Privacy Policy

This website is owned and operated by Print of the Day Ltd (“we”, “us”, “our”), trading as Print of the Day. For the purposes of the Data Protection Act 2018, the data controller is Print of the Day Ltd.

Print of the Day is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and look after your personal data when you visit our website (wherever you visit it from), including when you purchase a product, use our services, or sign up to our newsletter. It also outlines your rights and how the law protects you.

1. Important information

Our website is not intended for children, and we do not knowingly collect data relating to children.

This Privacy Policy supplements our other policies (including our Terms of Use) and does not override them.

Print of the Day is the controller responsible for your personal data.

For clarity, Part 5 of Schedule 1 includes a glossary of terms used throughout this Policy, as well as examples of the personal data we collect, how we use it, the lawful basis for doing so, and information about your rights.

We have appointed a Data Privacy Manager (DPM). If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact our DPM:

Email: [email protected]
Post: Data Privacy Manager, Print of the Day

You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would appreciate the chance to resolve your concerns first, so please contact us before approaching the ICO.

Your duty to keep us updated: It’s important that the personal data we hold about you is accurate. Please notify us of any changes.

Third-party links: Our website may include links to third-party websites, plug-ins, and applications. Clicking on these links may allow third parties to collect or share your data. We do not control these websites and are not responsible for their privacy policies. You should read their policies to understand how your data is handled.

2. The data we collect about you

We may collect, use, store, and transfer the types of personal data set out in Part 1 of Schedule 1.

We also collect, use, and share aggregated data. If aggregated data is combined with your personal data in a way that identifies you, we treat it as personal data.

We do not collect special categories of personal data.

Failure to provide data: If we are required by law or contract to collect your personal data and you fail to provide it, we may be unable to perform the contract. We will notify you if this becomes relevant.

3. How personal data is collected

We collect personal data in several ways:

  • Direct interactions: You may give us personal data when completing online forms, requesting products or services, subscribing to our services, creating an account, joining mailing lists, or corresponding with us via post, phone, or email.
  • Automated technologies: We automatically collect technical and usage data when you browse our website using cookies and similar technologies. We may also receive technical data if you visit other sites that use our cookies. Please see our Cookie Policy for more details.
  • Publicly available sources: We may collect data from sources such as Companies House, the Electoral Register, and credit reference agencies (based inside the EU).
  • Third parties:
    • Analytics providers (e.g., Google, based outside the EU)
    • Advertising networks (inside the EU)
    • Search information providers (inside the EU)
    • Service providers such as payment processors, delivery companies, and website support teams

4. How we use your personal data

We will only use your personal data where the law allows. Most commonly, we use your data to:

  • perform a contract with you
  • comply with legal obligations
  • pursue our legitimate interests (when your rights do not override them)

Part 2 of Schedule 1 sets out the lawful basis we rely on for each type of processing.

We generally rely on consent when sending email or SMS marketing. You can withdraw your consent at any time.

Marketing:
We may analyse your personal data to determine which products or services may interest you. You will only receive marketing if:

  • you requested information
  • you bought something from us
  • you consented during data collection
  • you have not opted out
  • or we have another legal basis to do so

We will seek your explicit opt-in before sharing your data with third parties for marketing. We do not sell lists, accept advertising, or generate third-party revenue from your information.

Opting out:
You can unsubscribe by clicking the link in any marketing email or by contacting our DPM. Even if you opt out of marketing, we may still process your data for other lawful purposes.

Change of purpose:
We will only use your data for the purpose it was collected unless we reasonably consider another purpose to be compatible. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis.

We may process your data without your knowledge or consent when required by law.

5. Disclosure of your personal data

We may share your personal data with third parties listed in Part 4 of Schedule 1.

We require all third parties to safeguard your data and process it only according to our instructions.

6. International transfers

Some third-party service providers are based outside the EEA. When we transfer data outside the EEA, we ensure adequate protection by:

  • transferring only to countries approved by the European Commission
  • using approved contractual clauses
  • transferring to US providers under the Privacy Shield framework (when applicable)

For more details on transfer mechanisms, contact our DPM.

7. Data security

We take the security of your personal information seriously. While no online system is 100% secure, we follow recognised industry standards to protect your data during transmission and once received.

We limit access to your data to employees, agents, and third parties with a business need to know. They process data only according to our instructions and must keep it confidential.

We have procedures to deal with suspected data breaches and will notify you and regulators when legally required.

8. Data retention

We keep your personal data only as long as necessary for the purposes outlined here, including legal, accounting, and reporting requirements.

We are required to keep basic customer information (contact, identity, financial, and transaction data) for six years after you stop being a customer for tax purposes.

We may anonymise your data for research or statistical purposes. Once anonymised, we may use it indefinitely.

9. Your legal rights

You have several rights under data protection law. These are detailed in Part 3 of Schedule 1.

You will not normally pay a fee to exercise your rights, unless a request is unfounded, repetitive, or excessive.

To protect your data, we may ask you to confirm your identity before responding. We aim to respond within one month, but complex requests may take longer. If so, we will keep you updated.

10. Changes to this Privacy Policy

Print of the Day Ltd may update this Privacy Policy when required by law or when necessary. We will post updates on our website. By continuing to use the website after changes are posted, you are deemed to accept the updated Policy.

Schedule 1

Part 1: Types of personal data

  • Contact data: billing address, delivery address, email address, telephone number
  • Financial data: bank and payment card details
  • Identity data: first name, last name, maiden name, occupation, username, title, date of birth, gender
  • Marketing and communications data: marketing preferences
  • Profile data: username and password, purchases, preferences, feedback, survey responses
  • Technical data: IP address, login data, browser type and version, time zone, location, plug-ins, operating system, platform, device information
  • Transaction data: payments, orders, and products/services purchased

Part 2: Lawful basis for processing and activities

(Your original table has been cleaned for clarity but kept legally intact.)

Examples:

  • Registering you as a customer → identity & contact → performance of contract
  • Delivering your order and handling payments → identity, contact, financial, transaction → performance of contract; legitimate interest in recovering debts
  • Managing our relationship with you → identity, contact, profile, marketing preferences → performance of contract; legal obligation; legitimate interests
  • Administering the website → identity, contact, technical → legitimate interests; legal obligations
  • Delivering relevant content and ads → identity, contact, profile, usage, marketing, technical → legitimate interests
  • Analytics → technical, usage → legitimate interests
  • Recommendations and offers → identity, contact, technical, usage, profile → legitimate interests

Part 3: Your legal rights

You may request:

  • Access: a copy of your personal data
  • Erasure: deletion of your data in certain circumstances
  • Object: stop processing when relying on legitimate interests or for direct marketing
  • Restriction: pause processing in certain situations
  • Transfer: receive your data in a machine-readable format or ask us to transfer it
  • Withdraw consent: stop processing based on consent

We may not always be able to comply due to legal reasons, which we will explain if relevant.

Part 4: Third parties

  • Service providers (EEA and worldwide) handling payments, delivery, marketing, SEO, IT, and credit checks
  • Professional advisers (lawyers, accountants, insurers)
  • HMRC, regulators, and authorities
  • Business buyers in the event of a sale, transfer, or merger
  • Trustpilot (temporary use of name, email, and order number solely to invite reviews)

Part 5: Glossary

ICO: Information Commissioner’s Office (UK regulator)

Aggregated data: statistical or demographic data that cannot identify a person on its own

Controller: entity deciding how personal data is processed

Data subject: the individual to whom the data relates

Personal data: information identifying you directly or indirectly

Processor: entity processing data on behalf of the controller

Special categories of personal data: sensitive personal information (we do not collect this)