Effective Date: Date of checkout acceptance or signature.

This Agreement is made between:

Supplier:
PappaArtzi Limited trading as Pen Written Post
Company No. 11059566
Registered address: 165 Birchfield Road East, Northampton, NN3 2BZ
ICO Registration: ZB789789
Data Protection Officer: Daniella Paolozzi
Email: [email protected]

(“Pen Written Post”, “we”, “us”, “our”)

And

The purchasing business (“Client”, “you”)

Together, the “Parties”.

1. Scope of Services
Pen Written Post provides:

Handwritten-style direct mail campaigns

Subscription-based monthly outreach

Print coordination and fulfilment

Envelope sourcing and postage application

QR code creation and tracking (if selected)

Data validation and cleansing (if selected)

Companies House API configuration (if included)

We provide delivery services only and do not guarantee marketing performance outcomes.

2. Subscription Terms (Where Applicable)

Subscriptions are 12-month fixed-term agreements.

Monthly allocations reset each calendar month, do not roll over, and are non-refundable if unused.

A one-time £100 setup fee applies.

Early termination requires payment of the remaining contracted balance.

After the initial 12-month term, subscriptions may renew monthly unless cancelled with 30 days written notice.

3. Fees & Payment

Fees are as stated in the accepted quotation or checkout.

Subscription fees are collected monthly in advance.

One-off campaigns require payment in full before production begins.

Postage pricing assumes Royal Mail rates at time of quotation. Adjustments may apply if rates increase before dispatch.

Fees are not contingent on response rate, leads, conversions, ROI, or revenue.

4. When Work Is Deemed to Have Started
Work begins when any of the following occur: production scheduling, print ordering, handwriting-style production, postage purchase, data preparation, or third-party cost incurred.

Cancellation after this point will incur charges for work completed and costs incurred.

5. Client Responsibilities
The Client agrees to:

Provide accurate and lawfully obtained data

Provide final approved copy

Confirm proof approval in writing

Confirm personalisation rules

Ensure compliance with UK GDPR and PECR

The Client warrants that:

It has lawful basis to process and share Personal Data

Recipients may reasonably expect B2B postal communication

It will not provide Special Category Data unless agreed in writing

Pen Written Post is not responsible for undelivered mail resulting from inaccurate data.

6. Proofing & Approval
Written approval of proofs constitutes final sign-off. After approval:

Changes may not be possible

Additional charges may apply

The Client is responsible for checking names, addresses, links, spelling, and artwork.

7. Dispatch & Delivery
Dispatch dates are estimates unless guaranteed in writing.

We are not liable for postal delays, industrial action, weather disruption, delivery failures after dispatch, or supplier delays.

Proof of posting confirms dispatch, not delivery.

8. Optional Add-Ons
QR Codes: Scan tracking indicates scan events only. No guarantee of form completion or conversion.

Data Cleansing: Improves accuracy but does not guarantee deliverability.

Companies House API Setup: Configuration service only. Data is publicly sourced. No guarantee of completeness or accuracy.

9. Marketing Results Disclaimer
Direct mail performance depends on audience selection, message strength, offer, timing, and follow-up.

We do not guarantee response rates, leads, revenue, or ROI. Case studies are illustrative only.

10. Insurance
Pen Written Post maintains:

£1,000,000 Cyber & Data Liability insurance

£1,000,000 Professional Indemnity insurance

£1,000,000 Public Liability insurance

Certificates of insurance are available upon written request.

11. Data Protection & Processing
This section incorporates the Processor obligations in the Data Processing Agreement PWP - Data Processing Agreement.

Client = Data Controller

Pen Written Post = Data Processor

Processing includes storage of address lists, personalisation of mail, dispatch coordination, and QR tracking (if selected).

Categories of data may include name, company, job title, postal address, and business contact details. No Special Category Data unless agreed.

12. Information Security
Pen Written Post maintains documented technical and organisational measures including:

Google Workspace secure storage

Role-based access controls

Multi-Factor Authentication on administrative accounts

Contractor confidentiality agreements

Secure physical handling and shredding of printed data

Periodic access review

Data minimisation practices

Client data is stored only in Google Workspace and ELK QR software (where applicable). Appropriate safeguards are applied for international transfers.

13. Contractor Controls
All contractors:

Are subject to confidentiality obligations

Access data on a need-to-know basis

Have access revoked upon termination

Follow data protection obligations equivalent to this Agreement

Pen Written Post remains responsible for contractor compliance.

14. Incident Response
In the event of a Personal Data Breach:

Immediate containment and investigation

Notification to Client without undue delay

Provision of details including nature of breach, categories affected, likely consequences, and remedial actions taken

15. Data Retention
Client Data is retained only as necessary for active campaign delivery, subscription duration, and legal/accounting compliance.

Data is deleted within a reasonable period after termination unless legally required. Clients may request deletion in writing.

16. Sub-Processors
Approved sub-processors may include Google Workspace, ELK QR software, print suppliers, and postal services. Appropriate contractual safeguards are in place.

17. Business Continuity
Pen Written Post maintains operational continuity measures including secure cloud-based data storage, remote access capability, multiple contractor availability, and backup fulfilment processes.

18. Regulatory Compliance
Pen Written Post confirms compliance with UK GDPR, Data Protection Act 2018, UK Bribery Act 2010, Modern Slavery Act 2015, and applicable UK employment and contractor laws.

19. Confidentiality
Each Party shall keep confidential all non-public information. This obligation survives termination indefinitely.

20. Intellectual Property
Client retains ownership of brand assets.

Pen Written Post retains ownership of templates, handwriting-style systems, internal processes, and operational methods.

21. Limitation of Liability
Neither Party shall be liable for indirect or consequential losses.

Pen Written Post’s total liability shall not exceed the total fees paid for the specific campaign giving rise to the claim. Nothing limits liability where it cannot legally be limited.

22. Force Majeure
Neither Party shall be liable for delay or failure due to events beyond reasonable control.

23. Governing Law
This Agreement is governed by the laws of England and Wales. Courts of England and Wales have exclusive jurisdiction.