Privacy Policy

Last updated: 31 May 2025

1. Introduction

PrintPigeon ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our printing and mailing services.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Name and contact information
• Billing and shipping addresses
• Payment information
• Email address
• Phone number
• Document contents and metadata

2.2 Usage Information

We automatically collect certain information when you use our services:

• IP address
• Browser type
• Device information
• Operating system
• Usage patterns
• Service interaction data

3. How We Use Your Information

We use the collected information for:

• Processing and fulfilling your orders
• Managing your service requests
• Providing customer support
• Sending service updates and notifications
• Communicating about your orders and our services
• Improving our services
• Detecting and preventing fraud
• Complying with legal obligations

4. Information Sharing

We share your information with:

• Shipping partners to deliver your mail
• Payment processors for transactions
• Service providers who assist our operations
• Email marketing service providers (Loops.so) for order notifications and promotional communications
• Legal authorities when required by law

Customer Communications: We may include your email address in customer communications. While we implement procedures to protect your privacy in these communications, we cannot guarantee absolute protection against human error in our communication processes.

5. Data Retention

Order Data: We automatically delete all order details, personal information, and document contents within 7 days after your order has been fulfilled. This includes names, addresses, payment information, and any uploaded documents.

Email Communications: Email addresses used for order notifications and customer communications may be retained for a reasonable period to fulfill our service obligations and legal requirements.

Legal Compliance: Some information may be retained longer where required by law or for legitimate business purposes such as fraud prevention.

6. Data Security

We implement appropriate security measures including:

• SSL/TLS encryption
• Secure data storage
• Access controls
• Regular security audits
• Staff training on data protection
• Documented procedures for data handling

Limitations: While we implement robust security measures and procedures, no system is completely secure. Despite our best efforts, human error or technical failures may occasionally occur.

7. Data Incident Response

7.1 Incident Management

In the event of a data security incident affecting your personal information:

• We will investigate and assess the incident promptly
• We will take immediate steps to contain and remedy the situation
• We will implement additional safeguards to prevent recurrence

7.2 Notification Procedures

Regulatory Reporting: We will report qualifying data incidents to the Information Commissioner's Office (ICO) within 72 hours as required by GDPR.

Customer Notification: We will notify affected customers of any data incident that poses a risk to their rights and freedoms. Notifications will include:

• Description of what happened
• What information was involved
• Steps we have taken to address the incident
• Measures to prevent future incidents
• Contact information for questions

7.3 Transparency Commitment

We are committed to transparency about data incidents and will provide clear, honest communication about any issues affecting your personal information.

8. Communication Practices

Service Communications: We send emails related to order processing, delivery notifications, and customer service. These communications are necessary for service delivery.

Marketing Communications: When you provide your email address during the order process, we may add it to our marketing email list managed through Loops.so to send you promotional offers, service updates, and other marketing communications. You can unsubscribe from these communications at any time using the unsubscribe link in any marketing email.

Bulk Communications: When sending communications to multiple customers, we implement procedures to protect individual privacy. However, due to the possibility of human error, we cannot guarantee that email addresses will never be inadvertently visible to other recipients.

Communication Security: We regularly review and improve our communication procedures to minimize privacy risks.

9. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request data deletion
• Object to data processing
• Data portability
• Withdraw consent
• Lodge a complaint with the ICO

Exercising Your Rights: To exercise these rights, please contact us using the information below. Please note that due to our 7-day data deletion policy, some requests may not be possible if your order data has already been automatically deleted.

10. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: Processing necessary to fulfill our printing and mailing services
• Legitimate Interests: Improving our services, fraud prevention, and business operations
• Legal Compliance: Meeting our obligations under applicable laws
• Consent: Where you have provided specific consent for certain processing activities

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date
• Sending email notification for significant changes (where we have your email address)

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to report a concern, please contact us at:

Data Protection Officer: For specific data protection inquiries, you may contact our designated data protection contact at the above email address.

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.