Legal

MadFactory is a photography studio based in Sri Lanka.

We focus on architectural, interior, hospitality, food, and commercial photography.

This privacy policy explains how we collect, use, and protect personal data when you visit our website or contact us.

This policy applies when you

• Visit the MadFactory website
• Contact us by email, phone, social media, or contact form
• Work with us as a client, supplier, or collaborator

It does not cover websites or services that we do not control. Those have their own privacy policies.

We may collect the following types of personal data.

We use your data for clear and limited purposes.

We may use your data to

• Respond to your enquiries and messages
• Discuss potential projects and provide quotations
• Plan, manage, and deliver photography and related services
• Maintain client, project, and accounting records
• Send important updates related to ongoing work
• Improve our website content and user experience
• Analyse how visitors use the site in an aggregated way
• Comply with legal, tax, and accounting obligations

We do not sell your personal data.

Depending on your location, we may rely on one or more of the following legal bases to process personal data

• Your consent. For example when you submit a contact form or email us
• Contractual necessity. To discuss, prepare, or fulfil a project or agreement
• Legitimate interests. For example improving our services, keeping business records, and protecting our rights
• Compliance with legal obligations. For example tax, accounting, or regulatory requirements

Our website may use cookies and similar technologies.

We use them to

• Help the site function correctly
• Maintain basic security
• Understand how visitors use the site
• Improve layout, navigation, and content

Some analytics tools may set their own cookies. These help us see which pages are visited, how long visitors stay, and which devices are used. We use this information in an aggregated way. We do not use it to identify you directly.

You can control cookies through your browser settings. If you block some cookies, parts of the site may not work as intended.

More detail about cookies is provided in our Cookie Policy.

We may share your personal data with selected third parties when necessary.

These may include

• Website hosting and technical service providers
• Email and communication service providers
• Accountants or legal advisers where required
• Subcontractors or collaborators involved in a specific project, only when needed

These parties are expected to handle your data securely and only for the purposes we specify.

We may also share data if required by law or regulation, or to protect our rights, property, or safety.

Our website and some service providers may be located or may store data in other countries. This means your data may be processed outside your home country.

We aim to work with providers that use reasonable security measures and follow recognised data protection practices.

We keep personal data only for as long as needed for the purposes described in this policy, or as required by law.

Typical retention patterns

• Enquiries with no project outcome may be kept for a limited period for reference and potential follow up
• Client and project records, including contact details and invoices, may be kept for several years to meet tax and business record requirements
• Technical logs and analytics data are usually kept for shorter periods, based on the settings of our hosting and analytics tools

When data is no longer needed, we aim to delete it or anonymise it in a secure way.

We take reasonable steps to protect personal data against loss, misuse, and unauthorised access.

These steps may include

• Using reputable hosting and email providers
• Limiting access to personal data to those who need it
• Using passwords and other access controls
• Updating software where practical and appropriate

No method of transmission or storage is completely secure, but we work to keep risks as low as is reasonable for a small studio website.

Depending on your location and local law, you may have rights such as

• The right to access the personal data we hold about you
• The right to correct inaccurate or incomplete data
• The right to request deletion of your data, where applicable
• The right to object to certain types of processing
• The right to restrict processing in specific situations
• The right to withdraw consent when processing is based on consent

To exercise these rights, contact us using the details in section 15. We may need to verify your identity before we act on your request.

Our website may include links to other websites, platforms, or services. If you follow these links, their own privacy policies will apply. We are not responsible for how those third parties collect, use, or protect your data.

Our website and services are not directed at children. We do not knowingly collect personal data from anyone under the age of 18.

If you believe we have collected personal data about a minor, contact us and we will review and act where appropriate.

We may update this privacy policy from time to time.

Reasons may include

• Changes in our website or services
• Changes in the tools or providers we use
• Updates in legal or regulatory requirements

The date at the top of this page shows when the policy was last updated. The latest version will always apply to your use of the website.