PRIVACY POLICY PERFECTLY IMPERFECT INC


Last Updated: January 18th, 2024


  1. ​ 1. INTRODUCTION:


    Welcome to Perfectly Imperfect!


    Whether you are a user or visitor to our websites and/or applications, your privacy is of the upmost importance to us. Please carefully read this Privacy Policy—it addresses how Perfectly Imperfect and/or our designees, affiliates, assigns, and other third parties (individually and collectively, “we”, “us”, “our”, or “PI”) collect and/or process your Personal Data, with whom we may share such data, what we do to protect such data, and how you can exercise your rights regarding such data when using our Services.


    Given the global nature of the Internet, we may process the Personal Data of residents of the European Union (“EU”), and to that end, this Privacy Policy will provide all information required by the Regulation (EU) 2016/679 of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”). In addition, as we are subject to the provisions of the California Consumer Privacy Act of 2018 (“CCPA”), this Privacy Policy will also take into consideration the specificities of this Act for the benefit California residents.


    This Privacy Policy applies to the Personal Data that we may collect and/or process via the Services (i.e., using our Platforms and/or Applications). This Privacy Policy does not apply to Services that may be provided by third parties you may use, access, and/or otherwise be redirected to while using the Services.


    This Privacy Policy will remain in full force and effect during the duration of your use of and/or access to the Services, and for as long as we may continue to collect and/or process your Personal Data.


  2. 2.​ DEFINITIONS:


    Capitalized terms have the meaning given to them in this Section 2, whether used in plural or singular form:


    Applicable Data Protection Laws” means any laws and/or regulations applicable to the Parties hereunder according to the nature of the Personal Data processed and/or the location of the User.


    Application(s) / App(s)” means the PI-branded mobile, web, tablet, desktop, and/or other applications made available to User by PI through any media or method now known or hereinafter devised.


    "Platform(s)"means PI’s owned and/or operated websites and other digital products and/or services, such as its main platform located at www.perfectlyimperfect.fyi, and all other corresponding pages.


    GDPR” means the above-referenced regulation concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data.


    Parties” means the parties to this Privacy Policy and/or Terms of Use, i.e., PI and User.


    Personal Data” means any data and/or information relating to an Identified/Identifiable Natural Person; it being understood that an “Identified/Identifiable Natural Person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number,

    location data, an online identifier such as a social media handle, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, and/or social identity of that natural person.


    Profile” means User’s dedicated account and/or environment when registered on the Platform and/or App.


    Services” means all functionalities/features made available to User through the Platforms and/or Apps. “User” means any visitor and/or registered individual on and/or using the Platforms and/or Apps.

    All other terms used but not defined herein shall have the meaning set forth in Article 4 of the GDPR.


  3. 3.​ DATA CONTROLLER:


    The Platforms and Apps are edited by Perfectly Imperfect INC, company organized and existing under the laws of the United States, with an office located at 191 President St., #2, Brooklyn, New York 11231. We act as Controllers for the processing of Personal Data.


  4. 4.​ PERSONAL DATA THAT WE COLLECT:


    Depending on your status and/or activities on the Platforms and/or Apps, we may collect different categories of Personal Data directly from you and/or from third-party websites, for example, when you choose to register on the Platforms and/or Apps with one of your social networks’ accounts.


    Visitors/Users (Global)

    Activity

    Categories of Personal Data

    1. Using/visiting the Platforms

    • Browsing data.

    • Data collected by the use of cookies (if/when you consent to their use).

    2. Using cookies according to the Cookie Policy

    • Browsing data.

    3. Contacting PI support team

    • Contact data.

    • Content of your request.

    4. Users exercising their data protection rights

    • Identification data.

    • Contact data.

    • Content of the request.

    • Data necessary to reply to the request.

    5. Establishing statistics related to the performance of the Platforms and/or Apps

    • Aggregate data.

    • Browsing data.

    6. Complying with legal requests/litigation

    • Data necessary to prove PI’s compliance to its obligations and/or manage legal proceedings.


    Users (Global)

    Activity

    Categories of Personal Data

    1. Register on the Platforms and/or Apps

    • Personal Data collected and processed by third-party websites if you register with a third-party account (e.g., Instagram, Spotify, etc.).

    • Email address.

    2. Manage and complete your Profile

    • Identification data: first and last name, profile picture, social media handle, etc.

    • Contact details: phone number, email address.

    • Professional data: company name.

    3. Publish posts, content, comments, and messages

    • Identification data.

    • Content of the post (e.g., written works, works of art, ideas/concepts, photographs, links, etc.).

    • Target recipients of the message.

    4. Subscribe or consent to newsletters from PI and/or your followed friends

    • Identification data.

    • Contact details.


  5. 5.​ PURPOSE AND LEGAL BASES OF DATA COLLECTION:


    The purpose and legal basis of the processing of your Personal Data differs depending on your activities.


    Visitors/Users (Global)

    Activity

    Purpose

    Legal Basis

    1

    Editing and allowing access to a public Platform and/or App.

    • Legitimate interest of PI to edit a public Platform.

    2

    Offering a means of communication between PI and any Users/visitors.

    • Legitimate interest of PI to offer its Users/visitors an efficient way to communicate with PI.

    3

    See Cookie Policy

    • Legitimate interest for necessary or exempted cookies (e.g., cookies enabling the operation of the Platform).

    4

    Responding to your request for information related to the Services or request for assistance.

    • Legitimate interest of PI to offer you a means to contact relevant support teams.

    • Contract (Terms of Use).

    5

    Manage request(s) relating to your data protection rights.

    • Legitimate interest of PI to offer you a means to contact relevant support teams.

    • Contract (Terms of Use).

    6

    Enhance and improve the Services, Platforms and/or Apps.

    • Legal obligation of PI regarding GDPR and CCPA compliance.

    • Legitimate interests of PI to offer optimized Services.

    7

    Justify and demonstrate PI’s compliance with legal obligations in case of legal request and/or legal proceedings.

    • Legitimate interest of PI to demonstrate its compliance.


    Users

    Activity

    Purpose

    Legal basis

    1

    Allow access to the Services.

    • Contract (Terms of Use).

    2

    Allow you to complete your Profile.

    • Legitimate interest of PI to provide you with the possibility to amend and

    3

    Allow you to use the Services, get personalized

    content, share content with friends, etc.

    • Contract (Terms of Use).

    4

    Allow you to publish and share content.

    • Contract (Terms of Use).

    6

    Communicate with you depending on your settings on news and events, updates, etc.

    • User consent.

    7

    Allow you to share content, photos, etc.

    • Contract (Terms of Use).

    8

    Allow you to make payments on the Platform.

    • Legitimate interest of PI to improve the User experience on the Platform.

  6. 6.​ RECIPIENTS OF YOUR PERSONAL DATA:


    PI remains responsible for processing that it carries out in connection with your Personal Data, as the Controller of such Personal Data. Where your Personal Data is communicated to recipients described below, PI undertakes to ensure that these recipients comply with data protection regulations and respects your right to privacy. For instance, with respect to our designees, affiliates, assigns, and other third parties, PI enters into data processing agreements (where necessary) to safeguard the processing of your Personal Data, and in doing so, these recipients are liable to us regarding the security and confidentiality of your Personal Data at all stages of the processing that they carry out. However, please note that for activities carried out outside of the Platforms and/or Apps (e.g., if you are redirected on a third-party platform or application), PI will no longer act as Controller of your Personal Data. Therefore, you must refer to such third-party’s data protection policy to know more about their commitments and your rights.


    1. 6.1.​ Internal Recipients:Your Personal Data will only be disclosed to our authorized designees, affiliates, assigns, employees, owned entities, etc. that may require access to fulfill their goals/missions (e.g., support teams, developers, etc.). Such parties are specifically trained and made aware of the sensitivity of your Personal Data and the requirements necessary to ensure the protection of your right to privacy.


    2. 6.2. ​ Processors:In order to provide the Services, PI may communicate your Personal Data (including payment details) to other entities acting as data processors:


      • Amazon Web Services, Render.com, Cloudflare, Substack – website/newsletter hosting services;

      • Google Analytics – capturing User analytics;


      • Sentry – bug/error tracking software;

      • Stripe – payment/credit card processing.


    3. 6.3. Partners and Third Parties:


      In order to provide the Services, PI may communicate your Personal Data to third party service providers (e.g., Stripe), and direct you via third-party links to certain third-party websites.


      These partners and third parties are acting as Controllers and have their own terms of services and privacy policies, which you should carefully read if using their services.


      Examples of such partners and third parties include: social or music networks (e.g., Instagram, Spotify) offering you the ability to register on the Platform with your account on such networks and/or sync your accounts with your Profile; and payment processors, like Strip, that may be linked to your account which store and process your payment details, offering you the ability to access premium content on the Platform.


    4. 6.4. ​ Other Users:By sharing your Personal Data publicly or otherwise on the Platforms and/or Apps, other Users may have access to your Profile and any Personal Data you may share thereon, such as posts.


      6.5. Judicial, Administrative, and Other Authorities:PI may share or disclose your Personal Data if it is required to do so by law, by a request from a competent authority, to comply with a court order, to obtain legal remedies or defend PI’s rights, to contribute with investigations (e.g. fraud, identity theft, etc.), etc.

      6.6. Corporate Transactions or Events:PI may disclose some or all of your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition, or in any other situation where Personal Data may be disclosed or transferred as one of our business assets.


  7. 7.​ DATA PRIVACY FRAMEWORK:


    PI is based in the United States of America, and we process and store information on servers located in the United States. We may store information on servers and equipment in other countries depending on a variety of factors, including, but not limited to, the locations of Users and other third party service providers. By accessing and/or using the Services and/or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the United States and other countries, where you may not have the same rights as you do under local law. When we transfer the Personal Data of Users in the EEA, UK, and/or Switzerland, we rely on the Standard Contractual Clausesapproved by the European Commission for such transfers or other transfer mechanisms deemed ‘adequate' under applicable laws.


  8. 8.​ DISPUTE RESOLUTION & BINDING ARBITRATION:


    If you have any inquiries or complaints about our privacy practices, please contact us at: [email protected]. We will respond to your inquiry promptly.


    Within the scope of this privacy policy, if a privacy complaint or dispute cannot be resolved through our internal processes, we agree to participate in the VeraSafe Data Privacy Framework (“DPF”) Dispute Resolution Program, an alternative dispute resolution provider based in the United States. Subject to the terms of the VeraSafe DPF Dispute Resolution Program, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe, please submit the required information to VeraSafe here: https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/.


    If neither PI nor VeraSafe resolves your complaint, you may have the right to require that we enter into binding arbitration with you through the ICDR-AAA under the EU-U.S. DPF Principles under the terms and conditions listed on Annex I: Arbitral Model of the EU-U.S. DPF.


  9. 9.​ U.S. REGULATORY OVERSIGHT:


    You are hereby informed that your Personal Data shared on the Platforms and/or Apps are processed by PI and stored in the United States of America. PI and its affiliated entities at all times comply to the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) as set forth by the U.S. Department of Commerce. We may be required to disclose personal information that we handle under the EU-U.S. DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


  10. 10.​ RIGHTS REGARDING YOUR PERSONAL DATA:


    The GDPR and the CCPA give Users certain rights related to the use of their Personal Data by PI, such as:


    • The right to access your Personal Data, meaning the right to be informed on which of your Personal Data is processed by PI and request a copy of such Personal Data.

    • The right to rectify your Personal Data held by PI.

    • The right to ask for the erasure of your Personal Data held by PI.

    • The right to restrict the processing of your Personal Data by PI.

    • The right to object to any processing of your Personal Data carried out by PI.

    • The right to withdraw your consent to any processing of your Personal Data freely and at any time.

    • The right to ‘data portability’, meaning you can request a copy of your Personal Data in a readable format and the right to ask for your Personal Data to be transferred to another party’s service.

    • The right not to be subject to ‘automated decision-making’, meaning the right not to be subject to a decision based solely on automated decision-making, including, without limitation, profiling, where the decision would have a legal effect on you or produces similarly significant effects.

    • The right to opt-out of the sale of your Personal Data.

    • Please note that PI does not and will not sale your Personal Data to any third-party.

    • The right to non-discrimination when you exercise one of the above-mentioned rights.


    The above-mentioned rights may be limited in scope by legal restrictions.


    At any time, whenever a processing of your Personal Data is based on your consent (such as your consent to receive news and/or other marketing communications), you may withdraw such consent at any time and free of charge. When receiving marketing communications and/or other news, you may directly “unsubscribe” at the end of each communication. Also, you may personalize your choices regarding marketing communications directly via your Profile and choose different settings regarding your privacy.


    If you wish to exercise your rights, please contact us directly: [email protected]. Please mention the subject of your request and other necessary details to allow for its management by our teams.


    If you are a California resident, you have additional rights under the CCPA, including, but not limited to, the right to opt-out of any sales or sharing of your personal information, to request access to and information about our data practices, and to request deletion or correction of your personal information, as well as the right not to be discriminated against for exercising your privacy rights. PI does not “sell” or “share” personal information as those terms are defined under the CCPA. We do not use or disclose sensitive personal information except to provide you with the Services, or as otherwise permitted by the CCPA.


    In the last twelve (12) months, we collected the following categories of personal information from California residents, depending on the Services used:(1) identifiers, such as your PI username, email address, IP address, and cookie information; (2) Internet or other electronic network activity information, such as information about your activity on our Services, and (if applicable) limited information about your activity on the services of advertisers who may use our advertising technology;(3) geolocation information based on your IP address, or more specific location information if you authorize your device to provide it to us; (4) your messages with other Users (e.g., private messages and chats); (5) audiovisual information in pictures, audio, or video content submitted to PI; and (6) inferences that we may make based on other collected data, for purposes such as recommending content, advertising, and analytics.


    If you are a California resident and wish to request information about how to exercise your third-party disclosure choices, please send a request as set forth herein. All requests must be labeled “Your California Privacy Rights” on the form. For all requests, please clearly state that the request is related to “Your California Privacy Rights”, include your name, street address, city, state, zip code, and e-mail address (your street address is optional if you wish to receive a response to your request via email) and indicate your preference on how our response to your request should be sent (email or postal mail). We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

    When sending a request to exercise your rights, PI may need to ask for a means to verify your identity before actually processing your request. PI undertakes to take all appropriate measures to ensure that it responds to your requests as efficiently as possible and under legal time limits set by the GDPR.


    When sending a request to exercise your rights, PI may require you to pay reasonable fees related to the administrative costs incurred to answer your request if it is deemed to be manifestly unfounded or excessive.


  11. 11.​ APPLICABLE DATA RETENTION PERIODS:


    It is not possible for PI to retain your Personal Data indefinitely. We have worked on establishing proportionate data retention periods for your Personal Data, adapted to the processing that we carry out.


    In general, we will keep your Personal Data related to your Profile on the Platforms and/or Apps as long as you use our Services and in order to ensure their performance. We may also keep your Personal Data for adequate periods of time to ensure that we comply with our legal obligations.


    Your Personal Data used for marketing purposes (such as sending you newsletters, marketing content, etc.) is kept for three (3) years from your last contact with PI or until you withdraw your consent or object to such reception of marketing communications. After the retention period, your Personal Data will be destroyed or anonymized according to Applicable Data Protection Laws. Your Personal Data related to the proof of validity of consent will be kept for five (5) years from the collection of your consent and in intermediate archiving (i.e., meaning that the access to such data is subject to authorization or specific access rights). Finally, some of your Personal Data may also be kept for a longer period of time, in intermediate archiving, to allow for the management of claims and/or litigations related to PI.


  12. 12.​ SECURITY AND CONFIDENTIALITY:


    PI has implemented organizational and technical security measures to ensure the confidentiality and integrity of your Personal Data. These include administrative, organizational, technical, and physical measures designed to protect your Personal Data from loss, theft, unauthorized access, unauthorized transmission, modification, or destruction. In all cases, PI will assess the nature of the security measures to implement depending on the nature of the data processed, and the risks incurred by the processing.


    All collected Personal Data is stored in a confidential manner and protected at a very high level of security. The servers where this Personal Data is stored complies with security standards currently in force. They are protected against cyber-attacks and physical attacks. However, despite these efforts, PI cannot guarantee the infallibility of this protection because risks may inevitably arise during the transmission of Personal Data. No method of transmission over the Internet or via mobile devices, or method of electronic storage, is 100% secure, so we cannot guarantee its absolute security. You should take certain steps to protect your Profile and Personal Data as well, such as by choosing a strong password and keeping such password private, and logging out of your Profile when you are finished using it. Please read your applicable Terms of User to learn more about the steps you should take to ensure the security of your Profile.


    PI will not be responsible for any actual or consequential damages that result from a lapse in compliance with this Privacy Policy because of a technical malfunction or a breach in security.


  13. 13.​ LINKS TO THIRD-PARTY WEBSITES AND SERVICES:


    The Services may be linked to, rely on and/or be integrated with websites, applications, interfaces, services, and platforms operated by other companies, including, but not limited to, third-party advertising

    providers and third-party platforms. The Services may also feature advertisements from other third parties. PI is not responsible for the privacy practices or the content of such third-party services. For example, Users may be redirected to third-party websites when clicking on smart links inserted on messages/posts published on the Platforms and/or Apps, etc. Any information you provide via those services is subject to the applicable privacy policies of such third-party services and is not covered by this Privacy Policy.


  14. 14.​ USE OF COOKIES:


    When you visit our Platforms and/or Apps, use our Services, or visit a third-party website for which we provide certain services (such as artists websites), we and our business partners may use cookies and other tracking technologies to customize and improve your user experience, the Services you use, and other online content and advertising, measure the performances of promotions and establish analytics, etc.


    Certain aspects and features of the Services are only available through the use of cookies and trackers, so if you choose to disable or decline them, your use of the Platforms, Apps and Services may be limited.


    Please review our Cookie Policy to learn more about how we use such cookies, why we use them and how you may change your privacy settings regarding such use.


  15. 15.​ OUR PRACTICES REGARDING MINORS:


Depending on your country of residence, the age of majority to use information society services, such as the Platforms and/or Apps, may differ from 13 years old to 16 years old.


The Platforms, Apps, and Services are not directed towards minors. Specifically for Users, the Terms of Use and the registration process provide for such prohibition, and Users confirm that they have reached the legal age of majority to use information society services in compliance with their country of residence.


If PI is made aware that it processes the Personal Data of a minor, we undertake to promptly delete such Personal Data. If you have reason to believe that we process Personal Data from a minor, please complete the Privacy Request form so we can acknowledge this situation and react adequately.


For users in the United States, please also visit consumer.ftc.gov for information from the Federal Trade Commission about protecting children’s privacy online.


  1. 16. ​ USEFUL CONTACTS:


    If you have any questions, concerns, criticisms or feedback about our privacy practices or any of the terms or conditions of this Privacy Policy, please feel free to contact us via the below means. Although we urge you to contact us to find a solution for every concern you may have, you always have the right to lodge a complaint with your competent data protection authority.


    Contacts:

  2. 18.​ MODIFICATION OF THIS PRIVACY POLICY:


From time to time, we may modify this Privacy Policy to reflect industry initiatives, third-party requirements or changes in the law, technology, our practices regarding the collection of Personal Data or the addition of new features and Services. Such modifications shall be effective upon posting.

If we substantially change our Privacy Policy, we will notify you of such changes by posting them on the Platform or by sending you an email or other notification to Users. We advise you to regularly review this Privacy Policy in order to have a full understanding of how your Personal Data is used.


PERFECTLY IMPERFECT INC 2024