PRIVACY POLICY

We appreciate your interest in the Redbubble Marketplace, available at www.redbubble.com or in the Redbubble Mobile App available in the Apple App Store or Google Play Store (collectively, the "Marketplace"). We respect your privacy. Therefore, we collect and process your personal data only in accordance with the relevant legal requirements. In no case do we rent or sell your personal data for marketing or other purposes.

This Privacy Policy explains the types of personal data we collect when you use the Marketplace and how we process it.

1. DATA CONTROLLER, DATA PROTECTION OFFICER AND REPRESENTATIVE IN THE EUROPEAN UNION (EU)

1.1 Redbubble Inc (111 Sutter St., 17th Floor, San Francisco, CA 94104, USA) and Redbubble Ltd (Level 12, 697 Collins St., Docklands, Victoria 3008, Australia); email legal@redbubble.com (hereinafter collectively "Redbubble", "we", "our", "us", etc.) are joint data controllers for the purposes of the European Union's General Data Protection Regulation (GDPR).

1.2 You can reach our Data Protection Officer at the following contact details: Data Protection Officer, DP DOCK DPO Services GmbH, Gut Projensdorf, 24161 Altenholz, Germany. Email redbubble@dp-officer.com.

1.3 Our representative in the European Union pursuant to Article 27 of the GDPR is Redbubble Europe GmbH, Stralauer Platz 33-34, 10243 Berlin, Germany. Email privacy@redbubble.com.

1.4 Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR). You can assert this right in Berlin at the supervisory authority responsible for us: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Germany. Email mailbox@datenschutz-berlin.de.

2. WHAT IS PERSONAL DATA

Personal data is all information that can be individually assigned to you either directly or indirectly. This includes, for example, your name, address, telephone number, cell phone number, fax number and email address. Non-personal data, on the other hand, is information of a general nature that cannot be used to determine your identity. This is, for example, the number of users of the Marketplace.

3. THE TYPES OF PERSONAL DATA WE COLLECT

You can generally visit the Marketplace without providing us with any information that directly identifies you. Please note, however, that you may not be able to use certain areas of the Marketplace or certain of the services we offer.

3.1. WEB SERVER LOGS (INCL. IP ADDRESSES)

When you visit and use the Marketplace, our web server automatically collects so-called access data out of technical necessity, which your terminal device automatically transmits. This log record may include the following information: your IP address, the date and time you are on the Marketplace, the pages you visit on the Marketplace, the name of the file you retrieve and the amount of data transferred, the message whether the retrieval was successful, the website you were on before (so-called referrer website), the browser you use (e.g. Microsoft Edge or Google Chrome), the operating system you use (e.g. Windows 10) as well as the domain name and address of your internet provider.

3.2. PERSONAL

(a) Otherwise, we collect personal data from you if you have voluntarily provided it to us in order to provide, operate and administer the Marketplace in accordance with our User Agreement (see www.redbubble.com/agreement) and to provide you with our services.

  • Specifically, we collect (a) your username and email address when you create a user account and register for the Marketplace; (b) your name, shipping address, phone number, email address, and bank or payment information when you order a product through the Marketplace; (c) your name, address, phone number, email address, bank information, and tax status or number when you sell products through the Marketplace; and (d) your email address when you fill out a form or send us an email. When we collect your personal data, we will inform you whether the provision of the respective personal data is required or merely optional, as well as about the possible consequences if you do not provide the respective information.

  • In addition, we collect personal data that you provide to us in connection with your visit to and use of the Marketplace and our services, e.g. your sales and order history, favorite and marked products on the Marketplace, your movements and executed actions on the Marketplace, as well as the content and details of your messages that you send and receive from other users via our BubbleMail service. Insofar as you use a so-called single sign-on function of a social network to log in to the Marketplace, we collect your personal data from the corresponding social network that you have made publicly available there.

(b) If you have given us your consent, we will also collect your email address as part of the registration process for our newsletter and other promotional messages.

4. HOW WE PROCESS YOUR PERSONAL DATA

4.1. We process your personal data in order to provide and operate the Marketplace in accordance with our User Agreement and to provide you with our services, in particular (a) for the processing and coordination of sales and orders on the Marketplace; (b) for the provision of a functional and accurately running Marketplace – within the range of what is technically possible and reasonable – by observing, monitoring and maintaining the performance of the Marketplace (in particular by identifying and appropriately resolving problems and errors); (c) for providing and maintaining means of communication with Redbubble Support via live chat, email, web forums, social media or telephone and for handling such communication accordingly; and (d) for providing and maintaining means of communicating or exchanging ideas with other users via message boards, chat rooms or interactive online forums or for submitting reviews for products offered on the Marketplace.

The legal basis for this is Article 6(1)(b) GDPR.

Please note with regard to the communication via message boards, chat rooms or interactive online forums explained in section 4.1(d) that if you post a comment on a message board or chat room, this information will be made available to the public in an online environment. Each comment posted is the sole responsibility of the individual user. If you use such an interactive area, you should always be aware that these areas, and therefore any personal information shared there, are publicly accessible. We cannot control how other visitors to the Marketplace use this information. In particular, we cannot prevent you from receiving unsolicited communications.

4.2. Furthermore, we process your personal data as a precaution against and prevention of fraudulent acts on the Marketplace.

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interests in this context are to protect the integrity of the Marketplace, our services, our system and our users.

4.3. Furthermore, we process your personal data for our efforts to (a) provide you with the most optimal and meaningful user experience possible when visiting and using our Marketplace and services; and (b) improve and optimize the Marketplace, its layout and content, and our services.

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interests in this context are to provide you with an optimal and meaningful user experience on the Marketplace that meets your expectations and needs on the one hand and fulfills our commercial interests on the other hand.

4.4. To the extent you have given us your consent, we will further process your collected personal data for the provision and optimization of our email marketing efforts, in particular the provision of our newsletter and other marketing messages about Redbubble events, Redbubble services, Redbubble products and special Redbubble offers.

You may revoke your consent at any time with future effect. You may do so at any time by following the instructions included in any email or by contacting our customer service, for example, by sending an email to the contact options listed in Section 1 or by contacting our Help Center at help.redbubble.com/hc/en-us (which you can also access via the "Help" link at the bottom of the Marketplace homepage). If you have given us your consent, we will continue to process your email address to send you helpful information about using our services from time to time. You can disable these messages at any time by deactivating the receipt of such messages in the settings functions of your user account.

The legal basis for this is Article 6(1)(a) GDPR.

4.5. Furthermore, we may process the information collected by our web server (cf. Section 3.1) in the event of system abuse in cooperation with your Internet provider and/or local authorities in order to determine the originator of this abuse.

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interests in this context are the protection of the integrity of the Marketplace, our services, our system and our users.

5. TRANSFER OF PERSONAL DATA

Your personal data is very important and helpful for us to provide and optimize the Marketplace and our services. We do not share your personal information with third parties unless (a) it is necessary for the provision of the Marketplace and/or our services; (b) otherwise permitted by applicable law; or (c) you have given us your consent. In light of the above, we will only share your personal data with third parties to the extent set out below.

5.1. In order to provide our services in the form of processing and coordinating sales or orders between users on the Marketplace, it is necessary to pass on your name, delivery address and telephone number to production, printing, logistics or processing service providers on behalf of the seller. Please note that this information is shared solely for the purpose of processing the sale or order made between users. However, this information will not be made available to the aforementioned service providers for marketing purposes under any circumstances.

The legal basis for this is Article 6(1)(b) GDPR.

5.2. In the event that claims are made against Redbubble by third parties claiming that any content transmitted by you to the Marketplace violates applicable law, intellectual property rights of the third party (e.g. copyrights and ancillary copyrights, patents, trademarks, company logos, work titles or designs) and/or other rights of the third party (e.g. general personal rights or the right to one's own image), we are entitled in accordance with our User Agreement to pass on your name, address and/or further information about the content objected to by the third party to the third party in order to enable the third party to assert its rights against you.

The legal basis for this is Article 6(1)(b) GDPR.

5.3. We are further entitled to outsource the processing of personal data in whole or in part to external service providers who act for us as processors within the meaning of Article 4(8) GDPR. If these service providers are located outside the European Union or European Economic Area, we will take appropriate security measures in accordance with legal and regulatory requirements to ensure the security of your personal data.

We use external service providers as part of the provision and operation of the Marketplace and the provision of our services for the purposes listed below:

  • For hosting the Marketplace and storing the databases in the backend of the Marketplace.

  • For enabling and providing live chat communications.

  • For enabling and providing the technical requirements for product reviews by users.

  • For the precaution against as well as the detection, identification and prevention of fraudulent actions on the Marketplace.

  • For observing and monitoring the performance of the Marketplace and detecting, identifying and resolving problems and errors on the Marketplace.

  • For providing our Customer Relationship Management, in particular customer and product support for the Marketplace, as well as investigating, identifying and resolving customer support requests via live chat, email, web forums, social media or telephone.

  • For enabling data reporting and analytics for our internal business purposes.

  • For optimizing typography in the Marketplace.

  • For effectively and efficiently organizing and administering our internal business goals.

  • For optimizing and improving our budget planning, business performance, analysis and reporting.

  • For providing payment services to our users.

  • For providing services for our marketing as well as for optimizing our marketing.

5.4. In order to offer you Klarna's payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna's own privacy notice.

6. HOW WE SECURE YOUR PERSONAL DATA

We take all necessary and reasonable steps to keep your personal data secure, but by its nature, unfortunately, no system is impenetrable. Due to the inherent nature of the Internet, we cannot guarantee that information is one hundred percent secure from unauthorized access during transmission over the Internet or while it is stored on our system or otherwise. Your payments are made over an encrypted connection or through a secure data processor. Access to your personal data on our databases is subject to appropriate technical security measures. Furthermore, only persons authorized by us can access your personal data to the extent necessary for their respective activities (so-called need-to-know principle). External service providers who have access to personal data in the course of their activities must sign a commissioned processing agreement (Article 28 GDPR) with us, which obliges them to implement the necessary and appropriate steps to protect the personal data provided to them.

7. STORAGE PERIOD

Your personal data will be stored by us only as long as it is necessary to achieve the purposes for which it was collected or – if there are any legal retention periods beyond this – for the duration of the legally prescribed retention period. Subsequently, your personal data will be deleted.

8. COOKIES AND SIMILAR TECHNOLOGIES

For the processing of personal data using cookies and similar technologies in the context of the Marketplace, please see our Cookie Policy (including our Consent Manager Tool), which is part of this Privacy Policy.

9. YOUR RIGHTS UNDER DATA PROTECTION LAW

In accordance with applicable data protection law, you may have the following rights.

(a) Right of access, rectification, erasure and restriction: You may have the right to request information about your personal data stored by us at any time. When we process your personal data, we take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be corrected. You may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing under this Privacy Policy or applicable law and legal retention obligations do not prevent further storage.

Your user account shows you the essential personal data that is stored by us. You can view, change and/or delete this personal data at your own discretion. Furthermore, you can contact us at any time with a request for information, deletion and restriction under the contact options listed in section 1.

(b) Right to data portability: You may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format or to transfer this data to another controller. For this purpose, please contact the contact options listed under item 1.

(c) Right to object: You may have the right to object to the processing of your personal data on specific grounds relating to your particular situation. To do so, please contact the contact options listed under item 1.

(d) Right to revoke your consent: If you have consented to the collection and processing of your personal data, you may revoke your consent at any time with effect for the future, but without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. You can also object to the use of your personal data for the purposes of market and opinion research as well as advertising and to unsubscribe from receiving our newsletter (see section 4.4). To do so, please use the contact options listed under section 1.

(e) Supervisory authority responsible for possible complaints: You have the right to file a complaint with the competent data protection supervisory authority.

10. CHANGES

Redbubble reserves the right to change this Privacy Policy at any time in accordance with the law. This may be necessary, for example, to comply with new legislation or in the case of new services.

11. CONSUMER PRIVACY ACT ("CCPA") – FOR CALIFORNIA RESIDENTS

This Section 11 applies only to users of our Marketplace who are California residents. As used in this Section, "Personal Information" in this Section 11 means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time ("CCPA").

11.1 CCPA DISCLOSURE

The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected, disclosed for a business purpose, sold, or used for business or commercial purposes in the preceding twelve (12) months since this California Resident Privacy Notice was last updated, as well as the categories of sources from which that Personal Information was collected, and the categories of third parties with whom we shared Personal Information. The examples of Personal Information provided for each category reflect each category's statutory definition and may not reflect all of the specific types of Personal Information associated with each category.

Category

We Collect

We Disclose

We Sell

Categories of Third Parties with Whom We Share Personal Information

A. Identifiers

Examples: Name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.

Yes

Yes

No

All

B. Categories of Personal Information in Cal. Civ. Code Section 1798.80(e)

Examples: Name, signature, social security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Yes

Yes

No

All

C. Characteristics of Protected Classifications under California or Federal Law

Examples: Race or color, ancestry or national origin, religion or creed, age (over 40), mental or physical disability, sex (including gender and pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity or expression, medical condition, genetic information, marital status, military, and veteran status.

No

N/A

N/A

N/A

D. Commercial Information

Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

Yes

No

All

E. Biometric Information

Examples: Physiological, biological, or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, such as imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

No

N/A

N/A

N/A

F. Internet or Other Electronic Network Activity Information

Examples: Browsing history, search history, and information regarding a consumer's interaction with an internet website, application, or advertisement.

Yes

Yes

No

All

G. Geolocation Data

Examples: Precise physical location.

No

N/A

N/A

N/A

H. Sensory Information

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

No

N/A

N/A

N/A

I. Professional or employment-related information

Examples: Job application or resume information and past and current job history.

Yes

Yes

No

All

J. Non-Public Education Information (as defined in 20 U.S.C. 1232g; 34 C.F.R. Part 99)

Examples: Records that are directly related to a student maintained by an educational agency or institution or by a party acting for the agency or institution.

No

N/A

N/A

N/A

K. Inferences Drawn from Personal Information

Examples: Consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

N/A

N/A

N/A

11.2 USE OF PERSONAL INFORMATION

We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes as described in Sections 3-5 of this Policy.

11.3 COLLECTION OF PERSONAL INFORMATION

In the preceding twelve months since this notice was last updated, we have collected Personal Information from the following categories of sources:

  • You/Your Devices: You or your devices directly.

  • Users: Other users of our services.

  • Affiliates.

  • Analytics Providers.

  • OS/Platform Provider: Operating systems and platforms.

  • Social Networks.

  • Partners: Business partners.

11.4 DISCLOSURE OF PERSONAL INFORMATION

As set forth in Section 5 of this Policy, we share your Personal Information with the following categories of third parties:

  • Affiliates.

  • Analytics Providers.

  • Vendors: Vendors and service providers.

  • Integrated Third Parties: Third parties integrated into our Services.

  • Third Parties as Legally Required: Third parties as required by law and similar disclosures.

  • Third Parties in Merger/Acquisition: Third parties in connection with a merger, sale, or asset transfer.

  • Third Parties with Consent: Other third parties for whom we have obtained your permission to disclose your Personal Information.

11.5 RIGHT TO KNOW AND ACCESS

You may submit a verifiable request for information regarding the: (i) categories of Personal Information collected, sold, or disclosed by us; (ii) purposes for which categories of Personal Information are collected or sold by us; (iii) categories of sources from which we collect Personal Information; (iv) categories of third parties with whom we disclosed or sold Personal Information; and (v) specific pieces of Personal Information we have collected about you during the past twelve months.

11.6 RIGHT TO DELETE

Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.

11.7 VERIFICATION

Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. To verify your access or deletion request, we may request that you provide us with personal information that matches the identifying information that you have already provided to us.

11.8 AUTHORIZING AN AGENT

To authorize an agent to make a request to know or delete on your behalf, please email us at privacy@redbubble.com.

11.9 SUBMIT REQUESTS

To exercise your rights under the CCPA, click this the "Do not sell my Personal Information" link in the footer) or email datadeletions@redbubble.com. Only you or an agent duly authorized to act on your behalf may submit verifiable consumer request related to your Personal Information. A verifiable consumer request must:

  • Provide sufficient information that allows Redbubble to reasonably verify the requester's identity; and

  • Describe the request with sufficient detail that allows Redbubble to properly understand, evaluate, and respond to it.

11.10 RIGHT TO EQUAL SERVICE AND PRICE

You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations. Redbubble may offer certain financial incentives to the extent permitted by the CCPA that result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive that is offered will reasonably relate to California consumers' personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program would require prior opt in consent, which may be revoked at any time.

11.11 SHINE THE LIGHT

California's "Shine the Light" law (Civil Code Section § 1798.83) permits California consumers to request certain information regarding Redbubble's disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@redbubble.com.

12. COMPLAINTS

For any questions, concerns or complaints relating to this Privacy Policy or Redbubble's privacy/data protection practices, please contact the Redbubble Data Protection Officer at the contact details listed in Section 1.

You may also lodge complaints with the relevant supervisory authority, depending on your location.

Date: July 2022

desktop tablet-landscape content-width tablet-portrait workstream-4-across phone-landscape phone-portrait
desktop tablet-landscape content-width tablet-portrait workstream-4-across phone-landscape phone-portrait