Privacy Policy

Last Modified: December 5, 2023
Introduction

At pieFi, Inc. (dba ‘Awsm’) and the Upside Cooperative LCA, we are committed to revolutionizing the way equity incentives are managed and distributed, while also prioritizing the protection of our users' personal information. Our innovative platform empowers businesses to foster an ownership mindset among a broad range of stakeholders, such as influencers, ambassadors, customers, and vendors. We are dedicated to maintaining the highest standards of data protection and privacy, in compliance with applicable laws and regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).

This privacy policy outlines our practices for collecting, using, and disclosing personal information. It applies to all interactions with our platform, including but not limited to, our website, mobile applications, and any other services provided by Awsm or its affiliates. By using our services, you agree to the collection and use of your personal information in accordance with this policy.

Please read this privacy policy carefully to understand how we handle your personal information. If you have any questions or concerns, feel free to contact us using the information provided in the 'Contact Information' section of this policy.

Data Controller

pieFi, Inc. (dba ‘Awsm’) is the data controller responsible for processing your personal data in accordance with this privacy policy. If you have any questions or concerns regarding the processing of your personal data, you may contact our Data Controller at:

Name: Samson Burton

Title: Awsm Data Controller

Email: info@awsm.com - please include “DATA CONTROLLER” in the subject line.

We are committed to addressing any concerns or issues you may have about your privacy and our data protection practices.

Personal Data We Collect

Awsm and Upside Cooperative LCA collects the following personal data from users to provide and improve our services:

Required Information:

  • First and last name
  • Physical address
  • Username

Optional Information:

  • Social media profiles (if linked by the user)
  • Customized bio section
  • User photo

Automatically Collected Information:

  • Device and usage data, such as IP address, browser type, operating system, and pages visited on our platform
  • Cookies and similar tracking technologies, to enhance user experience and for analytics purposes

We collect this data when you register for an account, use our platform, become a member of the cooperative, or otherwise interact with our services. By providing this information, you consent to its collection, use, and disclosure in accordance with this privacy policy.

Please note that Awsm and its affiliates do not sell your personal information. We may share your information with third-party service providers, as described in the 'Data Sharing and Disclosure' section of this policy, only for the purposes of providing and improving our services.

If you choose to link your social media profiles to your Awsm account, we may collect additional information available on your public profile, such as your date of birth, gender, and profile picture. This information will only be collected and used with your consent and can be removed or disconnected at any time.

Legal Basis for Processing Personal Data

Awsm processes your personal data in accordance with applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). We only process personal data when we have a legal basis to do so, as follows:

  1. Performance of a Contract: We process personal data necessary for entering into or performing our obligations under a contract with you, such as creating and managing your account, providing our services, and processing transactions.
  2. Legitimate Interests: We process personal data to pursue our legitimate business interests, such as improving our platform, services, and user experience, conducting marketing activities, and maintaining the security and integrity of our platform. We ensure that our legitimate interests do not override your rights and freedoms.
  3. Compliance with Legal Obligations: We process personal data when required by law, such as complying with tax reporting obligations or responding to lawful requests from law enforcement or regulatory authorities.
  4. Consent: In certain cases, we may process personal data based on your explicit consent, such as when you voluntarily link your social media profiles to your account, opt-in to receive marketing communications, or provide optional information for your bio and user photo. You have the right to withdraw your consent at any time by contacting us or adjusting your account settings.

We are committed to processing your personal data transparently, fairly, and securely. If you have any questions or concerns about how we process your personal data, please refer to the 'Contact Information' section of this policy.

How We Use Personal Data

Awsm and its affiliates use your personal data for various purposes in connection with our platform and services, always in compliance with applicable data protection laws, including the CCPA and GDPR. We process personal data for the following purposes:

  1. Account Creation and Management: We use your personal data to create and manage your account, authenticate your identity, and provide you with access to our platform and services.
  2. Service Provision: We use your personal data to provide, maintain, and improve our platform and services, tailor our offerings to your preferences, and ensure a seamless and personalized user experience.
  3. Communication: We use your personal data to communicate with you about our platform and services, respond to your inquiries, provide customer support, and send you important account-related updates.
  4. Marketing and Promotions: With your consent, we may use your personal data to send you marketing communications about our products and services, as well as promotions and special offers that may be of interest to you.
  5. Security and Fraud Prevention: We use your personal data to maintain the security and integrity of our platform, protect against unauthorized access and fraudulent activities, and ensure compliance with our terms of service and applicable laws.
  6. Analytics and Research: We use your personal data, including aggregated and anonymized data, to analyze platform usage, monitor trends, and conduct research to improve our platform, services, and user experience.
  7. Legal and Regulatory Compliance: We use your personal data to comply with applicable laws, regulations, and legal obligations, as well as to respond to lawful requests from law enforcement or regulatory authorities.  This includes the obligations, both legal and in terms of taxation, to which the Upside Cooperative LCA is subject.

We are committed to processing your personal data transparently, fairly, and securely. If you have any questions or concerns about how we use your personal data, please refer to the 'Contact Information' section of this policy.

Data Sharing and Disclosure

Awsm and its affiliates is committed to safeguarding your personal data and only sharing it with third parties when necessary to provide our services, comply with legal requirements, or as otherwise described in this policy. We may share your personal data in the following circumstances:

  1. Participating Businesses: We may share your personal data, such as your email address or other relevant information, with participating businesses on our platform, but only for users who are part of a specific working group or Collective associated with that business. We do not share your personal data with other participating businesses on the platform.
  2. Service Providers: We may share your personal data with third-party service providers who perform functions on our behalf, such as hosting, analytics, customer support, and marketing services. These service providers have access to your personal data only to perform their specific tasks and are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
  3. Legal and Regulatory Compliance: We may disclose your personal data if required by law or in response to lawful requests from law enforcement or regulatory authorities, as well as to protect our rights, property, or the safety of our users and the public.
  4. Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, we may transfer your personal data to the acquiring or merged entity, subject to the terms of this privacy policy and applicable data protection laws.

We are committed to processing your personal data transparently, fairly, and securely. If you have any questions or concerns about how we share and disclose your personal data, please refer to the 'Contact Information' section of this policy.

International Data Transfers

Awsm and its affiliates operate globally and may transfer your personal data to countries outside your country of residence, including to the United States, where our platform's servers and some of our service providers are located. These countries may have different data protection laws than your country of residence.

When transferring your personal data internationally, Awsm and its affiliates are committed to ensuring the protection and security of your information. To comply with applicable data protection laws, including the GDPR, we implement appropriate safeguards to ensure the lawful and secure transfer of your personal data. These safeguards may include:

  1. Standard Contractual Clauses: We may enter into agreements with our service providers or other recipients of personal data that include Standard Contractual Clauses approved by the European Commission, which provide a legal basis for the international transfer of personal data.
  2. Privacy Shield Framework: If we transfer personal data to a service provider or other recipient located in the United States, we may rely on the Privacy Shield Framework or its successor, provided that the recipient is certified under the framework and adheres to its principles.

By using our platform and services, you consent to the transfer of your personal data to countries outside your country of residence, as described in this policy. We are committed to processing your personal data transparently, fairly, and securely. If you have any questions or concerns about international data transfers, please refer to the 'Contact Information' section of this policy.

Data Retention

Awsm and its affiliates are committed to retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this policy and in the membership agreement. Our data retention periods are based on the following criteria:

  1. Legal and Regulatory Compliance: We retain your personal data for as long as required to comply with applicable laws, regulations, and legal obligations, including tax and accounting requirements.
  2. Contractual Obligations: We retain your personal data for as long as necessary to fulfill our contractual obligations with you or our business partners, as well as to enforce or defend any legal claims that may arise from those obligations.
  3. Business Necessity: We retain your personal data for as long as needed to provide our platform and services, maintain our business records, and manage our relationship with you.

When your personal data is no longer needed for the purposes for which it was collected or as required by applicable laws or regulations, we will securely delete or anonymize it in accordance with our data deletion policies and procedures.

Please note that we may retain aggregated, anonymized, or de-identified data indefinitely, as this type of data cannot be used to identify you personally and is therefore not subject to the same data retention limitations.

If you have any questions or concerns about our data retention practices, please refer to the 'Contact Information' section of this policy.

User Rights and Choices

Awsm and its affiliates are committed to ensuring that you have control over your personal data. Depending on your location and applicable data protection laws, you may have the following rights:

Rights under the GDPR (applicable to users in the European Union):

  1. Access: You have the right to request access to your personal data that we hold and to receive a copy of it.
  2. Rectification: You have the right to correct any inaccurate or incomplete personal data that we hold about you.
  3. Erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when we no longer have a legal basis for processing it.
  4. Restriction: You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest its accuracy or when the processing is unlawful.
  5. Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller without hindrance.
  6. Objection: You have the right to object to the processing of your personal data for direct marketing purposes or when the processing is based on our legitimate interests.
  7. Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Rights under the CCPA (applicable to users in California):

  1. Access: You have the right to request access to your personal data that we have collected about you and to receive a copy of it.
  2. Deletion: You have the right to request that we delete your personal data that we have collected from you, subject to certain exceptions.
  3. Opt-Out: You have the right to opt-out of the sale of your personal data, if applicable. Please note that Awsm does not sell your personal data.
  4. Non-Discrimination: You have the right not to be discriminated against for exercising your rights under the CCPA, including being denied goods or services, being charged different prices, or receiving lower quality services.

To exercise any of your rights, please refer to the 'Contact Information' section of this policy or use the tools provided within our platform. We may require you to verify your identity before processing your request.

Please note that some rights and choices may be limited or unavailable depending on your location, the nature of the data processing, or other factors. If you have any questions or concerns about your rights and choices, please contact us as specified in the 'Contact Information' section of this policy.

How to Exercise Your Rights

If you wish to exercise any of your rights under the GDPR, CCPA, or other applicable data protection laws, you can do so by following the steps outlined below. We are committed to making the process as simple and efficient as possible.

  1. Contact Us: To exercise your rights or to make any inquiries, please contact our Data Controller or our designated representative using the contact information provided in the 'Contact Information' section of this policy. You may also submit your request through our platform, if applicable.
  2. Provide Information: In your request, please provide sufficient information to enable us to understand the nature of your request and to verify your identity. This may include your name, email address, user ID, or other relevant details. In some cases, we may ask for additional information or documentation to verify your identity before processing your request.
  3. Processing Time: We will respond to your request as soon as possible, and in any case, within the timeframes specified by applicable data protection laws. For GDPR requests, this is generally within one month of receipt of your request, although we may extend this period by up to two additional months if necessary, taking into account the complexity and number of requests. For CCPA requests, we will respond within 45 days of receipt of your request, with a possible extension of an additional 45 days if necessary.
  4. No Fee: We will not charge you a fee for exercising your rights, except in cases where your request is manifestly unfounded or excessive, such as when you submit repetitive requests. In such cases, we may charge a reasonable fee to cover our administrative costs or refuse to act on your request.
  5. Assistance: If you need assistance in exercising your rights or have any questions about the process, please do not hesitate to contact our DPO or our designated representative using the contact information provided in the 'Contact Information' section of this policy. We are here to help you and ensure that your rights are respected.

Please note that some rights and choices may be limited or unavailable depending on your location, the nature of the data processing, or other factors. If you have any questions or concerns about your rights and choices, please contact us as specified in the 'Contact Information' section of this policy.

Security Measures

Awsm and its affiliates are committed to protecting the security of your personal data. To ensure the confidentiality, integrity, and availability of your data, we have implemented a variety of industry-standard technical, organizational, and administrative measures, including:

  1. Encryption: We use encryption technologies, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), to protect your personal data when it is transmitted over the internet.
  2. Access Control: We limit access to your personal data to only those employees, contractors, and service providers who have a legitimate need to access the information for the purpose of providing our services or supporting our operations.
  3. Regular Audits and Assessments: We conduct regular audits and assessments of our information security practices, systems, and infrastructure to identify and remediate potential vulnerabilities and ensure that we maintain the highest level of security.
  4. Training and Awareness: We provide ongoing training and awareness programs for our employees to ensure that they understand and adhere to our data protection policies and procedures.
  5. Incident Response: We have a robust incident response plan in place to detect, respond to, and mitigate any security incidents that may occur.

While we strive to protect your personal data, no security measures can guarantee absolute security, and we cannot guarantee that your personal data will be completely secure from unauthorized access, use, or disclosure. If you have any questions or concerns about the security of your personal data or would like more information on the measures we take to protect your information, please contact us using the contact information provided in the 'Contact Information' section of this policy.

Changes to the Privacy Policy

We may update our privacy policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make changes, we will update the 'Last Updated' date at the top of this policy and, if the changes are significant, we may provide additional notice, such as by sending an email notification, posting a notice on our platform, or otherwise communicating the changes to you in an appropriate manner.

We encourage you to review this privacy policy periodically to stay informed about our data protection practices and the ways in which we are protecting your personal data. Your continued use of our platform and services following the posting of any changes to this policy constitutes your acceptance of those changes.

If you have any questions or concerns about this privacy policy or our data protection practices, please contact us using the contact information provided in the 'Contact Information' section of this policy.

Contact Information

If you have any questions, concerns, or complaints about this privacy policy, our data protection practices, or the way we collect, use, share, or secure your personal data, please contact our Privacy Team:

Name: Awsm Privacy Team

Email: info@awsm.com - please include “PRIVACY POLICY” in the subject line

We are committed to working with you to resolve any concerns or complaints you may have about your privacy and our data protection practices.