Personal Data processed for the following purposes and using the following services:

• • Advertising

    • Meta ads conversion tracking (Meta pixel)

      Personal Data: Trackers; Usage Data

    • LinkedIn conversion tracking (LinkedIn Insight Tag)

      Personal Data: device information; Trackers; Usage Data

  • Analytics

    • Google Analytics (Universal Analytics), HubSpot Analytics and Heap Analytics

      Personal Data: Trackers; Usage Data

    • Google Analytics 4

      Personal Data: number of Users; session statistics; Trackers; Usage Data

  • Displaying content from external platforms

    • Vimeo video

      Personal Data: Trackers; Usage Data

  • Handling activities related to productivity

    • Google Workspace

      Personal Data: email address

    • Lever

      Personal Data: email address; first name; last name

  • Handling payments

    • Stripe

      Personal Data: billing address; email address; first name; last name; payment info

  • Heat mapping and session recording

    • Hotjar Heat Maps and Recordings

      Personal Data: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service

  • Infrastructure monitoring

    • Sentry

      Personal Data: various types of Data as specified in the privacy policy of the service

  • Managing contacts and sending messages

    • Klaviyo

      Personal Data: email address

    • HubSpot Email

      Personal Data: email address; Trackers; Usage Data

  • Remarketing and behavioural targeting

    • Klaviyo segmentation and social advertising

      Personal Data: device information; email address; purchase history; Trackers; Usage Data

  • Tag Management

    • Segment and Google Tag Manager

      Personal Data: Trackers; Usage Data

  • Traffic optimisation and distribution

    • Cloudflare

      Personal Data: Trackers; various types of Data as specified in the privacy policy of the service

  • User database management

    • HubSpot CRM and HubSpot Lead Management

      Personal Data: various types of Data as specified in the privacy policy of the service

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

• • Further Information for Taiwan consumers

    1. You agree that Framework may collect, process, save and use your personal data for reasonable use in order to provide you with other information, services or make membership statistics, or conduct surveys or research on online behavior.
    
    2. According to “Personal Data Protection Act” in Taiwan, you can exercise the following rights with respect to personal data：
    Make any inquiries and requests for personal data (fees vary on a case-by-case basis).
    Any requests to make copies of personal data (fees vary on a case-by-case basis).
    Any request to supplement or correct personal data.
    Any request to stop collecting, processing or using personal data.
    Any request to delete personal data.
    
    3. Retention Period of Personal Data：
    Framework will retain your personal data for the period necessary to complete the purpose of use described in this policy, unless there are statutory or other necessary circumstances, Framework will retain the data for a longer period, for instance, for customer relationship management, your personal data will be retained within an appropriate and reasonable period, or your personal data will be retained within a specific period required by law in order to comply with tax laws or other legal regulations, or to cooperate with government or judicial investigations or litigation requirements. In addition, if you agree to Framework collecting personal data from you at the beginning, but later wish to withdraw this consent, after you withdraw your consent, Framework will not continue to collect your personal data, and will only retain the personal data that Framework collected before you withdrew your consent.
    If you request Framework to stop processing and using, or request Framework to delete your personal data. Once done, Framework will no longer be able to contact you on matters related to Framework services, keep records for future inquiries, provide you with the latest information on Framework services, or conduct a customer verification. Moreover, Framework will be unable to continue to provide services, and will not be liable for any losses caused by this.
    
    4. To whom Framework discloses your personal data
    Framework will not disclose the personal data collected from you to other third parties unless any of the following circumstances applies：
    Your consent: Framework will disclose and share your personal data with other third parties only after obtaining your consent.
    Service provider: Framework will disclose and share the necessary items of your personal data with Framework’s service provider within the scope of the purposes mentioned in this policy, so that they can provide services to you, such as marketing companies for assisting Framework in sending marketing materials and organizing marketing activities, shipping companies for shipping your purchases or repairs, cash processors for processing payments, and customer service providers for providing customer support services for you. These service providers will use your personal data within the scope of the purposes mentioned in this policy in accordance with Framework's instructions, and Framework will ensure that they do comply with this policy.
    Legal or protection purposes: Framework will disclose and share the necessary items of your personal data to third parties in the case of any of the following situations in order to comply with legal requirements or for preservation purposes：
    (1) When it is necessary to comply with laws, requirements of competent authorities or judicial units, or to preserve legal requests, defenses, or to prevent fraud or investigate other illegal acts.
    (2) To the extent permitted by law, to protect the rights, property and safety of Framework, Framework’s service providers, users or the public from being endangered.
    
    5. Cross-border Transfer
    You understand and agree that when you use Framework products or services or provide your personal data to Framework, your personal data may be transferred, retained, processed, and used across borders between Framework's affiliated companies and service providers in various countries. The cross-border transfer, storage, processing and utilization behaviors mentioned above will all comply with this policy and the relevant legal requirements of individual privacy and personal data security in each country.
    
    6. Third Party Links and Services
    Framework products and services may provide links to other websites, or use services provided by third parties. These third-party services are not within the control of Framework and are not covered by this privacy policy. Framework is not responsible for the privacy policies or content of such third-party services. If you have questions about how these third parties collect, use, and share your information, you are advised to review their respective privacy policies or contact the third parties directly. Linking to a third-party service through the permission of this service does not mean that Framework endorses, promotes or represents the quality of the service or assumes responsibility for its actions.
    
    7. If the information you provide contains any third party's personal data, you should ensure that the third party understands the rights of this policy, and ensure that you have obtained the consent of the third party and authorize Framework to use such third party's personal data in accordance with this policy.
    
    8. If the personal data you provide to Framework is insufficient to prove the authenticity of your identity, or if you forge your identity, steal someone else's identity or provide a false identity, Framework has the right to terminate your service.
    
    9. Security Measures
    Framework will try its best to use reasonable technical and procedural protection measures to ensure the security of information collected by Framework. Framework also takes appropriate measures in accordance with relevant laws to ensure that personal data collected by third parties is always safe. However, please be aware that even if Framework takes reasonable steps to protect your information, there are no website, Internet transmission, computer system or wireless connection that can be completely secured.
    
    10. Privacy Rights of Minors
    Framework will not collect personal data of minors under the age of eighteen (18) or as otherwise provided by the local laws or regulations knowingly without the consent of their parents (or guardians). Framework recommends that parents (or guardians) should accompany the minors throughout the use of Framework products and services.
    If you are a minor, please seek the consent of your parents (or guardians). You may provide personal data to Framework only after Framework confirms that you have obtained the consent of your parents (or guardians). Your parents (or guardians) may revoke or withdraw any consent at any time.
    
    11. Special or Sensitive Personal Data
    Framework will not ask you to provide Framework with special or sensitive personal data, such as your medical records, treatments, politics, religious and philosophical beliefs, race, trade union membership information, sexual orientation, sex life, criminal records or genetics.
    
    12. Changes to this Policy
    When you use this website, it means that you have read, understood and agreed to accept Framework's privacy protection policy. Framework may revise the content of this policy from time to time, and you are advised to pay attention to such changes at any time.
    If you continue to use this website after any changes, you are deemed to have read, understood and agreed to accept such changes.
    If you do not agree with the content of this policy or its subsequent changes, or if your country or region excludes all or part of the content of the privacy protection policy, you should stop using this website immediately.
    

  • Further Information for European Union consumers

    User rights
    Users have certain rights that allow them to exercise control over the personal data Framework processes about them. A request from a user can be made in writing by e-mail to Framework, support@frame.work.
    
    Right of access: Users have the right to access the personal data that Framework processes about them. A user has the right to access to the personal data and the following information:
    The purposes of the processing;
    The categories of personal data;
    The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
    If possible, the retention period, or if not possible, the criteria for determining that period;
    The source of the personal data, if not collected from the user himself.
    In addition, the right of access offers users the right to receive a copy of the personal data being processed. However, this must consider the rights and freedoms of others. If personal data of others are involved in the processing, they must be redacted in the copy.
    
    Right to rectification: Users have the right to rectification of inaccurate or incomplete personal data. If no agreement has been reached on the inaccuracy or incompleteness of the personal data, the rectification may be completed as a separate document/notice to the user's data within the organization.
    
    Framework must ensure, to the extent possible with available technology and resources, that personal data are also updated with other recipients, unless this involves a disproportionate effort.
    
    Right to deletion of data (right to be forgotten): Users have the right to request that their personal data be deleted. This request is granted in the following cases:
    The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    The user withdraws consent and there is no other legal basis for the processing;
    The user objects to the processing and there is no overriding legitimate interest of Framework;
    The personal data have been processed unlawfully;
    The personal data must be deleted in order to comply with a legal obligation arising from national or EU law;
    The personal data have been collected in connection with an offer of information society services as referred to in Article 8(1) GDPR.
    
    If personal data has been shared with other parties, Framework must make efforts to ensure that the personal data is also deleted from these other parties.
    A request to delete personal data may be rejected if processing is necessary:
    For exercising the right to freedom of expression and information;
    For fulfilling a legal obligation arising from national or EU law, for fulfilling a task of public interest or exercising public authority;
    For reasons of public interest in the field of public health;
    For the purpose of archiving in the public interest, scientific or historical research or statistical purposes, insofar as the granting of the right to erasure of data is likely to make such processing impossible or seriously jeopardize it;
    For the establishment, exercise or substantiation of a legal claim.
    
    Right to restriction of processing: Users have the right to restrict the processing of their personal data in the following cases:
    The accuracy of the personal data is disputed by the user;
    The processing is unlawful and, instead of erasure of the personal data, the user requests the restriction of their use;
    Framework no longer needs the personal data for the purposes of processing, but the user needs them for the establishment, exercise or vindication of legal claims;
    The user has objected to the processing of personal data because of a specific situation. In this case, Framework must stop processing, unless the interest of the organization outweighs the interests of the user. Until this is clear, the personal data will not be used.
    Framework will inform any recipients of the personal data about the request and ask them to do the same. Framework will also inform the user of any other organizations to which their request has been forwarded.
    
    Right to data portability: Users have the right to obtain their personal data in a structured, common and machine-readable form. In doing so, they have the right to transfer that data to another controller, without being hindered by Framework, if:
    The user has provided the personal data to Framework, and;
    The personal data were provided based on consent or for the performance of a contract, and;
    The processing is carried out in an automated manner.
    
    Right to object: Users have the right to object to the processing of their personal data. The processing of personal data will then be stopped unless there are compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the user or which are related to the establishment, exercise or substantiation of a legal claim.
    A user has the right to object to the use of their personal data in the case of:
    Direct marketing (newsletter for example), including profiling for direct marketing purposes;
    Because of a specific situation. In this case, the processing must be based on the "public interest" or "legitimate interest" legal ground.
    
    Framework shall in any case inform the users within one month without undue delay after receipt of the request about the consequence of the request. The period may be extended by two months depending on the complexity and number of requests from the same user. The user will be notified of such an extension.
    
    Framework is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to Framework and following the procedures and subject to conditions set forth in Annex I of Principles.
    
    Framework takes liability in cases of onward transfers to third parties. Personal data will not be transferred to third parties without customer's consent. Framework has conducted a review of all their third parties where personal data is being stored and concluded that these third parties are in accordance with the GDPR principles of Framework.
    
    Compliance
    
    Framework complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Framework has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Framework has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
    
    In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Framework commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
    
    In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Framework commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Framework at: support@frame.work .
    
    Framework is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
    
    Framework must disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
    

Contact information

• • Owner and Data Controller

    Company: Framework Computer Inc
    
    Headquarters Address:
    447 Sutter St
    PMB 135
    San Francisco, CA, 94108-4618
    United States
    
    Email: support@frame.work
    
    Tel: +1 (415) 475-3769
    
    Managing Director: Nirav Patel
    
    UST-ID: Pending

    Owner contact email: support@frame.work