Privacy Policy

Effective date: 29 May 2026
Last updated: 29 May 2026
Contact (Privacy & Legal): [email protected]

This Privacy Policy explains how FullFrameGear (“FullFrameGear“, “we“, “us“) collects, uses, discloses, stores, transfers, and protects Personal Data when you interact with our websites, online store, in-store operations (if applicable), customer support, marketing, shipping and logistics, and related platforms (collectively, the “Services“).

This Policy is designed to comply with major global privacy frameworks, including (where applicable) the Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025 in India, and other applicable privacy laws where we operate or sell.

1) Who we are

FullFrameGear is a curated professional cine and film production equipment specialist, selling cameras, lenses, rigs, monitors, audio gear, lighting, accessories, and related items.

Depending on the interaction:

  • We act as a Data Fiduciary / Controller (we decide why/how Personal Data is processed), and/or
  • We act as a Data Processor / Service Provider where we process Personal Data on behalf of another party under contract (e.g., payment processors’ limited roles, warranty administrators, logistics integrations).

If a third-party marketplace or payment provider collects your data directly on their platform, their policy may apply to that portion of processing.

Primary sub-processors and service providers we use include: Razorpay (payment processing), Shiprocket / Delhivery (logistics and shipping), Google Analytics 4 (website analytics — requires consent), Automattic / WooCommerce (store platform and hosting infrastructure), and Meta Platforms (WhatsApp) (customer communication — subject to Meta’s own privacy policy). This list is updated as our service providers change.

2) Scope

This Policy applies to Personal Data collected from:

  • Website visitors, shoppers, and account holders
  • Buyers, billing contacts, shipping recipients, and gift recipients (where provided)
  • Customer support contacts (email, chat, phone, social platforms)
  • Marketing subscribers and leads
  • In-store visitors and CCTV-covered premises (where applicable)
  • Job applicants and contractors/vendors

Not covered: purely personal/household activity by you, or third-party sites/platforms you use independently.

3) Definitions

  • “Personal Data” means information that identifies or can reasonably identify an individual (directly or indirectly).
  • “Sensitive Personal Data” (or “special category” data) includes government IDs, financial account details, biometrics, precise location, etc., when regulated as such.
  • “Processing” includes collection, recording, storage, use, disclosure, transfer, deletion, etc.
  • “Device/Equipment Data” means data about an item you buy or are serviced with (e.g., model, serial number), which may become Personal Data if linked to you.

4) What we collect

A) Data you provide

  • Identity & contact: name, email, phone, billing/shipping address, company, role (if B2B)
  • Account data (if you create an account): login credentials (stored in hashed form), preferences, wishlists, order history
  • Order & transactional: cart contents, purchase history, invoices, tax details (GST or similar where applicable)
  • Payments: limited payment metadata and status (we typically do not store full card numbers; card processing is handled by payment processors)
  • Support communications: messages, email content, chat logs, call recordings where lawful and with notice
  • Reviews/UGC: reviews, ratings, photos/videos you submit, and associated metadata

B) Data we collect automatically

  • Device & usage: IP address, browser type, device identifiers, pages viewed, referrals, timestamps, approximate location
  • Cookies & similar: essential, analytics, performance, security, fraud detection, preference storage (see Section 12)

C) Data related to cine and production equipment

Because we deal in professional production gear, we may collect and/or generate:

  • Serial numbers / unique identifiers to prevent fraud, confirm inventory, support warranty/returns, and comply with lawful requests
  • Condition grading notes: cosmetic/mechanical condition, test results, shutter count/operating hours where available, sensor checks, lens inspection notes
  • Media sanitation status: whether memory/media was present, wiped, or removed (see Section 10)

D) Data from third parties

  • Payment processors (transaction status, fraud signals, partial identifiers)
  • Shipping/logistics providers (delivery status, address validation, proof-of-delivery)
  • Fraud prevention vendors (risk scores, device reputation)
  • Accounting/tax systems (invoice reconciliation data)

5) Why we process Personal Data (purposes)

We process Personal Data to:

  1. Sell and deliver products (checkout, payment processing, shipping, delivery confirmations)
  2. Account management (logins, order tracking, customer preferences, saved addresses)
  3. Customer support (returns, disputes, troubleshooting, after-sales support)
  4. Equipment operations (grading, testing, serial tracking, authenticity checks where feasible, fraud/theft prevention)
  5. Quality and security (site security, access control, incident investigation, abuse prevention)
  6. Legal and compliance (tax, accounting, audits, lawful requests, sanctions/embargo checks where applicable)
  7. Marketing and growth (newsletters, product launches, back-in-stock alerts, ads measurement—see Section 11)
  8. Improve our Services (analytics, performance monitoring, UX improvements)

6) Lawful bases for processing

Where required by applicable law, we rely on one or more of the following:

  • Consent (marketing subscriptions, certain cookies, optional recordings)
  • Contract necessity (to fulfill an order, process a return, provide service)
  • Legal obligations (tax/accounting, consumer protection, lawful government requests)
  • Legitimate interests (fraud prevention, security, service improvement)—balanced against your rights
  • Vital interests (rare—safety emergencies)

7) How we disclose Personal Data

We may share data with:

  • Payment processors to process payments and prevent fraud
  • Shipping/logistics providers to deliver orders and provide tracking/proof-of-delivery
  • IT/hosting and operational vendors (cloud hosting, email/SMS, analytics, customer support tools)
  • Professional advisers (lawyers, accountants, auditors, insurers)
  • Authorities if required by law, court order, or to protect rights/safety, including theft investigations where applicable

No resale of Personal Data as a business model: we do not sell Personal Data for money as our primary business model. If a law defines certain targeted advertising disclosures as a “sale” or “sharing,” we will comply with applicable opt-out requirements where legally required.

8) Cross-border transfers

Your data may be processed in countries other than where you live, depending on where our vendors and infrastructure are located.

We use contractual and technical safeguards for cross-border transfers where required, including recognized transfer mechanisms (e.g., SCC-style clauses where applicable).

9) Fraud prevention, theft risk, and identity verification

Used equipment markets attract fraud. To protect customers and our business, we may:

  • Validate addresses, device signals, transaction patterns, and risk indicators
  • Require additional verification for high-risk orders (e.g., address confirmation, ID checks where lawful and proportionate)
  • Record and retain serial numbers and purchase data for theft prevention, returns validation, and dispute handling
  • Cooperate with lawful theft investigations and requests

We may cancel or hold orders where fraud risk is material or verification fails, consistent with applicable law.

10) Pre-owned gear data sanitation and embedded data disclaimer

Certain equipment can store data (e.g., cameras, recorders, monitors, wireless systems, media cards). Our standard handling may include removing and/or formatting media when feasible, but:

  1. No guarantee of complete erasure: We do not guarantee that every device is fully wiped of all prior data in every scenario. Some data may persist due to device design, encryption, hidden partitions, firmware behavior, or inaccessible storage.
  2. Buyer responsibility: You should perform your own secure wipe/reset procedures upon receipt and before professional use.
  3. If we discover personal content: If we encounter clearly personal files during routine testing (e.g., clips/photos), we will avoid accessing them beyond what is necessary and will take reasonable steps to delete/format where feasible.

Where mandatory consumer laws apply, nothing here limits non-excludable rights.

11) Marketing, advertising, and communications

We may contact you for:

  • Transactional messages (order confirmations, shipping updates, support responses)
  • Service messages (security notices, policy changes, recall/safety notifications where applicable)
  • Marketing (newsletters, promotions, launches, back-in-stock alerts) only where permitted by law or where you opted in.

You can opt out of marketing at any time via unsubscribe links or by emailing [email protected].

We may use advertising/measurement tools that collect cookie/device data to understand campaign performance and reduce wasted ads. Where required, we will request consent via cookie controls.

12) Cookies and tracking

We may use cookies and similar technologies for:

  • Essential: security, session management, checkout, fraud prevention
  • Analytics: traffic and performance measurement
  • Preference: remembering settings
  • Advertising/measurement (where used): attribution and campaign performance

You can control cookies through your browser settings and our cookie consent banner (CookieYes), which is displayed on your first visit and can be accessed at any time via the cookie icon on the site. We use a cookie consent management platform to block non-essential cookies (including Analytics cookies) until you give explicit consent. You can withdraw or update consent at any time. For full cookie details, see our Cookie Policy.

13) Your rights and choices

Subject to applicable law, you may request:

  • Access to your Personal Data
  • Correction of inaccuracies
  • Deletion (where legally permitted)
  • Withdrawal of consent (where applicable)
  • Objection/restriction in certain cases
  • Portability (where applicable)
  • Right of Nomination: You may nominate a person to exercise your data rights on your behalf in the event of your death or incapacity, per applicable DPDP Rules 2025.

To exercise rights, email [email protected] with “Privacy Request” and sufficient details to verify identity. We will respond to valid data requests within 30 days of receipt, unless a different period is prescribed by applicable law. We may reject or limit requests where allowed by law (e.g., legal privilege, security, fraud prevention, contractual restrictions, tax retention duties).

14) Data retention

We retain Personal Data only as long as necessary for:

  • Fulfilling orders, returns, warranty handling (if any), and support
  • Maintaining business records (tax, accounting, audits)
  • Fraud prevention, security logs, and dispute resolution
  • Compliance with legal obligations

Retention periods vary by data type. Transaction and invoice records may be retained for statutory periods even if you request deletion, to the extent required by law.

15) Security controls

We use safeguards proportionate to risk, which may include:

  • Role-based access control (least privilege)
  • MFA where available, strong credential policies
  • Encryption in transit and at rest where supported
  • Segmented access to operational systems
  • Audit logs for access and transfers
  • Vendor due diligence and contractual security commitments
  • Incident response and breach assessment procedures

No security program guarantees zero risk.

16) Breach and incident notifications

Where required by law and/or contract, we will notify relevant parties and/or regulators consistent with applicable legal requirements.

17) Third-party links, marketplaces, and external platforms

Our Services may integrate or link to third-party services (payment gateways, shipping trackers, marketplaces, social platforms). Their privacy practices are not controlled by us. Review their policies separately.

Customer enquiries and order communications via WhatsApp are subject to Meta Platforms Inc.’s privacy policy. Meta’s data practices are not controlled by FullFrameGear — review Meta’s policy separately. If you purchase from us via a marketplace, some data may be controlled by that marketplace and processed under their terms.

18) Children / minors

Our Services are not intended for children. We do not knowingly collect Personal Data from minors without lawful basis/guardian consent where required. If you believe a minor has provided data, contact [email protected].

19) Automated decision-making

We may use automated tools to detect fraud and secure transactions (e.g., risk scoring). These tools do not make decisions about you in isolation in all cases; some decisions may be reviewed manually depending on risk and operational constraints.

20) Disputes and priority of documents

If a conflict exists between this Policy and a signed agreement with you (e.g., B2B procurement terms), the signed agreement controls, unless overridden by mandatory law.

Unless overridden by mandatory local law:

  • Governing law: Kerala, India
  • Jurisdiction: Courts at Ernakulam, Kerala

21) Updates to this Policy

We may update this Policy from time to time. The “Last updated” date will change. Continued use of the Services means you accept the updated Policy to the extent permitted by law.

22) Contact

All privacy and data requests:

Grievance timelines (DPDP Act 2023 §13): Privacy grievances are acknowledged within 48 hours and resolved within 30 days (or as prescribed by DPDP rules). For formal escalation: Grievance Redressal.

 [email protected]

FullFrameGear Store Privacy Notice (In-Store / Premises Notice)

  1. CCTV and security monitoring
    This premises may use CCTV and related security measures where permitted by law and where notices are posted. Footage may be used for security, theft prevention, incident investigation, and lawful compliance.
  2. What we may collect on premises
  • Your image/likeness (CCTV) where installed
  • Visitor/logistics records (entry logs, courier handoffs, pickup authorizations)
  • Limited contact details for pickups or viewings
  1. Why we collect
  • Safety, security, theft prevention, and incident response
  • Order handover and viewing verification (pickup authorization and identity checks where lawful)
  1. Retention and sharing
    CCTV and logs may be retained for security, legal, audit, and operational reasons and may be shared with insurers, advisers, and authorities when required by law.
  2. Questions / requests
    Privacy questions or requests relating to premises data: [email protected]

By entering this premises, you acknowledge this Store Privacy Notice.