Legal information
How ØN FRAME handles personal data, cookies, payments, requests, and customer communication.
Privacy Policy
This policy explains how ITAN EOOD, as data controller, processes information relating to visitors, customers, and people who submit custom requests through ØN FRAME at https://onframe.org.
Controller and contact
The data controller is ITAN EOOD, company ID 208729182, VAT BG208729182, registered at 12 Simeonovsko Shose Blvd., Sofia, Bulgaria. For personal-data questions, contact us at onframebg@gmail.com or by phone at +359 895 723 444.
The competent supervisory authority is the Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, www.cpdp.bg.
Data we process
Depending on how you use the site, we may process:
- name, email, phone, delivery address, and billing details;
- order, cart, product, payment, delivery, claim, or refund information;
- customer-account, status-link, or support communication data;
- photos, files, descriptions, logos, and instructions submitted for a custom request;
- technical data such as IP address, device type, browser, language settings, security logs, and cookie-consent information;
- data needed for accounting, legal defence, contract performance, or legal obligations.
We do not ask for special-category data. Please do not send sensitive information that is not needed for production or order support.
Purposes and legal bases
We process personal data only where a GDPR legal basis applies:
- contract performance or steps before a contract — order handling, custom requests, delivery, payment, status links, and customer communication;
- legal obligation — accounting, tax documents, claims, and responses to competent authorities;
- legitimate interest — site security, fraud and abuse prevention, communication records, service improvement, and technical support;
- consent — analytics or marketing cookies, newsletter, or another action for which we expressly request consent.
Orders, payments, and custom files
Payment data is processed by Stripe. ØN FRAME receives information needed to confirm payment, order status, refund, or accounting, but does not store full payment-card details on its own servers.
When you submit a photo, logo, or file for a custom request, we use that material only for review, quoting, preparation, production, communication, and evidence of fulfilment. Files may be stored in private storage and accessed through restricted links by the customer or team when needed for the request.
Providers and recipients
To operate the site, we use trusted providers and processors according to the relevant purpose:
- Stripe — payments, Checkout, receipts, and refunds;
- Supabase — customer accounts, orders, requests, status links, and related file records;
- Vercel — hosting, protection, logs, and analytics according to consent settings;
- Resend or email provider — operational emails for orders, requests, and support;
- Sentry or monitoring provider — technical errors, security, and stability with personal-data minimization;
- courier and logistics partners — delivery and tracking;
- accounting, legal, and administrative recipients where required by law.
We do not sell personal data. We do not provide data to third parties for their independent marketing without your consent.
Cookies and analytics
The site uses necessary cookies and local mechanisms for functionality, security, language, cart, and consent. Analytics tools such as Vercel Analytics or Speed Insights are used only according to the consent choice shown on the site. You can change or delete cookies in your browser settings, but this may affect parts of the site's functionality.
When you open a current public product page, the site automatically stores a recently viewed product history in this browser. It contains only the public product ID and an ISO timestamp, expires after 30 days, and can be removed by clearing this site's browser data. This history stays on the device and is not transmitted to an account, analytics service, or other provider.
When you explicitly save a product, the site stores a saved products list in this browser. It contains only the public product ID and an ISO timestamp, expires after 180 days, and can be removed with the save control or by clearing this site's browser data. Saved products stay on the device and are not transmitted to an account, analytics service, or other provider.
Retention
We keep personal data only for as long as needed for the purpose for which it was collected or as required by law. Order, payment, invoice, and claim data may be retained for accounting, tax, and legal periods. Customer-account data is retained while the account is active or while needed for performance and legal protection. Custom files and communication are retained while needed for the request, production, support, claim handling, or evidence of fulfilment.
Your rights
You may request access, a copy, correction, erasure, restriction, portability, or objection to the processing of your personal data where the GDPR conditions are met. Where processing is based on consent, you may withdraw that consent for future processing.
To exercise a right, write to onframebg@gmail.com. We may ask for additional information to confirm your identity and protect the data against unauthorized access.
Complaint to a supervisory authority
If you believe your rights have been infringed, you can contact us so we can review the matter. You also have the right to lodge a complaint with the Commission for Personal Data Protection: www.cpdp.bg, 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria.
Changes to this policy
We may update this policy when our services, providers, legal requirements, or processing activities change. The updated version is published on https://onframe.org and applies from publication unless stated otherwise.
