Legal Documentation & Policies
Data Privacy Policy
Important notice
Disclaimer
This policy explains how Princh collects, uses, and protects personal data. It details the types of data collected, the purposes for which it is used, and the measures taken to safeguard it. Familiarizing yourself with this policy helps users understand how their personal information is handled and their rights regarding data privacy.
Data Collected:
- Contact info (name, email)
- Payment info (last 4 digits of card only)
- Uploaded documents
- Website browsing activity
- System logs for security
Retention Periods:
- Documents: deleted after 24 hours
- Payment records: kept 5 years (Danish law)
- Contact info: kept while you use the service
- Logs: deleted after 120 days
Who Processes Your Data:
- Cloud providers (AWS, MongoDB)
- Payment processors (Adyen, Bambora, Quickpay)
- Technical service providers
- Data is always encrypted and never sold
Your Rights:
- You can request access, correction, or deletion of personal data via privacy@princh.com
- Children under 13 are not knowingly targeted
Version 1.4
This Data Privacy Policy outlines how Princh A/S and its subsidiaries (hereinafter referred to as "Princh," "we," "us," or "our") collect, process, disclose, and safeguard personal data in connection with the services provided. Whether you are utilizing our products, browsing our website, or conducting transactions with us, we are committed to protecting your privacy and ensuring your data is handled with the utmost care and in full compliance with applicable legal requirements.
1. Contact information
1.1 If you have any questions regarding this Privacy Policy or how we process your data, please contact us at:
- Email: privacy@princh.com
1.2 For UK Users:
Pursuant to Article 27 of the UK GDPR, Princh has appointed a UK Data Representative:
- Representative: GDPR Rep
- Address: 3rd Floor, 86-90 Paul Street, London EC2A 4NE
- Email: info@gdprep.org
1.3 For Swiss Users:
In accordance with Articles 14 and 15 of the Swiss nFADP, Princh has appointed a Swiss Data Representative:
- Representative: GDPR Rep
- Address: Andreaspark, Hagenholzstrasse 56, 7th Floor, Zurich 8050
- Email: info@gdprep.org
2. Data Collection Practices and Methods
2.1 We collect personal data through various channels, including:
- 2.1.1. Princh Services: When engaging with Princh's services, such as printing, scanning, or copying across platforms (web, mobile, or public computers), we collect document-related data and payment details.
- 2.1.2. Website Visitors: We gather information regarding your browsing activity (e.g., pages visited, cookies) and voluntary submissions (e.g., contact forms, newsletter sign-ups).
2.2 All payment data is securely processed by third-party payment providers, and documents uploaded for printing are stored for a limited period (24 hours) to fulfill the requested service.
2.3 In the course of operating our services, Princhlogs all incoming traffic. These logs include source IP addresses, and may contain IDs of authenticated users and systems. The purpose of collecting these logs is to facilitate IP-based traffic filtering for Distributed Denial of Service (DDOS) protection and to enable analysis in the event of faults and security incidents.
Logs are securely stored in our logging system for a period of up to 120 days, after which they are automatically deleted in accordance with our data retention policies. Access to the data is restricted to authorized personnel only.
3. Categories of Personal Data Processed
- Contact Information: Name, email address, company, job title, country, and language (collected through voluntary forms or interactions).
- Payment Information: Payment card details (limited to the last 4 digits and transaction date) stored for compliance with accounting regulations.
- Document: Files uploaded for printing, scanning, or copying are encrypted, and stored for 24 hours before automatic deletion.
- Browsing Data: IP addresses, browser types, device details, and usage patterns collected through cookies and other web tracking technologies.
4. Legal Grounds for Data Processing Activities
We process your personal data on the following legal grounds:
- Legitimate Interest: Processing is necessary to improve our services, provide customer support, and ensure data security.
- Performance of a Contract: Personal data is processed to fulfill the terms of service you engage in, including print and payment services.
5. Purposes for Personal Data Usage
- Provision of printing, scanning, and copying services.
- Secure processing of payments.
- Service improvements and product development.
- Compliance with legal obligations, such as financial record-keeping.
- Personalizing the website and product recommendations based on your behaviour and preferences.
6. Data Disclosure to Third-Party Service Providers
We do not sell or trade your personal data. However, based on how you use our services, to facilitate our operations, we may disclose data to third-party service providers, including:
- Infrastructure Providers: AWS and MongoDB Atlas, who manage our cloud infrastructure and databases.
- Supporting Services: Lunaweb GMBH (file conversion services), 84Codes CloudAMQP (message brokering services), Princh Inc. (Princh A/S subsidiary providing support to end-users and customers’ employees), and GetAccept (electronic signature service used in Princh direct customer onboarding and contract management).
- Payment Processor: Adyen who processes payment transactions securely.
- Website Services: Unoeuro (web hosting), HubSpot (CRM and marketing), Plausible (privacy-focused analytics), and Cookietbot (cookie consent management).
All third-party providers are contractually obligated to protect your data and comply with applicable privacy regulations, including GDPR, UK GDPR, and nFADP.
7. Measures for Ensuring Data Security and Integrity
We implement industry-standard security measures to protect your personal information. All data transmissions are encrypted at rest, and we ensure that documents uploaded for printing are encrypted.
8. Data Retention and Disposal Policy
- Document Content: Files uploaded are stored for 24 hours, after which they are automatically deleted.
- Payment Information: Stored for five years + current year to comply with Danish law.
- Contact Information: Retained as long as necessary to provide services and fulfill legal obligations.
- Logs: Retained for 120 days for DDoS protection and incident analysis, including IP addresses and authenticated user/system IDs. Automatically deleted afterward, with access limited to authorized personnel.
9. Data Subject Rights and Procedures for Exercising Them
You are entitled to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct any inaccurate information.
- Erasure: Under certain conditions, request the deletion of your data.
- Restriction of Processing: Request limitations on data processing in specific circumstances.
- Data Portability: Receive your personal data in a structured format for transfer to another controller.
To exercise any of these rights, please contact us at privacy@princh.com. We may require verification of your identity for security purposes.
10. Protection of Children’s Personal Data
We do not knowingly collect personal data from children under 13. If you believe a minor has used our services and provided personal information, please contact us immediately, and we will take appropriate steps to remove the data.
11. Conflict of Policies
11.1 In the event of any inconsistency or conflict between this Data Privacy Policy and i) the Princh Website Privacy Policy, or ii) the Princh User Privacy Policy, the provisions of this Data Privacy Policy shall prevail and take precedence. Both the Princh Website Privacy Policy and the Princh User Privacy Policy are considered complementary to this policy and do not exclude its applicability.
11.2 In the case of any conflict between this Data Privacy Policy and the Princh End-User Terms and Conditions, the Terms and Conditions shall govern and supersede this policy to the extent of such conflict.
12. Data Generated Through Service Usage
12.1 The following categories of product data and related service data are generated through your use of our connected printing services for each document processed:
- Printed page range
- Paper format selection
- Duplex configuration settings
- Colour printing parameters
- Time of job submission
- Time of job completion
- Additional transactional information, including printing location designation and pricing data, is documented on the service receipt provided to you.
12.2 Pursuant to Article 5(1) of the Data Act, you are entitled to request access to your product data and related service data. Upon written request, Princh shall provide such data in a structured, commonly used, and machine-readable format (CSV or JSON) within thirty (30) calendar days, without charge to you as the data subject.
12.3 In accordance with Article 5(2) of the Data Act, you have the right to:
- Receive your data in a structured, commonly used, and machine-readable format
- Transmit such data to third-party service providers of your choosing
- Request direct transmission of data to another data controller where technically feasible
12.4 To exercise your rights under the Data Act, please refer to Clause 1.1 of this Data Privacy Policy.
13. Governing Law
13.1. This Data Privacy Policy shall be governed by and construed in all respects in accordance with the Laws of Denmark, and submitted to the jurisdiction of the Court in Aarhus, Denmark.