Privacy policy

This privacy policy was last updated on: July 17, 2019

Important information about 99designs

99designs is a group of companies, including 99designs, Inc, based at 2201 Broadway, Suite 815, Oakland, CA 94612, United States of America and 99designs Pty Ltd, ACN 121 195 248 based at 41-43 Stewart Street, Level 2, Richmond, VIC 3121, Australia and 99designs GmbH, HRB 124340 B based at Bergmannstraße 102/103, 10961 Berlin, Germany. The 99designs entity responsible for your personal information will be the member of 99designs that originally collects information from or about you. If you are an EU/UK individual, this entity will be the data controller. You can learn the identity and details of your data controller in a number of ways. For example, where you or the business you work for engages us to provide a service, we would provide you with our name, address and contact details at that time.

You should be aware that although one 99designs company may be principally responsible for looking after your personal data, information may be held in databases which can be accessed by other 99designs companies worldwide. We provide more information on our worldwide service locations in this policy. When accessing your personal data, all 99designs companies will comply with the standards set out in this policy. You can find out more about our creative platform and how it works at https://support.99designs.com/hc/en-us or by contacting us using the information indicated on that page.


This privacy policy explains how we collect, use and share personal information in the course of our business activities, including:

We want to make our policies on managing your data clear and understandable, so we've tried to write our privacy policy in plain English. We have designed this policy to be as user friendly as possible. Each section of this policy is labelled to make it easy for you to navigate - please click on a topic in the list above to find out more.

Updates

We may review or update this privacy policy from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage, so please regularly check for updates. If we make fundamental changes to this privacy policy, we may take additional steps to notify you including by posting on our website, through pop-up notices or via email.

Third Party Websites

You might find links to external third party websites on our website. This privacy policy does not apply to your use of a third party site and we are not responsible for the privacy practices of any third party. You should check the privacy policies of any third party websites for information on how these third parties process your personal information.

What personal information we collect and when and why we use it

In this section you can find out more about:

  • The types of personal information we collect;
  • When we collect personal information;
  • The different kinds of personal information we collect for certain services we offer;
  • How we use personal information; and
  • The legal basis for using personal information.

When we collect information

We collect information about you if you register with or use one of our websites or online services, purchase or use one of our services, contact us or work with us as a business partner.

We may collect information about you indirectly from other sources and combine that with information we collect through our services where this is necessary to help manage our relationship with you. These other sources may include third party software applications and social media platforms such as Facebook, Google+ and Twitter.

Our services are not offered to persons under the age of 16 years old and we will not knowingly collect any personal data about children under 16 years old.

Personal information we collect and use if you register to use or use one of our websites or services

Personal information that may be collected directly from you if you register to use or use one of our websites or services includes name, contact details, organization name and details, your own domain name, IP address, professional qualifications and billing details including credit card details.

We may also collect personal information such as IP address, device information and log information by using cookies. Please see Cookies Policy for more information on this.

If you are a designer using our services, we will store the information on the profile you create and the content you choose to make available to other users, such as participation statistics, design concepts, design templates, service offerings, and messages and testimonials. We may also share this information with our third party partners, including operators of other websites and platforms that choose to integrate our services into their websites and platforms, as part of providing services to you. We may also collect your tax information and information to verify your identity (passport, ID card or driver's licence information).

If you are a customer using our services, we will store the information on the profile you create and the content you choose to make available to other users, such as design briefs, design contests, design concepts, and messages and testimonials.

We may process account behaviour for security purposes only to protect you from spam messages and to improve identification of spam and fraudulent activity.

We may also collect your personal information where you request information or materials from us, participate in surveys or polls, subscribe to our mailing list or join our social media pages.

This will usually be your name and email address, together with other information needed to respond to the particular campaign or your enquiry.

We collect information about your marketing preferences including interests/marketing list assignments, record of permissions or marketing objections and website data.

When you choose to provide a testimonial, we may use your testimonial for marketing purposes. If we offer a referral service from time to time and one of our users utilises that referral service to tell a friend about our site, we will collect your name and email address from that user to send you a one-time email inviting you to visit our site. We store this information for the sole purpose of sending the one-time email and tracking the success of our referral program. You may contact us to remove this information from our database.

If you apply for a job with us, we collect information such as your contact details and the information you submit in your application and CV.

How do we use the personal information we collect from you?

We use this information to:

  • Provide you with our services and to maintain, manage, promote and improve our services;
  • Verify the identity of our designers to provide a professional work environment;
  • Enable you to access and use our services, including uploading, downloading, collaborating on and sharing content;
  • Enable you to communicate, collaborate and share content with users you designate;
  • Connect you with other third party service providers;
  • Send you notifications when you receive new messages;
  • Provide you with information about services, features, surveys, newsletters, offers;
  • Contact you to let you know about updates to our services or information we feel may be of interest to you (see more information at Direct Marketing);
  • Personalize our services, including by providing content, features, that match your interests and preferences;
  • Provide you with support including technical support and troubleshooting for example, to reset your password;
  • Protect you and conduct security investigations and fraud analysis (including to help us flag spam messages and to prevent unauthorised access to our services);
  • Respond to you if you communicate with us;
  • Comply with our legal obligations, for example when assisting governments and law enforcement agencies or regulators (as may be required by law).

We also use your personal information for data analytics, particularly to understand how you use our services. We use aggregated information derived from the use of our services to provide 99designs with information on usage trends and product insight. This aggregated information is used to improve 99designs' services and products only.

EU/UK individuals - Legal basis for using your personal information

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal information for the purposes set out above where we are satisfied that we have an appropriate legal basis to do this. This may be because:

  • We need to use your personal information to perform a contract or take steps to enter into a contract with you. For example, to take payment for the services we provide to you;
  • We need to use your personal information to support the legitimate interests that we have as a business. Where we do so, we will look after your information at all times in a way that is proportionate and respects your privacy rights. You have a right to object to this processing as explained in Legal rights available to help manage your privacy;
  • We need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
  • You have provided your consent to us using the personal information that way.

If you would like to find out more about the legal basis for which we process personal information please contact us.

Sharing personal information with others

In this section you can find out more about how we share personal information:

  • within 99designs;
  • With third parties that help us provide our products and services; and
  • With government organisations and agencies, law enforcement and regulators.

We may share your personal information in the manner and for the purposes described below:

  • With other companies within the 99designs group where such disclosure is necessary to provide you with our products or and services, including technical support or to manage our business. You can get a list of our group entities by contacting us;
  • With third parties that operate other websites and platforms and who choose to integrate our services into their websites and platforms. They use your personal information to the extent required as part of integrating our services into their websites and platforms;
  • With third parties who help manage our business and deliver services. Our contracts with third parties generally include an obligation for them to comply with this privacy policy and to use any personal information we share with them solely for the purpose of providing services to us. However, any personal information you agree to provide may be received by a third party and may be stored and used by them according to their privacy policy;
  • Where you direct us as part of the services we are providing to share your personal information with another user or to a third party service provider in order to integrate our services with a service that they may provide, for example with a third party printing partner, website builder or web development service provider so that they can provide you with a quote or service;
  • With government organisations and agencies, law enforcement, regulators to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
  • With credit reference agencies and organisations working to prevent fraud in financial services and spam activities;
  • If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets; and
  • We may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers.

Explaining more about direct marketing, profiling and analytics

In this section you can find out more about:

  • How we use personal information to keep you up to date with our products and services;
  • How you can manage your marketing preferences;
  • When and how we undertake profiling and analytics; and
  • When and how we carry out automated decision making.

How we use personal information to keep you up to date with our products and services

We may use your personal information to let you know about our services or related services that we believe will be of interest to you. We may contact you by email or through other communication channels that we think you may find helpful. In most cases our processing of your personal information for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law or where we use or process any of your Sensitive Personal Data) it may be based on your explicit consent. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

How you can manage your marketing preferences

To protect your privacy rights and to ensure you have control over how we manage marketing with you:

  • We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • You can ask us to stop direct marketing at any time - you can ask us to stop sending email marketing, by following the "unsubscribe" or opt-out links in electronic communications or by adjusting your marketing preferences from within your online account. Alternatively you can contact us; and
  • You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below.

We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

When and how we undertake profiling and analytics

We undertake profiling to lock stolen accounts or accounts that are used for spamming/fraud.

If you have signed up to receive marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. This does not have any significant effect or a legal effect on you.

Third party analytics

We use Google Analytics, a web analysis service of Google Inc. ('Google'). Google Analytics uses cookies to monitor traffic to, and use of our website and services. Information about the use of our services generated by these cookies is generally transferred to a Google server in the USA and stored there. Google uses this information on our behalf to evaluate your usage of our website and services, to compile reports on activities, and to provide additional analytics services connected with our services. We will not identify you to Google, and will not merge personal and non-personal information collected through this service. You can prevent the use of Google Analytics cookies by adjusting the settings on your browser software as explained below, however, you may not be able to fully use all of the functions of our website and services if you do so. For more information about and to prevent Google’s collection of data generated by your use of our website and services (including your IP address) you can download and install a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

Transferring personal information globally

In this section you can find out more about:

  • How we operate as a global business and transfer data internationally; and
  • The arrangements we have in place to protect your personal information if we transfer it overseas.

Your personal information may be disclosed, transferred to or processed outside of your country of residence. If you are an individual in Australia this may include the United States of America, Germany, the Philippines and Brazil, where it will be subject to the laws of the country to which it is transferred. These jurisdictions may not have an equivalent level of data protection laws as those in your country.

EU/UK individuals - If you are an individual based in or a resident of the European Union or the United Kingdom, your personal information may be processed outside of the European Union, in countries such as the United States of America, Australia, Brazil and the Philippines that are subject to different standards of data protection.

We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:

  • We ensure transfers within 99designs' group of companies will be covered by an agreement entered into by members of 99designs' group of companies (an intra-group agreement) contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within 99designs' group of companies;
  • Where we transfer your personal information outside of our group of companies or to third parties who help provide our services (an 'onward transfer'), we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the EU - US Privacy Shield [for the protection of personal information transferred from within the EU to the United States and/or the use of EU approached Standard Contractual Clauses ('EU Model Clauses') for controller to controller and /or controller to processor transfers from the EU /UK to jurisdictions, such as Australia, who do not have an adequacy finding from the EU Commission; and
  • Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.

You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information when this is transferred as mentioned above.

Privacy Shield - 99designs complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. 99designs has certified to the Department of Commerce that it adheres to the Privacy Shield Principles ("Principles"). If there is any conflict between the terms in this privacy policy and the Principles, insofar as the transfer of personal information from the EU and Switzerland to the US is concerned, the Principles shall govern. In the event of an onward transfer of personal information subject to the Principles, 99designs shall remain liable under the Principles if its agent or data processor processes such personal information in a manner inconsistent with the Principles, unless 99designs shows that it is not responsible for the event giving rise to the damage. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

If you have a question or complaint you believe to be within the scope of our Privacy Shield certification, please contact us first at privacy@99designs.com, or using the contact details in the “Contact us” section below.

For any complaints that we can’t resolve directly, JAMS is a US-based independent provider responsible for reviewing and resolving complaints about US Privacy Shield compliance. You can contact JAMS free of charge at https://www.jamsadr.com/eu-us-privacy-shield.

As further explained by the Principles, binding arbitration is available to address residual complaints not resolved by other means. As a US based company 99designs, Inc. is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

How we protect and store your information

Security

We store most of your personal information electronically. We implement and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, misuse or interference or the unauthorised disclosure, access or modification to such information appropriate to the nature of the information concerned.

For EU / UK individuals

Measures we take include:

  • Placing confidentiality requirements on our staff members and service providers who have access to your personal information;
  • Destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
  • Following strict security procedures in the access, storage and disclosure of your personal information to prevent unauthorised access to it;
  • Using secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorized interception.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy policy. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner.

In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

Where you request that we delete your account from our system, we will lock the account and delete it from our servers within 30 days. However, in specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Cookies

A cookie is a small text file containing small amounts of information which is downloaded to / stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.

Cookies may collect personal information about you. Cookies help us remember information about your visit to our website, like your country, language and other settings. Cookies allow us to understand who has seen which web pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier. Cookies can allow us to do various other things, as explained further in our Cookies Policy which you can access by clicking on the link below.

Read our Cookies Policy

Legal rights available to help manage your privacy

You may access or request correction of the personal information that we hold about you by contacting us. There are some circumstances in which we are not required to give you access to your personal information.

There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.

For EU / UK individuals

If you are an individual based in or a resident of the European Union or the United Kingdom, or a person to whom EU GDPR applies, there are additional rights available to you. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:

  • To access personal information;
  • To rectify / erase personal information;
  • To restrict the processing of your personal information;
  • To transfer your personal information;
  • To object to the processing of personal information;
  • To object to how we use your personal information for direct marketing purposes;
  • To obtain a copy of personal information safeguards used for transfers outside your jurisdiction; and
  • To lodge a complaint with your local supervisory authority.

If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see right to object); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which 99designs is subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Right to transfer your personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

Contact us

The primary point of contact for all issues arising from this Policy is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

Via e-mail: privacy@99designs.com

Via mail:

If you are resident in Australia:
99designs PTY Ltd
Level 2
41-43 Stewart Street
Richmond, VIC 3121
Australia

If you are resident in the US:
99designs, Inc
2201 Broadway, Suite 815
Oakland, CA 94612
USA

If you are resident in the EU/UK/CH:
99designs GmbH
Bergmannstr. 102-103
10961 Berlin
Germany

In all other cases:
Data protection officer:
Luke Cawood
99designs PTY Ltd
Level 2
41-43 Stewart Street
Richmond, VIC 3121
Australia
E-mail: privacy@99designs.com

If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer or us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

In order to comply with the EU - US Privacy Shield, we have committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union citizens, which cannot be resolved directly with us, through the JAMS EU-US Privacy Shield Dispute Resolution Framework as our Independent Recourse Mechanism (“IRM”). You may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield.

To contact your data protection supervisory authority

You have a right to lodge a complaint with your local regulator, which if you are located in the EU /EEA/ UK, will be your local data protection supervisory authority (ie your place of habitual residence, place of work or place of alleged infringement).

If you are located in:

  • Australia, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au.
  • Germany, you can contact the Federal Commissioner for Data Protection and Freedom of Information at www.bfdi.bund.de/.
  • US, you can contact the relevant information commissioner's office in your respective US State.

We would ask that you please attempt to resolve any issues with us before your local supervisory authority.