Privacy Policy

PRIVACY NOTICE
Effective January 1, 2026

This Privacy Notice describes how The Fab Foundation (“we”, “us”, “our”) collects, uses, and discloses personal information in connection with the FAB26 Boston event and our related websites and services.

ORGANIZATION AND CONTACT
The Fab Foundation
Federal ID: 26-4836002
50 Milk Street, FL 16, Boston, Massachusetts, USA, 02109
Contact: fabevents@fabfoundation.org

INFORMATION WE COLLECT
We collect the following categories of information when you register for FAB26, interact with us, or use our websites:

Identification Information: name, title.
Contact Information: email, mailing address.
Event Participation Information: ticket purchases, workshop selections, scheduling, and event activities.
Payment Information: transaction details processed through trusted payment providers.
Technical Information: IP address, browser type, device identifiers, and information collected through cookies or similar technologies.
Special Requests: dietary restrictions or accessibility requests if voluntarily provided.

HOW WE USE INFORMATION
We use personal information for the following purposes:

Event Administration: registration, ticketing, communications, scheduling, and on-site coordination.
Customer Service: responding to inquiries and providing support.
Communications: sending updates related to FAB26 and the Fab Lab network (you may opt out at any time).
Analytics and Improvements: analyzing service usage, website performance, and improving participant experience.
Legal and Compliance: meeting legal, accounting, and operational requirements.

HOW WE SHARE INFORMATION
We may share personal information with:

Service Providers: payment processors, email and marketing platforms, registration and ticketing platforms, and IT support providers.
Legal and Safety: law enforcement or regulatory authorities if required by law or to protect rights, safety, or property.
Business Transfers: in the event of a merger, reorganization, or similar transaction involving our operations.

We do not sell personal information to third parties.

COOKIES AND TRACKING
We use cookies and similar technologies for functionality, analytics, and usage measurement. You can control cookies through browser settings; however, disabling cookies may affect site functionality.

DATA SECURITY
We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, misuse, or alteration. No method of transmission or storage is fully secure.

RETENTION
We retain personal information only as long as needed for event administration, operational requirements, and legal compliance. Afterward, information may be deleted, de-identified, or archived as permitted by law.

YOUR CHOICES
Email Communications: You can unsubscribe from non-essential email communications using the link in the email or by contacting us.
Browser Controls: You may manage cookie settings through your browser.

CHILDREN
FAB26 is not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent in accordance with applicable U.S. law (COPPA).

NOTICE TO CALIFORNIA RESIDENTS (CCPA/CPRA)
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including the right to request access to and deletion of certain personal information. To submit a request, contact us at fabevents@fabfoundation.org
. We may need to verify your identity before responding.

CHANGES TO THIS NOTICE
We may update this Privacy Notice periodically. The “Effective Date” above indicates when the latest revision took effect. Continued use of our services after changes means you accept the updated Notice.

CONTACT
For questions about this Privacy Notice or our data practices, contact:
fabevents@fabfoundation.org

GDPR ADDENDUM
Effective January 1, 2026

This GDPR Addendum applies only to individuals located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland whose personal data is collected in connection with the FAB26 Boston event and associated online services.

DATA CONTROLLER
The Fab Foundation acts as the Data Controller for personal data collected from EEA/UK/Swiss individuals.
Contact: fabevents@fabfoundation.org

CATEGORIES OF PERSONAL DATA
We may process the following categories of personal data:
Identification Data (name, title),
Contact Data (email, postal address),
Event Participation Data (ticketing, workshops),
Payment Data (transaction metadata via payment processors),
Technical Data (IP address, device identifiers, cookies),
Special Categories (dietary or accessibility information if voluntarily provided).

PURPOSES AND LEGAL BASES
We process personal data for the following purposes and legal bases under GDPR:
Event Administration: performance of a contract (Art. 6(1)(b)).
Customer Communications: performance of a contract (Art. 6(1)(b)).
Marketing Communications: consent (Art. 6(1)(a)) or legitimate interests (Art. 6(1)(f)) when applicable.
Analytics / Service Improvement: legitimate interests (Art. 6(1)(f)).
Legal Compliance: compliance with legal obligations (Art. 6(1)(c)).
Special Categories (dietary/accessibility): explicit consent (Art. 9(2)(a)).

INTERNATIONAL TRANSFERS
Personal data may be transferred to the United States. Where required, we rely on one or more of the following mechanisms:
EEA and UK Standard Contractual Clauses (SCCs),
UK International Data Transfer Addendum (UK IDTA),
Derogations under Art. 49 GDPR where appropriate.
Copies of SCCs or information on transfer mechanisms can be requested via email.

DATA RETENTION
Personal data is retained only for as long as necessary for the purposes described above or as required by applicable law. After expiry, data is deleted or anonymized.

RIGHTS OF DATA SUBJECTS
Individuals located in the EEA/UK/Switzerland have the following rights under GDPR:
Right of Access (Art. 15),
Right to Rectification (Art. 16),
Right to Erasure (Art. 17),
Right to Restriction (Art. 18),
Right to Data Portability (Art. 20),
Right to Object (Art. 21),
Right to Withdraw Consent (where processing is based on consent),
Right to Lodge a Complaint with a Supervisory Authority.

Requests can be submitted to: fabevents@fabfoundation.org

AUTOMATED DECISION-MAKING
We do not engage in automated decision-making producing legal or similarly significant effects under GDPR Art. 22.

SUPERVISORY AUTHORITY
You have the right to lodge a complaint with your local Supervisory Authority. A list of EU Supervisory Authorities is available via the European Data Protection Board. UK individuals may contact the ICO. Swiss individuals may contact the FDPIC.