1. Capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Agreement.
2. “Agreement” means the Terms of Service entered into by Shaped Pixel and the Merchant regarding the use of Shaped Pixel’s Service.
3. “Data Subject”, “Controller”, “Processor”, “Supervisory Authority” and “Processes” have the meanings given in the GDPR.
4. “Data Protection Laws” means (a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and any applicable national implementing or supplementing laws including the UK Data Protection Act 2018 (where applicable); (b) the e-Privacy Directive 2002/58/EC and any applicable national implementing laws; and (c) the e-Privacy Regulation 2017/003 (once it takes effect); in each case as amended, consolidated, re-enacted or replaced from time to time.
5. “Merchant” means any person, be it legal entity or natural person, that uses Shaped Pixel’s Service to execute orders and/ or deliver its products to recipients, including the Merchant’s customers.
6. “Model Clauses” means the Standard Contractual Clauses (Controller to Processor) as set out in the Commission Decision of 5 February 2010 (C (2010) 593), as amended, updated or replaced from time to time.
7. “Parties” means Shaped Pixel and the Merchant.
8. “Personal Data” means Personal Data that is subject to the GDPR and any national legislation implementing the GDPR including the UK Data Protection Act 2018 (where applicable), including Personal Data of Merchants of Shaped Pixel who are offered goods and services in the EEA and the UK (the “GDPR Countries”);
9. “Privacy Shield Program” means the EU-US and Swiss-US Privacy Shield Frameworks as designed by the US Department of Commerce and approved by the European Commission and Swiss Administration (respectively) as providing adequate protection regarding the collection, use, and retention of personal information transferred from the EU, the UK and/or Switzerland (as applicable) to the United States.
10. “Service” means print-on-demand services offered by Shaped Pixel to Merchants including printing for personal use or outsourcing the printing and delivering of products to Merchant’s customers, as well as branding, warehousing and fulfillment, design, merchandising, and other services that Shaped Pixel may provide in accordance with the requirements of the Merchant.
11. “Third Countries” means all countries outside of the European Economic Area (“EEA”), excluding countries approved as providing adequate protection for Personal Data by the European Commission from time to time, which at the date of this Agreement include Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Japan, Jersey, New Zealand, Switzerland and Uruguay.

1. These Terms govern the relationship between Shaped Pixel and the Merchant in respect of any processing of Personal Data by Shaped Pixel on behalf of the Merchant.
2. To the extent that Shaped Pixel Processes Personal Data on behalf of the Merchant, the Merchant is the Controller and Shaped Pixel is the Processor, only processing this Personal Data on behalf of the Merchant.
3. The Merchant hereby appoints and instructs Shaped Pixel to process the Personal Data as prescribed by these Terms, including with regard to the transfer of Personal Data to a Third Country or international organisation.

3.1 To the extent that Shaped Pixel Processes Personal Data on behalf of the Merchant, the following Processing details apply:
1. Categories of Data Subjects. Merchant’s customers (end users of Shaped Pixel’s Services) and Merchant’s potential customers or other end users of Shaped Pixel’s Services, whose personal data Merchant has authorized Shaped Pixel to Process.
2. Type of Personal Data. Personal Data relating to the Merchant’s customers and any Personal Data in the Merchant’s printing content (where applicable) and Personal Data revealed during the use of any Shaped Pixel Services, including name, email address, phone number, shipping address and other information about the Merchant’s customers.
3. Nature and purpose of processing. Shaped Pixel processes Data in accordance with these Terms in order to provide the Merchant with the Service and otherwise ensure fulfilment of the obligations set out in the Agreement between the Merchant and Shaped Pixel to the extent this involves the processing of Personal Data. Shaped Pixel only has access to the Personal Data that has been provided by the Merchant and uses such Personal Data in accordance with the Merchant’s instructions as set out in these Terms.
4. Duration of processing. Data will be processed for the duration of the Agreement.

1. The Merchant warrants that it has complied and continues to comply with the Data Protection Laws, including those as set out in Clause 4(b).
2. The Merchant confirms that the Personal Data transferred to Shaped Pixel has been collected by the Merchant on a valid lawful basis and Merchant has obtained any necessary consents or given any necessary notices as prescribed by the Data Protection Laws, and that the Merchant is entitled to provide the Personal Data to Shaped Pixel.
3. The Merchant confirms that these Terms contain sufficient instructions to Shaped Pixel regarding the processing of Personal Data, as well as the scope and purposes thereof.
4. If reasonably necessary, the Merchant may provide Shaped Pixel with additional instructions regarding the processing of Personal Data other than those prescribed by these Terms. Such additional instructions must be reasonable for Shaped Pixel to carry out, properly documented and in compliance with the Data Protection Laws and must also be accepted by Shaped Pixel.
5. The Merchant shall be responsible for the accuracy of the Personal Data and keeping it up to date and shall inform Shaped Pixel in case of any changes in the Personal Data.
6. Shaped Pixel shall not be liable for any claims or complaints from Data Subjects regarding any action taken by Shaped Pixel as a result of acting in accordance with instructions received from the Merchant. Further, the Merchant agrees that it will indemnify and hold harmless Shaped Pixel on demand from and against all claims, liabilities, costs, expenses, loss or damage (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) incurred by Shaped Pixel arising directly or indirectly from a breach of this Clause 4.

1. Shaped Pixel shall only process the Personal Data on behalf of the Merchant and shall always follow the Merchant’s instructions prescribed by these Terms, or as otherwise provided to Shaped Pixel in writing in accordance with Clause 4(e); if Shaped Pixel cannot provide such compliance for whatever reason (including if the instruction violates the Data Protection Laws), it agrees to inform the Merchant of its inability to comply as soon as reasonably practicable.
2. Shaped Pixel has implemented appropriate technical and organizational measures specified in Schedule 1 (Technical and Organisation Security Measures) of these Terms and shall continue to comply with them during the term of these Terms and the Agreement.
3. Shaped Pixel monitors and ensures that all of Shaped Pixel’s authorized personnel involved in the Processing of Data under these Terms have committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality.
4. Further obligations of Shaped Pixel are set out in Clauses 6 to 9.

All the information you provide may be transferred or accessed by our parent company in the United States our affiliate companies and subsidiaries in other countries, such as Latvia and Spain, and our Third Party Service Providers (as described above) for the provision of our Services as described in this Privacy Policy. When we transfer your information globally, we take necessary measures to ensure adequate protection of your information, including where required by applicable law entering into the European Commission’s Model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses), or transferring to a recipient certified to EU-US Privacy Shield of the US Department of Commerce.

1. For Shaped Pixel to be able to meet its obligations prescribed by the Agreement and to administer and provide the Service, the Merchant hereby grants Shaped Pixel general written authorization to engage sub-processors. Merchant can obtain the list of current sub-processors engaged by Shaped Pixel by entering the registered account email address in the section below. The list will include the identities of sub-processors, provided services and country of location.
2. Merchant will be notified about the appointment or any intended changes concerning the addition or replacement of Shaped Pixel’s sub-processors in this section of Shaped Pixel’s website. This notification will appear 10 (ten) days prior to the engagement of the sub-processor. During this period the Merchant can object to the appointment or replacement of the sub-processor by sending a written notice to privacy@Shaped Pixel.com, providing reasonable grounds for objection (for example, in case of possible infringement of Data Protection Laws). If Merchant does not object, Shaped Pixel may proceed with the appointment or replacement.
3. Shaped Pixel hereby confirms that its sub-processors are contractually or otherwise in a binding form required to comply with data processing obligations which are no less onerous on the relevant sub-processor than the obligations on Shaped Pixel as prescribed by these Terms.
4. Where Shaped Pixel processes, accesses, and/or stores Personal Data in any Third Country, Shaped Pixel shall:
1. comply with the data importer’s obligations set out in the Model Clauses, which are hereby incorporated into and form part of these Terms with the processing details set out in Clause 3 (Details of Processing) and the technical and organisational security measures set out in Schedule 1 (Technical and Organisational Security Measures) applying for the purposes of Appendix 1 and Appendix 2, respectively, of the Model Clauses, and the Merchant will comply with the Data Exporter’s obligations in the Model Clauses; and
2. The Merchant acknowledges and agrees that Shaped Pixel may appoint an affiliate or third-party subcontractor to Process the Merchant’s Personal Data in a Third Country, provided that it ensures that such Processing takes place in accordance with the requirements of the Data Protection Laws. The Parties agree that Personal Data may be transferred to an affiliate or third-party subcontractor that is certified to process such data under the Privacy Shield Program. Alternatively, the Merchant grants Shaped Pixel a mandate to execute the Model Clauses with the processing details set out in Clause 3 (Details of Processing) and the technical and organisational security measures set out in Schedule 1 (Technical and Organisational Security Measures) applying for the purposes of Appendix 1 and Appendix 2, respectively, of the Model Clauses, with any relevant subcontractor or affiliates it appoints on behalf of the Merchant.

1. Upon the Merchant’s written request, Shaped Pixel shall provide sufficient information to demonstrate compliance with the obligations laid down in these Terms and Data Protection Laws. This information shall be provided to the extent that such information is within Shaped Pixel’s control and Shaped Pixel is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
2. If information provided upon the Merchant’s request in the Merchant’s reasonable judgement is not sufficient to confirm Shaped Pixel’s compliance with these Terms, then Shaped Pixel agrees to allow for and contribute to data processing audits.
3. Such audits are allowed to be carried out by an independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Merchant and Shaped Pixel.
4. The timing and other practicalities related to any such audit or inspection are determined by Shaped Pixel, and any such information and assistance are provided only at the expense of the Merchant. Shaped Pixel reserves the right to charge the Merchant for any additional work or other costs incurred in connection with such audits. The Merchant may request such audit no more than once every 2 years.
5. The auditor will have to sign a confidentiality agreement, which includes an obligation

At the choice of the Merchant, Shaped Pixel will delete or return all Personal Data to the Merchant after the end of the Agreement, and shall delete existing copies, unless an applicable law requires Shaped Pixel to store such Personal Data.

These Terms are governed by the laws of the Republic of Latvia and are subject to the dispute resolution procedure as prescribed by the Agreement.

Shaped Pixel reserves the right, at its discretion, to modify these Terms. In case of material changes, Shaped Pixel will notify the Merchant in writing, giving the Merchant the right to terminate the Agreement.
Schedule 1
Technical and Organisational Security Measures
Shaped Pixel shall take, among others, the following technical and organizational measures to ensure physical security of Personal Data and control system entry, access, transfer, input, availability and separation of Personal Data:
1. to establish the identity of the authorized persons and prevent unauthorized access to Shaped Pixel’s premises and facilities in which the Personal Data are processed:
 All entrances are secured or locked and can only be accessed with the appropriate key / chip card / internal digital keys;
 Premises are protected by an alarm system;
 All visitors are required to identify themselves and are signed-in by authorized staff;
 Video monitoring of premises;
 Visitors are accompanied by Shaped Pixel’s personnel at all times;
 Trained security guards are stationed in and around the building 24/7,
2. to prevent unauthorized access to the data processing systems:
 Use of state-of-the-art anti-virus software that includes e-mail filtering and malware detection;
 Use of firewalls;
 During idle times, user and administrator PCs are locked;
 Users are required to setup complex passwords and 2FA in all systems as possible;
 Concept of least privilege, allowing only the necessary access for users to accomplish their job function. Access above these least privileges requires appropriate authorization;
 Starter, mover & leaver housekeeping processes in place which covers access rights depends on job duties;
 RSA/ed25519 2-factor authentication in place for most critical remote connections;
 Vulnerability scanning and remediation in place;
 Data centre and website penetration testing programme in place.
3. to prevent unauthorized activities in the data processing systems outside the scope of any granted authorizations:
 User and administrator access to the network is based on a groupe-based/ role-based access rights model. There is an authorization concept in place that grants access rights to data only on a “need to know” basis;
 Administration of user rights through system administrators or system owners;
 IT governance & controls audits undertaken regularly by external 3rd party;
 Internal control audits undertaken regularly.
4. to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons under their electronic transmission or during their transport or recording on data carriers and to guarantee that it is possible to examine and establish where personal data are or have had to be transmitted by data transmission equipment.