MOO sells print and business merchandise products and related services (our Products & Services), including through our business account services. Our Products & Services are mainly intended for business users. The Site is not intended for or directed to children and we do not knowingly collect, maintain or use data relating to children.
MOO is made up of two different legal entities:
Moo Print Limited with registered office at LABS Triangle, Stables Market, Chalk Farm Road, London, England, NW1 8AB (who is responsible for the processing of your data, i.e. the data controller, if you access our Site or order our Products & Services from anywhere other than Canada and the United States); and
MOO Inc. with its principal office located at 25 Fairmount Ave, East Providence, RI 02914, United States (who is responsible for the processing of your data, i.e. the data controller, if you access our Site or order our Products & Services from Canada or the United States).
We collect a variety of information about our wonderful customers (you!) and visitors to our Site. This personal data falls into these categories:
Type of personal data
What does this include?
Title, first name, last name, gender/pronouns, billing address, delivery address, email address and telephone numbers. If you interact with us through social media, this may include your social media user name.
Name of company, business unit/division, role within the company.
Internet protocol (IP) address, user browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, other technology on the devices you use to access the Site. Sometimes this is collected via cookies or similar technologies.
Customer Payment Data
Payment card details.
MOO uses third party payment processors Worldpay, Stripe and PayPal to process payments made for products and services via the Site. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards (which are high!) and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Subject to the below exceptions, your card details are communicated directly from your browser to these payment processors - MOO never (ever!) sees your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.
For Worldpay and Stripe, if on the payment page you have requested that your card details be remembered (it’s such a timesaver!) and the payment was successful, MOO stores the card type, a Masked PAN (only the first 6 and last 4 digits) and the card’s expiry date as well as an associated token. We store this information so that you and we can identify your stored card and use it for further payments at MOO. We also store separately the last 4 digits and card type so that we can identify transactions made by a particular card.
For PayPal we only store the tokens required to identify the transaction with PayPal, issue refunds and identify transactions made using PayPal.
Supplier Invoicing Data
Information given on supplier invoices, including bank account and payment details.
Account holder login details, purchases or orders made by customer (including designs, which may themselves include personal data such as contact information on business cards and other printed materials), customer preferences, feedback and survey responses. So that you can come back and re-print your previous orders, we do not delete your account holder login details and designs until your account is deactivated or you ask us to delete it.
Information about how users use the Site, which might include length of visit, page views, website navigation paths, timing, frequency and pattern of your Site use, and any other information about how you use our Site and our Products & Services. Sometimes this is collected via cookies or similar technologies.
Marketing and Communications Data
Your preferences in receiving direct marketing from us and our third parties and your communication preferences.
Including CCTV footage and access records if you visit any of our premises.
We also collect, use and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your personal data but, as long as it is not combined with other data to identify you, is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is therefore no longer personal data) for research or statistical purposes. In which case we may use this information indefinitely without further notice to you.
We do not collect any special categories of personal data about you. Special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Nor do we collect any information about criminal convictions and offences. If you use any of these types of personal data on products you design or create on moo.com, we will not be able to tell. We will treat all the personal data included in designs or products as ordinary personal data.
Remember, if you choose not to share personal data with us, or refuse certain contact permissions, we might not be able to provide the Products & Services you’ve asked for.
We use different methods to collect data from and about you including through:
Direct interactions. We may collect directly from you Contact, Organisation, Customer Payment, Supplier Invoicing, Account, and Marketing and Communications Data. For example, we may collect this information from you when you:
sign up to receive email direct marketing from us, including the MOOsletter;
make enquiries or request information be sent to you;
create an account with us (on our Site or otherwise);
create designs for Products;
order our Products & Services;
engage with us on social media;
enter a competition, promotion or survey;
give us your marketing or other preferences;
contact customer services;
give us your information at an event;
leave comments or reviews on our Products & Services (please be kind!); or
otherwise contact us (including by post, phone, email, or via a form on our Site, our live chat or social media)
When you communicate with us online, third party vendors receive and store these communications on our behalf.
Automated technologies or interactions. As you interact with us, including via our Site, we may automatically collect Device/Technical Data about your equipment, browsing actions and patterns. We may also collect Device/Technical Data or Usage Data from cookies and similar technologies when you use our website, or when you click on one of our adverts (including those shown on third party websites).
Third parties or publicly available sources. We may receive personal data about you from various lawful sources, including:
Contact Data and/or Organisation Data from other individuals, for example where they have suggested you for our Refer a Friend scheme or if they have sent you a gift card;
Device/Technical Data and/or Usage Data from analytics providers (such as Google), advertising networks and search information providers;
Contact Data, Customer Payment Data and Account Data from providers of technical, payment and fraud prevention and delivery services;
Contact Data and/or Organisation Data from data partners;
Contact Data and/or Organisation Data from sales and marketing partners; and
Data from any third parties who are permitted by law or have your permission to share your personal data with us, such as via social media (including LinkedIn, Twitter and Facebook) or review sites (including TrustPilot).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you purchase our products, that’s a contract.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include the interest of our business in conducting and managing our business, or communicating with you when the business you represent is registering for a Business Services account.
Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
Generally, we do not rely on consent as a legal basis for processing your personal data other than (a) for electronic direct marketing, such as sending you our MOOSletter; or (b) where the law requires it. Where our legal basis is consent, you have the right to withdraw consent any time.
See the table here for a description of all the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We do not carry out any automated decision making.
If you ever have any questions about this, all you have to do is ask. See ‘How to contact MOO about privacy’ below.
We may use your Contact, Organisation, Device/Technical, Usage, Account and Marketing and Communications Data to form a picture of what we think you may want or need, or what may be of interest to you. This is how we decide which Products & Services and offers may be relevant for you and tell you about them. This is what we call direct marketing.
We may carry out direct marketing by email, phone, text or post. For example, you might have the MOOsletter hit your inbox, a discount code texted to you, a cool promotion land on your door mat or a phone call to tell you something that might be relevant to you or your business.
We may send you marketing communications if you have previously requested information from us or purchased our Products & Services from us and you have not opted out of receiving that marketing. On our website, we always try hard to make it really clear what we are doing and what communications you will be sent, whether it’s you deciding to sign up to the MOOsletter and other marketing, or as part of creating an account or the purchase journey. You have a right at any time to change your mind and say no thank you and opt out (but we’d be really sorry to see you go, so please give us a chance by fine tuning your preferences before really leaving us!).
If you want to see and/or update your marketing and communications preferences (including opting out), you can visit the ‘Manage Your Information’ section in your account (moo.com/consent/manage). You can also opt out by following the unsubscribe link at the bottom of communications.
Of course, there are lots of different ways you’ll see adverts for MOO out and about, and not all of these are based on using personal data – sometimes we just buy good old-fashioned advertising space in the real world and websites and social media. If you see MOO’s adverts on websites and in social media, these may not be directed specifically at you, we might just have bid for the space. In social media you can often find out why you have seen a particular advert which will tell you if it has only been directed at an audience rather than at you personally.
We also work with partners to try and promote the reach of our adverts and use analytics and retargeting for this reason. We use Device/Technical Data or Usage Data from cookies and similar technologies to help us to deliver website and social advertising that we believe is most relevant to you and to potential new customers of MOO. The cookies used for this purpose are often placed on our Site by specialist organisations – and this is also why when you’ve been on our Site, you might see that lovely business card design again. If you want more information on cookies and similar technologies, see ‘Cookies & pixels’ below.
Cookies help our Site work better and provide lots of help in the background to make the process of being a MOO customer a lot easier.
Cookies are a tool that we (and everyone else who operates online) use for advertising. That is just part of why cookies are used. Generally, they are pretty clever.
We use the following categories of cookies:
Required cookies. These are needed for the Site to work. They help you move around it and use our services and features. For example, they make it easy to log in and move from page to page, and make things stay in your cart while you go off and look at other pages.
Functional cookies. These allow us to collect useful info about the way you use the Site – helping us to measure and improve performance. For instance, which pages visitors go to most often, and if they get error messages from web pages. They might also include cookies which allow our Site to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
Advertising cookies. These are used by partners and advertisers to serve ads that are more relevant to your interests (see ‘Advertising, marketing and your communications preferences’ above). They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers.
When you use our Site, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It’s important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third-party websites for more information about their cookies and how to manage them.
You can see more information about the cookies we use by clicking ‘Cookie Preferences’ right at the bottom of this page, including who they belong to, their ID and why they are used. We’ve also included links to the third-party websites where you can go to find out more.
Our emails often contain a ‘web beacon pixel’ to tell us whether, and how many times, our emails are opened and if you click through to links or adverts in the email. This is so that we can determine which of our emails and adverts are engaging users/customers. When you delete the email, the pixel will be deleted. If you do not wish the pixel to be downloaded to your device, you should select to receive emails from us in plain text instead of HTML (you can do this via your email provider settings). Alternatively, you can choose not to display images on your emails from us, which also prevents the open pixel from tracking.
Suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, marketing service providers, manufacturers and post and courier services);
MOO group companies (for example, MOO Print Limited may share data with MOO, Inc);
Auditors and professional advisers like bankers, lawyers, accountants and insurers; and
Governmental authorities, regulators and law enforcement.
We also share data with third parties connected to advertising, retargeting and analytics, such as Google Analytics. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/. Please see Cookies above, and ‘Cookie Preferences’ on our Site, for more information.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
For as long as you have an active account with us, the functionality of our Site allows you to come back at any time and re-print Products you have ordered from us. So, unless you deactivate your account or delete your content, we keep it for you so you can always come back to it.
Many of our external third-party providers are based outside the UK and the EEA, so their processing of your personal data will involve a transfer of data outside the UK or EEA.
Whenever we transfer your personal data out of the UK or the EEA, we will comply with applicable data protection law. Some of the mechanisms we may choose to use when undertaking an international transfer are:
The transfer of your personal data is to a country that has officially been deemed to provide an adequate level of protection for personal data by the United Kingdom or the European Commission.
We may use specific contracts approved by the Information Commissioner’s Office in the UK or the European Commission which give personal data the same protection it has in the EEA or the UK (called the Model Clauses).
We share your personal data within the MOO Group, which will involve transferring your data outside the UK and the EEA. We do this using the Model Clauses.
If you would like more information on the Model Clauses we have in place for international transfers, please contact us using the details at ‘How to contact MOO about privacy’ below.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including certain Contact Data and Account Data relating to transactions) for six years after they stop being customers for tax purposes.
We may keep your Account and other data for as long as you have an active account with us (see ‘Account Data’ for more information).
Depending on where you live, you may have some or all of the following rights:
The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing);
Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making; and
Rights in relation to the sale or sharing of your personal data for the purposes of targeted advertising – residents of certain US states have the right to opt-out from these kinds of uses of their personal data. Those rights can be exercised here.
These rights are subject to certain rules, exceptions and limitations around when and how they can be exercised.
If you wish to exercise any of the rights set out above, please contact us (see ‘How to contact MOO about privacy’).
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
UK residents have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
If you are in the EEA, the details of our representative are: Data Priva Limited T/A GDPR Rep, of Studio Office, 3rd Floor, 86-90 Paul Street, London, EC2A 4NE. Their website is https://www.gdprep.org/.
If you need help with our products and services, or this website generally, please contact us here.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can do this by updating your account. Thank you.