1. Introduction

Pattern Inc. and its subsidiaries and affiliates (“Pattern“, “we,” “us” or “our“) respect your privacy. This Privacy Policy describes how we collect, use, and share your personal data when you use the Pattern website (https://pattern.com/), the Pattern marketplace services including when you shop on our online stores and when you place orders with our storefronts, when you use our software and when you create an account with us (collectively, our “Services“).

The purpose of this Notice is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process your personal data. The following is a brief summary of the manner and purposes for which we process your personal data.

2. Application

This Notice relates to your personal data, i.e. data about you, an individual, from which you can be identified.

This Notice therefore does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual (such as anonymised data, aggregated data, or data which, in a given form, cannot be identified, directly or indirectly, with a specific individual (“Anonymised and Aggregated Data“). We reserve the right to generate Anonymised and Aggregated Data extracted out of any databases containing your personal data and to make use of any such Anonymised and Aggregated Data as we see fit.

While this Notice is intended to establish a standard for our information processing activities globally, those processing activities may be more limited in some jurisdictions based on the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those circumstances, we comply with relevant local laws and regulations.

3. Changes to the Privacy Policy

We may update this Notice from time to time and the updated version of this Notice will be effective upon posting on the Services. Please check this page to review the most up-to-date version of this Notice.

4. Responsibility for Data Control & Processing

Where your personal data is collected and processed in connection with our Services, Pattern is the entity which is responsible for processing the data. If you have any questions or concerns about Pattern’s use of your personal data, please contact John Clawson, VP of Information Security, at privacy@Pattern.com.

5. Country of Processing

We operate the Services from the United States of America (USA) and our data collection and processing activities take place predominantly in the USA. Accordingly, data collected from users when using our Services is collected in the USA. We store and otherwise process data (including personal data) through third party cloud service providers and other IT service providers which may be located or which may operate in other countries.

6. How We Collect & Use Your Personal Data

(g) Advertising Identifiers. Advertising identifiers are unique strings associated with your mobile device that are provided by the operating system. Certain advertising identifiers may be modified or disabled by users in the operating system’s settings. (h) Location Data. When you access or use the Services using a mobile device, we may access, collect, monitor and/or remotely store “location data,” which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your device. Location data may convey to us information about how you browse and use the Services. Some features of the Services, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled. (i) Commercial Communications. Insofar as permitted under applicable law, we may use the information we collect or receive to communicate directly with you in relation to the Services or related services we offer. Subject where legally required to your consent to receiving such communications, we may use the information to communicate with you in relation to other services that we and our affiliates offer. For example, we may use the information to send you emails containing newsletters, promotions and special offers. We may also use the information to send you service-related notices (e.g., account verification, technical and security notices). (j) Use of Certain Service-Type information. We may use information from cookies, log files, device identifiers, location data, clear GIFs and other tools to: (i) remember information so that you will not have to re-enter it during your visit or the next time you use the Services; (ii) provide custom, personalized content or information to you or others; (iii) monitor the effectiveness of the Services; (iv) monitor aggregate metrics, such as total number of visitors, traffic and demographic patterns; (v) diagnose or fix technology problems; (vi) provide advertising to your browser or device; and (vii) conduct research or surveys. (k) Use of information with Your Consent. We may use your information for any other purpose for which you provide consent.

7. Automated Decision-Making

We do not envisage that any decisions will be taken about you based solely on automated decision-making that will have a significant impact on you. However, we will update this Notice if this position changes.

8. The Purposes for Which We Use Your Personal Data

The purposes for which we collect and store your personal data are the following:

(a) To enable us to deliver the Services to you and to enable you to use them efficiently; (b) To perform our contractual obligations to purchasers of our products and to fulfill orders made on our storefronts for our products; (c) Insofar as permitted under applicable law, to communicate with you in relation to the Services and other services that we or our affiliates offer; (d) To personalize, test, monitor, improve and upgrade the Services; (e) For loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties (f) To meet our legal obligations and the regulatory requirements to which we are subject, if necessary to assist law enforcement and respond to subpoenas or court orders; and (g) For our internal business purposes, such as compiling and analyzing usage information for general operational, statistical and business purposes.

9. Your Responsibilities

It is important that the personal data we hold about you is accurate and current. If you provided us with any details of personal data, please keep us informed if such details change.

10. Legal Basis for Processing Your Data

The processing of your information is lawful on the basis of the following:

(a) Where relevant, the fulfillment of our contractual obligations to you or at your request prior to entering into a contract with us, where we process your information at your request as part of the Services; (b) Compliance with legal obligations to which we are subject, including to comply with legal process (see further below); (c) our legitimate interests in (among other things) providing and administering the Services, conducting commercial research, improving and maintaining the Services, personalizing and tailoring content made available to you through the Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change (see further below), protecting and defending our rights or property, required institutional risk control, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of the Services; and (d) where none of the above applies, where relevant, we may rely on your consent for the processing of your data.

11. How We May Share Your Information

(a) Business Associates and Service Providers. We may share information about you with third-party business associates and service providers that perform services on our behalf in connection with the Services, for examples, providers of information technology support services or data analytics services. Where your information is shared with such third parties, we ensure that the third party service provider will deal with your information only on our behalf and on our written instructions and solely for the benefit of our business (and not for its own benefit).

(b) Supplier of products purchased on our storefronts. Where necessary, we may provide details of an order including your personal information to suppliers of the products that you ordered. We would only disclose personal information of a purchaser to the supplier of the product if this is necessary to address any problems in fulfilling the order or in other specific circumstances.

(c) Business Change. If we become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer your information to successor party or parties in connection with such transaction or change in ownership or legal structure.

(d) Necessary Disclosure. We may disclose information about you to third parties to: (i) enforce or apply our contractual or legal rights; (ii) comply with laws, subpoenas, warrants, court orders, legal processes or requests of government or law enforcement officials; (iii) protect our rights, reputation, safety or property, or that of our clients or others; (iv) protect against legal liability; (v) establish or exercise our rights to defend against legal claims; or (vi) investigate, prevent or take action regarding known or suspected illegal activities, fraud, violation of our rights, reputation, safety or property, or those of our users or others; or as otherwise required by law.

(e) Sharing information. We may share certain service-type information, including information obtained through tools such as cookies, log files, device identifiers, location data and clear GIFs (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with our third-party business associates who may use such information for the purposes described in the section titled “How We Collect and Use information.”

(f) Aggregated data. As mentioned above, we may also aggregate or otherwise strip information of all personally identifying characteristics and may share that aggregated, anonymized data with third parties or publish it. This data does not personally identify you and helps us to measure the success of the Services and their features and to improve your experience. We reserve the right to make use of any such aggregated data as we see fit.

12. How We Protect Your Information

We take certain physical, technological and administrative measures to protect the information you provide through the Services against loss, theft, and unauthorized access, use, disclosure or modification. However, we cannot ensure or warrant the security of any information you transmit to us or guarantee that information on the Services may not be accessed, disclosed, altered or destroyed. Email sent to or from the Services may not be secure. You should use caution whenever submitting information online and take special care in deciding what information you send to us via email.

We cannot guarantee that transmissions of your personal data will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners. We assume no liability for disclosure of your information due to transmission errors, third-party access or causes beyond our control.

13. Your Choices About Your Information

(a) Controlling Your Settings. You can limit your browser or mobile device from providing certain information by adjusting the settings in the browser, operating system or device. Please consult the documentation for the applicable browser, operating system or device for the controls available to you. You can also stop receiving promotional emails from us by following the unsubscribe instructions in those emails. Note that unsubscribe is not available for certain emails concerning your relationship or dealings with us (e.g. emails sent to customers in relation to purchases made using the Services).

(b) Do Not Track. At this time, we do not recognize “do not track” signals sent from web browsers. In some cases, your browser may offer a “Do Not Track” option, which allows you to signal to operators of websites, mobile applications, and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites and mobile applications and services. Disabling tracking mechanisms may disable certain features of the Services. To disable tracking, please consult the documentation for you browser, operating system or mobile device. For some devices, it may not be possible to disable tracking mechanisms. You may also disable tracking by certain third-party services by opting out:

Google Analytics https://tools.google.com/dlpage/gaoptout/ ScorecardResearch http://scorecardresearch.com/optouttag.aspx AdChoices http://www.youradchoices.com/faq.aspx]

14. How Long We Keep Your Information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

15. Children’s Privacy

The Services are not directed to children and are intended for use by adults only. We do not knowingly collect information from individuals under 16 years of age. If you are under the age of 16, please do not submit any information through the Services.

16. Third-Party Sites & Services

The Services may reference or provide links to other websites, applications, or resources. If you access any website, application, or resources provided by a third party, our Privacy Policy will not apply. Your interactions with such websites, applications, and resources are subject to the privacy policies of the third parties that operate them. Please review those policies carefully to understand how those parties will treat your information.

17. EU and UK Privacy Rights

Users based in the European Union and the United Kingdom have the following legal rights in respect of their information:

(a) The right to require Pattern to confirm whether or not their information is being processed, the purpose of any such processing, the recipients of any information that has been disclosed, the period for which their information is to be stored and whether any automated decision-making processes are used in relation to their information; (b) The right to require Pattern to rectify inaccurate information; (c) Where Pattern has relied on the ‘consent’ basis for processing that information (see above), the right to withdraw their consent at any time. This right to withdraw consent does not affect the lawfulness of processing based on consent before its withdrawal; (d) The right to request the erasure of their information in certain circumstances (for example, information is no longer necessary in relation to the purpose for which it was collected); (e) The right to require Pattern to restrict its processing of a user’s personal data in certain circumstances, such as where the accuracy of that data is disputed or an objection has been raised; (f) The right (in certain circumstances) to receive their personal data in a structured, commonly used and machine-readable format; (g) The right to object (in certain circumstances) to the processing of personal data; (h) Users have the right to lodge a complaint with the data protection supervisory authority of the United Kingdom or the EU member state where the user resides.

Please note that the above legal rights are subject to various conditions and exceptions including where the data is used for statistical or scientific research purposes and the exercise of the right would prevent such purposes from being attained or would seriously impair their attainment.

18. California Privacy Rights

(a) California Consumer Privacy Act. If you are a California resident, the information below applies to you. Certain terms used in this section have the meanings given to them in the California Consumer Privacy Act of 2018 (“CCPA”).

(b) Categories of Personal Information Pattern has collected from or about its customers in the preceding 12 months.

• Identifiers (e.g., name, mailing address, email address, phone number, credit/debit card number)

• Characteristics of protected classifications (e.g., gender, age)

• Commercial information (e.g., products or services purchased, purchase history)

• Internet activity (e.g., browse or search history)

• Geolocation data (e.g., latitude or longitude)

• Audio, electronic, or similar information (e.g., recording of guest service calls)

• Inferences drawn from any of the above (e.g., preferences or characteristics)

(c) Categories of sources from which Pattern has collected Personal Information about customers.

• Storefronts on various online marketplaces

• Pattern’s and its affiliates’ websites

(d) Business or commercial purposes for which Pattern has collected Personal Information about customers in the preceding 12 months (for more information, see the Purposes for Which We Use Your Personal Information section of this privacy policy).

• Performing services, including selling products, providing customer service, processing or fulfilling orders and transactions, providing customer service, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services;

• For analysis including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;

• Marketing and promotional communications;

• To personalize, test, monitor, improve and upgrade the Services;

• For our internal business purposes, such as compiling and analyzing usage information for general operational, statistical and business purposes; and

• Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity.

(e) Categories of Personal Information Pattern has sold about customers in the preceding 12 months.

• None.

(f) Categories of Personal Information Pattern has disclosed for a business purpose in the preceding 12 months.

• Identifiers (e.g. name, mailing address, email address, phone number, credit/debit card number)

• Characteristics of protected classifications (e.g. gender, age)

• Commercial information (e.g. products purchased, purchase history)

• Internet activity (e.g., browse or search history)

(g) Non-Discrimination. Pattern will not discriminate against you because you exercise your rights. For example, Pattern will not deny you goods or services or charge you a different price or rate for goods or services if you make an access, deletion, or do not sell request.

(h) Your Rights. You have the right to make the following requests under the CCPA:

• Access Request: request that Pattern disclose any or all of the following information

• Categories of Personal Information (“PI”) we collected about you during the preceding 12 months

• Categories of sources from which Personal Information is collected

• Business or commercial purpose for collecting or selling Personal Information

• Specific pieces of Personal Information we collected about you

• Categories of Personal Information Pattern has sold about you

• Categories of third parties to whom the Personal Information was sold

• Categories of Personal Information disclosed about you for a business purpose

• Categories of third parties to whom Personal Information was disclosed for a business purpose

• Deletion Request: request that Pattern delete Personal Information that it collected from you

• Do Not Sell My Info: request that Pattern opt you out of the sale of your Personal Information

(i) Submitting Requests. You can exercise any of your rights under the CCPA by emailing us at privacy@pattern.com or via mail at: Pattern Inc. 1441 W. Innovation Way, Suite 500 Lehi, UT 84043

(j) Shine the Light. Under California Civil Code Section 1798.83, if you are a California resident and your business relationship with us is primarily for personal, family or household purposes, you may request certain data regarding our disclosure, if any, of information to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to privacy@pattern.com with “Request for California Privacy information” in the subject line. You may make such a request up to once per calendar year. If applicable, we will provide to you via email a list of the categories of information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses. Please note that not all personal data sharing is covered by Section 1798.83’s requirements.

19. Questions/Contacting Us

If you have any questions regarding this Privacy Policy or if you wish to make a request in accordance with paragraphs 17 or 18 above, you may email us at privacy@Pattern.com or contact us by mail addressed to: Pattern Inc. 1441 W. Innovation Way, Suite 500 Lehi, UT 84043 United States of America