Skip to main content

Data processing addendum

Version: 1.0. Effective from 1 May 2026.

This Data Processing Addendum forms part of the Terms of Use between Prodigi and the Merchant. It applies where Prodigi processes Merchant Customer Data as processor on behalf of the Merchant.

1. Definitions

1.1 In this Addendum:

"Addendum" means this Data Processing Addendum.

"Data Protection Laws" means all laws and regulations relating to privacy, data protection and the processing of Personal Data that apply to the relevant party, including where applicable the UK GDPR, the Data Protection Act 2018, the EU GDPR and the Privacy and Electronic Communications Regulations.

"Merchant Customer Data" means Personal Data submitted to the Services by or on behalf of the Merchant, or otherwise processed by Prodigi on behalf of the Merchant, for the purpose of providing the Services to the Merchant, including Personal Data relating to the Merchant's customers, recipients and order recipients.

"Restricted Transfer" means a transfer of Personal Data to a country or recipient where such transfer is restricted under applicable Data Protection Laws unless appropriate safeguards are in place.

"Services" means the Prodigi services used by the Merchant, including platform, API, dashboard, manual order, bulk import, production, fulfilment, shipping, support and related services.

"SCCs" means the applicable standard contractual clauses approved under Data Protection Laws for the relevant Restricted Transfer.

1.2 The terms "controller", "processor", "process", "processing", "Personal Data", "personal data breach", "special category data" and "subprocessor" have the meanings given to them in applicable Data Protection Laws.

2. Scope and roles

2.1 This Addendum applies where Prodigi processes Merchant Customer Data as processor on behalf of the Merchant.

2.2 The Merchant is controller of Merchant Customer Data. Prodigi is processor of Merchant Customer Data when processing it on behalf of the Merchant for the purpose of providing the Services.

2.3 Prodigi may process some Personal Data as controller, including Merchant account data, billing data, platform security data, fraud prevention data, support data, marketing data, website visitor data, recruitment data and corporate administration data. Such processing is described in Prodigi's Privacy & Cookie Policy and is not governed by this Addendum except to the extent required by applicable Data Protection Laws.

3. Processing details

3.1 The subject matter, duration, nature and purpose of the processing, the categories of Personal Data and categories of data subjects are set out in Schedule 1.

3.2 The Merchant acknowledges that Prodigi operates a distributed fulfilment network. In order to provide the Services, Prodigi may process Merchant Customer Data in multiple countries and may disclose limited fulfilment data to group companies, production partners, fulfilment partners, logistics providers, technology providers and other service providers as described in this Addendum.

3.3 Merchant Customer Data is typically limited to recipient name, delivery address, contact details where supplied or required, order details, product configuration, image and artwork files, support information and technical information required to provide, secure and support the Services.

4. Merchant obligations

4.1 The Merchant must ensure that it has a lawful basis to collect, use and provide Merchant Customer Data to Prodigi for processing under this Addendum.

4.2 The Merchant is responsible for providing any required privacy notices to its customers and recipients.

4.3 The Merchant is responsible for ensuring that all Content, image files, artwork files and other materials submitted to the Services may lawfully be submitted to Prodigi for production and fulfilment.

4.4 Prodigi does not require the Merchant to submit special category data. To the extent Content contains Personal Data or special category data, the Merchant remains responsible for ensuring that the Content is submitted lawfully and that appropriate conditions for processing have been met.

4.5 The Merchant must not submit Personal Data to the Services that is not reasonably necessary for use of the Services.

5. Processing instructions

5.1 The Merchant instructs Prodigi to process Merchant Customer Data as reasonably necessary to provide the Services, including:

  • receiving and validating orders;
  • routing orders to production locations;
  • manufacturing products;
  • dispatching and delivering orders;
  • managing reprints, returns and support issues;
  • quality control and production troubleshooting;
  • fraud prevention, misuse prevention and platform security;
  • maintaining records required for legal, tax, accounting, dispute and compliance purposes;
  • complying with applicable law;
  • otherwise operating, maintaining and improving the Services.

5.2 The Merchant's documented instructions include this Addendum, the Terms of Use, the Merchant's use of the Services, orders submitted through the Services, API calls, dashboard actions, integration settings, support requests and other written instructions agreed by Prodigi.

5.3 Prodigi will process Merchant Customer Data only on the Merchant's documented instructions unless required to do otherwise by applicable law. Where law requires Prodigi to process Merchant Customer Data other than in accordance with the Merchant's instructions, Prodigi will inform the Merchant unless prohibited by law.

5.4 Prodigi may refuse or suspend any instruction that Prodigi reasonably considers to be unlawful, technically unsafe, operationally impracticable or inconsistent with the Services.

6. Confidentiality

6.1 Prodigi will ensure that persons authorised to process Merchant Customer Data are subject to appropriate confidentiality obligations.

6.2 Prodigi will limit access to Merchant Customer Data to personnel, contractors, group companies and subprocessors who require access for the purpose of providing, securing or supporting the Services.

7. Security measures

7.1 Prodigi will implement appropriate technical and organisational measures designed to protect Merchant Customer Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

7.2 The technical and organisational measures are summarised in Schedule 2.

7.3 The Merchant acknowledges that the Services are standardised platform services and that the security measures must be assessed in light of the nature of the processing, the limited fulfilment data processed, the state of the art, implementation costs and the risks presented by the processing.

8. Subprocessors and fulfilment network

8.1 The Merchant gives Prodigi general written authorisation to appoint subprocessors to process Merchant Customer Data where required to provide, secure, support or improve the Services.

8.2 Subprocessors may include Prodigi group companies, hosting and infrastructure providers, software and technology providers, support tools, payment and fraud prevention providers, production and fulfilment partners, logistics providers and other service providers.

8.3 Prodigi may disclose limited fulfilment data to production partners, fulfilment partners and logistics providers to the extent necessary to produce and deliver orders. Such data is typically limited to recipient name, delivery address, contact details where required, order details, product configuration and the image or artwork file required to manufacture the product.

8.4 Prodigi will maintain a Subprocessor and Fulfilment Network Notice describing the categories of subprocessors and fulfilment recipients used to provide the Services.

8.5 Prodigi will impose data protection obligations on subprocessors that are designed to provide an appropriate level of protection for Merchant Customer Data, taking account of the nature of the processing and the role performed by the subprocessor.

8.6 Prodigi remains responsible to the Merchant for the performance of its obligations under this Addendum where such performance is carried out by a subprocessor engaged by Prodigi.

8.7 Prodigi may update its subprocessors and fulfilment network from time to time. Where required by applicable Data Protection Laws, Prodigi will provide notice of material changes to subprocessors. Notice may be given by updating the Subprocessor and Fulfilment Network Notice, by email, through the dashboard or by another reasonable method.

8.8 The Merchant may object to a material new subprocessor on reasonable data protection grounds by notifying Prodigi within 30 days of the relevant notice. The objection must explain the specific data protection concern.

8.9 If the Merchant objects under clause 8.8, Prodigi may, at its discretion:

  • provide information to address the objection;
  • take reasonable steps to mitigate the concern;
  • avoid use of the relevant subprocessor for the Merchant where technically and commercially feasible;
  • allow the Merchant to stop using the affected Services;
  • terminate the affected Services.

8.10 An objection by one Merchant does not prevent Prodigi from using the relevant subprocessor for other merchants or from operating the Services for other customers.

8.11 Nothing in this Addendum requires Prodigi to disclose commercially sensitive details of its fulfilment network, production routing, operational processes, security architecture or supplier arrangements beyond what is required by applicable Data Protection Laws.

9. Data subject rights

9.1 Taking into account the nature of the processing, Prodigi will provide reasonable assistance to the Merchant in responding to requests from data subjects exercising their rights under Data Protection Laws.

9.2 If Prodigi receives a request directly from a Merchant customer or recipient in relation to Merchant Customer Data, Prodigi may refer the individual to the Merchant unless Prodigi is legally required to respond directly.

9.3 The Merchant is responsible for determining whether and how to respond to data subject requests relating to Merchant Customer Data.

10. Assistance with compliance

10.1 Taking into account the nature of the processing and the information available to Prodigi, Prodigi will provide reasonable assistance to the Merchant with the Merchant's obligations relating to security, personal data breach notification, data protection impact assessments and prior consultation with supervisory authorities, where such assistance relates to Prodigi's processing of Merchant Customer Data.

10.2 Prodigi may charge a reasonable fee for assistance that is not required by this Addendum, is excessive, is repetitive, requires substantial manual effort or arises from the Merchant's failure to use the Services appropriately.

11. Personal data breaches

11.1 Prodigi will notify the Merchant without undue delay after becoming aware of a personal data breach affecting Merchant Customer Data.

11.2 The notification will include information reasonably available to Prodigi at the time, which may include:

  • the nature of the breach;
  • the categories and approximate number of data subjects affected;
  • the categories and approximate volume of data affected;
  • likely consequences where known;
  • measures taken or proposed to address the breach;
  • contact details for further information.

11.3 Prodigi may provide information in phases as its investigation progresses.

11.4 The Merchant is responsible for determining whether it must notify any supervisory authority, customer, recipient or other person, unless Prodigi is separately required by law to make such notification.

12. Deletion and return

12.1 On termination of the Services, Prodigi will delete or return Merchant Customer Data in accordance with the Terms of Use, the Merchant's dashboard options, this Addendum and Prodigi's retention processes.

12.2 Prodigi may retain Merchant Customer Data where and for so long as reasonably required for legal, tax, accounting, audit, fraud prevention, security, dispute, chargeback, warranty, product quality, reprint, insurance or compliance purposes.

12.3 Prodigi's retention approach distinguishes between the following categories of data:

  • 12.3.1 Production image and artwork files are retained for the period reasonably required for production, quality control, reprints and support, and are then deleted or rendered inaccessible in accordance with Prodigi's retention processes.
  • 12.3.2 Order and shipping records are retained for the period required for customer service, dispute handling, chargebacks, warranty, statutory record keeping and tax.
  • 12.3.3 Invoices and payment records are retained for the period required by applicable accounting and tax laws.
  • 12.3.4 Support tickets and related correspondence are retained for the period required for customer service continuity, dispute handling and quality assurance.
  • 12.3.5 Operational, security and platform logs are retained for the period required for security, troubleshooting, fraud prevention and audit purposes.
  • 12.3.6 Backups are retained in accordance with Prodigi's standard backup cycles and overwritten on those cycles.

12.4 Merchant Customer Data retained in backups, archives and logs is protected from active processing and deleted in accordance with Prodigi's normal deletion cycles, unless earlier deletion is technically and operationally feasible.

12.5 Prodigi is not required to delete order records, invoices, production records, support records or other data that Prodigi is required or permitted to retain under applicable law or for legitimate compliance, security or dispute-resolution purposes.

13. Audit and information rights

13.1 Prodigi will make available information reasonably necessary to demonstrate compliance with this Addendum.

13.2 The primary method for demonstrating compliance will be through Prodigi's published policies, security summaries, technical and organisational measures, subprocessor information, written responses, audit summaries or security questionnaires.

13.3 The Merchant may request further information where reasonably required to verify Prodigi's compliance with this Addendum. Prodigi may decline requests that are irrelevant, disproportionate, repetitive, commercially sensitive, security-sensitive or not required by applicable Data Protection Laws.

13.4 Any audit, inspection or review must be subject to reasonable prior notice, confidentiality obligations, reasonable scope limits, security requirements and controls to avoid disruption to Prodigi's business and other merchants.

13.5 On-site audits are not available for standard self-serve accounts unless required by applicable law and cannot be reasonably satisfied through documentation or written responses.

13.6 The Merchant is responsible for its own costs of any audit or review. Prodigi may charge a reasonable fee for assistance with audits or reviews that exceed standard documentation and questionnaire responses.

14. International transfers

14.1 The Merchant acknowledges that Prodigi provides global services and may process Merchant Customer Data in, or transfer Merchant Customer Data to, countries in which Prodigi, its group companies, fulfilment partners, logistics providers, technology providers and other service providers operate.

14.2 Where a Restricted Transfer requires appropriate safeguards, Prodigi will use appropriate transfer mechanisms as required by Data Protection Laws. These may include an adequacy decision, the EU SCCs, the UK International Data Transfer Addendum, the UK International Data Transfer Agreement or another lawful transfer mechanism.

14.3 Where the EU SCCs are required, they are incorporated into this Addendum by reference and apply as follows: Module Two applies where the Merchant is controller and Prodigi is processor; Module Three applies where Prodigi appoints a subprocessor for a Restricted Transfer; Annex I (Description of transfer) is completed by Schedule 1 of this Addendum; Annex II (Technical and organisational measures) is completed by Schedule 2 of this Addendum; and Annex III (Subprocessors) is completed by the Subprocessor and Fulfilment Network Notice.

14.4 Where the UK International Data Transfer Addendum to the EU SCCs is required, it is incorporated into this Addendum by reference and applies to the relevant EU SCCs. Where the UK International Data Transfer Agreement applies in place of the UK Addendum, the parameters of this Addendum apply to the corresponding sections of that instrument.

14.5 The Merchant authorises Prodigi to enter into applicable transfer mechanisms with relevant subprocessors and recipients on behalf of the Merchant where required to provide the Services.

14.6 The Merchant acknowledges that international transfers may be necessary to route orders to fulfilment locations, produce products, deliver products, provide support, maintain platform infrastructure and operate the Services.

15. Liability

15.1 This Addendum forms part of the Terms of Use. The limitations and exclusions of liability in the Terms of Use apply to this Addendum unless expressly stated otherwise in a separately agreed written contract.

15.2 Nothing in this Addendum limits or excludes liability to the extent that such liability cannot be limited or excluded under applicable law.

16. Changes to this Addendum

16.1 Prodigi may update this Addendum from time to time in accordance with the Terms of Use.

16.2 Prodigi will not materially reduce the level of protection for Merchant Customer Data under this Addendum without giving reasonable notice where required by applicable law.

17. Conflict

17.1 If there is a conflict between this Addendum and the Terms of Use in relation to the processing of Merchant Customer Data as processor, this Addendum will prevail to the extent of that conflict.

17.2 If the Merchant has entered into a separately signed written agreement with Prodigi that expressly governs data processing, that agreement will prevail to the extent stated in that agreement.

Schedule 1: Processing details

Field Details
Subject matter Provision of print-on-demand platform, production, fulfilment, shipping, support and related services.
Duration For the term of the Merchant's use of the Services and any applicable retention period.
Nature of processing Collection, receipt, storage, hosting, organisation, retrieval, transmission, disclosure, production use, quality control, support, deletion and other processing required to provide the Services.
Purpose of processing Receiving orders, validating orders, routing orders, manufacturing products, dispatching and delivering orders, managing reprints, handling support requests, fraud prevention, platform security, legal compliance, billing support, service operation and service improvement.
Data subjects Merchant customers, order recipients, Merchants, authorised users, support contacts and individuals identifiable from submitted Content.
Personal Data categories Recipient name, delivery address, billing address where supplied, email address, phone number, order details, product configuration, image files, artwork files, support records, order references, shipping and tracking information, IP address, device information and technical logs where applicable.
Special category data Not required by Prodigi. May be present incidentally in image files, artwork files or other Content submitted by the Merchant or its customers. The Merchant remains responsible for ensuring lawful submission.
Processing locations United Kingdom, EEA, United States, Australia and other countries in which Prodigi, group companies, fulfilment partners, logistics providers, technology providers or other service providers operate.
Subprocessor categories Group companies, cloud hosting providers, technology providers, support tools, production partners, fulfilment partners, logistics providers, payment and fraud providers and professional advisers.

Schedule 2: Technical and organisational measures

Prodigi maintains technical and organisational measures appropriate to the nature of the Services and the Merchant Customer Data processed. These measures may include the following.

1. Access control

  • Access to systems containing Merchant Customer Data is restricted to authorised personnel.
  • Access rights are granted on a role-based and least-privilege basis, with reference to business need.
  • Access rights are reviewed periodically and revoked promptly when no longer required, including on role change and on departure from the Group.
  • Administrative access is restricted to personnel who require it and is subject to additional controls.

2. Authentication

  • User accounts are protected by authentication controls.
  • Multi-factor authentication is applied to administrative accounts and to remote access to production systems.
  • Password and account controls are applied to relevant systems.

3. Confidentiality

  • Personnel authorised to process Personal Data are subject to confidentiality obligations.
  • Contractors and service providers are subject to contractual confidentiality obligations where appropriate.
  • Onboarding includes data protection and security awareness; offboarding includes prompt revocation of access.

4. Encryption and transmission

  • Data transmitted through the Services over public networks is protected using current industry-standard encryption in transit.
  • Production and support processes are designed to avoid unnecessary transmission of Merchant Customer Data.

5. Data minimisation

  • Prodigi limits fulfilment data disclosed to production and logistics partners to what is reasonably necessary to produce and deliver orders.
  • Production partners typically receive only recipient name, delivery address, order details and the image or artwork file required to manufacture the product.
  • Operational data flows are reviewed for opportunities to reduce the personal data shared with each recipient category.

6. Segregation and platform controls

  • Merchant accounts are logically separated through platform permissions and account controls.
  • Production workflows are designed to route only relevant order data to the relevant fulfilment location or provider.
  • Production, staging and corporate environments are separated.

7. Logging and monitoring

  • Production systems and administrative access are logged for security, operational, fraud prevention and troubleshooting purposes.
  • Logs are retained for operational and security purposes in accordance with Prodigi's retention practices.
  • Logs are reviewed and alerted on for anomalous or unauthorised activity.

8. Vulnerability and patch management

  • Production systems are subject to vulnerability management, including periodic vulnerability scanning and patching.
  • Identified vulnerabilities are triaged and remediated based on severity.

9. Incident response

  • Prodigi maintains processes for identifying, escalating, investigating and responding to security incidents and personal data breaches.
  • Incidents involving Merchant Customer Data are assessed to determine notification obligations.
  • The processes are tested and reviewed periodically.

10. Backup and resilience

  • Prodigi maintains backup and resilience processes appropriate to the Services.
  • Backup data is retained and deleted in accordance with applicable retention cycles.
  • Restoration of backups is tested periodically.

11. Supplier controls

  • Prodigi conducts onboarding diligence on subprocessors and fulfilment partners before engagement.
  • Prodigi uses contractual controls with relevant subprocessors and fulfilment partners requiring appropriate technical and organisational measures.
  • Prodigi requires subprocessors and fulfilment partners to use Personal Data only for the services they provide to Prodigi.
  • Supplier controls vary based on supplier category, risk and role.

12. Secure development and change control

  • Platform changes are managed through internal development and deployment processes.
  • Security and privacy considerations are taken into account in platform operation and development.
  • Changes to production are reviewed and authorised.

13. Physical and operational security

  • Prodigi-operated facilities use physical and operational controls appropriate to the facility and activity, including controlled access to production areas.
  • Production waste containing Merchant Customer Data, such as misprints or damaged products, is disposed of securely.
  • Partner facilities are required to maintain controls appropriate to their production and fulfilment role.

Schedule 3: Subprocessor and Fulfilment Network Notice

1. Purpose

Prodigi operates a global print-on-demand platform and fulfilment network. To provide the Services, Prodigi uses group companies, technology providers, production partners, fulfilment partners, logistics providers and other service providers.

This notice describes the categories of recipients that may process or receive Merchant Customer Data.

2. Data disclosed for fulfilment

For production and delivery, Prodigi typically discloses only limited fulfilment data, such as:

  • recipient name;
  • delivery address;
  • contact details where required for delivery or support;
  • order details;
  • product configuration;
  • image or artwork file required to manufacture the product;
  • shipping and tracking information.

Prodigi does not sell Merchant Customer Data and does not use Merchant Customer Data to market directly to Merchant customers.

3. Recipient categories

Some recipients act as subprocessors to Prodigi, while others may act as independent controllers depending on their role, the service provided and applicable law. For example, shipping carriers, payment service providers, tax authorities and professional advisers typically act as independent controllers in respect of the personal data they process for their own purposes. The categories below describe both types of recipient where relevant.

Recipient category Purpose Typical data processed Typical locations
Prodigi group companies Platform operation, fulfilment, customer support, billing support, administration and group services. Merchant account data, order data, limited fulfilment data, support data and technical data. UK, EEA, US and other group locations.
Cloud hosting and infrastructure providers Hosting, storage, compute, networking, security and platform operation. Platform data, order data, image and artwork files, logs and technical data. UK, EEA, US and other service regions.
Software and technology providers Platform tools, monitoring, analytics, workflow tools, email, authentication and internal systems. Merchant account data, support data, order references, technical data and limited Merchant Customer Data where required. UK, EEA, US and other service regions.
Production and fulfilment partners Manufacturing, printing, finishing, packing, dispatch, quality control and reprints. Recipient name, delivery address, order details, product configuration, image or artwork file and shipping data. UK, EEA, US, Australia and other fulfilment regions.
Logistics, postal and carrier providers Delivery, shipping, tracking, customs, returns and delivery support. Recipient name, delivery address, contact details where required, shipment contents information, tracking data and customs data where required. Destination and transit countries.
Payment, billing and fraud providers Payment processing, billing, fraud prevention and financial administration. Merchant account data, payment information, transaction data, order references and fraud-prevention data. UK, EEA, US and other service regions.
Professional advisers and compliance providers Legal, accounting, audit, insurance, compliance and dispute handling. Relevant account, order, support or transaction data where required. UK, EEA and other relevant locations.

4. Fulfilment partners

Prodigi may use production and fulfilment partners to produce and dispatch orders. Fulfilment partners are provided with only the information reasonably necessary to produce and ship the relevant order.

In line with clause 8.11, Prodigi publishes recipient categories and typical processing locations rather than a public list of named production partners. Production routing changes over time, and partner identity, capacity, capability and routing logic form part of Prodigi's commercial and operational infrastructure. Where required by applicable Data Protection Laws, or where agreed under an enterprise agreement, further information about the production and fulfilment partners applicable to a Merchant's orders may be made available subject to confidentiality obligations and reasonable scope limits.

5. Updates

Prodigi updates this notice from time to time. The current version is published at prodigi.com/subprocessor-and-fulfilment-network-notice/. Material changes are notified in accordance with clause 8.7 of this Addendum.

6. Contact

Questions about this notice should be addressed to dpo@prodigi.com.