{"id":490553,"url":"\/data-processing-terms\/","layout":"standard","version":"2025-11-03T08:57:42.000000Z","blocks":[{"id":4733074,"type":"textBlock","published":1,"size":{"x":12,"y":0},"order":1,"items":[],"properties":{"html":{"id":117665751,"value":"

Last updated:<\/strong>\u00a0October 20, 2025<\/p>

What this is<\/strong><\/h3>

These terms explain how\u00a0Print Nova<\/strong>\u00a0handles personal data\u00a0for you, the Merchant<\/strong>. When we handle personal data for you, you\u2019re the\u00a0Controller<\/strong>\u00a0(you decide what happens to the data) and we\u2019re the\u00a0Processor<\/strong>\u00a0(we carry out your instructions). If you use our Services, you\u2019re agreeing to these terms.<\/p>

If there\u2019s ever a conflict between these Data Processing Terms and the rest of our Agreement,\u00a0these Data Processing Terms control<\/strong>.<\/p>

<\/p>

1) Key words explained (short and simple)<\/strong><\/h3>

  • Agreement<\/strong>: The contract between you and Print Nova (our Terms of Service or a separate signed contract).<\/p><\/li>

  • Affiliate<\/strong>: A company that controls, is controlled by, or is under common control with a company (think \u201csister companies\u201d under the same parent).<\/p><\/li>

  • Personal Data<\/strong>: Information that can identify a person\u2014like name, email, phone, shipping address, and even images (including ones on ID documents).<\/p><\/li>

  • Processing<\/strong>: Anything done with Personal Data\u2014collecting, storing, using, sending, deleting, etc.<\/p><\/li>

  • Controller \/ Processor<\/strong>: You\u2019re the Controller (you decide the \u201cwhy\u201d and \u201chow\u201d); Print Nova is the Processor (we follow your instructions).<\/p><\/li>

  • Data Subject<\/strong>: The person the data is about (usually your customer).<\/p><\/li>

  • Personal Data Breach<\/strong>: When Personal Data is accessed, lost, or shared by accident or without permission.<\/p><\/li>

  • Supervisory Authority<\/strong>: A privacy regulator (like an EU data protection authority).<\/p><\/li>

  • Selling<\/strong>\u00a0(privacy sense): Giving Personal Data to someone else in exchange for money or something valuable.<\/p><\/li>

  • Sharing<\/strong>\u00a0(privacy sense): Giving Personal Data to someone else specifically for targeted ads.<\/p><\/li>

  • Data Protection Laws<\/strong>: Laws like GDPR (EU\/UK) and CCPA (California), plus similar rules in other places.<\/p><\/li>

  • Third Countries<\/strong>: Countries outside the EU\/EEA or UK that may not have the same privacy rules.<\/p><\/li>

  • Standard Contractual Clauses (SCCs)<\/strong>: EU\u2011approved contract terms we use to legally move data to countries outside the EU\/EEA (and UK equivalents for UK data).<\/p><\/li>

  • Data Exporter \/ Data Importer<\/strong>: Who\u2019s sending the data across borders (Exporter) and who\u2019s receiving it (Importer).
    \u00a0<\/p><\/li><\/ul>

    2) What you\u2019re asking us to do<\/strong><\/h3>

    You\u2019re appointing Print Nova to process Personal Data\u00a0only<\/strong>\u00a0to provide the Services you use (print\u2011on\u2011demand, fulfillment, warehousing, branding, design, merchandising, etc.) and to run those Services properly\u2014even if that means moving data to another country when it\u2019s lawful to do so.<\/p>

    3) The data and what we do with it<\/strong><\/h3>

    What data?<\/strong><\/p>

    • Info about your customers (name, email, phone, address) and any Personal Data inside what you send us (like images or content, including government ID images if you upload them).<\/p><\/li>

    • No sensitive data<\/strong>\u00a0by default. Please don\u2019t send it unless it\u2019s inside your content and you want us to process it for the Service.<\/p><\/li><\/ul>

      \u00a0<\/p>

      Why we process it:<\/strong><\/p>

      • To provide and support the Services under our Agreement with you, as you instruct us.<\/p><\/li><\/ul>

        \u00a0<\/p>

        Hard limits (what we won\u2019t do):<\/strong><\/p>

        • We do not Sell your customers\u2019 Personal Data.<\/strong><\/p><\/li>

        • We do not Share it for targeted ads.<\/strong><\/p><\/li>

        • We don\u2019t use it for our own unrelated purposes or outside our business relationship.<\/p><\/li>

        • We won\u2019t combine it with other data from elsewhere unless\u00a0you<\/strong>\u00a0tell us to.<\/p><\/li><\/ul>

          \u00a0<\/p>

          How long:<\/strong><\/p>

          • We process data while the Agreement is active and you\u2019re using the Services.<\/p><\/li><\/ul>

            Security testing basics:<\/strong><\/p>

            • We test systems that store or change Personal Data\u00a0at least once a year<\/strong>\u00a0to check for security issues (ideally by an independent tester, or by certified internal experts using recognized frameworks like OWASP).<\/p><\/li>

            • If we find issues, we\u00a0log them within 24 hours<\/strong>\u00a0and plan fixes based on how serious they are.
              \u00a0<\/p><\/li><\/ul>

              4) Your responsibilities (Merchant)<\/strong><\/h3>

              • You\u2019ll follow privacy laws and only send us data you\u2019re allowed to use.<\/p><\/li>

              • If the law requires you to get consent or give notices to your customers, you\u2019ll do that before sending data to us.<\/p><\/li>

              • Your instructions in these Terms are enough for us to operate; if you give extra instructions later, they must be reasonable, lawful, written, and something we can actually do.<\/p><\/li>

              • Keep the Personal Data you send us accurate and up to date, and tell us when it changes.<\/p><\/li>

              • If we act exactly as you instruct and someone complains, that\u2019s on you. You\u2019ll cover our losses if your breach of these Terms causes us a problem.<\/p><\/li>

              • If we ask for info to meet sanctions screening or similar legal checks (e.g., OFAC, EU, UK lists), you\u2019ll provide it.<\/p>

                \u00a0<\/p><\/li><\/ul>

                5) Our responsibilities (Print Nova)<\/strong><\/h3>

                • We\u2019ll only process Personal Data as these Terms say or as you instruct us in writing (unless the law requires something different; if so, we\u2019ll tell you unless the law says we can\u2019t).<\/p><\/li>

                • If your instruction seems to break privacy law, we\u2019ll let you know.<\/p><\/li>

                • We\u2019ll keep strong\u00a0technical and organizational security measures<\/strong>\u00a0(see \u201cHow we protect data\u201d below).<\/p><\/li>

                • Our staff handling Personal Data are bound by confidentiality.<\/p>

                  \u00a0<\/p><\/li><\/ul>

                  6) How we help you (your rights & incidents)<\/strong><\/h3>

                  • Data Subject requests<\/strong>\u00a0(like access, correction, deletion, portability): If someone contacts us directly, we\u2019ll pass the request to you and help you handle it as required by law.<\/p><\/li>

                  • If there\u2019s a breach<\/strong>: We\u2019ll tell you\u00a0without undue delay<\/strong>\u00a0after we become aware, and we\u2019ll help with investigations and any legally required notifications.<\/p><\/li>

                  • Risk assessments<\/strong>: We\u2019ll help with data protection impact assessments and, when needed, talk to regulators.<\/p>

                    \u00a0<\/p><\/li><\/ul>

                    7) Sub\u2011processors (our trusted helpers) & moving data across borders<\/strong><\/h3>

                    • You give us general permission to use\u00a0sub\u2011processors<\/strong>\u00a0(specialist vendors or our Affiliates) to run the Services.<\/p><\/li>

                    • You can get the current list through your account or by contacting the registered account email we have on file. The list shows who they are, what they do, and where they are.<\/p><\/li>

                    • We may update that list over time. You can\u00a0object<\/strong>\u00a0to a new sub\u2011processor by writing to us. If you do, we\u2019ll try to find a workaround. If there isn\u2019t a reasonable workaround, you can terminate just the affected part of the Service as a last resort.<\/p><\/li>

                    • We make sure every sub\u2011processor signs up to protection duties\u00a0as strong as ours<\/strong>.<\/p><\/li>

                    • When data leaves the EU\/EEA or UK, we use the right\u00a0SCCs<\/strong>\u00a0(for EU: the 2021 SCCs, Controller\u2192Processor (Module 2), and when needed Processor\u2192Processor (Module 3); for UK, the UK equivalents) and apply our security measures.<\/p><\/li>

                    • For the SCC details: the \u201cwhat\/why\/how long\u201d matches Section 3 above; our security controls are the ones in\u00a0How we protect data<\/strong>; the governing law and courts for the SCCs are\u00a0Latvia<\/strong>\u00a0unless we agree otherwise; the competent regulator is where the exporter is located.<\/p>

                      \u00a0<\/p><\/li><\/ul>

                      8) Audits (checking our homework)<\/strong><\/h3>

                      • If you ask in writing, we\u2019ll share enough info to show we\u2019re following these Terms and the law\u2014so far as we\u2019re allowed and able to share it.<\/p><\/li>

                      • If that\u2019s not enough, we\u2019ll agree to a privacy\/security audit by an independent, reputable auditor we both approve.<\/p><\/li>

                      • Practical details and timing are set by us;\u00a0you cover the costs<\/strong>\u00a0(including our reasonable time\/costs). You can ask for an audit\u00a0no more than once every 2 years<\/strong>.<\/p><\/li>

                      • You and the auditor must sign an NDA; we get a copy of the final report.<\/p>

                        \u00a0<\/p><\/li><\/ul>

                        9) Returning or deleting data when we\u2019re done<\/strong><\/h3>

                        • When the Agreement ends (and subject to any legal retention we must follow), we\u2019ll\u00a0return or delete<\/strong>\u00a0the Personal Data and confirm deletion if you ask us to.<\/p><\/li>

                        • We may keep\u00a0aggregated, de\u2011identified, or anonymized<\/strong>\u00a0data for our own research and improvements. We won\u2019t try to re\u2011identify it unless you give us written instructions to do so.<\/p>

                          \u00a0<\/p><\/li><\/ul>

                          10) What law applies<\/strong><\/h3>

                          • These Terms follow the governing law and courts named in our main Agreement, unless a privacy law requires something different.<\/p><\/li>

                          • For SCCs specifically, the governing law\/courts are\u00a0Latvia<\/strong>, unless we expressly agree otherwise.<\/p>

                            \u00a0<\/p><\/li><\/ul>

                            11) Changes to these Terms<\/strong><\/h3>

                            • We can update these Terms. If the change is\u00a0material<\/strong>, we\u2019ll notify you.<\/p>

                              \u00a0<\/p><\/li><\/ul>

                              How we protect data (our security measures \u2014 plain English)<\/strong><\/h3>

                              We use a layered, industry\u2011standard security program. Highlights:<\/p>

                              Encryption & pseudonymization<\/strong><\/p>

                              • Data is encrypted\u00a0in transit<\/strong>\u00a0(e.g., TLS 1.2+) and\u00a0at rest<\/strong>\u00a0(e.g., strong algorithms like AES\/RSA).<\/p><\/li>

                              • Where possible, we\u00a0pseudonymize<\/strong>\u00a0data within\u00a0180 days<\/strong>\u00a0(replace direct identifiers with codes).<\/p><\/li>

                              • After termination and written request, we delete\/return Personal Data, except where we must keep it by law (then we lock it down and don\u2019t use it for anything else).<\/p><\/li><\/ul>

                                \u00a0<\/p>

                                Backups & recovery<\/strong><\/p>

                                • We keep disaster recovery and incident response plans so we can restore access in a timely way after an issue.<\/p><\/li><\/ul>

                                  \u00a0<\/p>

                                  Regular security testing<\/strong><\/p>

                                  • At least\u00a0annually<\/strong>, we test systems that store or change Personal Data for vulnerabilities using recognized methods (e.g., OWASP).<\/p><\/li>

                                  • We log any issues and prioritize fixes by severity and impact. On request, we can share the most recent testing report (subject to confidentiality).<\/p><\/li><\/ul>

                                    \u00a0<\/p>

                                    Access control & authentication<\/strong><\/p>

                                    • Access is on a strict\u00a0\u201cneed\u2011to\u2011know\u201d<\/strong>\u00a0basis and activities are monitored.<\/p><\/li>

                                    • Strong log\u2011ins that follow\u00a0NIST 800\u201163B<\/strong>\u00a0guidance plus\u00a0MFA<\/strong>.<\/p><\/li>

                                    • Remote access requires a secure\u00a0VPN (IPsec)<\/strong>.<\/p><\/li><\/ul>

                                      \u00a0<\/p>

                                      Physical security<\/strong><\/p>

                                      • We use cloud providers with strong certifications (e.g.,\u00a0ISO 27001<\/strong>) or secured data centers (locked server rooms, logged access, monitoring).<\/p><\/li><\/ul>

                                        \u00a0<\/p>

                                        Logging & monitoring<\/strong><\/p>

                                        • Security\u2011relevant actions on Personal Data are\u00a0logged<\/strong>\u00a0and regularly reviewed. Logs are protected against tampering.<\/p><\/li><\/ul>

                                          \u00a0<\/p>

                                          Hardened systems & change control<\/strong><\/p>

                                          • We disable unnecessary services and control configuration changes with approvals and detailed logs.<\/p><\/li><\/ul>

                                            \u00a0<\/p>

                                            Policies & governance<\/strong><\/p>

                                            • We maintain and review (at least annually or after incidents) core policies: IT Security, Acceptable Use, Data Classification, Disaster Recovery, Incident Response, User & Remote Access, Third\u2011Party Security, Risk Assessments, etc.<\/p><\/li>

                                            • We practice\u00a0data minimization<\/strong>: only collect what\u2019s adequate, relevant, and necessary.<\/p><\/li>

                                            • We keep records of processing, appoint a\u00a0Data Protection Officer<\/strong>\u00a0where required, run impact assessments when needed, report breaches as required, and have written contracts with our sub\u2011processors.<\/p><\/li><\/ul>

                                              \u00a0<\/p>

                                              Portability & erasure<\/strong><\/p>

                                              • We store data in structured, machine\u2011readable formats so it can be\u00a0ported<\/strong>\u00a0if a valid request is approved.<\/p><\/li>

                                              • When transferring such data out, we encrypt it (e.g., AES\/RSA) and use secure channels (e.g.,\u00a0VPN\/IPsec<\/strong>).<\/p><\/li><\/ul>

                                                \u00a0<\/p>

                                                Sub\u2011processors<\/strong><\/p>

                                                • Our sub\u2011processors must meet the\u00a0same standards<\/strong>\u00a0we follow.<\/p>

                                                  \u00a0<\/p><\/li><\/ul>

                                                  Where to find our sub\u2011processor list<\/strong><\/h3>

                                                  • Contact us using the\u00a0registered account email<\/strong>\u00a0we have for you. (If you don\u2019t have an account yet, you can complete our form to request the list.)<\/p>

                                                    \u00a0<\/p><\/li><\/ul>

                                                    Super\u2011short TL;DR (for students)<\/strong><\/h3>

                                                    • You (Merchant) are in charge<\/strong>\u00a0of your customers\u2019 data;\u00a0we (Print Nova) only use it to run your orders<\/strong>.<\/p><\/li>

                                                    • We don\u2019t sell it or use it for targeted ads.<\/strong><\/p><\/li>

                                                    • We keep it\u00a0secure<\/strong>\u00a0(encryption, access controls, audits, etc.),\u00a0test<\/strong>\u00a0our systems, and\u00a0help<\/strong>\u00a0with privacy requests and breach notices.<\/p><\/li>

                                                    • We use trusted partners (sub\u2011processors), tell you who they are, and use legal tools (like\u00a0SCCs<\/strong>) when data crosses borders.<\/p><\/li>

                                                    • When you leave, we\u00a0return or delete<\/strong>\u00a0the data (unless we must keep some by law).<\/p><\/li>

                                                    • If anything here clashes with the official legal document,\u00a0the official one wins<\/strong>.<\/p><\/li><\/ul>"},"borderRadius":{"id":117665752,"value":"#{text.border.radius}"},"textColor":{"id":117665753,"value":"#{text.color}"},"backgroundColour":{"id":117665754,"value":"#0000"},"truncateHeight":{"id":117665755,"value":null},"padding":{"id":117665757,"value":"6"},"fullWidth":{"id":117665758,"value":"0"},"fullBackgroundColor":{"id":117665759,"value":"#{text.fullBackground.color}"},"published":{"id":117665760,"value":"1"},"conditions":{"id":117665761,"value":"[]"},"template":{"id":117898173,"value":"text"}}},{"id":4736295,"type":"html","published":1,"size":{"x":12,"y":0},"order":0,"items":[],"properties":{"html":{"id":117764401,"value":"

                                                      Print Nova \u2014 Data Processing Terms (Plain\u2011English Version)<\/H1><\/div>"},"padding":{"id":117764403,"value":"6"},"fullWidth":{"id":117764404,"value":"1"},"fullBackgroundColor":{"id":117764405,"value":"#fff0"},"published":{"id":117764406,"value":"1"},"conditions":{"id":117764407,"value":"[]"},"template":{"id":117765133,"value":"html"}}}],"properties":{"title":{"id":117665736,"value":"Data Processing Terms"},"isStorePage":{"id":117665737,"value":"1"},"description":{"id":117665738,"value":"How we handle your data."},"ogImage":{"id":117665739,"value":"https:\/\/images.podos.io\/fcxo8othtyydfm4bbdm3taayia8emtiiph2pgh0vfn383xcc.png.png?w=1200&h=auto"},"isSearchable":{"id":117898171,"value":"0"},"loginState":{"id":117898172,"value":"everyone"}},"labels":[],"published":1,"sitemap":1,"divisionId":407704,"edited":true,"keyPhraseCampaignId":null}