Data controller
The controller of personal data collected on this site is:
print-it (hereinafter, “print-it”)
VAT no.: DE285785533
Heinrich-Heine-Str. 1 · 34385 Bad Karlshafen
Contact email: info@print-it.biz
Phone: +49 5672 925025
Data we process and why
When you visit the site
Your browser automatically sends technical information to the server, which is stored in log files: IP address, date and time of access, requested page, browser and operating system. This information is used to ensure the operation, security and stability of the site.
When you buy in the shop
To process your order we handle: full name, billing and shipping address, email, phone, order data and payment data. The purpose is to perform the sale contract, issue the invoice, ship the product and handle subsequent enquiries.
When you contact us
If you write to us by email, phone, WhatsApp or the contact form, we keep your data to process the enquiry and any subsequent communications.
If you subscribe to the newsletter
We use your email exclusively to send you information about our products. The subscription is double opt-in. You can unsubscribe from any email received or by writing to us.
When you use the configurator
If you upload your own image to design a panel, we process the image, its dimensions, your IP address and the declarations you make (ownership of intellectual-property rights over the image and being of legal age). We use the image solely to manufacture your panel and we do not reuse it for any other purpose.
Legal basis for processing
- Art. 6.1.a GDPR — your consent (newsletter, non-essential cookies).
- Art. 6.1.b GDPR — performance of the contract and pre-contractual measures (purchases, configurator).
- Art. 6.1.c GDPR — compliance with a legal obligation (invoicing, tax retention).
- Art. 6.1.f GDPR — legitimate interest (site security, fraud prevention).
How long we keep your data
- Customer / order data: for the duration of the business relationship and, afterwards, the applicable legal periods (up to 10 years under the anti-money-laundering law; up to 6 years under the Spanish Commercial Code; up to 4 years under the General Tax Law).
- Customer account data: as long as you don’t close your account. You can request deletion at any time.
- Contact / enquiry data: up to 2 years from the last interaction, unless you request deletion earlier.
- Newsletter data: until you unsubscribe.
- Consent records: for the duration of the processing they refer to, plus the limitation periods of any possible actions.
- Technical logs: up to 30 days.
Recipients of your data
Your data is not shared with third parties except the providers strictly necessary to deliver the service, all of them bound by a data-processing agreement under Art. 28 GDPR:
- print-it (Alemania): the print-it group’s production unit. It receives the data needed (name, email, design file, cutting instructions) to manufacture your panel. The exchange takes place within the European Economic Area.
- Hosting: the provider that hosts the website (within the EEA).
- Payment gateway: WooPayments / Stripe Payments Europe Ltd. (Ireland), whose parent Stripe Inc. (United States) adheres to the EU-US Data Privacy Framework.
- Transactional and marketing email: SMTP provider and newsletter platform (where applicable).
- Logistics providers: the carrier contracted to deliver the panel.
- Tax and accounting advisors to issue invoices.
- Advertising and analytics platforms (only with your cookie consent): Google Ireland Ltd. (Google Analytics and Google Ads), Meta Platforms Ireland Ltd. (Facebook and Instagram Ads, Meta Pixel and Conversions API) and TikTok Technology Ltd. (TikTok Ads). They process your browsing data —and, if you make a purchase, encrypted (hashed) contact data (see the next section)— to measure our campaigns and show you relevant ads. Some of these entities or their parents are located outside the EEA (see international transfers).
Advertising, measurement and profiling
With your cookie consent we use tools from Google (Analytics and Ads), Meta (Facebook and Instagram) and TikTok to measure the performance of the site and our campaigns, and to show you relevant ads —including remarketing (reaching you again on other websites or social networks after you visit us). This may involve building basic advertising profiles from your browsing.
Advanced conversion measurement (Google Enhanced Conversions and Meta Conversions API). To know precisely which ads generate sales, when you make a purchase —and only if you have accepted marketing cookies— our server shares with Google and Meta an encrypted, irreversible version (SHA-256 hash) of some of the contact details in your order: email, phone, first and last name, city, postal code and country. Along with that hash we send your IP address, the browser user agent, the advertising cookies (_fbp, _fbc) and an order identifier. The hashing happens on our systems before sending: Google and Meta only ever receive the hash, never your data in clear text, and use it solely to attribute the conversion and measure the campaign. If you reject marketing cookies, this processing does not happen.
We do not make automated decisions with significant legal effects about you. You can withdraw your consent at any time from “Configure cookies” in the footer, without affecting the lawfulness of earlier processing.
International transfers
Some providers (Google, Meta, TikTok, Stripe) may process data outside the European Economic Area, for example in the United States. These transfers are made with the safeguards provided by the GDPR: Standard Contractual Clauses approved by the European Commission or adherence to the EU-US Data Privacy Framework.
Your rights
You have the right to:
- Access — know what data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request that we delete your data when there is no legal obligation to keep it.
- Objection — object to processing based on legitimate interest.
- Restriction — request that we temporarily stop processing.
- Portability — receive your data in a structured, reusable format.
- Withdrawal of consent — at any time, without affecting previous processing.
To exercise any right write to us at info@print-it.biz stating the right you want to exercise and attaching a copy of your ID or equivalent document. We will reply within a maximum of 1 month.
Complaints to the supervisory authority
If you consider that the processing of your data does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (AEPD): C/ Jorge Juan, 6 · 28001 Madrid · www.aepd.es.
Data security
We apply reasonable technical and organisational measures to protect your data against unauthorised access, loss or alteration: HTTPS encryption across the site, access control to the admin panel, encrypted backups and incident logging.
Changes to this policy
We may update this policy to reflect legal or service changes. When the change is significant we will notify you by email or via a prominent notice on the site.