These Data Processing Terms form part of the Terms of Service or other agreement between FOREVER 420, www.420.si and its affiliated companies and Merchants regarding our services. These Terms are binding between FOREVER 420, www.420.si and Merchants and constitute a data processing agreement. If you do not agree to these Terms, do not use the Site and the Service.
1.1. The agreement means an agreement entered into by FOREVER 420, www.420.si and the Merchant regarding the use of Service.
1.2. Data means the personal data of the recipients of the Merchant’s products, including the Merchant’s customers, as well as personal data of the Merchant’s representatives, which via the use of FOREVER 420, www.420.si Site and Service are provided to FOREVER 420, www.420.si by the Merchant.
1.3. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.4. Merchant means any person, be it a legal entity or natural person, that uses FOREVER 420, www.420.si Service to execute orders or deliver its products to recipients, including the Merchant’s customers.
1.5. Service means online store, promotion services offered by FOREVER 420, www.420.si to Merchants.
1.6. The terms “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Supervisory Authority” used in these Terms have the meanings given in the GDPR.
2. The subject of the Terms
2.1. These Terms govern the agreement between FOREVER 420, www.420.si and the Merchant in respect of the processing of Data transferred to FOREVER 420, www.420.si by the Merchant.
2.2. The Merchant acquires Data and via the use of FOREVER 420, www.420.si Site. The Merchant is a Controller of this Data and FOREVER 420, www.420.si as the Processor only processes this Data on behalf of the Merchant.
2.3. The Merchant hereby instructs FOREVER 420, www.420.si to process the Data as prescribed by these Terms, including the transfer of such Data to any country as may be reasonably necessary for the provision of the Service or otherwise for the compliance with the Agreement or applicable law.
3. Details of Processing
3.1. Categories. FOREVER 420, www.420.si, on behalf of the Merchant, processes the Personal Data of the Merchant’s customers and the Merchant’s representatives that are registered under the Merchant’s FOREVER 420, www.420.si account.
3.2. Types. FOREVER 420, www.420.si processes the following information received from Merchants that might contain Personal Data: name, email address, phone number, shipping information.
3.3. Nature and purpose. FOREVER 420, www.420.si processes Data in accordance with these Terms in order to provide the Merchant the Service and otherwise ensure fulfillment of the obligations set out in the Agreement between the Merchant and FOREVER 420, www.420.si if such fulfillment involves the processing of Personal Data. FOREVER 420, www.420.si only has access to the information that has been provided by the Merchant.
3.4. Duration. Data will be processed for the duration of the Agreement.
4. Rights and obligations
4.1. FOREVER 420, www.420.si shall ensure that Data processing under these Terms is carried out in accordance with all applicable laws and regulations in respect of data protection, including the GDPR.
4.2. The Merchant is responsible for the legality of processing the Data. The Merchant confirms that the Data transferred to FOREVER 420, www.420.si has been obtained by the Merchant on the lawful basis as prescribed by the GDPR and other applicable laws and regulations in respect of data protection and that the Merchant is entitled to provide the Data to FOREVER 420, www.420.si.
4.3. The Merchant shall not submit to FOREVER 420, www.420.si any Personal Data that is not necessary for the use of the Service, and any Personal Data if the Merchant has no lawful basis and/or no valid purpose for processing such Personal Data.
4.4. The Merchant confirms that these Terms contain sufficient instructions to FOREVER 420, www.420.si regarding the processing of Data, as well as the scope and purposes.
4.5. If reasonably necessary, the Merchant may provide FOREVER 420, www.420.si with additional instructions regarding the processing of Data other than those prescribed by these Terms. Such additional instructions must be reasonably enforceable, properly documented and in compliance with applicable laws and regulations regarding data protection, and must also be accepted by FOREVER 420, www.420.si.
4.6. FOREVER 420, www.420.si shall not be liable for any claims or complaints from Data Subjects regarding any action taken by FOREVER 420, www.420.si as a result of acting in accordance with instructions received from the Merchant.
4.7. The Merchant shall be responsible for the accuracy of Data and keeping it up to date and shall inform FOREVER 420, www.420.si in case of any changes in the provided Data.
4.8. FOREVER 420, www.420.si shall process the Data on behalf of the Merchant and shall always follow the Merchant’s instructions prescribed by these Terms, the Agreement or otherwise provided to Printful in accordance with these Terms.
4.9. FOREVER 420, www.420.si confirms that the processing is performed in compliance with the requirements prescribed by the GDPR and other applicable laws and regulations in respect of data protection, FOREVER 420, www.420.si has implemented appropriate technical and organizational measures and while processing the Data ensures the protection of the Data Subjects’ rights.
5.1. For FOREVER 420, www.420.si to be able to meet its obligations prescribed by the Agreement and to administer and provide the Service, the Merchant hereby authorizes FOREVER 420, www.420.si to engage sub-processors and transfer the Data to such sub-processors.
5.2. When processing the Data on behalf of the Merchant, FOREVER 420, www.420.si uses sub-processors that provide us with different services such as hosting and server co-location services, postal and courier delivery services, and our financial and legal advisors, among others.
5.3. FOREVER 420, www.420.si hereby confirms that it uses only such sub-processors that are able to guarantee that they have implemented appropriate technical and organizational measures in accordance with the GDPR and other applicable laws and regulations regarding data protection.
5.4. FOREVER 420, www.420.si hereby confirms that our sub-processors are contractually or otherwise in a binding form required to comply with the same data processing obligations as prescribed by these Terms.
5.5. FOREVER 420, www.420.si may transfer the Data to sub-processors that are located outside the European Economic Area (“EEA“). FOREVER 420, www.420.si confirms that the Data are transferred only to such sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring an adequate level of protection, or otherwise is able to provide appropriate safeguards and always provided that enforceable rights and effective legal remedies are available for Data Subjects.
6.1. Considering the nature of the processing, FOREVER 420, www.420.si will assist the Merchant with the provision of technical or organizational measures, insofar as possible, for the fulfillment of the Merchant’s obligations as the Controller in relation to:
Any requests from the Data Subjects in respect of access to, or the rectification, erasure, restriction, portability, blocking or deletion of their Personal Data that FOREVER 420, www.420.si processes on behalf of the Merchant. In the event that a Data Subject sends such a request directly to FOREVER 420, www.420.si, FOREVER 420, www.420.si will promptly forward such request to the Merchant; and
The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such Personal Data breaches; and
Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.
7. Data Security
7.1. By taking into account the state of the art, costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, FOREVER 420, www.420.si shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the respective risk.
7.2. FOREVER 420, www.420.si monitors and ensures that all of FOREVER 420, www.420.si authorized personnel involved in the Processing of Data provided to us have committed themselves to confidentiality obligations.
7.3. FOREVER 420, www.420.si confirms that rights of access to its authorized personnel are always provided only to the minimum extent necessary for fulfillment of the obligations arising from the Agreement.
8.1. Upon the Merchant’s written request, FOREVER 420, www.420.si shall provide sufficient information to demonstrate compliance with obligations laid down in these Terms and applicable laws and regulations. This information shall be provided to the extent that such information is within FOREVER 420, www.420.si control and FOREVER 420, www.420.si is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
8.2. If the information provided upon the Merchant’s request in the Merchant’s reasonable judgment is not sufficient to confirm FOREVER 420, www.420.si compliance with these Terms, then FOREVER 420, www.420.si agrees to allow for and contribute to data processing audits.
8.3. Such audits are allowed to be carried out by an independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Merchant and FOREVER 420, www.420.si.
8.4. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided only at the expense of the Merchant, and we reserve the right to charge the Merchant for any additional work or other costs incurred by us in connection with the Merchant using such rights. The Merchant has rights to request the audit once every 2 years.
8.5. The auditor will have to sign a confidentiality agreement, which includes an obligation not to disclose business information in its audit report, and the final report will also have to be provided to FOREVER 420, www.420.si.
9. Deletion of Data
9.1. Unless otherwise required by applicable law, FOREVER 420, www.420.si has no obligation to store the Merchant’s Data after termination of the contractual relationship with FOREVER 420, www.420.si and deletion of the Merchant’s account.
9.2. At the choice of the Merchant, FOREVER 420, www.420.si will delete or return all the Data to the Merchant after the end of the contractual relationship relating to the processing of Data and shall delete existing copies, unless applicable law requires the Merchant to store such Data.
FOREVER 420, www.420.si reserves the right, at its discretion, to modify these Terms at any time. The Merchant shall be responsible for reviewing and becoming familiar with any such modifications. Use of the Service by the Merchant following such notification constitutes the Merchant’s acceptance of the changes in these Terms.