Vista Privacy and Cookie Policy

Last updated: June 29, 2023

This Vista Privacy and Cookie Policy (“Privacy Policy”) describes what information Vista and its signature services, including VistaPrint, VistaCreate and 99designs by Vista (collectively, “Vista”, “we”, “our”, or “us”) collects from you through your use of and access to all of our websites, mobile sites (“Sites”), applications (“Apps”), services or other tools we offer and where reference is made to this Privacy Policy (collectively “Services”) and how we use, share and protect it. It also summarizes your rights and tells you how you can exercise those rights.

[Download the PDF version of this page]

Content

1. Applicability.

This Privacy Policy applies to all users of our Sites and Applications, including unregistered and registered users, designer contributors as well as to our customers or potential customers (collectively, “User”, “you”, or “your”), and to all Vista Services that link to this Privacy Policy. To provide you the Services, we must collect personal information relating to an identified or identifiable natural person (“Personal Information”). Any such information that we collect from and about you while using our Services will be handled in accordance with this Privacy Policy. Depending on where you live and what you are doing on the Vista Sites and Apps, the supplemental privacy pages listed below may apply to you.

Please keep in mind that this Privacy Policy does not apply to Personal Information collected about you by third-party websites and Apps that may post links or advertisements on or otherwise be accessible from our Vista Sites and Apps. The Personal Information collected by these third-party websites is subject to their own privacy policies and we are not responsible for the privacy practices of those websites and Apps.

We encourage you to read this Privacy Policy and the supplemental privacy pages in its entirety before using our Vista Services to make sure you fully understand our practices in relation to your Personal Information. By accessing or using our Vista Sites, Apps and Services, you acknowledge that you have read and agree to this Privacy Policy.

If you have general questions about this Privacy Policy, you can reach our privacy team at [email protected].

2. Who we are.

Vista is a global e-commerce business with a primary objective of being the expert design and marketing partner for small businesses. Vista strives to meet this objective through a wide variety of products and services offered and delivered by a growing collection of Vista signature services, which include VistaPrint, VistaCreate and 99designs by Vista. The Vista global e-commerce business is operated by Cimpress Schweiz GmbH and certain other Cimpress plc subsidiaries. Where we refer below to “Vista”, “we” or “us”, we mean the relevant Cimpress plc subsidiary that is responsible for the processing of your Personal Information.

When you create an account and/or use our Vista Services, your Personal Information is controlled by Cimpress Schweiz GmbH and/or another Cimpress plc subsidiary. The list of the relevant data controller that is responsible for the Personal Information collected, processed, and used as described in this Privacy Policy can be found below. Cimpress Schweiz GmbH and the other Cimpress plc subsidiaries listed below work collaboratively to bring together your print, digital and design needs all over the world, and they may sometimes be acting as joint data controllers (for example in relation to your Vista account). Despite their joint responsibility for data processing, the companies cannot act as legal representatives for one another.

In relation to your Vista account:
Cimpress Schweiz GmbH
Talacker 41
8001 Zürich
Switzerland

In relation to VistaPrint Services:
• If you reside in the European Economic Area (“EEA”), UK, or Switzerland: Vistaprint B.V.
Hudsonweg 8
5928 LW Venlo
The Netherlands

• If you reside in the United States:
Vistaprint Netherlands B.V.
Hudsonweg 8
5928 LW Venlo
The Netherlands

• If you reside in Australia, New Zealand and Singapore:
Vistaprint Australia Pty Limited
66 Paramount Boulevard
Derrimut, Victoria 3030
Australia

• If you reside in Canada:
Vistaprint Canada Corporation
333 Bay Street
Suite 2400
Toronto, Ontario
M5H 2T6
Canada

• If you reside in India:
Cimpress India Private Limited
‘C’ Block, Voltas Premises
T. B. Kadam Marg, Chinchpokli
Mumbai -400 033
Maharashtra
India

In relation to VistaCreate Services:
Crello Limited
1 Anastasi Sioukri
Themis Court
4th floor, Office 402
3105 Limassol
Cyprus

In relation to 99designs by Vista Services:
99designs Pty Limited
Level 2, 41-43 Stewart Street
Richmond, VIC 3121
Australia

In all other cases, you can reach out to the Privacy team by emailing at [email protected] or writing to:

Attn: Data Protection Officer
Cimpress Schweiz GmbH
Talacker 41
8001 Zürich
Switzerland

3. What Personal Information do we collect and how do we collect it?

Vista offers you a wide range of services to bring together your print, digital and design needs. Depending on which services you use, we collect various types of Personal Information from different sources. As described below, some information is collected automatically when you visit our Sites and Apps or purchase something, and some you provide to us when registering or filling out a form, uploading content, buying a product or service or communicating with us. We may also acquire information indirectly from third parties and other sources, including social media websites. If you choose not to share certain Personal Information, we might not be able to provide some of our Services. Similarly, if you decline to let us place certain cookies on your device, our Sites and Apps will only have limited functionality (see more information about cookies below).

3.1 Personal Information we collect automatically.

Device and location data. Whenever you visit or navigate our Sites and Apps, we automatically collect certain information through your device or browser. This information includes your IP address and information about your computer's hardware and software (for example, the type of operating system, the browser you use, the versions of the application or software and language settings). We may also collect location information from your IP address or if you have instructed your device to send such information via the privacy settings on that device. We collect some of this information by using cookies or other similar technologies directly from your device. For more information about how we use these technologies, see our Cookies section below.

Site navigation and usage data. We also automatically collect and store certain information about your activities on our Sites and Apps such as the date, time and pages you visit, and how you use our Services and access its contents (such as search history, clickstream data, access logs and other usage data regarding your interactions with our Sites and Apps and our marketing emails and online ads).

Session replay recordings. We also collect session replay recordings (such as mouse movements, clicks, typing, and scrolling).

Purchase and transaction history. If you place an order or request a service, we will collect your purchase and transaction history.

Bot usage data. If you contact us via chatbot, in addition to processing your contact information, we will be able to collect your device information and IP address.

If you are a registered user, we link this automatically-collected data to the other Personal Information we collect about you as described below. We use this data for various purposes as further detailed below.

3.2 Personal Information you give us.

Contact details and log-in credentials. When you register for an account on our Sites and Apps, we collect your first and last name, e-mail address and password.

Payment information. If you place an order or request a service, we collect information that you provide to us such as your shipping, billing, and payment information (such as credit card or bank account details) as well as tax information and information to verify your identity (i.e., passport, ID card or driver's license information). You may also have the option to store credit card or other payment information to make it easier to purchase products or services from our Sites and Apps in the future.

Content data. Some of our Services allow you to upload and share images, photos, logos, videos, music tracks or other content (“Content”) with us or other users, in order to communicate with us or other users or to personalise products and services. The Content you choose to upload to our Sites and Apps may include Personal Information about you. For example, if you design and personalize a product, such as a business card, we collect the Personal Information you use to customize the product, such as the name of your business, your professional title, your photo or other Content you upload. If you choose to enter into a design contest, we collect the Personal Information you choose to provide to us in the logo and brand guide brief, such as the name of your business, your slogan or other Content you upload. When you upload your Content to our Sites and Apps or give us permission to access the Content stored on your device, your Content may also include related image information such as the time and the place your photo was taken, tags and similar information stored by your image capture device.

Profile information. We may collect demographic information about you such as your gender, country, and preferred language, as well as other information about your interests and preferences, including favorite templates and work on designs or products. For example, if you are a designer using our Services, we will store the information on the profile you create and the content you choose to make available to other users, such as your professional background, time zone, location, avatar, design concepts and templates, service offerings, and messages and testimonials. Some of this information is part of your public profile and will be publicly visible.

Communications and marketing. If you contact our customer service teams or communicate with us by other means (for example, social networks), we will also collect information from you from these communications, either in relation to feedback you give us or help you ask for in relation to the use of our products and services. We will also collect your preferences in receiving direct marketing from us and our third parties and your communication preferences.

Forms. From time-to-time, we may give you the opportunity to participate in sweepstakes, contests or surveys. If you participate, we will collect certain Personal Information from you and we may publicly disclose that information.

Reviews. We may also ask you to write a review to share your experiences with others. When you write a review on our Sites and Apps, we collect the information you include, along with the name you display. Please note that reviews posted on our Sites and Apps are public, so only include information you are comfortable with sharing publicly.

3.3 Personal Information you give us about others.
The Content you choose to upload to our Sites and Apps may include Personal Information of others. If you choose to share your Content or other information with someone else through a feature we offer or participate in our referral program, we will use the Personal Information you provide (for example, the e-mail address of the recipient) to fulfill your request and for other purposes described in this Privacy Policy. Before you upload and/or share Personal Information of others through our Sites and Apps, please ensure that you have the consent of such persons to do so and that the persons about whom you have provided Personal Information have understood and accepted how Vista uses their Personal Information (as explained in this Privacy Policy).

3.4 Personal Information we receive from other sources.
Vista may also obtain information about you that is publicly available or from other sources, such as independent third parties, business partners, Cimpress plc subsidiaries. Any information we get from these sources is combined with Personal Information you provide to us for the purposes described in this Privacy Policy.

For example, we may receive Personal Information about you from third-party sources, such as i) postal service providers to validate postal address information; ii) security providers, fraud detection and prevention providers to help us screen out users associated with fraud, ii) social media platforms, when you log-in or sign-up using your social media account (e.g., your username, basic profile account information, profile photo), (iii) in some cases, we may collect Personal Information from lead enhancement companies which help us to improve our service offering; and vi) advertising and marketing partners in order to monitor, manage and measure our ad campaigns and serve you more relevant advertising.

3.5 End Users Information
We may also collect Personal Information pertaining to visitors and users of our User’s websites or services (“End Users Information”), solely for and on your behalf. For example, you are able to add a Contact Form on your website. Information submitted by visitors of your website are then stored with Vista, on your behalf. For such purposes, Vista serves and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation (“GDPR”)) of such End Users Information. You are responsible for complying with all laws and regulations that may apply to the collection and control of such End Users Information, including all privacy and data protection laws of all relevant jurisdictions. The processing and transfer of the End Users Information shall be in accordance to the Data Processing Agreement (“DPA").

4. How do we use your Personal Information?

We use the information we collect about you for the following purposes:

a) Create, manage and maintain your account: to maintain your account and facilitate integrated services, such as single-sign on; to allow you to log in, navigate the Sites and Apps and make purchases; to verify the identity of our users; to provide you with technical support including for example resetting your password.

b) Provide you with our Services: to provide you with the experiences, products, and services you request, view, engage with, or purchase; to fulfill, manage and deliver your order; to enable you to access and use our Services, including uploading, downloading, collaborating on and sharing Content; to maintain and administer our Services.

c) Customer support: to provide global customer service and quality assurance, including sending you service messages by text, chat, email or phone; sharing your relevant data (such as order ID or account information) with our Customer Care team allows us to address your questions and needs. Calls with our Customer Care team will be monitored in real time or recorded for quality control and training purposes. Recordings are saved for a limited time and automatically deleted afterwards, unless it is necessary to retain the recording for legal or fraud investigation purposes.

d) Customer analytics: to better understand how you access and use our Services; to determine how effective our promotional campaigns and advertisements are; for research and analytical purposes, such as to assess and improve our Services, user experience, and business operations and to develop new features, products, or services.

e) Supporting collaboration, networking, and projects: to enable you to communicate, collaborate and share Content with users you designate; and enable users to connect with designers, submit projects and receive bids for design services and to otherwise connect users and designers or other providers.

f) Communicating with you through various channels: to communicate with you about your account or order, including to provide customer service related thereto; to send communications in connection with your use of our Services, such as reminders concerning your designs in progress; to notify you when you receive new messages from another user; to respond to your requests and inquiries; to send you important updates and announcements related to our Sites and Apps or our products and services (for example product recalls or safety issues); and to invite you to provide us with your feedback about our Services and Customer Care team.

g) Marketing our products and services to you (including providing co-branded offers with our partners or affiliated Cimpress companies): to support our marketing and advertising activities, including to send you offers and promotions for our products and services or products and services offered by our partners or affiliated Cimpress companies; to send you news about products, services and designs in progress; to contact you about information we feel may be of interest to you; to better reach you with more relevant ads (both on our Sites and on third-party websites); to measure, personalize and improve our advertising and marketing campaigns; and to manage promotional activities (such as sweepstakes, referral programs, or contests) in which you participate. If you have signed up to receive marketing updates, we use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. This does not have any significant effect or a legal effect on you.

h) Personalization: to provide integrated and personalized services, products and offers, including conducting marketing and/or market research; to personalize our communications with you; to tailor the content you see in order to provide features and information that match your interests and preferences; and to group users of our Services based on, for example, usage and demographics.

i) Security: To prevent and detect fraud, unauthorized activities, access, and other misconduct; to improve the security of our network and information systems; and to enhance our data security and fraud prevention capabilities. For security purposes, we may conduct profiling based on your interactions with our Services, your profile information and other Content you submit to us, and information obtained from third parties (for example to lock stolen accounts or accounts that are used for spamming/fraud).

j) Complying with legal obligations: we may need to disclose your Personal Information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, to manage, defend and resolve legal claims and disputes, for investigations and regulatory compliance, to enforce the terms and conditions applicable to our Services, to comply with the legal requirements of government authorities, or to protect the rights, property, safety and security of Vista, our employees, customers, and others.

Certain laws require that we inform you of the legal bases for our processing of your Personal Information. Pursuant to this, we may process Personal Information for the following legal bases:

  • Performance of contract: where the collection and processing of your Personal Information is necessary to perform a contract or to take steps to enter into a contract with you (for example, to fulfill your order or to provide you with our customer service and technical support).
  • Compliance with legal obligation: where it is necessary to comply with a relevant legal or regulatory obligation that we have (for example, to respond to law enforcement requests).
  • Our legitimate business interests: in furtherance of our legitimate business interests including: ◦ to maintain, enhance and improve our Services, user experience, and business operations and to develop new features, products, or services;

◦ to facilitate your participation in interactive features you may choose to use on our Sites and Services and to personalize our Services (for example by presenting content tailored to you);
◦ to correspond with you, notify you of events or changes to our Services, or otherwise respond to your queries and requests for information;
◦ except where consent is required under applicable laws, to undertake marketing activities to offer you products or services that may be of interest to you via email, such as promotions for our products and services;
◦ for data analysis and reporting (for example to determine the effectiveness of our marketing campaigns or understand how our Services are being used);
◦ for audits, fraud monitoring and prevention;
◦ to protect and defend our legal rights and interests and those of third parties.
◦ When using Personal Information for the legitimate interests of Vista, it is conducted in a way that is proportionate and that respects your privacy rights.

  • With your consent: When necessary as provided by applicable law, Vista will obtain your consent before processing your Personal Information (for example for the purposes of direct marketing communications). You can withdraw consent at any time as provided under the Contact Us section below.

6. Children.

Our Services are not targeted to or meant for use by children under the age of sixteen (16) years old, and children under that age are prohibited from creating an account or otherwise providing their Personal Information. If we become aware that a child under the age of sixteen (16) has provided Personal Information through our Sites and/or Apps, we will remove their personally identifiable information from our files. If a parent or guardian becomes aware that their child has provided such information through our Sites and/or Apps, the parent or guardian should contact us at [email protected] so that we may respond appropriately.

7. Who do we disclose and share your Personal Information with?

We may share your Personal Information in the following situations:

Service Providers We provide your Personal Information to third-party service providers to assist us with:

  • Fulfilling or delivering your order;
  • Storing and securing data;
  • Processing payments;
  • Website and platform operations;
  • Cloud storage;
  • Marketing, analytics and fraud detection activities; and
  • Customer service.

These service providers are only allowed to use your information in connection with the specific service they provide on our behalf.

Among Vista Signature Services and Affiliates
Vista and its signature services operate under a number of subsidiaries and form part of the Cimpress plc group of companies. We may share your information internally among our subsidiaries for purposes described in this Privacy Policy. This allows us to offer features such as the ability to use your Vista account credentials across all of our Sites and Apps where available, and to seamlessly add your contact details and Content to your Vista account.

The information collected by us may also be used to improve other Vista products and services, including but not limited to VistaPrint, VistaCreate, 99Designs by Vista and Vista x Wix, and for analytics, customer service, marketing and other purposes as described in this Privacy Policy. All Cimpress plc group of companies have a contractual obligation to comply with the terms of this Privacy Policy and to protect your information. We also limit access to your Personal Information to employees who have a need to use the information and are obligated to protect that information and keep it confidential. Sharing Personal Information by Cimpress subsidiaries in the EEA, the United Kingdom and Switzerland with Cimpress subsidiaries located outside these regions will only take place under an approved transfer mechanism as further described below.

Partners
We may offer products or services that are provided by our partners. If you choose to engage in such offers, our partners may have access to and process your Personal Information. Our partners may also share with us certain Personal Information they collect about you. We suggest that you review their privacy policies for more information about how they process and share your Personal Information. We may also share your Personal Information where you direct us as part of the Services we are providing to share your Personal Information with another user or to a third-party service provider in order to integrate our services with a service that they may provide, for example with a third-party printing partner, website builder or web development service provider so that they can provide you with a service.

Law Enforcement, Mergers and other situations
We may also share your Personal Information as required or permitted by law, including to enforce our Terms and Conditions and agreements with designers, or to protect our rights or property or those of others. We may also be required to respond to requests from law enforcement agencies, but only if those agencies meet the standards for obtaining Personal Information consistent with local laws and data protection requirements. For more information, please read our Law Enforcement Policy. Finally, we may provide some or all of your Personal Information to one or more third parties in the event of a merger, acquisition, sale of assets, bankruptcy, insolvency event, corporate reorganization or similar event involving us.

8. Data transfer.

Vista is an international company and operates globally. The information we collect about you, as described in this Privacy Policy, may be accessed, processed, stored in or transferred to countries that may not have the same data protection laws as the country in which you reside, such as the United States of America, Australia, Brazil, Jamaica and the Philippines. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your Personal Information will remain protected in accordance with this Privacy Policy. For example, Cimpress plc group of companies, third-party service providers, or partners may be located outside of the EEA, the United Kingdom or Switzerland. In case your Personal Information is transferred to countries outside these regions, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or that the transfer shall be conducted under an approved transfer mechanism, such as through the use of standard contractual clauses approved by the European Commission for such transfer of your Personal Information and impose specific technical and organizational security measures.

Transfers within the Cimpress plc group of companies are covered by an agreement entered into by the subsidiaries of the Cimpress plc group of companies (an intra-group agreement) which contractually obliges each member to ensure that Personal Information receives an adequate and consistent level of protection wherever it is transferred within the Cimpress plc group of companies.

9. What rights do you have to access and control the use of your information?

Subject to the applicable law and dependent on certain conditions, you may have the following rights:

  • Access: Access your Personal Information and obtain copy of the Personal Information we hold about you;
  • Rectify: Correct or update inaccurate or incomplete Personal Information;
  • Delete: Request that we delete your Personal Information (or alter it so that you are not identifiable);
  • Object: Object to the processing of your Personal Information;
  • Portability: Request data portability for Personal Information provided by you;
  • Restrict: restrict the processing of your Personal Information (when there is a legal basis for that);
  • Withdraw consent: withdraw your consent where processing is based on a consent you have previously provided (such as for direct marketing purposes);
  • Lodge complaint: exercise your rights by contacting us directly or by lodging a complaint with a local supervisory authority.

We may ask you to verify your identity before taking further action on your request.

10. How can you exercise these rights?

Access, Rectify, Copy, Delete, Portability
You may exercise some of the rights listed above by going to your Account settings page and updating your Personal Information and preferences.

You can also contact our Customer Care team to exercise any of the rights listed above by using any of the methods listed in the Contact Us section below.

Opt-out of marketing communications
You can change your marketing preferences at any time by either clicking the "unsubscribe" link at the bottom of any marketing email, by changing your marketing preferences through your Account settings of the respective Vista signature service, or by contacting the Customer Service team as provided for in the Contact Us section below.

Even if you choose to unsubscribe from receiving any advertising via email, telephone or by post, we may still communicate with you using any of these methods regarding your orders, your Vista account or for other administrative purposes (such as communications related to a pending order, an unresolved customer service issue, or a policy update). If you do not want to receive any communications from Vista, you’ll need to delete your Vista account.

Lodge a complaint
If you have a complaint about this Privacy Policy or our privacy practices, please contact our Data Protection Officer by emailing [email protected], so your concerns can be addressed directly. We would ask that you please attempt to resolve any issues with us first, although you have a right to contact your local supervisory authority at any time.

You may also lodge a complaint with your local supervisory authority, if you are located in:

  • EEA/Switzerland, by contacting your local data protection supervisory authority.
  • UK, by contacting the UK Information Commissioner´s Office (ICO) at https://ico.org.uk/make-a-complaint/.
  • Australia, by contacting the Office of the Australian Information Commissioner at www.oaic.gov.au.
  • US, by contacting the relevant information commissioner's office in your respective US State.

11. What happens when you request your account to be deleted?

After you contact us to delete the Personal Information we hold about you, and we verify your identity, we will then close your Vista account and erase your Personal Information from our systems.

Please note that even when you ask us to delete your information, we may be allowed by law to keep certain information (for example, records of transactions or shipments), and we may still retain anonymous information about things like how customers interact with our Services.

After we process your request, you will immediately lose access to the following:

  • Your Vista account;
  • Your Vista account login and password;
  • Order history with any of Vista’s signature services ;
  • Products you have designed and stored and services you have used;
  • Uploaded images, any stored designs and other Content with any of Vista’s signature services.

Deleting your Vista account is a permanent change. It cannot be reversed.

12. How long do we keep your Personal Information and how do we protect it?

We only retain your Personal Information for the length of time needed to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, records of transactions or shipments).

Vista has implemented technical, physical, and administrative safeguards and security measures that are designed to protect against unauthorized access, disclosure, use and modification of Personal Information. These measures include but are not limited to encryption methods, access controls, controlled administration of user rights and by limiting the access to the Personal Information to those who have a business need for such access in connection with Vista as described herein. We regularly review our security procedures to consider appropriate new technology and methods.

Please recognize that protecting your Personal Information is also your responsibility. When you establish a Vista account, you should select a strong password and keep it safe by not sharing it with others. You may change the password as often as you wish by going to your ‘Account Settings’. If you have reason to believe that the security of your account might have been compromised (for example, your password has been leaked), or if you suspect someone else is using your account, please let us know immediately.

We take information security and privacy seriously and our goal is to provide a safe and secure site for all users. To achieve this goal, we have implemented a security program to identify and remediate security issues and we utilize external security researchers to report vulnerabilities. If you believe you have identified a security issue on our Sites or Apps, please contact [email protected].

13. What are Cookies?

Cookies are small data files which often include a unique identifier that are stored on your device when you visit certain Vista web pages. Cookies are useful because they allow a website to recognize a user's device.

To give you the best experience, Vista and its signature services tailor their Sites and Apps to show the most relevant content and helpful offers. Our Sites and Apps use cookies that, among other things, let you navigate between pages efficiently, remember your preferences and generally improve your experience on our Sites and Apps. They can also help to ensure that advertising you see online is relevant to you and your interests.

To learn more about what type of Cookies Vista uses, please visit our Cookie Notice.

14. How can you manage which Cookies are placed on your device?

Using browser controls
The Help menu on the menu bar of most browsers will tell you how to enable or prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting the website of its manufacturer. Please be aware that if you disable or delete certain cookies our websites will not work properly.

Third-Party Cookies
When you use our Sites and Apps, you may notice content provided by a company other than us. Also, if you 'share' Vista content with friends through social networks, such as Facebook and Twitter, these social networks may place cookies on your browser. We have no access to or control over cookies used by these companies or third-party websites. If you’d like to opt out of cookies created by 'sharing' Vista content through social networks — such as Facebook and Twitter — we suggest you check those third-party websites for more information about their cookies and how to manage them.

If you want to know more about Third-Party Cookies and how to opt out of them, see www.allaboutcookies.org and www.youronlinechoices.eu.

15. Contact Us.

If you have general questions about our Services, would like to update your marketing preferences, make changes to your information, or would like to exercise your rights to access and control the use of your information, please reach out to the Customer Care team as listed below:

If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer by emailing [email protected].

You can also make a request in writing to the responsible data controller as listed above. In the letter, please include your name, email address, postal address and telephone number(s), along with your specific request.

For the purposes of GDPR (Article 27), you may contact our EU representative at Vistaprint B.V., Hudsonweg 8, 5928 LW Venlo, The Netherlands.

For the purposes of UK GDPR (Article 27), you may contact our UK representative at Cimpress (UK) Limited, c/o Cogency Global (UK) Limited, 6 Lloyds Avenue, Unit 4CL, London EC3N 3AX, United Kingdom.

16. Changes to this Privacy Policy.

From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We reserve the right to modify this Privacy Policy at any time in accordance with the applicable law. If we do so, we will post the revised Privacy Policy and update the “Last Updated” date at the top, so please review it frequently. In case of material changes, we will also provide notice to you and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on our sites and Apps, and/or by other means, consistent with applicable law. Your continued use of the Services will be deemed acceptance thereof.

US Supplemental page

This US Supplemental page (“US Notice”) is applicable to residents of certain US states that have their own laws and regulations regarding data privacy, such as California, Virginia, Colorado, Connecticut, Utah or Nevada. It describes how we collect, use, disclose, and otherwise process Personal Information, and which rights may be available to residents of these US states upon the effective dates of the respective US state laws and regulations (collectively, “US State Laws”).

The terms of this US Notice supplements and should be read in conjunction with our Vista Privacy and Cookie Policy.

Depending on your place of residence, and subject to the applicable law in that State, some parts of this US Notice will not be applicable to you.

Your Personal Information

You can learn about the categories of Personal Information we collect from you, the sources of that information, the purposes for collecting and using that information, and what types of third-party service providers we may share that information with, by reading Sections 3 to 7 of the Vista Privacy and Cookie Policy.

Your Privacy Rights

Depending on your place of residence, and subject to certain limitations under the applicable US State Laws, you may exercise the following rights in relation to your Personal Information:

  • Access: The right to confirm whether or not we are processing your Personal Information, and request we provide you with the following information (including in a portable, and, to the extent technically feasible, readily usable format): ◦ The categories of Personal Information we have collected about you; ◦ The categories of sources from which we collect your Personal Information; ◦ The business or commercial purpose for collecting your Personal Information; ◦ The categories of third parties with whom we have shared your Personal Information; and ◦ The specific pieces of Personal Information we have collected about you.
  • Correct: The right to correct or update inaccurate or incomplete Personal Information, taking into account the nature of the Personal Information and the purposes of the processing.
  • Deletion: The right to request we delete the Personal Information we have collected from you, with some exceptions.
  • Opt Out: If applicable, you may have the right to tell companies not to sell or share your Personal Information, or to opt-out of the processing of Personal Information for purposes of targeted advertising , sale, or profiling (as defined under the applicable US State Laws).
  • Limit: The right to limit the use or disclosure of sensitive personal information. Please note that we do not collect or process sensitive Personal Information for the purpose of inferring characteristics about you.
  • Nondiscrimination: The right not to be discriminated against for exercising any of these rights.
  • Appeal: Where applicable, you may have the right to appeal our refusal to take action on, or respond to, a verified consumer request. Upon receipt of our denial or refusal to take action on, or respond to, a verified consumer request, you may, within a reasonable period of time from the refusal, submit a request to appeal our decision by sending an email to [email protected], or contacting our Customer Service following the information available in the Contact Us section below. Within the time frame established by the applicable US State Laws, we will inform you in writing of any action taken or not taken in response. We will also include a written explanation of the reasons for our decision. If your appeal is denied, you have the right to contact the State Attorney General.

How to Exercise Your Privacy Rights

You, or an authorized agent (where applicable), can exercise these rights with respect to one or more of our signature services as provided under the Contact Us section below and to the extent applicable to you under the respective US State Laws. In order to exercise your rights, we may have to verify your identity. We will do this by asking you to provide us with certain information we already have to confirm your identity. This can include your contact information, account number, or purchase history details. Authorized agents, where applicable, will be required to provide proof of their authorization and we may also require that you directly verify their identity and the authority of the authorized agent.

We recognize and support the Global Privacy Control (“GPC”) standard. As such, if you enabled your browser or device to broadcast a GPC signal, we will automatically process it upon receival as a valid request to opt out of the sale and sharing of your Personal Information. If you log into your account, your preference will be associated with your Vista account, maintaining your opt out preference when using a different device or browser. However, if you are not logged into your account, your preference will only be associated with that one browser.

Special Disclosures for California Residents

Shine the Light
As a California resident, you may request, once a year and free of charge, a list of the third parties to whom we have disclosed Personal Information (if any) for their own direct marketing purposes. See the Contact Us section below for how to make this request. However, note we do not share your Personal Information with third parties for their own marketing purposes without your express consent. Accordingly, you can prevent the type of sharing by withholding consent or opting out of sharing of Personal Information as further described on the Notice of Right to Opt Out section below.

Notice of Right to Opt Out
We do not sell your Personal Information in exchange for money. However, like many ecommerce companies, we do share your Personal Information with third parties, such as our advertising partners to help show relevant ads based on your interests. If you would like to learn more, or wish to opt-out of the sale or sharing of your Personal Information, please see the Contact Us section below. Please note that we do not knowingly sell or share the Personal Information of individuals under the age of 16 years old.

Notice of Financial Incentive In some instances, we may offer various types of incentives in exchange for the collection of your Personal Information, such as discounts, promotional codes, prices as part of a sweepstake entry or contest, participation in surveys, exclusive offers when you sign up to receive our marketing emails and other programs. The amount and terms of such incentives will be presented to you at the time of the offer or program. When you participate in or sign up for one of these offers or programs, we collect Personal Information from you, such as identifiers like your name, email address and/or phone number.

Because these activities involve the collection of Personal Information as well as the offering of various benefits, they might be interpreted as providing a “financial incentive” under California law. To the extent that we derive value from the collection of your Personal Information, we reasonably estimate the value of the financial incentive to be equal to the value we receive from the Personal Information collected. We estimate the value of a consumer’s Personal Information by directly relating it to the expenses which might be incurred in the provision of each incentive and the collection, storage, and use of such Personal Information in the operation of our business.

Participation in our financial incentives is voluntary. You may opt into a financial incentive by following the sign-up or participation instructions provided, and you have the ability to opt out or withdraw at any time by unsubscribing from our marketing communications or terminating the participation in the sweepstake or contest prospectively by following the instructions in the applicable terms.

Special Disclosures for Virginia, Colorado, Connecticut and Utah Residents

Unless specifically stated, we do not sell Personal Information to third parties, nor do we process your Personal Information for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects. However, we do process your Personal Information for targeted advertising purposes. If you would like to learn more, or opt out of the sale or processing of your Personal Information for targeted advertising purposes, please see the Contact Us section below.

Special Disclosures for Nevada Residents

Nevada law gives Nevada residents the right to request that a company not sell their Personal Information for monetary consideration to certain other parties.  The right to opt out of the sale of your Personal Information applies even if your Personal Information is not currently being sold.  If you are a Nevada resident and wish to exercise this right, please contact us as indicated under the Contact Us section below.

Contact Us

If you would like to learn more or wish to exercise your rights under the applicable US State Laws with respect to one or more of our signature services, please contact us as follows:

If you have any questions about this Notice, please contact our privacy team by sending an email to [email protected].