Privacy Policy

1. Introduction and Scope

The Dark Poet Studio ("Company", "we", "us", or "our") is committed to protecting your privacy and handling your personal information with transparency, integrity, and respect. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, with whom we share it, and what rights you have in relation to it.

This Policy applies to all visitors, clients, and users who access our website at www.thedarkpoet.studio, submit inquiries, book our services, purchase products, or otherwise interact with us online or offline. It governs all personal data processing activities of the Company and applies globally, with specific provisions for California residents and for users in the European Union and United Kingdom.

2. Identity of the Data Controller

The data controller responsible for your personal information is:

The Dark Poet Studio

Website: www.thedarkpoet.studio

Contact: legal@thedarkpoet.studio

For privacy-specific inquiries, please use the subject line "Privacy Request" when contacting us.

3. Information We Collect

We collect the following categories of personal information:

Contact and identity information: Name, email address, phone number, mailing address, and any other information you voluntarily provide through our contact form, booking inquiries, or direct communications.

Payment information: Billing name, billing address, and payment method details necessary to process fees. Full payment card numbers are not stored on our servers and are processed exclusively by secure third-party payment processors.

Project and booking information: Details about your project, session preferences, creative briefs, event information, and other content you share when engaging our services.

Communications data: Records of all correspondence between you and the Company, including emails, messages, and feedback.

Technical and usage data: IP address, browser type and version, device type and operating system, pages visited, time and duration of visits, referring URLs, and other diagnostic data collected automatically when you access our website.

Visual content: Photographs and videos created in connection with our services, which may contain your likeness and personal attributes.

Marketing preferences: Your preferences regarding receiving promotional communications from us.

4. How We Collect Your Information

We collect personal information through the following means:

Directly from you: when you complete our contact form, submit a booking inquiry, communicate with us by email or phone, engage our services, or make a purchase
Automatically: when you visit our website, through cookies and similar tracking technologies (see our Cookie Policy for details)
From third parties: in limited circumstances, from third-party platforms such as social media networks where you contact us or engage with our content

5. Purposes and Legal Bases for Processing

We process your personal information for the following purposes. For users subject to the GDPR, we identify the applicable lawful basis for each purpose:

Responding to inquiries and communicating about services — Lawful basis: legitimate interests / pre-contractual steps
Confirming and administering bookings and project agreements — Lawful basis: performance of a contract
Processing payments and issuing invoices — Lawful basis: performance of a contract / legal obligation
Delivering completed Deliverables — Lawful basis: performance of a contract
Operating, maintaining, and improving our website — Lawful basis: legitimate interests
Complying with legal and regulatory obligations — Lawful basis: legal obligation
Displaying completed works in portfolio and marketing materials (where permitted) — Lawful basis: legitimate interests
Sending promotional communications — Lawful basis: consent (you may withdraw at any time)
Analytics and website performance monitoring — Lawful basis: legitimate interests / consent (where required)
Fraud prevention and security — Lawful basis: legitimate interests / legal obligation

6. Sharing of Your Information

We do not sell your personal information to any third party. We do not share your personal information except in the following limited and controlled circumstances:

Service providers and processors: Third-party vendors who assist us in operating our business, including payment processors, cloud storage and file delivery services, email service providers, and website hosting providers. All such providers are subject to contractual obligations to protect your information and use it solely for the purposes we specify.
Legal and regulatory authorities: Where required or permitted by law, court order, governmental request, or regulatory authority.
Business transfers: In connection with a merger, acquisition, restructuring, or sale of all or part of the Company's assets, with equivalent privacy protections maintained.
Portfolio and press: Display of Works in our portfolio or response to press or publication inquiries, where consistent with the license granted and applicable confidentiality arrangements.

With your consent: For any other purpose you have expressly authorized in advance.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to operate the site, analyze usage, and improve your experience. We use strictly necessary cookies that are essential to website function and, where required by applicable law, analytics and functional cookies only with your prior consent. For full details of the cookies we use, their purposes, duration, and your choices, please refer to our Cookie Policy at www.thedarkpoet.studio.

8. California Privacy Rights — CCPA and CPRA

If you are a California resident, the following rights apply to you under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023:

Right to Know: You may request disclosure of: (i) the specific pieces of personal information we hold about you; (ii) the categories of personal information collected; (iii) the categories of sources from which it was collected; (iv) the business or commercial purpose for collection; and (v) the categories of third parties with whom it has been shared.

Right to Delete: You may request deletion of personal information we have collected from you, subject to exceptions permitted by law (including information needed to complete a transaction, detect security incidents, or comply with legal obligations).

Right to Correct: You may request correction of inaccurate personal information we hold about you.

Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. Should this practice change, we will update this Policy and provide a clear opt-out mechanism.

Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to purposes expressly permitted under the CPRA.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not be denied services, charged different prices, or provided a different quality of service as a result of exercising these rights.

To submit a California privacy rights request, contact us at legal@thedarkpoet.studio with the subject line "California Privacy Request." We will respond to verified requests within forty-five (45) days of receipt, with a possible forty-five (45) day extension upon notice. We may require verification of your identity before processing your request. Authorized agents may submit requests on your behalf, subject to verification of authorization.

9. Rights of European Union and United Kingdom Users — GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR respectively:

Right of access: to obtain a copy of your personal data and information about how it is processed
Right to rectification: to have inaccurate or incomplete data corrected
Right to erasure: to have your personal data deleted in certain circumstances
Right to restriction of processing: to limit how your data is used in certain circumstances
Right to data portability: to receive your data in a structured, machine-readable format
Right to object: to processing based on legitimate interests or for direct marketing purposes

Rights related to automated decision-making and profiling: to not be subject to solely automated decisions that produce significant effects

To exercise any of these rights, contact us at legal@thedarkpoet.studio. We will respond within one (1) calendar month of receipt of your request. You also have the right to lodge a complaint with your national data protection supervisory authority at any time.

10. International Data Transfers

The Dark Poet Studio is based in the United States of America. If you are located outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Union and United Kingdom: where personal data is transferred from the EEA or UK to the United States or other third countries, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on adequacy decisions where applicable, or other lawful transfer mechanisms recognized under the GDPR and UK GDPR.

11. Data Retention

We retain personal information for no longer than is necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, and regulatory obligations. Our standard retention periods are:

Client and booking records: minimum of seven (7) years from the date of the last transaction, to comply with applicable tax and business record-keeping requirements
Payment records and invoices: seven (7) years in accordance with applicable financial record-keeping laws
Marketing consent records: duration of the marketing relationship plus three (3) years
Website analytics data: maximum of twenty-six (26) months
Email and general correspondence: three (3) years from the date of last communication, unless part of an active client relationship

Portfolio works (photographs and videos): retained indefinitely for legitimate business purposes unless subject to a confidentiality request or deletion request that we are required to honor

Upon expiry of the applicable retention period, personal information is securely deleted or anonymized. Where data is required to be retained for legal proceedings or regulatory investigations, it will be kept for the duration of those proceedings.

12. Security

We implement commercially reasonable and appropriate technical, administrative, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, loss, or destruction. These measures include secure encrypted file transfer protocols, access controls limiting data access to authorized personnel, encrypted cloud storage, and regular security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we apply best efforts to protect your personal information, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by applicable law, including within seventy-two (72) hours of becoming aware of a breach where required under the GDPR.

13. Children's Privacy

Our website and services are not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under the age of thirteen (13) without verifiable parental consent. If we become aware that personal information has been collected from a child under thirteen (13) without required consent, we will take prompt steps to delete such information. Parents or guardians who believe we may have inadvertently collected information from a child under thirteen (13) should contact us immediately at legal@thedarkpoet.studio.

14. Third-Party Websites and Links

Our website may contain links to third-party websites, social media platforms, or other online services. This Privacy Policy does not apply to those third-party websites. We are not responsible for the privacy practices, security, or content of any third-party sites. We encourage you to review the privacy policies of any third-party site you visit. The inclusion of a link on our website does not imply our endorsement of the linked site.

15. Social Media and Portfolio Displays

The Company maintains social media profiles and displays portfolio work on third-party platforms. Information you share publicly on those platforms in connection with our content is governed by the respective platform's privacy policy. If you appear in portfolio content displayed on social media and wish to request removal, please contact us at legal@thedarkpoet.studio. Requests will be handled in accordance with the applicable license terms and our legitimate business interests.

16. Marketing Communications

From time to time, we may send promotional communications about our services, special offers, or news. We will only send marketing communications to you where we have your consent (where required by applicable law) or where we have a legitimate interest in doing so. You may opt out of receiving marketing communications at any time by: (a) clicking the "unsubscribe" link in any marketing email; (b) contacting us at legal@thedarkpoet.studio with the subject line "Unsubscribe"; or (c) updating your preferences through any preference center we make available. Opting out of marketing communications will not affect your receipt of transactional or service-related messages.

17. Automated Decision-Making and Profiling

We do not use automated decision-making processes, including profiling, in a manner that produces legal or similarly significant effects on you. If this changes in the future, we will update this Policy and, where required by applicable law, seek your consent and provide you with the right to request human review of any automated decision.

18. Your Rights — How to Exercise Them

To exercise any of your privacy rights described in this Policy — including rights under the CCPA/CPRA, GDPR, or any other applicable law — please contact us using the details below. We will:

Acknowledge receipt of your request within two (2) business days
Verify your identity where required before processing your request
Respond substantively within the timeframe required by applicable law
Provide our response free of charge, subject to applicable limits on repetitive or manifestly unfounded requests

We will not discriminate against you for exercising your privacy rights. If you are unsatisfied with our response, you have the right to escalate your complaint to the applicable regulatory authority in your jurisdiction.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or applicable law. When we make material changes to this Policy, we will update the Effective Date at the top of this document and, where appropriate, notify you directly by email or by a prominent notice on our website. We encourage you to review this Policy periodically. Your continued use of our website or services after the posting of changes constitutes your acceptance of the revised Policy.

20. Contact Us and Data Protection Inquiries

For all privacy-related inquiries, requests, complaints, or to exercise your rights under this Policy, please contact us: