Data Processing Terms

These Data Processing Terms (“Data Terms”) are incorporated into and form an essential part of the Master Terms of Service (“Agreement”) or any other primary commercial contract established between Ava Prints and you (“Merchant”). These Data Terms function as a legally binding Data Processing Agreement (“DPA”) governing the handling of protected personal information. Engaging with our Site or utilizing our custom manufacturing fulfillment infrastructure confirms your absolute acceptance of these Data Terms. If you do not agree to these provisions, you must immediately cease platform use.

1. Core Definitions

  • Primary Contract: The overarching commercial service agreement established between Ava Prints and the Merchant regarding platform access and fulfillment operations within Nigeria.

  • Fulfillment Data: Any personal data pertaining to the end-recipients of physical products (including Merchant clientele, buyers, and order recipients) or data relating to the Merchant’s employee representatives, uploaded or synced to our Site to execute printing runs.

  • The Act (NDPA): The Nigeria Data Protection Act 2023, along with any subsequent regulatory frameworks, guidelines, or directives issued by the Commission.

  • Merchant: The commercial entity, corporate body, or individual designer utilizing the print-on-demand networks of Ava Prints to fulfill client orders or distribute merchandise.

  • The Parties: Refers collectively to Ava Prints and the participating Merchant.

  • Fulfillment Services: The white-label custom manufacturing, tech integrations, branding, dropshipping, storage, and order management features supplied by Ava Prints.

  • Site: The official online marketplace located at www.avaprints.org.

  • Regulatory Terminology: The terms Personal Data, Data Subject, Data Controller, Data Processor, and The Commission (referring to the Nigeria Data Protection Commission or NDPC) maintain the identical meanings assigned to them under Section 65 of the NDPA.

2. Scope and Subject Matter

  • Governance: These Data Terms dictate the operational parameters under which Ava Prints processes personal data routed to our servers by the Merchant.

  • Data Hierarchy: The Merchant acts exclusively as the Data Controller of the Fulfillment Data, having acquired it from their customers. Ava Prints acts strictly as a Data Processor, handling and organizing this information solely on behalf of, and according to the explicit instructions of, the Merchant.

  • Processing Mandate: The Merchant formally instructs Ava Prints to process, format, and store the Fulfillment Data to execute the underlying printing services. This mandate includes transferring data across international boundaries or state lines as reasonably required to manufacture products, coordinate shipping logistics, or satisfy statutory tax and business regulations.

3. Detailed Breakdown of Data Processing

  • Categories of Data Subjects: Ava Prints handles personal data belonging to the Merchant’s end-customers (delivery recipients within Nigeria or global export destinations) and any administrative representatives or employees registered under the Merchant’s corporate profile.

  • Types of Personal Data: Processing activities involve the following data categories submitted by the Merchant: first and last names, delivery coordinates, telephone contacts, email addresses, billing addresses, associated custom print designs, and any secondary checkout notes provided during transaction entry.

  • Nature and Purpose: Processing is executed solely to manufacture custom products, handle e-commerce logistics, manage customer service tickets, and fulfill the operational promises set forth in the Primary Contract. Ava Prints acts purely on the digital data inputs provided by the Merchant.

  • Duration: Data processing will persist throughout the active lifecycle of the Primary Contract until the Merchant profile is formally closed or deactivated.

4. Mutual Rights and Compliance Obligations

  • Regulatory Alignment: Both Parties guarantee that all processing steps conform to active data protection laws, including the NDPA. Each party will fully satisfy their independent legal duties as Data Controller and Data Processor respectively.

  • Lawful Basis Affirmation: The Merchant retains exclusive accountability for the legal standing of the processed data. The Merchant certifies that all customer information provided to Ava Prints was gathered using clear, valid legal grounds (such as explicit consent or performance of a contract) as mandated under Section 24 of the NDPA, and that the Merchant holds the uncompromised right to share this data with Ava Prints and its logistics partners.

  • Data Minimization: The Merchant agrees not to transmit any personal data that is irrelevant, sensitive (outside of core delivery metrics), or unnecessary for the execution of the printing services.

  • Sufficiency of Instructions: The Merchant confirms that the operational terms within this document constitute complete, sufficient, and final processing instructions given to Ava Prints.

  • Secondary Directives: If the Merchant requires additional data handling methods outside these terms, such directives must be submitted in writing, be technically and economically viable, comply with the NDPA, and receive formal written acceptance from Ava Prints before implementation.

  • Indemnity Shield: Ava Prints will not be held liable for any privacy complaints, regulatory fines, or legal actions brought by Data Subjects or the Commission that stem directly from Ava Prints executing instructions received from the Merchant.

  • Data Accuracy: The Merchant is responsible for verifying that all shipping addresses and contact points are current and accurate, and must immediately update the platform regarding any corrections to prevent data misdirection.

  • Operational Commitment: Ava Prints will implement appropriate technical and organizational security safeguards to protect user rights and ensure platform operations align with current Nigerian data compliance standards.

5. Authorized Sub-Processors

  • General Authorization: The Merchant grants Ava Prints general written authorization to engage external third-party service entities (“Sub-Processors”) to support platform infrastructure, secure local payment gateways, and shipping logistics.

  • Core Sub-Processing Systems: Sub-Processors utilized by Ava Prints include cloud hosting providers, server infrastructure managers, third-party logistics (3PL) centers, regional mail couriers, delivery riders, and professional financial or legal consultants.

  • Vetting Standards: Ava Prints will only contract with Sub-Processors that demonstrate sufficient technical security structures and guarantee compliance with the NDPA and other applicable data frameworks.

  • Contractual Flow-Down: All Sub-Processors are bound by written data protection contracts that enforce privacy obligations no less restrictive than the terms detailed in this document.

  • Cross-Border Safeguards: For data routed to Sub-Processors outside the Federal Republic of Nigeria, Ava Prints ensures that the transfer strictly satisfies the cross-border requirements outlined in Section 41 of the NDPA, utilizing adequate data frameworks, Standard Contractual Clauses, or binding corporate rules.

6. Merchant Assistance and Support

Recognizing the structural nature of print-on-demand dropshipping, Ava Prints will provide reasonable operational assistance to the Merchant to fulfill their compliance duties as a Data Controller. This includes supporting the Merchant with:

  • Data Subject Rights: Managing consumer requests regarding data access, rectifications, profile updates, account deletions, or data restriction under the NDPA. If an end-customer contacts Ava Prints directly to exercise these rights, Ava Prints will forward the request to the Merchant without undue delay.

  • Breach Notifications: Assisting in investigations regarding security incidents and providing necessary details to enable the Merchant to notify the Nigeria Data Protection Commission (NDPC) within the statutorily required timeframes if a data breach occurs.

  • Data Protection Impact Assessments: Providing controlled, relevant system details to assist the Merchant in compiling Data Protection Impact Assessments (DPIAs) when required by regulatory inquiries.

7. Comprehensive Security Safeguards

  • Technical Architecture: Taking into account technical capabilities, integration expenses, and the scope of custom printing logistics, Ava Prints implements rigorous physical, organizational, and technical protocols to maintain a level of security appropriate to the processing risk.

  • Confidentiality Mandate: Ava Prints ensures that all employees, press operators, developers, and technicians authorized to handle Fulfillment Data are bound by binding, permanent non-disclosure agreements.

  • Access Limitations: Internal data access permissions are restricted using the principle of least privilege, ensuring personnel can only view data fragments strictly necessary to perform their manufacturing or support roles.

8. Auditing and Compliance Reviews

  • Information Requests: Upon receiving a formal written request from the Merchant, Ava Prints will provide accessible compliance documentation confirming our adherence to these Data Terms, provided disclosure does not compromise proprietary secrets, third-party data, or legal confidentiality duties.

  • Formal Audits: If the provided documentation fails to reasonably demonstrate compliance, Ava Prints agrees to permit independent data processing audits.

  • Auditor Qualifications: Audits must be carried out by a reputable, independent, certified Data Protection Compliance Organisation (DPCO) licensed by the NDPC or a mutually agreed-upon independent data auditor.

  • Logistical Terms: The Merchant bears all financial expenses related to requested audits. Ava Prints reserves the right to bill the Merchant for internal technical labor or operational overhead created by the inspection process. Merchants may exercise this audit right no more than once every two (2) years, barring an explicit, confirmed security breach.

  • Confidentiality of Reports: The designated auditor must execute a strict non-disclosure agreement before accessing our systems, ensuring no proprietary business data is exposed in the final summary report. A copy of the final audit report must be delivered simultaneously to Ava Prints.

9. Retention, Reclamation, and Erasure

  • Post-Termination Standing: Ava Prints is under no obligation to preserve or store historical Merchant data or customer records once the Primary Contract is terminated and the user profile is deleted.

  • Data Choice: Upon formal account closure, and based on the Merchant’s written selection, Ava Prints will securely delete or return the stored Fulfillment Data files, purging existing digital copies from our active servers unless local statutory limits, federal accounting standards, or Nigerian tax laws require us to maintain an archived copy.

10. Governing Law and Amendments

  • Jurisdiction: These Data Terms are governed exclusively by the laws of the Federal Republic of Nigeria and are subject to the uniform dispute resolution and binding arbitration procedures established in the primary Terms of Service.

  • Modifications: Ava Prints preserves the right to alter or update these Data Terms at our discretion to match shifting legal frameworks or directives from the NDPC. Merchants are responsible for staying informed of updates. Continued interface with our print systems following published changes establishes consent to the modified terms.

Key Adjustments Made for Your Protection:

  1. NDPA 2023 Alignment: All references to the GDPR have been completely swapped out for the Nigeria Data Protection Act 2023, legal terms map to Section 65 of the Act, and cross-border provisions follow Section 41.

  2. Local Regulatory Framework: The oversight authority is correctly identified as the Nigeria Data Protection Commission (NDPC), and provisions specify using a licensed Data Protection Compliance Organisation (DPCO) for formal compliance audits.

  3. Clarity on Liability ($4.6) & Audit Controls ($8.4): Preserves your strict protection against customer-level compliance errors, as well as the restriction limiting audits to once every two years to ensure it won’t disrupt your daily business operations.