Last Updated: March 12, 2026
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (the “Controller”) and Event Print Designer (the “Processor”) and outlines our commitment to data protection and compliance with applicable data protection laws, including GDPR, CCPA, and other privacy regulations.
2. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person
- Processing: Any operation performed on Personal Data, including collection, storage, use, and deletion
- Data Subject: The individual to whom Personal Data relates
- Controller: The entity that determines the purposes and means of processing Personal Data
- Processor: The entity that processes Personal Data on behalf of the Controller
- Sub-processor: Any third party engaged by the Processor to process Personal Data
3. Scope and Purpose of Processing
Event Print Designer processes Personal Data on behalf of the Controller for the following purposes:
- Providing design software and printing services
- Managing event galleries and photo sharing
- Processing print orders and payments
- Enabling facial recognition features (with consent)
- Providing customer support
- Improving and maintaining the platform
4. Categories of Data Processed
- Identity data (name, email, user ID)
- Contact information (email, phone number)
- Visual data (photos, images)
- Biometric data (facial recognition markers, where consent is given)
- Transaction data (order history, payment information)
- Technical data (IP address, device information, browser type)
- Usage data (how services are used)
5. Categories of Data Subjects
- Account holders (event organizers, business users)
- Event attendees (photo subjects)
- Website visitors
- Customer support contacts
6. Processor Obligations
Event Print Designer agrees to:
- Process Personal Data only on documented instructions from the Controller
- Ensure persons authorized to process Personal Data are under confidentiality obligations
- Implement appropriate technical and organizational security measures
- Engage Sub-processors only with prior written consent
- Assist the Controller in responding to Data Subject requests
- Assist the Controller in ensuring compliance with data protection obligations
- Delete or return Personal Data upon termination of services (as instructed)
- Make available all information necessary to demonstrate compliance
7. Security Measures
We implement industry-standard security measures, including:
- Encryption of data in transit and at rest
- Regular security assessments and vulnerability testing
- Access controls and authentication mechanisms
- Regular backups and disaster recovery procedures
- Employee training on data protection
- Secure software development practices
- Incident response and breach notification procedures
8. Sub-processors
We may engage the following categories of Sub-processors:
- Cloud infrastructure providers (hosting, storage)
- AI image generation providers
- Payment processors
- Email service providers
- Analytics and monitoring services
- Print fulfilment partners
We will inform you of any intended changes concerning the addition or replacement of Sub-processors, giving you the opportunity to object to such changes.
9. International Data Transfers
Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA) or your jurisdiction. Where such transfers occur, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure adequate protection of Personal Data.
10. Data Subject Rights
We will assist you in fulfilling your obligations to respond to Data Subject requests, including:
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling
11. Data Breach Notification
In the event of a Personal Data breach, we will notify you without undue delay and within 72 hours of becoming aware of the breach. The notification will include all relevant information about the nature of the breach, affected data, potential consequences, and measures taken or proposed to address the breach.
12. Data Retention and Deletion
Personal Data is retained for the duration necessary to fulfill the purposes outlined in this DPA or as required by law. Upon termination of services or at your request, we will delete or return all Personal Data, unless retention is required by applicable law. Event gallery data is retained for 2 years, after which it is deleted or anonymized.
13. Audits and Inspections
We will make available to you all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by you or an auditor mandated by you, subject to reasonable notice and confidentiality obligations.
14. Term and Termination
This DPA remains in effect for the duration of our provision of services. Upon termination, we will cease processing Personal Data and will delete or return all Personal Data in accordance with your instructions, unless retention is required by law.
15. Liability and Indemnification
Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service. We will indemnify you against any losses arising from our breach of this DPA, subject to the limitations in the Terms of Service.
16. Governing Law
This DPA is governed by the same law that governs the Terms of Service. Any disputes arising from this DPA shall be resolved in accordance with the dispute resolution provisions of the Terms of Service.
17. Contact Information
For questions about this Data Processing Agreement or to exercise data protection rights, please contact our Data Protection Officer:
Email: info@eventprintdesigner.com