Skip to main content

Privacy Policy

1. Who We Are

Printout.Graphics is a trading name of Printout Graphics Ltd, a company registered in England and Wales. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy or how we handle your data, please contact us at:

2. What Data We Collect

When you use our website or place an order, we may collect the following personal information:

  • Identity data: your full name, company name (if applicable)
  • Contact data: email address, telephone number, postal/delivery address
  • Payment data: processed securely by our third-party payment provider — we do not store your full card details on our servers at any time
  • Order data: details of the products you have ordered, artwork files you have uploaded, order history, and any correspondence relating to your orders
  • Account data: if you create a customer account, we store your login credentials (password is encrypted and never stored in plain text), saved addresses, and order history
  • Technical data: IP address, browser type and version, time zone, operating system, and platform
  • Communication data: records of all correspondence if you contact us via email, phone, contact form, or social media

3. Why We Collect Your Data (Lawful Basis)

We process your personal data under the following lawful bases:

  • Contract performance: to process, produce, and deliver your orders, and to manage your customer account
  • Communication: to respond to enquiries, provide order updates, send dispatch notifications, and request artwork where needed
  • Payment processing: to take payment securely via our payment provider and manage refunds where applicable
  • Legal obligation: to comply with our legal and regulatory requirements (e.g. tax records, fraud prevention, HMRC reporting)
  • Legitimate interest: to improve our website, products, and services based on how customers use them, and to protect against fraud or misuse
  • Consent: for marketing communications only — you can withdraw consent at any time by contacting us or using the unsubscribe link in any marketing email

4. How We Store Your Data

Your personal data is stored securely on UK-based servers. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption on all pages of our website
  • Encrypted password storage using industry-standard hashing algorithms
  • Regular security updates and vulnerability assessments
  • Restricted access — only authorised personnel can access personal data
  • Automated encrypted database backups

Data Retention Periods

  • Order records: retained for six years from the date of the transaction in accordance with HMRC requirements
  • Artwork files: retained for 90 days after order completion to allow for reprints or queries, then permanently deleted. We do not retain your artwork beyond this period unless you request otherwise in writing.
  • Customer accounts: retained for as long as your account is active. Inactive accounts may be deleted after 24 months — we will notify you by email before doing so.
  • Communication records: retained for two years from the date of the last correspondence
  • Technical/usage data: anonymised or deleted after 12 months

5. Third Parties

We share your personal data with the following categories of third parties, only to the extent necessary to provide our services:

  • Payment processor: our payment provider handles all card and online transactions securely. We do not have access to your full card details at any point.
  • Print fulfilment partners: for certain products, we work with specialist print suppliers who receive only the information necessary to produce and ship your order (name, delivery address, and artwork files).
  • Royal Mail and courier services: to deliver your orders. We share your name, delivery address, and contact number for this purpose.
  • Email service providers: to send transactional emails such as order confirmations and dispatch notifications.
  • Website hosting provider: our hosting infrastructure stores website data securely within the UK.

We do not sell, rent, or trade your personal data to any third parties for marketing purposes. We will never share your data with third parties for their own marketing without your explicit consent.

6. Cookies

We use only essential cookies that are strictly necessary for our website to function. We do not use any analytics, advertising, or tracking cookies.

Cookies We Set

Cookie NamePurposeDurationType
pw_pg Session cookie — maintains your shopping cart, login state, and delivery preferences as you browse the site. Contains a random session identifier only; no personal data is stored in the cookie itself. Browser session (deleted when you close your browser) Strictly necessary

We do not set any optional, analytics, or marketing cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

Session Data

The session cookie (pw_pg) links to server-side session data that may include:

  • Shopping cart contents (product selections and quantities)
  • Selected delivery tier (Standard, Express, or Priority)
  • Login state (if you have a customer account)
  • Temporary notification messages (e.g. "Item added to cart")

This data is stored securely on our server, not in the cookie itself. Session data is automatically deleted when the session expires or when you close your browser.

Session Cookie Security

  • The cookie is served over HTTPS only (Secure flag)
  • The cookie is not accessible to JavaScript (HttpOnly flag)
  • Session fingerprinting is enabled to prevent session hijacking

Analytics

We use Plausible Analytics (plausible.io) to understand how visitors use our website. Plausible is a privacy-focused analytics tool that does not use cookies, does not collect personal data, and does not track individual visitors across sessions or websites. All data is aggregated and anonymous. Plausible is fully compliant with UK GDPR, PECR, and EU GDPR without requiring cookie consent.

Third-Party Cookies

Our website does not embed third-party content (social media widgets, advertising pixels, or analytics trackers) that would set cookies on your device. When you proceed to checkout, you are redirected to our payment processor's hosted checkout page, which may set its own cookies subject to its own privacy policy.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you (known as a Subject Access Request)
  • Right to rectification: you can ask us to correct any inaccurate or incomplete data
  • Right to erasure: you can request that we delete your personal data, subject to any legal obligations we have to retain it (e.g. HMRC tax records)
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances
  • Right to data portability: you can request your data in a structured, commonly used, machine-readable format
  • Right to object: you can object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, please contact us at hello@printout.graphics. We will respond to your request within one calendar month. In complex cases, we may extend this by a further two months, but we will inform you of any delay within the initial one-month period.

There is no fee for making a request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or refuse the request.

8. International Transfers

We store all data on UK-based servers. In the event that any data is transferred outside the UK, we will ensure that appropriate safeguards are in place in accordance with UK GDPR, such as Standard Contractual Clauses or an adequacy decision.

9. How to Contact Us About Data

If you have any concerns about how we handle your personal data, or if you wish to make a complaint, please contact us at hello@printout.graphics.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. Where changes are significant, we will make reasonable efforts to notify you (for example, by email or a notice on our website). The version in effect at the time of your order or interaction applies to the data collected at that time.

Last updated: 11 April 2026