§ LEGALPrivacy

Privacy Policy.

Last updated: 6 May 2026 · Version 1.0

This privacy notice explains how Prime Print Co ("we", "us", "our") collects, uses, and protects personal data when you visit our website, contact us for a quote, or place an order. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The short version: We collect the contact and project details you give us so we can quote and produce your order. Your artwork is stored privately and only accessible by our studio. We don't sell your data, we don't track you across the web, and we delete records you no longer want us to hold.

1. Who we are

Prime Print Co is a custom apparel printing business based in London, United Kingdom. For the purposes of UK GDPR, we are the data controller of any personal data you provide through this website.

Studio address: Unit G15 Regents Studio, 1 Thane Villas, London N7 7PH
Email: hello@primeprintco.co.uk

If you have any questions about this policy or how we handle your data, contact us using the details above.

2. What data we collect

When you submit a quote request through our website, we collect:

  • Identity and contact details — your name, company or brand name (optional), email address, phone number (optional)
  • Project information — the service you're requesting, quantity, deadline, and any project details you provide
  • Artwork files — any files you upload as part of your quote request (PNG, JPG, PDF, AI, PSD, SVG, ZIP)
  • Technical data — your IP address and browser user-agent string, recorded with each submission for security and abuse-prevention purposes

We do not knowingly collect data from anyone under the age of 16. If you are placing an order on behalf of a school, club, or organisation that includes minors, you confirm you have the authority to do so.

3. Why we collect it (lawful basis)

We process your personal data on the following lawful bases under UK GDPR Article 6:

  • To respond to your quote request and fulfil orders — this is necessary to take steps at your request prior to entering a contract, and subsequently to perform the contract once you place an order.
  • To send you transactional emails — quote confirmations, production updates, and dispatch notifications. These are necessary for performance of the contract.
  • To prevent fraud and abuse — we record IP addresses and user-agents under our legitimate interest in keeping the service secure.
  • To comply with our legal obligations — for example, retaining invoices for tax purposes.

We do not currently send marketing emails. If we introduce a newsletter or marketing communications in the future, we will only contact you on the basis of your explicit consent, and you'll be able to unsubscribe at any time.

4. Where your data is stored

Your data is stored in the following systems:

  • Supabase — our database and file storage provider. Data is held in EU-region servers (Ireland or Frankfurt). Supabase is our data processor and is bound by a Data Processing Agreement under UK GDPR. Read their privacy policy at supabase.com/privacy.
  • Resend — the service that sends our transactional emails (quote confirmations, studio notifications). Email content is processed transiently and not retained beyond standard operational logs. Read their privacy policy at resend.com/legal/privacy-policy.
  • Our internal email system — quote details and artwork download links are forwarded to our studio inbox so we can respond to you.

Where any processor transfers data outside the UK or EEA, that transfer is covered by a Standard Contractual Clauses (SCC) data protection agreement, providing equivalent protections.

5. How long we keep it

  • Quote requests that don't progress to an order — retained for up to 24 months to allow follow-up, then deleted.
  • Active customer records — retained for the duration of our working relationship plus 6 years after the final order, to comply with HMRC and contractual record-keeping requirements.
  • Uploaded artwork files — file download links shared with our studio expire after 30 days. Source files are retained for the duration of the active project plus 12 months, then deleted unless you ask us to keep them for repeat orders.
  • Technical security logs (IP, user-agent) — retained for up to 12 months.

6. Who we share data with

We do not sell your personal data. We share data only with:

  • Our processors listed in section 4 (Supabase, Resend), strictly to deliver the service.
  • Couriers (e.g. DPD, Royal Mail, same-day couriers) — when shipping orders, we share only the recipient name, address, and contact details necessary for delivery.
  • HMRC and our accountants, where required for tax and audit compliance.
  • Law enforcement, where we are legally compelled to do so by a valid court order or statutory request.

We do not share your data with advertisers or marketing networks.

7. Cookies and tracking

This website uses minimal browser storage:

  • Theme preference (pp-theme in localStorage) — remembers whether you chose dark or light mode. Set only by your interaction. Strictly necessary for the website to function as you expect.

We do not currently use Google Analytics, Meta Pixel, or any third-party tracking cookies. If we introduce analytics in future, we will update this notice and (where required) ask for your consent.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — ask us to delete your data, subject to our legal retention obligations.
  • Right to restrict processing — ask us to limit how we use your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, email us at hello@primeprintco.co.uk. We will respond within one calendar month.

9. Data security

We protect your data with appropriate technical and organisational measures, including:

  • Encrypted connections (HTTPS / TLS) for all data transmitted to and from this website.
  • Encryption at rest for files stored in Supabase Storage.
  • Access controls — only authorised studio staff can view quote details and artwork.
  • Honeypot anti-spam protection on our quote form to prevent automated abuse.
  • Regular software updates to our hosting and processing platforms.

No internet system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a personal data breach affecting your data, we will notify you and the Information Commissioner's Office (ICO) where required by law.

10. Changes to this policy

We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. For material changes, we will notify active customers by email.

11. How to complain

If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk

We'd appreciate the chance to address any concerns first — please contact us at hello@primeprintco.co.uk before going to the ICO.