These Data Processing Terms (“Terms”) form part of the Terms of Service (“Agreement”) or other agreement between AvaPrints and Merchants regarding AvaPrints services. These Terms are binding between AvaPrints and Merchants and constitute a data processing agreement. If you do not agree to these Terms, do not use the Site and the Service.

1. Definitions

1.1. The capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Agreement.

1.2. “Agreement” means an agreement entered into by AvaPrints and the Merchant regarding the use of AvaPrints Service.

1.3. “Data” means the personal data of the recipients of the Merchant’s products, including the Merchant’s customers, as well as personal data of the Merchant’s representatives, which via the use of AvaPrints Site and Service is provided to AvaPrints by the Merchant.

1.4. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. “Merchant” means any person, be it legal entity or natural person, which uses AvaPrints Service to execute orders or deliver its products to recipients, including the Merchant’s customers.

1.6. “Parties” means AvaPrints and the Merchant.

1.7. “AvaPrints” means AvaPrints

1.8. “Service” means print-on-demand services offered by AvaPrints to Merchants that want to outsource the printing and delivering of their products to their customers, as well as other services offered by AvaPrints to Merchants, including branding, warehousing and fulfilment, design, and merchandising services.

1.9. “Site” means www.avaprints.com.

1.10. The terms “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Supervisory Authority” used in these Terms have the meanings given in the GDPR.

2. Subject of the Terms

2.1. These Terms govern the agreement between AvaPrints and the Merchant in respect of processing of Data transferred to AvaPrints by the Merchant.

2.2. The Merchant acquires Data and via the use of AvaPrints Site and Service provides Data to AvaPrints. The Merchant is a Controller of this Data and AvaPrints as the Processor only processes this Data on behalf of the Merchant.

2.3. The Merchant hereby instructs AvaPrints to process the Data as prescribed by these Terms, including the transfer of such Data to any country as may be reasonably necessary for the provision of the Service or otherwise for the compliance with the Agreement or applicable law.

3. Details of Processing

3.1. Categories of Data Subjects. AvaPrints, on behalf of the Merchant, processes the Personal Data of the Merchant’s customers and the Merchant’s representatives that are registered under the Merchant’s AvaPrints account.

3.2. Type of Personal Data. AvaPrints processes the following information received from Merchants that might contain Personal Data: name, email address, phone number, shipping information, Content shared with AvaPrints, and other information about the Merchant’s customers and representatives shared with AvaPrints.

3.3. Nature and purpose of processing. AvaPrints processes Data in accordance with these Terms in order to provide the Merchant the Service and otherwise ensure fulfilment of the obligations set out in the Agreement between the Merchant and AvaPrints if such fulfilment involves the processing of Personal Data. AvaPrints only has access to the information that has been provided by the Merchant and uses such information in accordance with the Merchant’s instructions.

3.4. Duration of processing. Data will be processed for the duration of the Agreement.

4. Rights and obligations of AvaPrints and the Merchant

4.1. Both Parties shall ensure that Data processing under these Terms is carried out in accordance with all applicable laws and regulations in respect of data protection, including the GDPR, and Parties shall comply with their respective obligations as a Controller or Processor laid down by the GDPR.

4.2. The Merchant is responsible for the legality of processing the Data. The Merchant confirms that the Data transferred to AvaPrints has been obtained by the Merchant on lawful basis as prescribed by the GDPR and other applicable laws and regulations in respect of data protection, and that the Merchant is entitled to provide the Data to AvaPrints and other recipients.

4.3. The Merchant shall not submit to AvaPrints any Personal Data that is not necessary for the use of the Service, and any Personal Data if the Merchant has no lawful basis and/or no valid purpose for processing such Personal Data.

4.4. The Merchant confirms that these Terms contain sufficient instructions to AvaPrints regarding the processing of Data, as well as the scope and purposes thereof.

4.5. If reasonably necessary, the Merchant may provide AvaPrints with additional instructions regarding the processing of Data other than those prescribed by these Terms. Such additional instructions must be reasonably enforceable, properly documented and in compliance with applicable laws and regulations regarding data protection, and must also be accepted by AvaPrints.

4.6. AvaPrints shall not be liable for any claims or complaints from Data Subjects regarding any action taken by AvaPrints as a result of acting in accordance with instructions received from the Merchant.

4.7. The Merchant shall be responsible for the accuracy of Data and keeping it up to date and shall inform AvaPrints in case of any changes in the provided Data.

4.8. AvaPrints shall process the Data on behalf of the Merchant and shall always follow the Merchant’s instructions prescribed by these Terms, the Agreement or otherwise provided to AvaPrints in accordance with these Terms.

4.9. AvaPrints confirms that the processing is performed in compliance with the requirements prescribed by the GDPR and other applicable laws and regulations in respect of data protection, AvaPrints has implemented appropriate technical and organizational measures and while processing the Data ensures the protection of the Data Subjects’ rights.

5. Sub-Processors

5.1. For AvaPrints to be able to meet its obligations prescribed by the Agreement and to administer and provide the Service, the Merchant hereby authorizes AvaPrints to engage sub-processors and transfer the Data to such sub-processors.

5.2. When processing the Data on behalf of the Merchant, AvaPrints uses sub-processors that provide us with different services such as hosting and server co-location services, postal and courier delivery services, and our financial and legal advisors, among others.

5.3. AvaPrints hereby confirms that it uses only such sub-processors that are able to guarantee that they have implemented appropriate technical and organizational measures in accordance with the GDPR and other applicable laws and regulations regarding data protection.

5.4. AvaPrints hereby confirms that our sub-processors are contractually or otherwise in a binding form required to comply with the same data processing obligations as prescribed by these Terms.

5.5. AvaPrints may transfer the Data to sub-processors that are located outside the European Economic Area (“EEA“). AvaPrints confirms that the Data are transferred only to such sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring an adequate level of protection, or otherwise is able to provide appropriate safeguards and always provided that enforceable rights and effective legal remedies are available for Data Subjects.

6. Assistance to the Merchant

6.1. Considering the nature of the processing, AvaPrints will assist the Merchant with the provision of technical or organizational measures, insofar as possible, for the fulfilment of the Merchant’s obligations as the Controller in relation to:

1. Any requests from the Data Subjects in respect of access to, or the rectification, erasure, restriction, portability, blocking or deletion of their Personal Data that AvaPrints processes on behalf of the Merchant. In the event that a Data Subject sends such a request directly to AvaPrints, AvaPrints will promptly forward such request to the Merchant; and
2. The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such Personal Data breaches; and
3. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.
4. Personal Data Security

7.1. By taking into account the state of the art, costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, AvaPrints shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the respective risk.

7.2. AvaPrints monitors and ensures that all of AvaPrints authorized personnel involved in the Processing of Data provided to us have committed themselves to confidentiality obligations.

7.3. AvaPrints confirms that rights of access to its authorized personnel are always provided only to the minimum extent necessary for fulfilment of the obligations arising from the Agreement.

8. Audit

8.1. Upon the Merchant’s written request, AvaPrints shall provide sufficient information to demonstrate compliance with obligations laid down in these Terms and applicable laws and regulations. This information shall be provided to the extent that such information is within AvaPrints control and AvaPrints is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

8.2. If information provided upon the Merchant’s request in the Merchant’s reasonable judgement is not sufficient to confirm AvaPrints compliance with these Terms, then AvaPrints agrees to allow for and contribute to data processing audits.

8.3. Such audits are allowed to be carried out by an independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Merchant and AvaPrints.

8.4. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided only at the expense of the Merchant, and we reserve the right to charge the Merchant for any additional work or other costs incurred by us in connection with the Merchant using such rights. The Merchant has rights to request the audit once every 2 years.

8.5. The auditor will have to sign a confidentiality agreement, which includes an obligation not to disclose business information in its audit report, and the final report will also have to be provided to AvaPrints.

9. Return and deletion of Data

9.1. Unless otherwise required by applicable law, AvaPrints has no obligation to store the Merchant’s Data after termination of the contractual relationship with AvaPrints and deletion of the Merchant’s account.

9.2. At the choice of the Merchant, AvaPrints will delete or return all the Data to the Merchant after the end of the contractual relationship relating to the processing of Data, and shall delete existing copies, unless an applicable law requires the Merchant to store such Data.

10. Governing Law

These Terms are governed by the laws of the India and are subject to the dispute resolution procedure as prescribed by the Agreement.

11. Modifications

AvaPrints reserves the right, at its discretion, to modify these Terms at any time. The Merchant shall be responsible for reviewing and becoming familiar with any such modifications. Use of the Service by the Merchant following such notification constitutes the Merchant’s acceptance of the changes in these Terms.