Last updated: 28 September 2022
2. Who we are.
Vista is a global e-commerce business with a primary objective of being the expert design and marketing partner for small businesses. Vista strives to meet this objective through a wide variety of products and services offered and delivered by a growing collection of Vista signature services, which include VistaPrint, VistaCreate and 99designs by Vista. The Vista global e-commerce business is operated by Cimpress Schweiz GmbH and certain other Cimpress plc subsidiaries. Where we refer below to "Vista", "we" or "us", we mean the relevant Cimpress plc subsidiary that is responsible for the processing of your Personal Information.
In relation to your Vista account:
Cimpress Schweiz GmbH
In relation to VistaPrint Services:
• If you reside in the European Economic Area (“EEA”), UK, or Switzerland:
5928 LW Venlo
• If you reside in the United States:
Vistaprint Netherlands B.V.
5928 LW Venlo
• If you reside in Australia, New Zealand and Singapore:
Vistaprint Australia Pty Limited
66 Paramount Boulevard
Derrimut, Victoria 3030
• If you reside in Canada:
Vistaprint Canada Corporation
333 Bay Street
• If you reside in India:
Cimpress India Private Limited
‘C’ Block, Voltas Premises
T. B. Kadam Marg, Chinchpokli
Mumbai -400 033
In relation to VistaCreate Services:
1 Anastasi Sioukri
4th floor, Office 402
In relation to 99designs by Vista Services:
99designs Pty Limited
Level 2, 41-43 Stewart Street
Richmond, VIC 3121
In all other cases, you can reach out to the Privacy team by emailing [email protected] or writing to:
Attn: Data Protection Officer
Cimpress Schweiz GmbH
3. What Personal Information do we collect and how do we collect it?
Vista offers you a wide range of services to bring together your print, digital and design needs. Depending on which services you use, we collect various types of Personal Information from different sources. As described below, some information is collected automatically when you visit our Sites and Apps, or purchase something, and some you provide to us when registering or filling out a form, uploading content, buying a product or service, or communicating with us. We may also acquire information indirectly from third parties and other sources, including social media websites. If you choose not to share certain Personal Information, we might not be able to provide some of our Services. Similarly, if you decline to let us place certain cookies on your device, our Sites and Apps will only have limited functionality (see more information about cookies below).
3.1 Personal Information we collect automatically.
Device and location data. Whenever you visit or navigate our Sites and Apps, we automatically collect certain information through your device or browser. This information includes your IP address and information about your computer's hardware and software (for example, the type of operating system, the browser you use, the versions of the application or software, and language settings). We may also collect location information from your IP address or if you have instructed your device to send such information via the privacy settings on that device. We collect some of this information using cookies or other similar technologies directly from your device. For more information about how we use these technologies, see our Cookies section below.
Site navigation and usage data. We also automatically collect and store certain information about your activities on our Sites and Apps such as the date, time and pages you visit, and how you use our Services and access its contents (such as search history, clickstream data, access logs and other usage data regarding your interactions with our Sites and Apps, and our marketing emails and online ads).
Session replay recordings. We also collect session replay recordings (such as mouse movements, clicks, typing, and scrolling).
Purchase and transaction history. If you place an order or request a service, we will collect your purchase and transaction history.
Bot usage data. If you contact us via chatbot, in addition to processing your contact information, we will be able to collect your device information and IP address.
If you are a registered user, we link this automatically-collected data to the other Personal Information we collect about you as described below. We use this data for various purposes as further detailed below.
3.2 Personal Information you give us.
Contact details and log-in credentials. When you register for an account on our Sites and Apps, we collect your first and last name, e-mail address and password.
Payment information. If you place an order or request a service, we collect information that you provide to us such as your shipping, billing, and payment information (such as credit card or bank account details) as well as tax information and information to verify your identity (i.e., passport, ID card or driver's license information). You may also have the option to store credit card or other payment information to make it easier to purchase products or services from our Sites and Apps in the future.
Content data. Some of our Services allow you to upload and share images, photos, logos, videos, music tracks or other content (“Content”) with us or other users, in order to communicate with us or other users or to personalise products and services. The Content you choose to upload to our Sites and Apps may include Personal Information about you. For example, if you design and personalise a product, such as a business card, we collect the Personal Information you use to customise the product, such as the name of your business, your professional title, your photo or other Content you upload. If you choose to enter into a design contest, we collect the Personal Information you choose to provide to us in the logo and brand guide brief, such as the name of your business, your slogan or other Content you upload. When you upload your Content to our Sites and Apps, or give us permission to access the Content stored on your device, your Content may also include related image information such as the time and the place your photo was taken, tags and similar information stored by your image capture device.
Profile information. We may collect demographic information about you such as your gender, country and preferred language, as well as other information about your interests and preferences, including favourite templates and work on designs or products. For example, if you are a designer using our Services, we will store the information on the profile you create and the content you choose to make available to other users, such as your professional background, time zone, location, avatar, design concepts and templates, service offerings, and messages and testimonials. Some of this information is part of your public profile and will be publicly visible.
Communications and marketing. If you contact our customer service teams or communicate with us by other means (for example, social networks), we will also collect information from you from these communications, either in relation to feedback you give us or help you ask for in relation to the use of our products and services. We will also collect your preferences in receiving direct marketing from us and our third parties, and your communication preferences.
Forms. From time-to-time, we may give you the opportunity to participate in sweepstakes, contests or surveys. If you participate, we will collect certain Personal Information from you and we may publicly disclose that information.
Reviews. We may also ask you to write a review to share your experiences with others. When you write a review on our Sites and Apps, we collect the information you include, along with the name you display. Please note that reviews posted on our Sites and Apps are public, so only include information you are comfortable with sharing publicly.
3.3 Personal Information you give us about others.
3.4 Personal Information we receive from other sources.
For example, we may receive Personal Information about you from third-party sources, such as i) postal service providers to validate postal address information; ii) security providers, fraud detection and prevention providers to help us screen out users associated with fraud; iii) social media platforms, when you log-in or sign-up using your social media account (e.g. your username, basic profile account information, profile photo); iv) in some cases, we may collect Personal Information from lead enhancement companies which help us to improve our service offering; and v) advertising and marketing partners in order to monitor, manage and measure our ad campaigns and serve you more relevant advertising.
3.5 End Users Information
We may also collect Personal Information pertaining to visitors and users of our User's websites or services ("End Users Information"), solely for you and on your behalf. For example, you are able to add a Contact Form on your website. Information submitted by visitors of your website are then stored with Vista, on your behalf. For such purposes, Vista serves and shall be considered as a "Processor" and not as the "Controller" (as both such capitalised terms are defined in the European Union General Data Protection Regulation ("GDPR")) of such End Users Information. You are responsible for complying with all laws and regulations that may apply to the collection and control of such End Users Information, including all privacy and data protection laws of all relevant jurisdictions. The processing and transfer of the End Users Information shall be in accordance to the Data Processing Agreement ("DPA").
4. How do we use your Personal Information?
We use the information we collect about you for the following purposes:
a) Create, manage and maintain your account: to maintain your account and facilitate integrated services, such as single-sign on; to allow you to log in, navigate the Sites and Apps and make purchases; to verify the identity of our users; to provide you with technical support including for example resetting your password.
b) Provide you with our Services: to provide you with the experiences, products, and services you request, view, engage with, or purchase; to fulfill, manage and deliver your order; to enable you to access and use our Services, including uploading, downloading, collaborating on and sharing Content; to maintain and administer our Services.
c) Customer support: to provide global customer service and quality assurance, including sending you service messages by text, chat, email or phone; sharing your relevant data (such as order ID or account information) with our Customer Care team allows us to address your questions and needs. Calls with our Customer Care team will be monitored in real time or recorded for quality control and training purposes. Recordings are saved for a limited time and automatically deleted afterwards, unless it is necessary to retain the recording for legal or fraud investigation purposes.
d) Customer analytics: to better understand how you access and use our Services; to determine how effective our promotional campaigns and advertisements are; for research and analytical purposes, such as to assess and improve our Services, user experience, and business operations and to develop new features, products, or services.
e) Supporting collaboration, networking, and projects: to enable you to communicate, collaborate and share Content with users you designate; and enable users to connect with designers, submit projects and receive bids for design services and to otherwise connect users and designers or other providers.
f) Communicating with you through various channels: to communicate with you about your account or order, including to provide customer service related thereto; to send communications in connection with your use of our Services, such as reminders concerning your designs in progress; to notify you when you receive new messages from another user; to respond to your requests and inquiries; to send you important updates and announcements related to our Sites and Apps or our products and services (for example product recalls or safety issues); and to invite you to provide us with your feedback about our Services and Customer Care team.
g) Marketing our products and services to you (including providing co-branded offers with our partners or affiliated Cimpress companies): to support our marketing and advertising activities, including to send you offers and promotions for our products and services or products and services offered by our partners or affiliated Cimpress companies; to send you news about products, services and designs in progress; to contact you about information we feel may be of interest to you; to better reach you with more relevant ads (both on our Sites and on third-party websites); to measure, personalize and improve our advertising and marketing campaigns; and to manage promotional activities (such as sweepstakes, referral programs, or contests) in which you participate. If you have signed up to receive marketing updates, we use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. This does not have any significant effect or a legal effect on you.
h) Personalization: to provide integrated and personalized services, products and offers, including conducting marketing and/or market research; to personalize our communications with you; to tailor the content you see in order to provide features and information that match your interests and preferences; and to group users of our Services based on, for example, usage and demographics.
i) Security: To prevent and detect fraud, unauthorized activities, access, and other misconduct; to improve the security of our network and information systems; and to enhance our data security and fraud prevention capabilities. For security purposes, we may conduct profiling based on your interactions with our Services, your profile information and other Content you submit to us, and information obtained from third parties (for example to lock stolen accounts or accounts that are used for spamming/fraud).
j) Complying with legal obligations: we may need to disclose your Personal Information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, to manage, defend and resolve legal claims and disputes, for investigations and regulatory compliance, to enforce the terms and conditions applicable to our Services, to comply with the legal requirements of government authorities, or to protect the rights, property, safety and security of Vista, our employees, customers, and others.
5. On what legal bases do we collect your Personal Information?
Certain laws require that we inform you of the legal bases for our processing of your Personal Information. Pursuant to this, we may process Personal Information for the following legal bases:
- Performance of contract: where the collection and processing of your Personal Information is necessary to perform a contract or to take steps to enter into a contract with you (for example, to fulfil your order or to provide you with our customer service and technical support).
- Compliance with legal obligation: where it is necessary to comply with a relevant legal or regulatory obligation that we have (for example, to respond to law enforcement requests).
- Our legitimate business interests: in furtherance of our legitimate business interests including:
◦ to maintain, enhance and improve our Services, user experience and business operations and to develop new features, products or services;
◦ to facilitate your participation in interactive features you may choose to use on our Sites and Services and to personalise our Services (for example by presenting content tailored to you);
◦ to correspond with you, notify you of events or changes to our Services, or otherwise respond to your queries and requests for information;
◦ except where consent is required under applicable laws, to undertake marketing activities to offer you products or services that may be of interest to you via email, such as promotions for our products and services;
◦ for data analysis and reporting (for example to determine the effectiveness of our marketing campaigns or understand how our Services are being used);
◦ for audits, fraud monitoring and prevention;
◦ to protect and defend our legal rights and interests and those of third parties.
◦ When using Personal Information for the legitimate interests of Vista, it is conducted in a way that is proportionate and that respects your privacy rights.
- With your consent: When necessary as provided by applicable law, Vista will obtain your consent before processing your Personal Information (for example for the purposes of direct marketing communications). You can withdraw consent at any time as provided under the Contact Us section below.
Our Services are not targeted at or meant for use by children under the age of sixteen (16) years old, and children under that age are prohibited from creating an account or otherwise providing their Personal Information. If we become aware that a child under the age of sixteen (16) has provided Personal Information through our Sites and/or Apps, we will remove their personally identifiable information from our files. If a parent or guardian becomes aware that their child has provided such information through our Sites and/or Apps, the parent or guardian should contact us at [email protected] so that we may respond appropriately.
7. Who do we disclose and share your Personal Information with?
We may share your Personal Information in the following situations:
We provide your Personal Information to third-party service providers to assist us with:
- Fulfilling or delivering your order;
- Storing and securing data;
- Processing payments;
- Website and platform operations;
- Cloud storage;
- Marketing, analytics and fraud detection activities; and
- Customer service.
These service providers are only allowed to use your information in connection with the specific service they provide on our behalf.
Among Vista Signature Services and Affiliates
We may offer products or services that are provided by our partners. If you choose to engage in such offers, our partners may have access to and process your Personal Information. Our partners may also share with us certain Personal Information they collect about you. We suggest that you review their privacy policies for more information about how they process and share your Personal Information. We may also share your Personal Information where you direct us as part of the Services we are providing to share your Personal Information with another user or to a third-party service provider in order to integrate our services with a service that they may provide, for example with a third-party printing partner, website builder or web development service provider so that they can provide you with a service.
Law Enforcement, Mergers and other situations
We may also share your Personal Information as required or permitted by law, including to enforce our Terms and Conditions and agreements with designers, or to protect our rights or property, or those of others. We may also be required to respond to requests from law enforcement agencies, but only if those agencies meet the standards for obtaining Personal Information consistent with local laws and data protection requirements. For more information, please read our Law Enforcement Policy.
Finally, we may provide some or all of your Personal Information to one or more third parties in the event of a merger, acquisition, sale of assets, bankruptcy, insolvency event, corporate reorganisation or similar event involving us.
8. Data transfer.
Transfers within the Cimpress plc group of companies are covered by an agreement entered into by the subsidiaries of the Cimpress plc group of companies (an intra-group agreement) which contractually obliges each member to ensure that Personal Information receives an adequate and consistent level of protection wherever it is transferred within the Cimpress plc group of companies.
9. What rights do you have to access and control the use of your information?
Subject to the applicable law and dependent on certain conditions, you may have the following rights:
- Access: Access your Personal Information and obtain copy of the Personal Information we hold about you;
- Rectify: Correct or update inaccurate or incomplete Personal Information;
- Delete: Request that we delete your Personal Information (or alter it so that you are not identifiable);
- Object: Object to the processing of your Personal Information;
- Portability: Request data portability for Personal Information provided by you;
- Restrict: restrict the processing of your Personal Information (when there is a legal basis for that);
- Withdraw consent: withdraw your consent where processing is based on a consent you have previously provided (such as for direct marketing purposes);
- Lodge complaint: exercise your rights by contacting us directly or by lodging a complaint with a local supervisory authority.
We may ask you to verify your identity before taking further action on your request.
10. How can you exercise these rights?
Access, Rectify, Copy, Delete, Portability
You may exercise some of the rights listed above by going to your Account settings page and updating your Personal Information and preferences.
You can also contact our Customer Care team to exercise any of the rights listed above by using any of the methods listed in the Contact Us section below.
Opt-out of marketing communications
You can change your marketing preferences at any time by either clicking the "unsubscribe" link at the bottom of any marketing email, by changing your marketing preferences through your Account settings of the respective Vista signature service, or by contacting the Customer Service team as provided for in the Contact Us section below.
Even if you choose to unsubscribe from receiving any advertising via email, telephone or by post, we may still communicate with you using any of these methods regarding your orders, your Vista account or for other administrative purposes (such as communications related to a pending order, an unresolved customer service issue or a policy update). If you do not want to receive any communications from Vista, you'll need to delete your Vista account.
Lodge a complaint
You may also lodge a complaint with your local supervisory authority, if you are located in:
- EEA/Switzerland, by contacting your local data protection supervisory authority.
- UK, by contacting the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/.
- Australia, by contacting the Office of the Australian Information Commissioner at www.oaic.gov.au.
- US, by contacting the relevant information commissioner's office in your respective US State.
11. What happens when you request your account to be deleted?
After you contact us to delete the Personal Information we hold about you, and we verify your identity, we will then close your Vista account and erase your Personal Information from our systems.
Please note that even when you ask us to delete your information, we may be allowed by law to keep certain information (for example, records of transactions or shipments), and we may still retain anonymous information about things like how customers interact with our Services.
After we process your request, you will immediately lose access to the following:
- Your Vista account;
- Your Vista account login and password;
- Order history with any of Vista's signature services ;
- Products you have designed and stored, and services you have used;
- Uploaded images, any stored designs and other Content with any of Vista's signature services.
Deleting your Vista account is a permanent change. It cannot be reversed.
12. How long do we keep your Personal Information and how do we protect it?
Vista has implemented technical, physical and administrative safeguards, and security measures that are designed to protect against unauthorised access, disclosure, use and modification of Personal Information. These measures include but are not limited to encryption methods, access controls, controlled administration of user rights and by limiting the access to the Personal Information to those who have a business need for such access in connection with Vista as described herein. We regularly review our security procedures to consider appropriate new technology and methods.
Please recognise that protecting your Personal Information is also your responsibility. When you establish a Vista account, you should select a strong password and keep it safe by not sharing it with others. You may change the password as often as you wish by going to your 'Account Settings'. If you have reason to believe that the security of your account might have been compromised (for example, your password has been leaked) or if you suspect someone else is using your account, please let us know immediately.
We take information security and privacy seriously, and our goal is to provide a safe and secure site for all users. To achieve this goal, we have implemented a security program to identify and remediate security issues and we utilise external security researchers to report vulnerabilities. If you believe you have identified a security issue on our Sites or Apps, please contact [email protected].
13. What are Cookies?
Cookies are small data files which often include a unique identifier that are stored on your device when you visit certain Vista web pages. Cookies are useful because they allow a website to recognise a user's device.
To learn more about what type of Cookies VistaPrint uses, please visit our Cookie Notice.
14. How can you manage which Cookies are placed on your device?
Using browser controls
The Help menu on the menu bar of most browsers will tell you how to enable or prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting the website of its manufacturer. Please be aware that if you disable or delete certain cookies, our websites will not work properly.
When you use our Sites and Apps, you may notice content provided by a company other than us. Also, if you 'share' Vista content with friends through social networks, such as Facebook and Twitter, these social networks may place cookies on your browser. We have no access to or control over cookies used by these companies or third-party websites. If you'd like to opt out of cookies created by 'sharing' Vista content through social networks — such as Facebook and Twitter — we suggest you check those third-party websites for more information about their cookies and how to manage them.
15. Contact Us.
If you have general questions about our Services, would like to update your marketing preferences, make changes to your information, or would like to exercise your rights to access and control the use of your information, please reach out to the Customer Care team as listed below:
- For VistaPrint, please go to the ‘Help Center” or “Contact Us” page.
- For VistaCreate, please submit your request through https://support.create.vista.com/hc/en-us/requests/new/ or email at [email protected].
- For 99designs by Vista, please contact the Support & Contact | 99designs or email [email protected].
You can also make a request in writing to the responsible data controller as listed above. In the letter, please include your name, email address, postal address and telephone number(s), along with your specific request.
For the purposes of GDPR (Article 27), you may contact our EU representative at Vistaprint B.V., Hudsonweg 8, 5928 LW Venlo, The Netherlands.
For the purposes of UK GDPR (Article 27), you may contact our UK representative at Cimpress (UK) Limited, c/o Cogency Global (UK) Limited, 6 Lloyds Avenue, Unit 4CL, London EC3N 3AX, United Kingdom.
Special Notice for California Residents
Collection of Personal Information
Below is an overview of the categories of information collected by Vista and its signature services and how we use it:
|Types of personal data we collect
|How we use it
|Payment information (such as credit card or bank account details)
California Privacy Rights
Californian law permits you to request, once a year and free of charge, a list of the third parties to whom we have disclosed Personal Information (if any) for their own marketing purposes. See the Contact Us section below for how to make this request. However, we do not share your Personal Information with third parties for their own marketing purposes without your express consent. Accordingly, you can prevent the type of sharing by withholding consent or opting out of sharing of Personal Information as further described below.
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) also provides you with several additional rights as a California resident, namely:
- Access: The right to request we provide you with the following information:
◦ The categories of Personal Information we have collected about you;
◦ The categories of sources from which we collect your Personal Information;
◦ The business or commercial purpose for collecting your Personal Information;
◦ The categories of third parties with whom we have shared your Personal Information; and
◦ The specific pieces of Personal Information we have collected about you.
- Correct: The right to correct or update inaccurate or incomplete Personal Information.
- Deletion: The right to request we delete the Personal Information we have collected from you, with some exceptions.
- Opt Out of Sale or Sharing: The right to tell companies not to sell or share your personal information.
- Limit: The right to limit the use or disclosure of sensitive personal information.
- Nondiscrimination: The right not to be discriminated against for exercising any of these rights.
You, or an authorized agent, can exercise these rights with respect to one or more of our signature services as provided under the Contact Us section below. In order to exercise your rights, we may have to verify your identity. We will do this by asking you to provide us with certain information we already have to confirm your identity. This can include your contact information, account number, or purchase history details. Authorized agents will be required to provide proof of their authorization and we may also require that you directly verify their identity and the authority of the authorized agent.
Notice of Right to Opt Out
We do not sell your personal information in exchange for money. However, like many ecommerce companies, we do share your Personal Information with third parties, such as our advertising partners to help show relevant ads based on your interests. If you would like to learn more, or opt-out of the sale or sharing of your Personal Information, please see the Contact Us section below.
To exercise your rights under California law with respect to one or more of our signature services, please contact us as follows:
- VistaPrint: call Customer Service at 1.866.207.4955 or submit your request through the webform on the Customer Service page. If you would like to opt-out of the sale or sharing of your Personal Information, please see our Notice of Right to Opt Out.
- VistaCreate: submit your request through https://support.create.vista.com/hc/en-us/requests/new/ or email us at [email protected].
- 99designs by Vista: call Customer Service at 1.800.513.1678 (toll free) or email us [email protected].
If you have any questions about this Notice, please contact our privacy team by sending an email to [email protected].
Special Notice for Nevada Residents
Nevada law gives Nevada residents the right to request that a company not sell their Personal Information for monetary consideration to certain other parties. This right applies even if your Personal Information is not currently being sold. If you are a Nevada resident and wish to exercise this right, please contact us as follows:
- VistaPrint: email us at [email protected].
- VistaCreate: email us at [email protected].
- 99designs by Vista: email us [email protected].
If you have any questions about this Notice, please contact our privacy team by sending an email to [email protected].