Privacy Policy

1.1. This Privacy Policy explains how Radix Catch, Lda, operating as WonderPrintLab.com ("WonderPrintLab.com", "we", "us", "our"), collects, uses, shares, protects, and otherwise processes your personal data when you use our website and services (the "Service").

1.2. We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in compliance with applicable data protection laws.

1.3. This policy aims to inform you about:

• Who is responsible for your data (the Data Controller).
• Our commitment to legal compliance (GDPR).
• What personal data we collect about you.
• The legal reasons (bases) why we process your data.
• How we use your personal data.
• How long we keep your data.
• How we keep your data secure.
• Who we share your data with.
• Whether we transfer your data internationally.
• Your rights regarding your personal data.
• Our use of cookies and tracking technologies.
• How to contact us about privacy matters.

1.4. Key Definitions (as per GDPR 15):

• Personal Data: Any information relating to an identified or identifiable natural person ('data subject').
• Processing: Any operation performed on personal data (e.g., collection, recording, storage, use, disclosure, erasure).
• Controller: The natural or legal person which determines the purposes and means of the processing of personal data.
• Processor: A natural or legal person which processes personal data on behalf of the controller.

2.1. The Data Controller responsible for the processing of your personal data collected through the Service is:

2.2. This identification is provided in accordance with the requirements of the General Data Protection Regulation (GDPR)

4.1. We collect various types of personal data depending on how you interact with our Service. This includes:

5.1. We only process your personal data when we have a valid legal basis under GDPR Article 6. The bases we rely on include:

a) Performance of a Contract (Art. 6(1)(b) GDPR): We process personal data necessary to fulfill our contractual obligations to you when you place an order. This includes processing your Account and Order Information, AI Generation Input Data (for generating your specific image), Payment Information, and related Communication Records to provide the Service, process payments, generate and print the image, ship the Product, and provide customer support related to your order.

b) Legitimate Interests (Art. 6(1)(f) GDPR): We process certain data based on our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

• Ensuring the security and integrity of our website and Service (processing Technical Data).
• Improving our Service and user experience through analysis of Usage Data (we ensure this is done in a way that respects user privacy, often using aggregated or pseudonymized data where possible).
• Responding to general inquiries and improving customer support (processing Communication Records not directly tied to fulfilling a specific contract).
• Preventing fraud.
• Potentially for sending marketing communications about similar products to existing customers under specific conditions allowed by the ePrivacy Directive (subject to your right to object/opt-out easily).

You have the right to object to processing based on legitimate interests (see Section 11).

c) Legal Obligation (Art. 6(1)(c) GDPR): We process personal data where necessary to comply with our legal obligations, such as maintaining financial records for tax purposes, complying with accounting rules, responding to lawful requests from authorities, or fulfilling product safety requirements.

d) Consent (Art. 6(1)(a) GDPR): We rely on your explicit consent for certain processing activities, particularly:

• Placing non-essential cookies and using tracking technologies for analytics and personalized advertising.
• Sending direct marketing emails or newsletters if you have specifically opted-in to receive them (and are not an existing customer receiving information about similar products).

Where we rely on consent, it must be freely given, specific, informed, and unambiguous. You have the right to withdraw your consent at any time.

6.1. We use the personal data we collect for the following specific purposes, linked to the legal bases described above:

a) To Provide and Fulfill the Service: Creating and managing your account (if applicable), processing your Input to generate the custom AI image, facilitating the printing and production of your Product, processing payments, arranging shipping and delivery (Basis: Contract).

b) To Communicate with You: Sending order confirmations, shipping updates, responding to your inquiries and support requests, providing information about the Service (Basis: Contract, Legitimate Interests). Sending marketing communications (Basis: Consent or Legitimate Interest, as applicable).

c) To Process Payments: Facilitating payment transactions via our third-party processors (Basis: Contract).

d) To Improve and Secure Our Service: Analyzing website usage to understand user behavior and improve functionality, monitoring for security threats, preventing fraud, troubleshooting technical issues (Basis: Legitimate Interests).

e) To Personalize Your Experience: Showing your order history, potentially remembering preferences (Basis: Contract, Legitimate Interests, Consent for certain cookies).

f) For Marketing and Advertising: Measuring the effectiveness of advertising campaigns, delivering targeted advertising on our site or third-party platforms like Google, Meta, and TikTok (subject to your consent for tracking technologies) (Basis: Consent, Legitimate Interests for certain analytics).

g) To Comply with Legal Obligations: Meeting requirements for financial record-keeping, tax reporting, responding to legal requests or court orders (Basis: Legal Obligation).

h) To Resolve Disputes: Handling complaints or legal claims related to the Service (Basis: Legitimate Interests, Legal Obligation).

7.1. We adhere to the principle of storage limitation under GDPR (Art 5(1)(e)) and retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7.2. The retention periods vary depending on the type of data and the purpose of processing:

a) Account Data: Retained for as long as your account remains active. If you close your account, we may retain some data for a limited period (e.g., 6 months) to handle residual issues or as required by law, after which it will be deleted or anonymized.

b) Order Data (including AI Input/Output linked to the order): Retained for the period necessary to fulfill the order, manage potential returns or defect claims under the legal guarantee (minimum 2 years from delivery in the EU), and comply with legal obligations (e.g., financial/tax records often require retention for 6-10 years depending on the EU Member State). While the underlying AI service provider may have shorter default retention for API logs, we may need to retain order-related data, potentially including records of the Input/Output, for longer periods to meet our own legal guarantee and record-keeping obligations. We will delete this data when it is no longer necessary for these defined purposes.

c) Communication Records: Retained for as long as necessary to resolve your query or support issue, and for a reasonable period thereafter (e.g., 1-3 years) for quality assurance, training, or potential legal defense purposes.

d) Technical and Usage Data: Often retained for shorter periods (e.g., IP logs for security might be kept for 6 months; aggregated/anonymized analytics data might be kept for 14-26 months) before being deleted or fully anonymized.

e) Cookie Data & Consent Records: Retention periods for cookies vary. Records of your cookie consent choices are retained for the period necessary to demonstrate compliance (often aligned with cookie duration or statutory limitation periods).

7.3. After the applicable retention period, personal data will be securely deleted or anonymized so that it can no longer be associated with you.

8.1. We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in accordance with GDPR Article 32.

8.2. These measures include, but are not limited to:

• Encryption: Encrypting personal data both in transit (e.g., using TLS/SSL for website connections) and at rest (e.g., database encryption).
• Access Controls: Implementing strict access controls to limit access to personal data to authorized personnel who need it for their job functions, based on the principle of least privilege.
• Secure Infrastructure: Utilizing reputable hosting providers and infrastructure with robust physical and network security measures.
• Secure Payment Processing: Using PCI-DSS compliant third-party payment processors for handling payment card data.
• Vendor Due Diligence: Selecting third-party service providers that provide sufficient guarantees regarding data protection and security, including reviewing their security certifications where applicable.
• Regular Assessments: Conducting periodic security assessments and vulnerability scanning.
• Data Minimization: Collecting and processing only the personal data necessary for the specified purposes.
• Staff Training: Providing data protection and security awareness training to our employees.
• Incident Response: Having procedures in place to detect, respond to, and report personal data breaches if they occur.

8.3. While we implement strong security measures, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

9.1. We do not sell your personal data. We only share your personal data with third parties in specific circumstances and based on a valid legal basis, ensuring compliance with GDPR.

Our key third-party sharing includes:

10.1. Your personal data may be transferred to, stored, and processed in countries outside of the European Union (EU) or European Economic Area (EEA), including the United States, where some of our service providers are located.

10.2. Such transfers only occur when appropriate safeguards are in place, including:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• EU-U.S. Data Privacy Framework (DPF)

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making
• Right to withdraw consent

To exercise these rights, please contact us at help@WonderPrintLab.com

Our website uses cookies and similar technologies for:

• Essential website functionality
• Analytics and performance monitoring
• Personalization
• Marketing and advertising (with consent)

You can manage your cookie preferences through your browser settings or our cookie consent manager.

We may update this policy periodically. Significant changes will be notified to you via email or website notice.

For privacy-related inquiries, contact us at:

Email: help@WonderPrintLab.com