

Printful 2024 8

Printful

page9image1265300640

providing us with any sensitive information.

9. Your Choices In Connection With Our Services

A. Account.

You may access, update, or remove certain information that you have provided to us through your account (log in here) or by sending an email to the email address set out in Contact Information below. We may require additional information from you to allow us to confirm your identity.

Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

B. Communications.

Emails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us at the email address set out in Contact Information below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Printful’s ongoing business relations.

C. Cookies and Tracking Technologies.
Cookies. See our Cookie Policy here for information about how to control cookies.

Do Not Track. Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to browser “do not track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

D. Analytics.

We use Google Analytics to conduct analytics of our Service. We provide you with the ability to exercise certain controls and choices about how we collect, use, share, and store your information. Google also provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Please note that your opt-out will only apply to the specific browser or device from which you opt-out.
E. Legal Privacy Rights.
You may have additional legal privacy rights under certain applicable laws, including but not limited to the

page9image1372444768 page9image1372445056 page9image1372445408 page9image1372445696 page9image1372445984 page9image1372446272 page9image1372446688 page9image1372446976page9image1372447264 page9image1372447552page9image1372447840

Printful 2024 9

Printful

page10image1369572624

California Consumer Privacy Act and other similar laws that may come into effect. For more information about your rights under these respective laws, please see the following sections where applicable:

Additional Disclosures for European Residents Additional Disclosures for California Residents

Additional Disclosures for Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents

For more information about how to exercise applicable legal rights, please see the section titled How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.

10. Additional Disclosure for European Residents

If you are a User or data subject related to a Merchant located in the European Economic Area or the United Kingdom, you have certain rights with respect to your personal data in accordance with Data Protection Laws in the European Union and United Kingdom (collectively the “GDPR”).

A. Roles

GDPR distinguishes between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). As described in the Section entitled “Background” above, we may either be a controller or a processor depending on the circumstances.

Printful as a Controller: We are the data “controller” when we process information directly from Users to provide our Services such User that purchased the respective Services.

Printful as a Processor: We are a processor where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer. Where we act as a processor we process information in accordance with our Data Processing Terms on behalf of our customers.

B. Lawful Basis

The GDPR requires a “lawful basis” for processing personal data. Our lawful bases include where: (i) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or customers; (ii) processing is necessary for the performance of a contract with you; (iii) processing is necessary for compliance with a legal obligation; or (iv) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, provided that your interests and fundamental rights and freedoms do not override our interests.

page10image1372837200 page10image1372837488page10image1372837840 page10image1372838128 page10image1372838416page10image1372838704 page10image1372839120 page10image1372839408 page10image1372839696 page10image1372839984page10image1372840272 page10image1372840560

Printful 2024 10

Printful

page11image1372218704

C. Data Transfers

All the information you provide may be transferred or accessed by our parent company in the United States and our affiliate companies and subsidiaries in other countries, such as Latvia, Poland, Spain, and the UK and our Service Providers (as described above) for the provision of our Services as described in this Privacy Policy. When we transfer your information globally, we take necessary measures to ensure appropriate protection of your information, including, as applicable, entering into the European Commission’s Model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses) and any equivalent clauses issued by the relevant competent authority of the UK.

D. Your Data Subject Rights
If you are a data subject according to the GDPR, subject to certain conditions you have the right to:

access, rectify, or erase any personal data we process about you;

data portability, meaning the ability to receive your personal data in a structured, commonly used machine-readable format and ability to transfer such data another third party of your choice;

restrict or object to our processing of personal data we process about you; and

where applicable, withdraw your consent at any time for any data processing.

For more information about how to exercise applicable legal rights, please see the section titled How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.

GDPR Complaints

If you have a complaint about our use of your personal data or response to your requests regarding your personal data, please see the section entitled “Complaints” below.

In addition to the contact information in the Section “Contact Information” below, please contact our: European Representative
privacy@printful.com
Data Protection Officer

privacy@printful.com

page11image1373139616 page11image1373139904 page11image1373140256 page11image1373140544 page11image1373140832 page11image1373141120page11image1373141536 page11image1373141824 page11image1373142112 page11image1373142400page11image1373142688

Printful 2024 11

Printful

page12image1371842480

11. Additional Disclosures for California Residents

All terms and phrases used under this section have the same meaning as those phrases are defined under the California Consumer Privacy Act and its implementing regulations, as amended (collectively, the “CCPA”).

Under the CCPA, California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.

We are both a “business” and a “service provider” under the CCPA, depending on how you interact with us. This section applies only to personal information we collect in our role as a business. Where we act on a Merchant’s behalf to fulfil an order with regard to the Merchant’s customer, we are a Service Provider under the CCPA. Please read the Merchant’s privacy policy for further information on how to exercise your rights under the CCPA. The Merchant is your contact for any questions you have about how it handles your Personal Information.

A. Notice at Collection

To learn more about the categories of personal information we collect about California residents, please see Information Collected About Users and Merchants above.

For more information about how we use those categories of personal information, please see How We Use Your Data above.

For more information about how we collect categories of personal information, please see How We Collect Your Data above and our cookies policy found here.

To learn more about how we disclose categories of personal information, and the categories of third parties with whom we disclose such information, please see Categories of Personal Information Disclosed and Categories of Recipients below.

To learn more about how long we keep your information, please see Retention Periods above.

B. Categories of Personal Information Disclosed and Categories of Recipients

The following disclosure describes the categories of information that we disclose to the categories of recipients of such disclosure. For more information about the third parties we disclose information to, please see Sharing Personal Data With Third Parties above.

Service Providers. The type of data we share depends on the type of service provider. The below summary details the types of service providers and related information shared:

Hosting and Online Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.

page12image1373527776 page12image1373528064 page12image1373528416 page12image1373528704 page12image1373528992 page12image1373529280page12image1373529696 page12image1373529984 page12image1373530272page12image1373530560 page12image1373530848 page12image1373531136 page12image1373531424 page12image1373531712page12image1373532256 page12image1373532448

Printful 2024 12

Printful

page13image1368535088

Manufacturing Services. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.

Email Service Providers. We may disclose Identifiers, Device And Unique Identifiers, and Geolocation Data.

Payment Processors. We may disclose Identifiers, Device And Unique Identifiers, and Payment Information.

Analytic and Digital Marketing Providers. We may disclose Device And Unique Identifiers and Geolocation Data.

Legal Advisors, Legal Process, and Protection. Any collected information identified in Information Collected About Users and Merchants that is reasonably required to be disclosed and does not violate any legal or contractual obligation may be disclosed in accordance with such request and/or requirement.

Affiliates. We may disclose any of the information identified in Information Collected About Users and Merchants with our Affiliates so where it necessary for the legitimate interest including appropriate business purposes of Printful and its Affiliates in accordance with Data Protection Laws.

Business Customers (i.e., Merchants). We may disclose Identifiers and Commercial Information.

In a Business Transfer. We may disclose any of the information identified in Information Collected About Users and Merchants in connection with a business transfer where it necessary for the legitimate interest including appropriate business purposes of Printful and its Affiliates.

Facilitating Requests. We may disclose or make appropriate information identified in Information Collected About Users and Merchants to facilitate your requests reasonably in accordance with the CCPA. With respect to social networking requests, categories of information shared are Identifiers, Device And Unique Identifiers, Geolocation Data, and any applicable Content associated with the request.

C. Your Legal Rights Under the CCPA

If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your

page13image1369125504 page13image1369125792 page13image1369126144 page13image1369126432 page13image1369126720 page13image1369127008 page13image1369127424 page13image1369127712page13image1369128000 page13image1369128288 page13image1369128576 page13image1369128864 page13image1369129152page13image1369129440 page13image1369129984 page13image1369130176 page13image1369130464 page13image1369130752 page13image1369131040 page13image1369131328 page13image1369131616page13image1369131904 page13image1369132192 page13image1369132480 page13image1369132768page13image1369133056

Printful 2024 13

Printful

page14image1372544384

rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.

Right to Know Request. Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:

1. the categories of personal information about you that we collected;
2. the categories of sources from which the personal information was collected; 3. the purpose for collecting personal information about you;

4. the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and

5. the specific pieces of personal information we collected about you.

You may make a verifiable consumer request to know your personal information twice per twelve (12) month period.

Right to Access. You have a right to access the personal information that we collected from you in accordance with the applicable law.

Right to Delete Request. Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.

Right To Correct. Under the CCPA, you have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.

Right to Opt-Out of the Sale or Sharing of Personal Information.

Right to Opt-Out of the Sale or Sharing of Personal Information. You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services

page14image1373875392

Printful 2024 14

Printful

page15image1372536736

that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. We may also make available Personal Information to Merchants relating to your commercial information. These practices are considered a “sale” under the CCPA.

You may also opt-out of the sales relating to browser based sales by using an opt-out preference signal, such as the Global Privacy Control (GPC) on your browser.

These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.

D. Notice of Disclosure for a Business Purpose

To learn more about the categories of personal information we have disclosed for a business purpose, and the categories of third parties with whom we’ve disclosed such information, please see How Do We Disclose Your Information? above.

E. Notice of Sale

We sell your personal information through the use of certain third party advertising partners, as well as when we provide your personal information to Merchants. We do not share your personal information. We also don’t knowingly sell or share the personal information of any California resident who is 16 years or younger.

F. Notice of Use of Sensitive Personal Information

We do not use California resident sensitive personal information for any purpose other than is permissible under the CCPA. Specifically, we do not use sensitive personal information of California residents to derive characteristics about California residents.

G. Notice of Financial Incentives

We offer our User and Merchants certain discount opportunities that may be considered a “financial incentive” or “bona fide loyalty program” under applicable Data Protection Laws (the “Program”). Such a Program may include discounts or coupons provided when you sign up to receive such discounts or coupons, which typically requires you to provide your name and contact information (such as email address), or participation in a survey. We consider the value of your personal information to be related to the value of the discounted products or services, or other benefits that you obtain or that are provided in connection with the Program, less the expense we incur offering such opportunity.

You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Please review any applicable terms and conditions provided in connection with such Program.

page15image1374268144 page15image1374268432 page15image1374268784 page15image1374269072page15image1374269360 page15image1374269648page15image1374270064

Printful 2024 15

Printful

page16image1263332944

12. Additional Disclosures for Colorado, Connecticut, Delaware, Nevada, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia Residents

Under the state laws including the Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Montana Consumer Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, Virginia Consumer Data Protection Act, and other similar laws that may be enacted in the future (each a “Heightened U.S. Privacy Law”) applicable residents are afforded certain rights regarding the data we have collected about them. This notice describes how we collect, use, and share your Personal Data in our capacity as a “Controller” under such respective Heightened U.S. Privacy Law, and the rights that you have with respect to your Personal Data, including sensitive personal data. For purposes of this section, “Personal Data” and “sensitive data” have the meanings given in the respective Heightened U.S. Privacy Law and do not include information excluded from such respective Heightened U.S. Privacy Law’s s respective Heightened U.S. Privacy Law general, personal data is information reasonably linkable to an identifiable person.

A. Notice of Collection

To learn more about the categories of personal information we collect about you and how we use it, please see Information Collected About Users and Merchants and How We Use Your Data above. To learn more about the categories of third parties with whom we may share your personal information, please see How We Sharing Personal Data With Third Parties above.

In addition, we may collect and/or use additional types of information after providing notice to you and obtaining your consent to the extent such notice and consent is required by Heightened U.S. Privacy Laws.

B. Your Rights Under Heightened U.S. Privacy Laws

If you are a resident of a state with a Heightened U.S. Data Privacy Law, the processing of certain personal information about you may be subject to the respective Heightened U.S. Data Privacy Law. Where the Heightened U.S. Data Privacy Law applies, this section provides additional privacy disclosures and informs you of key additional rights as a resident of such state. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the Heightened U.S. Data Privacy Law.

Right to Access Information/Correct Inaccurate Personal Data. You have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it, and the third parties and service providers with whom we share it. Additionally, you have the right to correct inaccurate or incomplete Personal Data. You may submit such a request as described below. If you live in Oregon, you also have a right to request a list of the specific third parties to which we’ve disclosed your personal data.

page16image1375889728 page16image1375890016 page16image1375890368 page16image1375890656page16image1375890944 page16image1375891232

Printful 2024 16

Printful

page17image1368889888

Right to Deletion of Personal Data. You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request as described below. We may have a reason under the law why we do not have to comply with your request, or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right To Correct. You have the right to ask us to correct, or make available a means to correct, the personal information we have collected about you, subject to certain exceptions.

Right to Opt-Out of Sale of Personal Data to Third Parties. You have the right to opt out of any sale of your Personal Data by Printful to third parties.

Right to Portability. You have the right to request a copy of the Personal Data that you previously provided to us as a Controller in a portable format. Our collection, use, disclosure, and sale of Personal Data are described in our Privacy Policy.

Right to Opt-In to Processing of Sensitive Data. Before we collect and process sensitive personal information, we will obtain your opt-in consent as required under applicable law.

Right to Opt-Out of Targeted Advertising. You have the right to opt-out of Targeted Advertising based on your Personal Data obtained from your activities over time and across websites or applications.

Right to Opt-Out of Profiling. You have the right to opt-out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.

Right to Appeal. If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by sending an email to privacy@printful.com that you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.

These rights may be limited in some circumstances. For more information about how to exercise your legal rights and limitations that may apply, please see How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws below.

C. Nevada Opt-Out Rights
If you are a Nevada resident, you have the right to submit a request directing us not to make any sale of

page17image1376272400 page17image1376272688 page17image1376273040 page17image1376273328page17image1376273616

Printful 2024 17

Printful

page18image1368531264

your personal information. We do not sell your personal information as defined under Nevada law. However, to request email confirmation that we do not sell your personal information, please send an email to us with “Nevada Opt-Out of Sale” in the subject line and in the body of your message.

13. How to Exercise Your Legal Rights Under GDPR, CCPA, or Heightened U.S. Privacy Laws

If you are an applicable resident to whom the Data Protection Laws apply to, you may contact us to exercise your rights in accordance with the below procedures:

A. Verification Requirements

For certain requests, we may require specific information from you to help us verify your identity and process your request. Depending on your request, we will ask for information such as your name, address, phone number and account number (to the extent available) used in connection with your account or applicable purchases, and may ask for government-issued ID, or date of birth. If we are unable to verify your identity, we may deny your requests to know or delete.

B. Requests to Know, Access and Delete Information

If the Data Protection Laws apply to you, you may exercise your right to know, access or delete information through any of the following means:

Account Settings: As provided in the Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Printful account.

Online form: You may make a request by completing this form
Email Us: You may make a request by emailing us at privacy@printful.com

C. Correction Requests
You can correct information related to your account through the following means:

Account Settings: As provided in Your Choices in Connection with Our Services above, you can access the majority of your personal information through your account within the Services by logging in to your Printful account.

Email Us: You may make a request by emailing us at privacy@printful.com

page18image1376611776 page18image1376612064 page18image1376612416 page18image1376612704 page18image1376612992page18image1376613280 page18image1376613696 page18image1376613984 page18image1376614272page18image1376614560

Printful 2024 18

Printful

page19image1368515024

D. Right to Opt-Out of Sale, Profiling, and Context-Based Behavioral Advertising
You may opt-out of the sale of personal information or data by completing this form to opt-out of the sale

of personal information or by sending an e-mail to privacy@printful.com.

The use of certain third-party providers and their cookies or other tracking technologies for such third parties’ commercial use or profiling or cross-context behavioral advertising must be capable of opt-out. However, as stated in this Privacy Policy, we do not sell or share your information to third parties for these purposes, and therefore, we do not offer any opt-out right.

If you believe that we are forwarding personal information to a third party and it is using it in a manner that exceeds such third party’s processing on our behalf as a service provider or processor (as those terms are understood under applicable law), please contact us at privacy@printful.com so that we may look into the matter further.

E. Right to Portability

If you wish to receive your personal data in a machine-readable format, please contact us at privacy@printful.com. We may provide you instructions on how to access your own information and download it yourself, or otherwise will work with you to provide you your personal data in accordance with applicable Data Protection Law.

If applicable Data Protection Law does not provide you with the right of portability, we may deny your request.

F. Authorized Agents

Residents of California, Colorado, and Connecticut may designate an authorized agent to submit a request on your behalf to access or delete your personal information. Use of an authorized agent must comply with the CCPA and Heightened U.S. Privacy Law as applicable, including that you must provide the authorized agent written and signed permission to submit such request. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will still have to verify your identity directly with us in accordance with the applicable law.

G. Responding to Requests as a Controller or Covered Business

Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly within the timer period allowed under the applicable law. We aim to fulfill all verified requests within 45 days pursuant to the to the CCPA and most Heightened U.S. Privacy Laws, unless required to respond sooner. For example, if you live in Europe, we aim to respond within 30 days as required by law. If necessary, extensions as allowed under applicable law (generally for an additional 45 days) may be required and will be accompanied by an explanation for the delay.

Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by applicable law.

page19image1377069120 page19image1377069408 page19image1377069760 page19image1377070048 page19image1377070336page19image1377070624 page19image1377071040page19image1377071328

Printful 2024 19

Printful

page20image1376725072

H. Responding to Requests as a Processor or Service Provider

If your personal data has been processed by us on behalf of a Merchant and you wish to exercise any rights you have with such personal data, please inquire with such Merchant directly. If you wish to make your request directly to us, please provide the name of Merchant on whose behalf we processed your personal data. We will refer your request to that Merchant, and will support them to the extent required by applicable Data Protection Law in responding to your request.

14. Links to Third-Party Sites

Our Services may contain links to other websites or services. Please note that these links are provided for your own convenience and information, and the websites and services may operate independently from us and have their own privacy policy notices, which we strongly suggest you review.

15. Privacy Policy Changes

Any changes we make to this Privacy Policy in the future will be posted on this page. Therefore, we encourage you to check this page frequently from time to time.

16. Complaints

If you are a User that has directly purchased our Services from us and believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us.

If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.

17. Contact Information

If you have any questions about your personal data or this Privacy Policy, please contact us by email at privacy@printful.com, or by using the contact details below:

page20image1377409648 page20image1377409936

Users outside of the European Economic Area:

Printful Inc.

Attn: Data Protection Officer Address: 11025 Westlake Dr Charlotte, NC 28273
United States

Users of the European Economic Area:

AS “Printful Latvia”

Attn: Data Protection Officer Address: Raina Bulvaris 25 Riga, LV-1050
Latvia

page20image1377443008