Legal
Privacy Policy
Last updated: 1 May 2026 · Frames & Sunglasses / Caruso Consulting Co Ltd
Summary: We collect only what we need to process your order and improve your experience. We do not sell your personal data. You have the right to access, correct, or delete your information at any time.
1. Who We Are
Frames & Sunglasses is a trading division of Caruso Consulting Co Ltd, a registered company with VAT ID 0765554000332, registered at 47 Moo 1, T. Nawoong, Meaung, Phetchaburi 76000, Thailand. Our website is framesandsunglasses.com.
For any privacy-related enquiries, contact us at theteam@customersupport.care.
2. Information We Collect
Information You Provide
- Order information: Name, email address, shipping address, and order details when you make a purchase.
- Contact enquiries: Name, email, and message content when you contact us.
- Communications: Any information you provide when you email or call us.
Information Collected Automatically
- Usage data: Pages visited, time on site, referring URL, browser type, and device type — collected via analytics tools.
- Cookies: Small data files stored on your device (see Section 6 for full details).
- IP address: Collected automatically when you visit our website.
Payment Information
We do not store your payment card details. All payment processing is handled by Stripe (Stripe, Inc.), which is PCI DSS Level 1 certified — the highest available standard. By making a purchase, you also agree to Stripe's Privacy Policy.
3. How We Use Your Information
We use the information we collect to:
- Process and fulfill your orders, including shipping confirmation and tracking
- Send transactional emails (order confirmation, dispatch notification)
- Respond to customer service enquiries
- Improve our website, products, and user experience
- Comply with legal obligations and resolve disputes
- Detect and prevent fraudulent transactions
- Serve relevant advertising via Google Ads and Meta (Facebook/Instagram) — with your consent where required
4. Third-Party Tools & Services
We use the following third-party tools that may process your data:
- Stripe: Payment processing. Privacy Policy
- Google Analytics: Website analytics and performance measurement. Data is anonymised where possible. Privacy Policy
- Google Ads: Advertising and remarketing. Conversion tracking may use cookies. Privacy Policy
- Meta Pixel (Facebook/Instagram): Advertising performance measurement and remarketing. Privacy Policy
- Google Fonts: Font delivery. Your IP address may be transmitted to Google servers. Privacy Policy
- Cloudflare: Content delivery and security. Privacy Policy
5. Legal Basis for Processing (GDPR)
Where GDPR applies, we process your data under the following legal bases:
- Contract performance: To process your order and deliver your products.
- Legitimate interests: To improve our services, prevent fraud, and communicate with you about your order.
- Consent: For marketing communications and non-essential cookies, where your consent is required and obtained.
- Legal obligation: To comply with applicable laws and regulations.
6. Cookies
We use cookies and similar tracking technologies on our website. Cookies are small text files stored on your device that help us understand how the site is used and improve your experience.
Types of Cookies We Use
- Essential cookies: Required for the website to function correctly. Cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with the site (e.g. Google Analytics).
- Advertising cookies: Used by Google Ads and Meta Pixel to measure ad performance and serve relevant adverts.
- Functional cookies: Remember your preferences (e.g. selected color or pack size).
You can control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of the site. For more information, visit allaboutcookies.org.
7. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:
- Service providers: Trusted third parties (Stripe, Google, Meta, shipping carriers) who assist in operating our business, bound by confidentiality obligations.
- Legal compliance: When required by law, court order, or governmental authority.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate safeguards.
8. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, including for legal, accounting, and reporting requirements. Order records are typically retained for 7 years in line with standard accounting obligations. You may request deletion of your data at any time (see Section 9).
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing.
- Right to restrict processing: Request that we limit how we use your data.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at theteam@customersupport.care. We will respond within 30 days.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To make a CCPA request, contact us at theteam@customersupport.care.
11. International Transfers
Our business is registered in Thailand and we serve customers primarily in the USA. Your data may be processed by our service providers in various countries. Where data is transferred internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for EU data).
12. Children's Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal information from children under the age of 13 (or 16 under GDPR). If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.
13. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All payment data is handled by Stripe's PCI DSS Level 1 certified infrastructure. Our website is served over HTTPS.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of our website after changes constitutes acceptance of the updated policy. For material changes, we will notify customers by email where we hold your address.
15. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data: