Privacy Policy
1. Who we are
fam. Technologies (KVK 77432525), Biltstraat 335b, 3572AS Utrecht, Utrecht, Netherlands, is the data controller for personal data collected through the fam. platform and our marketing website. You can reach our privacy contact at support@fam.services.
We are subject to the General Data Protection Regulation (EU) 2016/679 (GDPR) and, for users in the United Kingdom, the UK GDPR and the Data Protection Act 2018.
2. What data we collect
2.1 Account data
When you or your Organization registers, we collect:
- First name and last name
- Email address
- Company name
Users may also optionally provide:
- Phone number
- Location / address
- Profile picture
We collect only the data you choose to provide. Optional fields are never required to use the core Service.
2.2 Content data
As part of normal use of the Service, your Organization and its Users create Content such as tickets, asset records, work orders, comments, and attachments. This Content may contain personal data about third parties. You remain responsible for the lawfulness of processing such data within the Service.
2.3 Usage and activity data
We collect technical and activity data to operate and improve the Service, including:
- Login timestamps and session information
- IP addresses
- Audit logs of actions taken within the application (e.g. ticket creation, updates, deletions)
- Browser type and device information
2.4 Payment data
Payment information (card details) is collected and processed directly by Stripe, Inc. We do not store your card details. We receive a transaction reference, billing amount, and organization-level billing status from Stripe.
2.5 Marketing website analytics
Our marketing website uses Google Analytics to understand visitor behaviour. This is subject to opt-in consent via our cookie notice. See our Cookie Notice for details.
3. Legal bases for processing
We process personal data on the following legal bases:
- Contract performance: to create and manage your account, process payments, and provide the Service.
- Legitimate interests: to maintain security, prevent fraud, operate audit logs, and improve the Service.
- Legal obligation: to comply with applicable laws, including tax and accounting requirements.
- Consent: for optional profile data and for Google Analytics cookies on the marketing website. You may withdraw consent at any time.
4. How we use your data
We use the data we collect to:
- Create and manage accounts and provide access to the Service
- Process payments and manage subscriptions via Stripe
- Send transactional emails (account creation, password reset, system notifications) via Amazon SES
- Maintain security, audit logs, and investigate misuse
- Improve and develop the Service
- Comply with legal obligations
We do not use your data for advertising or sell it to third parties.
5. Data processors and third parties
We share personal data with the following categories of processors:
- Stripe, Inc. — payment processing. Data may be transferred to the US under Stripe's standard contractual clauses.
- Amazon Web Services (Amazon SES) — transactional email delivery.
- Google LLC (Google Analytics) — website analytics, subject to your cookie consent. Data may be transferred to the US.
All processors are bound by data processing agreements and are required to process data only on our instructions and in compliance with applicable data protection law.
6. Data controller vs. data processor
For personal data contained in Content created by your Organization (e.g. employee records, contractor details, ticket data), your Organization is the data controller and we act as a data processor. Our Data Processing Agreement (available on request) governs this relationship.
For account-level data (names, emails, login activity), we are the data controller.
7. International transfers
Some of our processors (Stripe, Google, Amazon) operate in the United States. Where personal data is transferred outside the European Economic Area or the United Kingdom, we ensure appropriate safeguards are in place, such as the EU Standard Contractual Clauses or the UK International Data Transfer Agreement.
8. Data retention
We retain personal data for as long as your account is active or as needed to provide the Service. When an account is closed or deleted:
- Account and profile data is deleted within 90 days.
- Content data is deleted within 90 days unless a longer retention period is required by law.
- Billing and transaction records are retained for 7 years to comply with Dutch accounting law.
- Anonymised usage statistics may be retained indefinitely.
9. Your rights
Under the GDPR and UK GDPR, you have the following rights:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data where there is no legitimate reason for us to retain it.
- Right to restriction: request that we limit processing of your data in certain circumstances.
- Right to data portability: receive your data in a structured, commonly used, machine-readable format.
- Right to object: object to processing based on legitimate interests.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@fam.services. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands that is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl). UK users may contact the Information Commissioner's Office (ico.org.uk).
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include access controls, encryption in transit, and regular security reviews.
Despite these measures, no internet transmission is completely secure. If you become aware of a potential security issue, please contact us immediately at support@fam.services.
11. Children
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service. The effective date at the top of this document reflects the most recent version.
13. Contact
Data controller: fam. Technologies, Biltstraat 335b, 3572AS Utrecht, Utrecht, Netherlands
Email: support@fam.services