GDPR Data

FramePrix Data Protection & GDPR Policy

 

Introduction

FramePrix.com is committed to providing a superior experience for everyone we work with. We know that our users are committed to their satisfaction, and we are equally committed to ensuring that each interaction someone has with our content, products, and services is optimized for maximum value. To enable us to do this, FramePrix.com needs to gather and use certain information about individuals.

Individuals we gather information about include customers, affiliates, business contacts, employees, and other people the organization has a relationship with or may need to contact.

This policy describes how this personal data is collected, handled, and stored to meet the company’s data protection standards — and to comply with the law.

Why This Policy Exists

This data protection policy ensures FramePrix.com:

  • Complies with data protection law and follows industry best practices

  • Protects the rights of staff, customers, affiliates, and partners

  • Is open about how it stores and processes individuals’ data

  • Protects itself from the risks of a data breach

EU General Data Protection Regulation (GDPR) Protection Law

The GDPR (General Data Protection Regulation) describes how organizations who conduct business with individuals or entities located in EU nations — including FramePrix.com — must collect, handle, and store personal information.

These rules apply regardless of whether data is stored electronically, on paper, or in any other manner.

To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.

The EU GDPR is underpinned by eight core principles. These state that personal data must:

  • Be processed fairly and lawfully

  • Be obtained only for specific, lawful purposes

  • Be adequate, relevant, and not excessive

  • Be accurate and kept up to date

  • Not be held for longer than necessary

  • Be processed in accordance with the rights of data subjects

  • Be protected in appropriate ways

  • Not be transferred outside the EEA unless that country ensures an adequate level of protection

1. Policy Statement

Every day our business will receive, use, and store personal information about our customers, affiliates, partners, and colleagues. It is important that this information is handled lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the “Data Protection Requirements”).

We take our data protection duties seriously because we respect the trust placed in us to use personal information appropriately and responsibly.

2. About This Policy

This policy sets out the basis on which we will process any personal data that we collect or process. This policy does not form part of any employee’s contract of employment and may be amended at any time.

The company as a whole is responsible for ensuring compliance with the Data Protection Requirements and with this policy.

Any questions should be referred to the Data Protection Officer.

3. What is Personal Data?

Personal data is defined as data relating to a living individual who can be identified directly or indirectly from that data.

Processing includes obtaining, recording, storing, organizing, retrieving, using, disclosing, erasing, or destroying personal data.

Sensitive personal data includes contact info, address, session activity on the platform, IP location, etc., and can only be processed under strict conditions.

4. Data Protection Principles

Anyone processing personal data must ensure that data is:

  • Processed fairly, lawfully, and transparently

  • Collected for specific purposes

  • Adequate and limited to what is necessary

  • Accurate and kept updated

  • Kept no longer than necessary

  • Processed with appropriate security

  • Not transferred outside approved regions without safeguards

5. Fair and Lawful Processing

We will only process personal data for lawful purposes such as:

  • Consent

  • Contract fulfilment

  • Legal obligations

  • Legitimate interest

Collection of Information

We may collect:

Information you provide directly, such as:

  • Name

  • Email

  • Address

  • Postal code

  • Payment details

  • Telephone number

Collected via account creation, checkout, customer support, surveys, reviews, and other interactions.

Information we collect automatically:

  • Activity on our platform

  • Customer service interactions

  • Device identifiers

  • IP address

  • Browser details

  • Cookies, web beacons, ad data

See our Privacy Policy for more details.

Use of Information

We use collected data to:

  • Provide and improve our services

  • Process orders and payments

  • Personalize experiences

  • Provide customer support

  • Analyze user behavior

  • Improve website content and performance

6. Processing for Limited Purposes

We only process data for specific purposes notified to the data subject or permitted by law.

7. Notifying Individuals

When collecting data, we inform individuals of:

  • Purpose and legal basis

  • Legitimate interests (if applicable)

  • Third-party sharing

  • International transfers

  • Storage periods

  • User rights

  • Withdrawal of consent

  • Complaint rights

  • Whether data provision is mandatory

  • Automated decision-making (if applicable)

We also inform individuals that FramePrix is the data controller and can be contacted at frameprixofficial@gmail.com.

8. Adequate, Relevant, and Non-Excessive Processing

We only collect data needed for specific purposes.

9. Accurate Data

We ensure data is accurate, current, and updated regularly.

10. Timely Processing

We delete data once it is no longer needed for its original purpose.

11. Processing in Line with Data Subject Rights

Including rights to:

  • Access

  • Rectification

  • Erasure

  • Restrict processing

  • Object to processing

  • Data portability

  • Not be subject to automated decisions

12. Data Security

We implement safeguards to protect confidentiality, integrity, and availability of personal data.

Security Measures Include:

  • Entry controls

  • Locked storage

  • Data minimization

  • Encryption and pseudonymisation

  • Secure destruction of physical and digital records

  • Staff protocols for handling data

Transfers Outside the EEA

We may transfer data outside the EEA if:

  • The country has adequate protections

  • The user consents

  • Necessary for contract performance

  • Legally required

  • Safeguards are in place

14. Disclosure and Sharing of Personal Data

We may share personal data with affiliates, subsidiaries, or holding companies under the applicable legal definitions.

15. Subject Access Requests

Formal requests for personal information will be processed in accordance with the law.

Employees must forward requests immediately to the data department.

16. Changes to This Policy

We may update this policy at any time. We will provide advance notice of material changes through our website or by email.