GLOBAL PRIVACY POLICY

Effective Date: February 6, 2024

Contents

  1. Who We Are
  2. Introduction
  3. Defined Terms
  4. How We Collect Data
  5. Types of Data We Collect
  6. Why We Use and Process Data
  7. Who We Share Data with and Why
  8. Your Choices About Our Use of Data
  9. How Long We Use and Store PII
  10. How We Protect Data
  11. Opt-Out Preferences
  12. Persons Outside the United States, EU, EEA, UK and Switzerland
  13. Contact Us
  14. Updates to this Privacy Policy
  15. Addendum for Persons Residing in California
  16. Addendum for Persons Located in the European Union, EEA, UK and Switzerland

1. Who We Are

We are located at 23801 Calabasas Road, Calabasas, CA 91302, USA. Along with our affiliates (collectively, “Company Group”, or “we/our/us”), we own and operate a number of websites (the “Websites” or “Sites”) and mobile applications (the “Apps”).

This global Privacy Policy (“Privacy Policy”) applies to each Website and App that it appears on.

2. Introduction

This Privacy Policy explains how we collect, use, process, share and store Data when you use our Services (both terms as defined below), explains rights that you may have under specific data privacy and protection laws, and provides instructions on how to exercise any rights that apply to you (collectively, “Data Laws”).

The rights discussed in the CCPA Notice are for residents of California. The rights discussed in the GDPR Notice are for persons located in the EU, EEA, UK or Switzerland. Depending on where you live or are located, these rights may not apply to you. Both the CCPA Notice and the GDPR Notice are provided as Addenda at the end of this Privacy Policy.

Our Websites, Apps and Services may include links to third-party websites, plug-ins, services, social networks or mobile applications. Clicking on those links, or enabling those connections, may allow the third-party to collect or share Data about you. We do not control these third parties, and you should read each of their privacy notices before you submit any information to them.

Paypal Notices
PayPal is an independent Controller for the purpose of Processing Customer Data. You can access Paypal’s Privacy Statement at: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

You should carefully read this document to understand our policies and practices for processing and storing Data. By interacting with our Services, you accept the policies and practices described in this Privacy Policy. This Privacy Policy may change from time to time (see Updates to This Privacy Policy), and your continued use of our Services after any change means you accept those changes. Please check the Privacy Policy frequently for any updates.

3. Defined Terms

In addition to the terms already defined above, we provide these definitions:

CCPA” means the California Consumer Privacy Act of 2018, as it may be amended from time to time.

Data” is information about you that we collect, or that you provide to us, and may include PII.

Device” means the computer, smart phone or other electronic device that you use to access the Services.

Device Information” means information about a Device, including the IP address used to access the Services, associated cookies or cookie identifiers, and other information related to the formatting or presentation of the Services for your Device and includes information about the Device often stored in picture files, including Device type and the location you were in when you took the picture.

EEA” means countries in the EU plus Iceland, Lichtenstein, and Norway.

EU” means the countries which are currently members of the European Union.

GDPR” means the General Data Protection Regulation of the European Union, and the equivalent Data laws of the EEA, United Kingdom and Switzerland.

Identifiable Natural Person” is one who can be identified, directly or indirectly, by a single piece of data such as a name, an ID number, IP address, location data, an online identifier or by other data that, when combined, makes it possible to determine the identity of that natural person.

Personal Data” means any information about an identified or Identifiable Natural Person who has rights under the GDPR (“Data Subject”).

Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer, household or Device.

PII” means personally identifiable information, which is information that can be used to identify a specific individual, including Data that may be classified as Personal Information subject to the CCPA Notice or Personal Data subject to the GDPR Notice.

Services” means the Sites, Apps, and other services available from us.

4. How We Collect Data

We use different methods to collect Data, including:

Direct Interactions. These direct interactions include the contents of your communications with us, whether via e-mail, chat functionality, social media, telephone or otherwise, and inferences we may make from other personal information we collect. Where permitted by applicable law, we may collect and maintain records of calls and chats with our agents, representatives, or employees via message, chat, post, or similar functionality. Our chatbox vendors may also retain records of your chats with us.

Additionally, data from direct interactions may be collected through third parties that have their own privacy policies and procedures regarding the collection and processing of your data. When using the ChatGPT functionality on the Sites, you consent to our collection of and the transfer and processing of the data you provide in the chat, to ChatGPT.

These interactions also include data you provide when you create an account, subscribe to our Services, search for a product, place an order, upload a photo or other content, create a seller profile on our Services that offer seller capabilities, participate in discussion boards or other social media functions on our Services, enter a competition, promotion or survey, and when you report a problem with our Services. If you choose to make any seller profile that you create public, people may see your name, the country you designate in your profile, and your “About” details. You can adjust the privacy settings for your seller profile at any time.

Automated Technologies or Interactions. As you interact with our Services, we may automatically collect Data about your Device and your browsing actions and patterns, even if you do not create an account or place an order with us. We collect this Data by using cookies, server logs, and other similar technologies. You can block cookies in your browser by activating the settings that allow you to refuse all or some cookies. IMPORTANT NOTE: if you use your browser settings to block all cookies (including essential cookies), the Services may not function properly or may not work at all.

Cross-Device Tracking: Some of our Services use data analytics companies, advertising networks, and/or social media companies to engage in “cross-Device tracking,” which occurs when platforms, publishers, and advertising technology companies try to connect a consumer’s activity across smartphones, tablets, desktop computers, and other connected devices. Cross-Device tracking enables us to link your behavior with our Services across Devices.

Third parties or Publicly Available Sources. We receive Data from third parties such as business partners and sub-contractors who provide us with a variety of business services like shipping and payment processing, advertising, analytics, search information, etc.

User Contributions. You may also provide us with Data to post on the Services or to transmit to third parties (collectively, "User Contributions"). User Contributions are submitted at your own risk. We limit access to certain pages, and you can also adjust privacy settings for User Contributions by logging into your account profile. However, we cannot and do not guarantee that unauthorized persons will not be able to view your User Contributions.

5. Types of Data We Collect

PII We Collect

We collect PII including your name, billing address, delivery address, e-mail address, telephone number, IP address, credit/debit card numbers and other financial information needed to complete your transactions with us, photos and other content you upload, any profile image you provide, user IDs and/or passwords used to access the Services, your Services browsing history, and any phone number used to call our customer service number. Depending on the Services you use and the products you choose to customize, you may also provide us with video and voice recordings, age, date of birth, gender and other similar information. If you sell products through our Services, in addition to the information above we collect information necessary to pay you and comply with tax reporting laws, such as your PayPal account, and social security or Tax ID number, and your birthdate for verification of your identity. Each piece of information you give us may be used independently or in conjunction with other information you provide to us.

Device Information

We collect information relating to the Device(s) you use to access the Services, including the Device model, operating system, browser type, IP address, and event information from use of the Services.

Mobile App

Depending on your permissions, if you download and use our Apps, we may collect or access certain information from your mobile Device including:

  • Your contacts so you can select a chosen contact to ship your order to. Once you select a contact from your mobile Device, that contact’s information will be stored in our database and their postal address and phone will be used for delivery of your order and for sending you reminders of special occasions that you recorded in the Services; and
  • Your phone number, entered by you in response to our request and stored in your account data, as required for shipping in some countries and for retail pickup orders in countries where that option is provided.

Community Postings

You can post information on our blogs, forums, or other public posting areas. Any information you disclose is available to anyone with internet access. You do not have to use these features, but if you do, please use common sense and good judgment when posting in these community spaces or sharing your personal information with others through the Services.

Other Data We Collect

In addition to PII, we collect other Data from you when you use the Services, including:

  • Data that neither directly nor indirectly reveals your identity nor directly relates to you, such as statistics, or aggregated information. For example, we may aggregate Data to calculate the percentage of users accessing a specific Website, App, or feature of our Services;
  • Technical information, including browser type and version, or operating system and platform; and
  • Data about your interactions with our Services, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Services (including date and time), products you viewed or searched for or (in the case of some of our Services) “favorited”; Service response times, download errors, length of visits, interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away.

Special Category Data

Our business is customization! Depending on the Services you use and products you decide to create, you may select customization features reflecting skin tone, gender, gender identity, religious dress, disability status, sexual orientation, or other similar information, or revealing this or similar information through use of video and voice recording features. We strive to be inclusive in our product customization offerings and use this information to create that special product for your intended recipient.

Data About Children

We do not knowingly collect, use, process, share or store PII from children under the age of 18. The Services are not intended for use by children under the age of 18. If you believe that we have unknowingly collected PII from a child under the age of 18, contact us as soon possible at privacy@pallcprivacy.com. However, certain of the Services may collect information about children from an adult who creates a customized product about a child.

6. Why We Use and Process Data

Use and Processing of PII

We may use and process PII that is either collected by us or provided by you for the following purposes:

  • Providing the Services in the manner most effective for you and your Device;
  • Fulfilling your orders placed through the Services;
  • Making interest-based suggestions and recommendations about our products and Services;
  • Assessing the effectiveness of our advertising and tailoring our advertising so you receive only what is relevant to you;
  • Improving the Services and notifying you about changes;
  • Managing your customer relationship with us;
  • Enabling your participation in our Services' interactive, social media, or other similar features;
  • Integrating social media into your experience with our Services;
  • Carrying out your support requests;
  • Notifying you about unfinished transactions, unused credits, or order status;
  • Sending you information about discounts, special offers, and new products;
  • Managing the Services, including troubleshooting, data analysis, testing, research, statistical analysis, security, quality control, and fraud prevention;
  • Verifying your identity;
  • Reminding you of special occasions;
  • Performing billing, administration, and collections functions;
  • Protecting the Services and our employees and operations;
  • For a Reorganisation Use;
  • Marketing to you directly through the social media platforms that you use and through other websites;
  • Sharing information with law enforcement agencies in response to formal or informal inquiries and with other third parties when required by law and pursuant to our internal policies;
  • Carrying out activities related to any of the above, or any other purpose for which the Data was collected, including dispute resolution and protection of our legal rights or the rights of third parties.

Use and Processing of Other Data

We may use Data that is not PII for any business purpose.

You can manage your preferences about how your Data is used by following the instructions in each form or communication you receive from us. For more information, see Your Choices About Our Use of Data.

7. Who We Share Data with and Why

Sharing of PII

We may share Data within our Company Group to comply with internal, contractual and legal obligations, and for marketing activities.

We may also share Data with third parties as follows:

  • Business partners, suppliers, service providers, subcontractors and other third parties to enable them to provide services such as fulfillment, IT, logistics, delivery, communication, cybersecurity, fraud protection, and legal/audit. These parties are required to maintain the confidentiality of Data and are restricted from using it for any purposes other than those requested by us;
  • Social media platforms;
  • Advertisers and ad networks;
  • Public, governmental, or regulatory authorities and institutions; and
  • Potential buyers, investment banks or financial institutions in connection with any contemplated or actual corporate reorganizations or business transactions such as evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Data held by us about our users is among the assets transferred (each, a “Reorganization Use”).
  • Courts, law enforcement authorities, regulators, attorneys or other third parties in connection with the establishment, exercise, or defense of legal claims.

Sharing of Other Data

We may share other Data without restriction.

Pursuant to our contractual relationship with Google, we do not share data received from Google for reasons other than providing or improving functionality. See the Google terms here for additional information.

8. Your Choices About Our Use of Data

Transactional Emails: We occasionally send transactional emails notifying you about your orders, account information, changes to the Services, updates to our online documents, and other matters. You may not opt out of transactional emails.

Promotional Offers: You can stop receiving promotional offers by following opt-out links in each promotional message, or contacting us at privacy@pallcprivacy.com and requesting your removal from our promotional offers list.

Push Notifications on Mobile App: Depending on your Device, push notifications may be turned on by default. You can opt out of push notifications at any time by adjusting your Device settings.

Tracking Technologies and Advertising: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you refuse all cookies, you will be unable to use the Services. If you disable or refuse some cookies, parts of our Services will be inaccessible or not function properly. For more information about tracking technologies, please see Automated Technologies or Interactions above.

Updating PII. If you wish to update your account information, you may log into your account and make changes, or contact us via the Contact Us link in the App or Website you are using, and we will update or correct any account information at your request. For EU Data Subjects, please use the form located at the Manage Personal Information link at the bottom of each webpage to request correction of your PII.

9. How Long We Use and Store PII

We store PII from the time of collection as follows, unless contractual or legal obligations require us to store it for a different period:

If you neither create an account nor buy anything (even as a guest) we will delete PII about you at the earlier of your revocation of consent or in accordance with our Cookie Notice.

If you either create an account, or buy as a guest, we will delete PII about you at the first of the following:

  1. You ask us to;
  2. You have not created an account on any of our Services for a period of nine (9) years, or made a sale from any seller account;
  3. You haven’t purchased anything for nine (9) years; or
  4. With regard to a Social Security Number or Tax ID Number, you have not made a sale from any account using that number for a period of seven (7) years.

Pursuant to our contractual relationship with Meta, we store Platform Data received from Meta for no longer than five (5) years. See the Meta terms here for additional information.

10. How We Protect Data

The Services have physical, electronic, and administrative security measures in place designed to protect against the loss, misuse, and unauthorized access, use, alteration, or disclosure of Data under our control. When you submit credit card information through the Services, we create a nonce so your credit card information is never stored by us. While no transmission over the internet can be guaranteed as 100% secure, and we strive to protect PII during transmission, we cannot ensure or warrant the security of any Data that you transmit to or receive from us. We urge you to take steps to keep Data safe (including your account password), log out of your account after use, and close your web browser.

11. Opt-Out Preferences

California and Virginia residents may opt out of the sale and/or sharing of their information by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

We can only link your request to opt-out of sale/sharing to your browser or device identifier, and not to any information about any account you may have with us. The connection between your browser or device and any account you have with us is not known to us. Accordingly, now that we have implemented GPC recognition, any prior choices you have made regarding sale/sharing of your personal information are no longer valid. If you wish to opt out of the sale/sharing of your information, you will need to do so by rebroadcasting the GPC signal to us now and again in the future to the extent you visit our website with a different device or clear the cookies cache from your current device.

12. Persons Outside the United States, EU, EEA, UK and Switzerland

You confirm that your command and knowledge of the language in which this Privacy Policy is written is sufficient to understand the terms and conditions in this Privacy Policy. If you live in the European Union, EEA, UK or Switzerland, or are located outside the United States: (i) you acknowledge that by using the Services, personal data about you may be transferred to our servers or third-party servers located in the United States in connection with the purposes stated in this Privacy Policy and expressly consent to such transfers, and (ii) you understand that the laws with respect to the protection of Data in the United States may not be as stringent as those in your home jurisdiction. If you live in or are in the European Union, EEA, UK or Switzerland, the Addendum for Persons Located in the European Union, UK, EEA and Switzerland EU below describes additional rights you might have.

13. Contact Us

If you have any concern about the privacy practices of the Services, please contact us at the following address with a detailed description of your concern, and we will try to resolve it:

Privacy Program
Attn: Legal Department
23801 Calabasas Road
Calabasas, CA 91302
USA

If you are in Europe,

We have appointed ITG EU & GRCI Law to act as our EU and UK Representatives, respectively. If you wish to exercise your rights under EU GDPR or the UK GDPR or have any queries in relation to your rights or privacy matters generally please email from Europe privacyeu@pallcprivacy.com, or from UK, privacyuk@pallcprivacy.com.

14. Updates to This Privacy Policy

Please check this Privacy Policy periodically to inform yourself of any changes. We reserve the right to modify this Privacy Policy at any time, so you should review it frequently. If we make material changes to this Privacy Policy, we will post notice of the changes on the Services homepage and/or as required by law notify you by email using the current email address for your account.

15. Addendum for Persons Residing in California

Effective Date: April 15, 2023

This Addendum for Persons Residing in California (this “CCPA Notice”) supplements the Privacy Policy and applies only to residents of the State of California. This CCPA Notice is provided in compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA), and any terms defined in the CCPA have the same meaning when used in this CCPA Addendum.

How We Collect Personal Information

We collect “Personal Information” as defined in the CCPA. We collect Personal Information from the following categories of sources:

  • Directly from you. For example, from your creation of an account, forms you complete or products you purchase and Services you use, and when you participate in a contest or survey.
  • Indirectly from you. For example, from your interactions on the Websites or in the Apps.
  • From other companies in our Company Group.
  • From our business partners and service providers.

How We Share Personal Information

We disclose Personal Information to our Service Providers, Contractors and third-parties for business purposes pursuant to written agreements or contracts

Summary of Categories of Personal Information Collected, Sources, and Categories of Third Parties Shared With

The table below summarizes the Personal Information collected, used and shared by us or our Service Providers and Third Parties within the last twelve (12) months.

Category of Personal Information Collected Collected Categories of Sources from Which Personal Information is Collected Purpose of Collection Categories of Third Parties We Share Personal Information With for a Business Purpose Category of Third Parties to whom Personal Information is Sold or Shared Retention Period
Identifiers, such as your name, address, phone number, Internet Protocol (IP) address, email address, social media handles, and account name.

If you choose to sell products and receive a royalty or commission, we also collect your social security number and/or tax identification number.
Yes You, if you choose to provide it to us.

You, when you use the Services.

We and our Service Providers collect this info automatically. Our Service Providers that collect your IP address automatically
To respond to your communications to us.

To provide the Services to you.
Our Service Providers, such as our Website host, payment processors, social networks, order fulfilment processors, and analytics providers. Advertisers and social networks 9 years from the date of your last interaction with us
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name, address, phone number, credit or debit card number.

Only if you are a seller on the CafePress Website, your Social Security Number so that we may report tax information as required by law.

Some personal information included in this category may overlap with other categories.
Yes You, if you choose to provide it to us. To fulfill your orders.

To comply with tax laws.
Our Service Providers such as delivery companies, payment processors, order fulfillment providers, printers, product distributors, and data analytics providers.

Advertisers and social networks 9 years from the date of your last interaction with us
Protected Classifications, such as age (40 years or older), gender, etc. Yes You, directly.

Derived from your orders.
To analyze the demographics of our customer base. Service Providers such as data analytics providers. We do not sell or share this category of Personal Information 9 years from the date of your last interaction with us
Commercial information, such as products or services purchased, obtained, or considered. Yes You, when you use the Services.

We and our service providers collect this info automatically.
To fulfill your orders and provide current and future Services to you. Service Providers who help us determine our product mix and analyze our customer’s shopping and purchase preferences.

Our Service Providers such as delivery companies, payment processors, order fulfillment providers, printers, product distributors, and data analytics providers.

Our affiliates and subsidiaries.
Advertisers and social networks 9 years from the date of your last interaction with us
Biometric information No N/A N/A N/A N/A N/A
Internet network and electronic device activity, such as browsing history, search history, and information regarding your interaction with an internet website, application, or advertisement Yes You, through your