Privacy Policy

Effective date: 19 February 2026
Last updated: 19 February 2026
Contact (Privacy & Legal): [email protected]

This Privacy Policy explains how FullFrameGear (“FullFrameGear”, “we”, “us”) collects, uses, discloses, stores, transfers, and protects Personal Data when you interact with our websites, online store, in-store operations (if applicable), customer support, marketing, repair/diagnostics workflows, trade-ins/consignment (if offered), shipping and logistics, and related platforms (collectively, the “Services”).

This Policy is designed to comply with major global privacy frameworks, including (where applicable) the Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025 in India, and other applicable privacy laws where we operate or sell.

1) Who we are

FullFrameGear is a pre-owned/used/second-hand film and cinema equipment store, selling and (where applicable) buying, taking trade-ins, consigning, renting, servicing, and shipping equipment such as cameras, lenses, rigs, monitors, audio gear, accessories, and related items.

Depending on the interaction:

  • We act as a Data Fiduciary / Controller (we decide why/how Personal Data is processed), and/or
  • We act as a Data Processor / Service Provider where we process Personal Data on behalf of another party under contract (e.g., marketplace partners, payment processors’ limited roles, warranty administrators, logistics integrations).

If a third-party marketplace or payment provider collects your data directly on their platform, their policy may apply to that portion of processing.

2) Scope

This Policy applies to Personal Data collected from:

  • Website visitors, shoppers, and account holders
  • Buyers, billing contacts, shipping recipients, and gift recipients (where provided)
  • Trade-in/consignment customers (if offered)
  • Customer support contacts (email, chat, phone, social platforms)
  • Repair/diagnostics or servicing customers (if offered)
  • Marketing subscribers and leads
  • In-store visitors and CCTV-covered premises (where applicable)
  • Job applicants and contractors/vendors

Not covered: purely personal/household activity by you, or third-party sites/platforms you use independently.

3) Definitions

  • “Personal Data” means information that identifies or can reasonably identify an individual (directly or indirectly).
  • “Sensitive Personal Data” (or “special category” data) includes government IDs, financial account details, biometrics, precise location, etc., when regulated as such.
  • “Processing” includes collection, recording, storage, use, disclosure, transfer, deletion, etc.
  • “Device/Equipment Data” means data about an item you buy/sell/service (e.g., model, serial number), which may become Personal Data if linked to you.

4) What we collect

A) Data you provide

  • Identity & contact: name, email, phone, billing/shipping address, company, role (if B2B)
  • Account data (if you create an account): login credentials (stored in hashed form), preferences, wishlists, order history
  • Order & transactional: cart contents, purchase history, invoices, tax details (GST or similar where applicable)
  • Payments: limited payment metadata and status (we typically do not store full card numbers; card processing is handled by payment processors)
  • Support communications: messages, email content, chat logs, call recordings where lawful and with notice
  • Trade-in/consignment (if offered): identity verification details where required, payout details, ownership attestations, product condition declarations
  • Repair/diagnostics (if offered): problem descriptions, test results, service notes, and shipping/return coordination details
  • Reviews/UGC: reviews, ratings, photos/videos you submit, and associated metadata

B) Data we collect automatically

  • Device & usage: IP address, browser type, device identifiers, pages viewed, referrals, timestamps, approximate location
  • Cookies & similar: essential, analytics, performance, security, fraud detection, preference storage (see Section 12)

C) Data related to used/pre-owned equipment

Because we sell pre-owned gear, we may collect and/or generate:

  • Serial numbers / unique identifiers to prevent fraud, confirm inventory, support warranty/returns, validate ownership in trade-ins, and comply with lawful requests
  • Condition grading notes: cosmetic/mechanical condition, test results, shutter count/operating hours where available, sensor checks, lens inspection notes
  • Provenance data where available: purchase source category (e.g., trade-in, consignment, distributor liquidation) without guaranteeing full chain-of-custody
  • Media sanitation status: whether memory/media was present, wiped, or removed (see Section 10)

D) Data from third parties

  • Payment processors (transaction status, fraud signals, partial identifiers)
  • Shipping/logistics providers (delivery status, address validation, proof-of-delivery)
  • Marketplaces/affiliate platforms (order referral data, campaign performance)
  • Fraud prevention vendors (risk scores, device reputation)
  • Accounting/tax systems (invoice reconciliation data)

5) Why we process Personal Data (purposes)

We process Personal Data to:

  1. Sell and deliver products (checkout, payment processing, shipping, delivery confirmations)
  2. Account management (logins, order tracking, customer preferences, saved addresses)
  3. Customer support (returns, disputes, troubleshooting, after-sales support)
  4. Used-gear operations (intake, grading, testing, serial tracking, authenticity checks where feasible, fraud/theft prevention)
  5. Trade-ins/consignment/payouts (if offered) (valuation, ownership verification, payout processing, recordkeeping)
  6. Repairs/diagnostics (if offered) (service intake, testing, return shipping, service history)
  7. Quality and security (site security, access control, incident investigation, abuse prevention)
  8. Legal and compliance (tax, accounting, audits, lawful requests, sanctions/embargo checks where applicable)
  9. Marketing and growth (newsletters, product launches, back-in-stock alerts, ads measurement—see Section 11)
  10. Improve our Services (analytics, performance monitoring, UX improvements)

6) Lawful bases for processing

Where required by applicable law, we rely on one or more of the following:

  • Consent (marketing subscriptions, certain cookies, optional recordings)
  • Contract necessity (to fulfill an order, process a return, provide service/repair, manage a trade-in/consignment)
  • Legal obligations (tax/accounting, consumer protection, lawful government requests)
  • Legitimate interests (fraud prevention, security, service improvement)—balanced against your rights
  • Vital interests (rare—safety emergencies)

7) How we disclose Personal Data

We may share data with:

  • Payment processors to process payments and prevent fraud
  • Shipping/logistics providers to deliver orders and provide tracking/proof-of-delivery
  • Service/repair partners (if applicable) only to the extent needed to complete service
  • IT/hosting and operational vendors (cloud hosting, email/SMS, analytics, customer support tools)
  • Professional advisers (lawyers, accountants, auditors, insurers)
  • Authorities if required by law, court order, or to protect rights/safety, including theft investigations where applicable

No resale of Personal Data as a business model: we do not sell Personal Data for money as our primary business model. If a law defines certain targeted advertising disclosures as a “sale” or “sharing,” we will comply with applicable opt-out requirements where legally required.

8) Cross-border transfers

Your data may be processed in countries other than where you live, depending on where our vendors and infrastructure are located.

We use contractual and technical safeguards for cross-border transfers where required, including recognized transfer mechanisms (e.g., SCC-style clauses where applicable).

9) Fraud prevention, theft risk, and identity verification

Used equipment markets attract fraud. To protect customers and our business, we may:

  • Validate addressesdevice signalstransaction patterns, and risk indicators
  • Require additional verification for high-risk orders (e.g., address confirmation, ID checks where lawful and proportionate)
  • Record and retain serial numbers and intake/purchase data for theft prevention, returns validation, and dispute handling
  • Cooperate with lawful theft investigations and requests

We may cancel or hold orders where fraud risk is material or verification fails, consistent with applicable law.

10) Pre-owned gear data sanitation and embedded data disclaimer

Certain equipment can store data (e.g., cameras, recorders, monitors, wireless systems, media cards). Our standard handling may include removing and/or formatting media when feasible, but:

  1. No guarantee of complete erasure: We do not guarantee that every device is fully wiped of all prior data in every scenario. Some data may persist due to device design, encryption, hidden partitions, firmware behavior, or inaccessible storage.
  2. Buyer responsibility: You should perform your own secure wipe/reset procedures upon receipt and before professional use.
  3. Seller responsibility (trade-in/consignment): If you provide gear to us, you must remove/backup your data and perform resets prior to handover. We are not responsible for data you leave on devices to the maximum extent permitted by law.
  4. If we discover personal content: If we encounter clearly personal files during routine testing (e.g., clips/photos), we will avoid accessing them beyond what is necessary and will take reasonable steps to delete/format where feasible.

Where mandatory consumer laws apply, nothing here limits non-excludable rights.

11) Marketing, advertising, and communications

We may contact you for:

  • Transactional messages (order confirmations, shipping updates, support responses)
  • Service messages (security notices, policy changes, recall/safety notifications where applicable)
  • Marketing (newsletters, promotions, launches, back-in-stock alerts) only where permitted by law or where you opted in.

You can opt out of marketing at any time via unsubscribe links or by emailing [email protected].

We may use advertising/measurement tools that collect cookie/device data to understand campaign performance and reduce wasted ads. Where required, we will request consent via cookie controls.

12) Cookies and tracking

We may use cookies and similar technologies for:

  • Essential: security, session management, checkout, fraud prevention
  • Analytics: traffic and performance measurement
  • Preference: remembering settings
  • Advertising/measurement (where used): attribution and campaign performance

You can control cookies through browser settings and (where implemented) our cookie banner/preferences. Blocking certain cookies may impact site functionality.

13) Your rights and choices

Subject to applicable law, you may request:

  • Access to your Personal Data
  • Correction of inaccuracies
  • Deletion (where legally permitted)
  • Withdrawal of consent (where applicable)
  • Objection/restriction in certain cases
  • Portability (where applicable)

To exercise rights, email [email protected] with “Privacy Request” and sufficient details to verify identity. We may reject or limit requests where allowed by law (e.g., legal privilege, security, fraud prevention, contractual restrictions, tax retention duties).

14) Data retention

We retain Personal Data only as long as necessary for:

  • Fulfilling orders, returns, warranty handling (if any), and support
  • Maintaining business records (tax, accounting, audits)
  • Fraud prevention, security logs, and dispute resolution
  • Trade-in/consignment and payout records (if offered)
  • Compliance with legal obligations

Retention periods vary by data type. Transaction and invoice records may be retained for statutory periods even if you request deletion, to the extent required by law.

15) Security controls

We use safeguards proportionate to risk, which may include:

  • Role-based access control (least privilege)
  • MFA where available, strong credential policies
  • Encryption in transit and at rest where supported
  • Segmented access to operational systems
  • Audit logs for access and transfers
  • Vendor due diligence and contractual security commitments
  • Incident response and breach assessment procedures

No security program guarantees zero risk.

16) Breach and incident notifications

Where required by law and/or contract, we will notify relevant parties and/or regulators consistent with applicable legal requirements.

17) Third-party links, marketplaces, and external platforms

Our Services may integrate or link to third-party services (payment gateways, shipping trackers, marketplaces, social platforms). Their privacy practices are not controlled by us. Review their policies separately.

If you purchase from us via a marketplace, some data may be controlled by that marketplace and processed under their terms.

18) Children / minors

Our Services are not intended for children. We do not knowingly collect Personal Data from minors without lawful basis/guardian consent where required. If you believe a minor has provided data, contact [email protected].

19) Automated decision-making

We may use automated tools to detect fraud and secure transactions (e.g., risk scoring). These tools do not make decisions about you in isolation in all cases; some decisions may be reviewed manually depending on risk and operational constraints.

20) Disputes and priority of documents

If a conflict exists between this Policy and a signed agreement with you (e.g., B2B procurement terms, consignment agreement), the signed agreement controls, unless overridden by mandatory law.

Unless overridden by mandatory local law:

  • Governing law: [State], India
  • Jurisdiction: Courts at [City], [State]

21) Updates to this Policy

We may update this Policy from time to time. The “Last updated” date will change. Continued use of the Services means you accept the updated Policy to the extent permitted by law.

22) Contact

All privacy and data requests: [email protected]

FullFrameGear Store Privacy Notice (In-Store / Premises Notice)

FULLFRAMEGEAR — STORE PRIVACY NOTICE
Contact: [email protected]
Location: [Store/Warehouse Address] | Date: [DD Month YYYY]

  1. CCTV and security monitoring
    This premises may use CCTV and related security measures where permitted by law and where notices are posted. Footage may be used for security, theft prevention, incident investigation, and lawful compliance.
  2. What we may collect on premises
  • Your image/likeness (CCTV) where installed
  • Visitor/logistics records (entry logs, courier handoffs, pickup authorizations)
  • Limited contact details for pickups, trade-ins, service intake, or safety/security
  1. Why we collect
  • Safety, security, theft prevention, and incident response
  • Order handover verification (pickup authorization and identity checks where lawful)
  • Trade-in/consignment intake verification (if offered)
  1. Retention and sharing
    CCTV and logs may be retained for security, legal, audit, and operational reasons and may be shared with insurers, advisers, and authorities when required by law.
  2. Questions / requests
    Privacy questions or requests relating to premises data: [email protected]

By entering this premises, you acknowledge this Store Privacy Notice.