FrameFi Privacy Policy

Effective Date: 03/11/2024

Introduction

FrameFi ("we," "us," or "our") is committed to protecting the privacy and personal data of all users of our platform, including event organizers and videographers. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our platform, and outlines your rights under Dutch and European data protection laws, including the General Data Protection Regulation (GDPR).

---

1. Data We Collect

FrameFi collects various types of personal and usage data to facilitate services, improve the user experience, and ensure platform security. This section defines each category of data and provides examples of specific data types.

1.1 Personal Identity Information

We collect essential identity information required to verify users, enable transactions, and maintain account security. This includes:

• Full Name: Collected to verify identity and for use in contracts and official communications.
• Date of Birth: Used to confirm legal eligibility to enter into agreements.
• Address: Physical or billing address may be required to validate accounts and for invoicing purposes.
• Contact Details: Email address and phone number to facilitate communication, booking confirmations, and support.
• Government ID Information: Collected and verified through secure third-party services for identity verification.

1.2 Professional Information

Professional data is collected from users, particularly videographers, to provide a complete profile of services offered. This may include:

• Job Title and Expertise: Descriptions of skills, qualifications, or areas of expertise relevant to services provided.
• Portfolio Links: Links to external sites or portfolio platforms that demonstrate prior work quality and experience.
• Certifications and Licenses: Professional certifications or licenses, if required, for specific types of events or services offered.

1.3 Financial and Transactional Data

Financial data is collected to process payments, manage bookings, and issue refunds. FrameFi implements strict security measures to protect all financial information. This category includes:

• Payment Details: Payment method information, such as credit card or bank account details, processed securely via third-party payment processors (FrameFi does not store full credit card numbers).
• Transaction History: Records of all transactions, including booking fees, payments received, and refunds issued, for financial reporting and auditing.
• Invoice Information: Invoices issued for services rendered on the platform, including itemized costs, tax information, and payment confirmations.

1.4 Event and Booking Information

To facilitate bookings and ensure quality service, we collect data related to events and services provided. This data helps FrameFi match videographers with organizers and ensure that all parties are informed of event-specific requirements. Event and booking data includes:

• Event Details: Name, type, date, time, and venue location of events for which videography services are booked.
• Special Requirements: Any additional instructions or requirements for the event, such as specific shots, equipment needs, or onsite contacts.
• Booking Preferences: Preferences for booking times, pricing packages, and service features selected by users.

1.5 User-Generated Content and Profile Data

User-generated content contributes to the customization of user profiles and enhances the visibility of videographers' skills and services. This may include:

• Profile Photos: Uploaded images used for profile identification and personalization.
• Reviews and Ratings: Feedback provided by organizers and videographers based on completed services, intended to build transparency and trust.
• Comments and Messages: Communication between users through FrameFi's messaging or comments system to facilitate collaboration and feedback on projects.

1.6 Device and Technical Information

FrameFi collects technical data to optimize the platform's performance, troubleshoot issues, and ensure compatibility across devices. This information includes:

• IP Address: Used to identify users' general location, manage access security, and prevent fraud.
• Browser and Device Information: Browser type, device model, operating system, and screen resolution to improve platform functionality and display.
• Usage and Interaction Logs: Clicks, page views, and time spent on various sections of the platform, used for analytics and to enhance user experience.

1.7 Location Data

If users consent, we may collect and use approximate location data to enhance service relevancy and facilitate event bookings. Location data includes:

• Geolocation Data: Approximate location derived from IP address or device settings, used to suggest relevant services and improve match accuracy.
• Venue and Event Locations: Addresses or venue information for events, specifically for logistical planning and service delivery.

1.8 Cookie and Tracking Data

We use cookies and similar tracking technologies to personalize user experience, analyze platform usage, and support marketing initiatives. Types of cookies we may use include:

• Essential Cookies: Necessary for platform operation, enabling basic functions like login and security.
• Analytics Cookies: Collect data on platform usage to help us understand user behavior and improve service offerings.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing efforts.

1.9 Marketing and Communication Preferences

FrameFi collects data related to user preferences for receiving marketing communications, including:

• Opt-In Status: Information on whether users have opted in to receive marketing or promotional communications.
• Communication Preferences: Settings for preferred communication channels (e.g., email, SMS) and content types (e.g., promotions, updates, newsletters).
• Tracking of Engagement: Information on whether users engage with communications (e.g., opening emails or clicking links), used to improve marketing strategies and relevance.

2. How We Use Your Data

FrameFi collects and processes personal data for several purposes, all of which are designed to enhance the platform experience, ensure security, and facilitate smooth transactions. This section details the purposes for which FrameFi uses your data, providing specific examples of each.

2.1 Service Provision and Platform Operations

We process personal data to deliver our services effectively and ensure the functionality of our platform, including:

• Account Creation and Profile Management: Personal data is used to set up, maintain, and personalize user accounts, allowing users to access their profiles, make bookings, and interact on the platform.
• Identity Verification: Government IDs and other identifying data are processed to verify user identities and enhance platform security, preventing fraudulent activities.
• Facilitating Bookings and Transactions: Transaction data, event information, and booking preferences are processed to streamline the booking process between organizers and videographers and manage payments.

2.2 Payment Processing and Transaction Management

• Billing and Invoicing: Personal and financial data are used to generate invoices, confirm payments, and process refunds as needed.
• Payment Verification: Transaction data is used to verify payment information and complete transactions securely via third-party payment processors.
• Refunds and Chargebacks: We process transaction and booking information to handle refunds or disputes effectively, ensuring compliance with FrameFi's cancellation and refund policies.

2.3 Communications and Notifications

We use personal data to facilitate effective communication and provide users with important updates. This includes:

• Booking Confirmations and Notifications: Email or SMS notifications are sent to confirm bookings, provide reminders, and communicate changes to event details.
• Account and Security Alerts: We notify users of important account activities, such as password changes, security alerts, and login attempts from new devices.
• Customer Support: Information shared with customer support teams is used to resolve inquiries, complaints, and technical issues.

2.4 Improving User Experience and Platform Optimization

• Personalized Content and Recommendations: Usage data and booking history are analyzed to personalize the user experience, including suggesting relevant services, profiles, or promotions.
• User Interface and Platform Customization: Device and browser data allow us to tailor the platform's appearance and functionality to users' technical environments, optimizing compatibility and usability.

2.5 Marketing and Promotional Activities

With user consent, FrameFi processes certain personal data for marketing and promotional purposes:

• Email Newsletters and Offers: We use email addresses and engagement history to send newsletters, exclusive offers, and platform updates, based on users' stated preferences.
• Targeted Advertising: With consent, FrameFi may use demographic information and activity data to deliver personalized advertisements, either on the platform or through third-party services.
• Event Announcements and Reminders: Event organizers may receive notifications about platform events, promotions, or new service features.

Users may adjust their marketing preferences at any time in their account settings.

2.6 Analytics and Platform Improvement

FrameFi processes data to understand how users interact with the platform and make data-driven improvements:

• Usage Analysis: Aggregated and anonymized data is analyzed to understand usage trends, optimize user flows, and improve platform features.
• Performance Monitoring: Technical data and error logs are used to monitor platform performance, detect bugs, and ensure reliability.
• User Feedback and Surveys: We may process feedback provided through surveys or support inquiries to gauge user satisfaction and identify areas for improvement.

2.7 Security, Fraud Prevention, and Legal Compliance

• Platform Security: We process data to maintain the security of the platform, prevent unauthorized access, and monitor for suspicious activity.
• Fraud Detection: Identity information and transaction data are used to detect, investigate, and mitigate fraudulent behavior.
• Legal Obligations: FrameFi may process and retain certain data to comply with Dutch and EU legal requirements, such as tax reporting, regulatory compliance, and data retention mandates.

3. Sharing and Disclosure of Data

FrameFi shares personal data with trusted third parties under GDPR-compliant agreements to enhance platform functionality, ensure security, and improve user experience. This section details how and why we share data, as well as the safeguards in place to protect user privacy.

3.1 Third-Party Service Providers

We work with selected third-party service providers who perform essential services on our behalf. These providers include:

• Payment Processors: Third-party payment providers handle transactions, ensuring secure payment processing and data handling for credit card and bank transfers. Payment data is shared with these processors to complete bookings and manage refunds.
• Identity Verification Services: We partner with third-party identity verification providers to confirm user identities. This process helps maintain the integrity and trustworthiness of the platform, particularly for organizer and videographer profiles.
• Cloud Storage Providers: Personal data, including profiles, booking information, and transaction history, may be stored securely on cloud storage services under GDPR-compliant contracts.
• Analytics Services: We use third-party analytics tools to understand platform usage patterns, identify trends, and improve user experience. These tools may use aggregated data for analysis, which does not include personally identifiable information.

All third-party providers are carefully vetted and must comply with GDPR, as well as FrameFi's data protection standards.

3.2 Data Transfers Outside the EU

In cases where data needs to be transferred outside the European Economic Area (EEA), FrameFi ensures that adequate safeguards are in place to protect user data. These safeguards include:

• Standard Contractual Clauses: FrameFi may execute data processing agreements with non-EEA providers that include EU Standard Contractual Clauses, ensuring the same level of protection for personal data as within the EEA.
• EU-U.S. Privacy Shield: Where applicable, we work with providers certified under the EU-U.S. Privacy Shield or similar frameworks that meet GDPR data protection standards.
• Binding Corporate Rules (BCRs): For multinational partners, Binding Corporate Rules may be applied, ensuring consistent data protection policies across international subsidiaries.

3.3 Legal Obligations and Compliance

FrameFi may disclose personal data to fulfill legal obligations or respond to lawful requests from public authorities, including:

• Law Enforcement Requests: We may share data with law enforcement or regulatory bodies in response to valid requests, including subpoenas, court orders, or legal investigations.
• Regulatory Compliance: FrameFi complies with Dutch and EU regulations, such as tax laws and anti-fraud mandates, and may disclose data to relevant authorities as required.
• Protection of Rights and Safety: We may disclose data if necessary to protect the rights, property, or safety of FrameFi, its users, or others, including in cases of suspected fraud or data breaches.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of FrameFi's assets, personal data may be transferred to the acquiring entity. If such a transfer occurs, FrameFi will notify users and ensure that the new entity upholds privacy standards consistent with this Privacy Policy.

3.5 Data Sharing for Marketing Purposes

FrameFi does not sell personal data to third parties for direct marketing purposes. However, we may share anonymized or aggregated data with marketing partners to improve advertising relevance and measure campaign effectiveness. User consent is required for any third-party marketing activities involving identifiable personal data.

3.6 Aggregated and Anonymized Data

For purposes of research, reporting, and trend analysis, FrameFi may share aggregated or anonymized data with partners or the public. This data does not identify individual users and is used solely for analytical purposes.

3.7 User-Controlled Data Sharing

Users may choose to share their profiles, event details, or portfolio links publicly on the platform. FrameFi allows users to control the visibility of certain data through account settings, enabling users to manage who can access their information and content.

4. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), FrameFi users have certain rights concerning their personal data. These rights are designed to give you control over how your personal data is collected, used, and shared. This section outlines each right in detail and provides information on how to exercise them.

4.1 Right to Access

Definition: The right to access allows you to request a copy of the personal data we hold about you, along with information on how it is processed, the purposes for processing, and with whom it has been shared.

• How to Exercise: You can submit a request to access your data by contacting FrameFi at [email protected]. Please provide sufficient information to verify your identity and specify the data you would like to access.
• Response Time: We will respond to access requests within one month, as required by GDPR, and may extend this period by up to two months for complex or multiple requests. You will be informed if an extension is necessary.
• Limitations: In some cases, we may withhold access to specific data to protect the privacy of others or due to legal obligations. We will inform you if any part of your request cannot be fulfilled and provide the reasons for it.

4.2 Right to Rectification

Definition: The right to rectification allows you to request corrections to any inaccurate or incomplete personal data we hold about you.

• How to Exercise: To request a correction, please contact FrameFi's support team with the details of the inaccuracy and any supporting documentation. You can also edit certain data directly in your account settings.
• Response Time: We aim to respond to rectification requests within one month. In cases where additional verification or documentation is needed, we may contact you for further information.
• Limitations: FrameFi reserves the right to decline rectification requests if the information is deemed accurate or if modifying it would affect the integrity of our records. If your request is declined, we will inform you and explain the decision.

4.3 Right to Erasure (Right to be Forgotten)

Definition: The right to erasure allows you to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, you withdraw consent, or you object to processing.

• How to Exercise: To request deletion of your data, please email us with the specific data you would like erased. Note that some data may be exempt from deletion due to legal requirements.
• Response Time: FrameFi will respond to erasure requests within one month. If the request is approved, we will permanently delete your data, with limited exceptions as described below.
• Limitations and Exceptions: We may be unable to fulfill deletion requests if the data is required for:
  • Legal Obligations: To comply with financial, tax, or regulatory requirements.
  • Legal Claims: For establishing, exercising, or defending against legal claims.
  • Public Interest: For reasons of public health or research, where data anonymization may be applied instead of deletion.

4.4 Right to Restrict Processing

Definition: This right allows you to limit the processing of your data in specific situations, such as when you contest its accuracy, believe it has been unlawfully processed, or need it retained for legal claims even though we no longer require it.

• How to Exercise: Contact FrameFi with a request to restrict processing, specifying the reason for restriction (e.g., dispute over data accuracy).
• Outcome of Restriction: If granted, FrameFi will limit processing of the restricted data to storage only, unless processing is necessary for legal claims, protecting others, or important public interests.
• Response Time: We will respond to restriction requests within one month. In complex cases, this period may be extended, and we will inform you of any delay.

4.5 Right to Data Portability

Definition: The right to data portability allows you to obtain a copy of your personal data in a structured, commonly used, machine-readable format, and to transfer that data to another data controller, where technically feasible.

• Applicability: This right applies only to data processed based on your consent or a contract and does not cover data that FrameFi processes based on legal obligations.
• How to Exercise: Submit a request specifying the data you wish to port. We will provide the data in a digital format compatible with standard file types, such as CSV or JSON.
• Transfer Options: If feasible, FrameFi may transfer the data directly to a third-party service you designate. However, this is subject to technical compatibility with the recipient's system.

4.6 Right to Object

Definition: You have the right to object to our processing of your personal data where processing is based on legitimate interests or performed for direct marketing purposes.

• How to Exercise: To object to specific processing activities, contact FrameFi and specify the grounds for objection, particularly if related to our legitimate interests.
• Marketing Opt-Out: You may object to processing for direct marketing purposes at any time by changing your marketing preferences in your account settings or by contacting us directly.
• Limitations: If we have compelling legitimate grounds for processing, or if processing is required for legal claims, we may continue processing despite your objection.

4.7 Right to Withdraw Consent

Definition: Where we process personal data based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

• How to Withdraw: You can manage consent settings in your account preferences or contact FrameFi directly to withdraw consent for specific processing activities.
• Effect of Withdrawal: Withdrawal of consent may impact your access to certain services or features of the platform that rely on the data for which consent was withdrawn.

4.8 Right to File a Complaint

Definition: If you believe your rights have been infringed or that FrameFi has not processed your data in accordance with GDPR, you have the right to file a complaint with a supervisory authority.

• Supervisory Authority: In the Netherlands, you may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://autoriteitpersoonsgegevens.nl.
• Contact Information for Complaints: In addition to the Dutch authority, you can also contact FrameFi's Data Protection Officer at [Contact Email] to address concerns before filing a formal complaint.

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Specifically:

• Booking Data: Retained for a period of 8 years to comply with accounting and tax regulations.
• Inactive Accounts: Deleted after 8 years of inactivity on the platform, unless a longer retention period is required by law.

We review our data retention practices regularly to ensure that personal data is not kept longer than necessary.

6. Data Security

FrameFi employs robust security measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encryption: Data encryption during transmission and storage.
• Access Controls: Restricted access to personal data based on a need-to-know basis.
• Regular Security Audits: Periodic evaluations and improvements of our data security practices to prevent data breaches.

While we strive to protect your data, please note that no transmission over the internet is entirely secure. We encourage you to use strong passwords and limit sharing of account details.

7. Children's Privacy

Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly.

8. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify users of significant changes through the platform or via email. Continued use of our platform after updates are posted constitutes acceptance of the updated Privacy Policy.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer at:

• Email: [email protected]
• Mailing Address: [Address]

For complaints regarding data protection, you may also contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at https://autoriteitpersoonsgegevens.nl.