Privacy

1. Who we are

We are Fayre Group Ltd (“Fayre”), a company registered in the BVI with registered number 2090731. Our registered office address is at Trinity Chambers, Road Town, Tortola, British Virgin Islands. You can contact us by email using info@fayre.com. Our website is at www.fayre.com.

2. About this Notice

This Notice explains how and why Fayre (also referred to as “we”, “our” and “us”) uses personal data about those individuals that either: · Invest in our token fundraising and otherwise deal in Physical NFTs and Assets (the “Services”); · communicate with us in relation to the Services and other related matters; · use our Website in relation to the above;(in each case, referred to as “you”).

You should read this Notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we make available to you, that might apply to our use of your personal data in specific circumstances outside the scope of this Notice, which primarily concerns our processing of your personal data in relation to your registration for the Services, email exchanges with us, or any other personal data otherwise collected in connection with the Services.

3. Key terms and our data protection responsibilities

In this Notice we refer to the following terms, which have the following meanings: · “Personal data” is any information that relates to an identifiable natural person. Your name, address, email address and contact details are all examples of your personal data. · The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission. · Fayre is a so-called "controller" of your personal data.This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is processed in accordance with applicable data protection laws.

4. What types of personal data do we collect and where do we get it from?

We collect your personal data from various sources. The table below sets out the different types of personal data that we collect and the sources we collect it from. Typically, you provide us with personal data directly when you communicate with us (including via the Website for example by submitting our online registration form, by emailing us) or to buy, sell, lease or assign a Physical NFT through our Services. We also obtain some personal data from other sources, and create some personal data ourselves, as set out in the table.

Some of the data we will ask you to provide is so that we can create an account for you. You also have the option to provide us with additional data in order to make your account more personalised.

Category - Contact Information

Type of personal data

  • Name
  • Address
  • Email address
  • User name
  • Wallet address
  • Your communication preferences

Collected from

  • You

Category - Background And Identity Check Information

Type of personal data

  • Contact Information (see above)
  • Date of birth
  • Passport and/or any other national identity document
  • Utility bill and/or other proof of address, such as bank statement or driving license
  • Nationality

Collected from

  • You
  • Third parties and systems used for our identity and anti-money laundering checks

Category - NFT transaction Information

Type of personal data

  • Contact Information (see above)
  • Amount transacted/confirmation and other details relating to Physical NFTs
  • Warranty information
  • Wallet information
  • Payment information
  • You/your organisation’s banking details

Collected from

  • You
  • Systems used for the Services
  • Third party providers

Category - Technical Information

Type of personal data

  • IP address and other online identifiers / cookies, when you access our Website or download our applications
  • Usernames and other log-in details
  • Details of your online browsing activities on our Website, such as the pages, products or areas of our Website that you visit
  • Your account settings including any default preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our Website that you visit
  • Cryptographic signatures/confirmations

Collected from

  • You
  • Device used to access the Website
  • Our Website

Category - Interaction information

Type of personal data

- Interactions you may have with smart contracts and others on public blockchains.

Collected from

  • You
  • Third parties

We do not seek to hold sensitive(special categories of) personal data, and will destroy it in a timely manner if received.Please be aware that we cannot communicate with you or administer the Services and your transactions without your personal data. Where we don’t need your personal data, we will make this clear, for instance we will explain if any forms you are required to complete are optional or contain sections that can be left blank.If any of the personal data you have given to us changes, such as your contact details, please inform us without delay by contacting us at info@fayre.com.

  1. What do we do with your personal data, and why? We process your personal data for particular purposes in connection with your transactions or engagement with us, and the management and administration of our business.

We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The table below sets out the purposes for which we process your personal data and the relevant lawful basis/bases on which we rely for that processing.

Please note that where our processing of your personal data is either:

(a) necessary for us to comply with a legal obligation; or (b) necessary for us to take steps, at your request, to potentially enter into a contract (including for transactions) with you, or to perform it, if you choose not to provide the relevant personal data to us, we may not be able to process your transactions or otherwise provide our Services to you.

Please note, where we have specified that we will use your personal data for our legitimate interests, we have provided you with information on what that legitimate interest is. We assess periodically, not more than every 24 months whether this interest is still applicable and whether your rights and freedoms override those interests. If you believe at any time that your rights and freedoms may be prejudicially impacted by such use, please notify us by email at infor@fayre.io, with reasons, and we will evaluate this. More information on legitimate interests is below under the heading “your rights”.

Purposes of processing - Contact Information

a) Responding to your communications with us Lawful basis To perform a contract with you. For our legitimate interests - It’s important that we can respond to your enquiries, complaints or other communications

b) Notifying you in relation to your Physical NFTs, or a proposed transaction Lawful basis For our legitimate interests - It’s important that we keep you informed of matters related to your Physical NFTs.

c) Sending you information as set out in the section “How do we communicate with you?”, below Lawful basis Your consent For our legitimate interests - It is important to keep you updated about our platform services such as NFT transactions, which can be changed by Fayre from time to time at its absolute discretion. and your transactions. d) Sending you marketing and promotional information Lawful basis For our legitimate interests - It’s important that we let you know of any updates to the Services and promotional offers which may be of interest, unless you have opted out.‍

Purposes of processing - Background and Identity Check Information

e) Performing anti-money laundering checks in relation to a Physical NFT or any transaction Lawful basis To comply with a legal obligation For our legitimate interests - We need to ensure compliance with anti-money laundering requirements.

f) Performing identity checks in relation to any transaction Lawful basis To comply with a legal obligation For our legitimate interests - We need to ensure that the identity of our customers is verified,

g) Assessing your suitability for transactions involving Physical NFTs Lawful basis For our legitimate interests - We need to ensure the above checks have not resulted in potential issues in relation to your transactions.

Purposes of processing - Technical Information

h) Ensure the operation and performance of the Website. Lawful basis For our legitimate interests - We need to ensure the Website functions correctly, provide you with support and correct error. i) To improve the functionality of the Website Lawful basis To perform a contract with you For our legitimate interests - It is in our interest to keep the Website up to date and improve its functionality for the benefit of users.

j) To enable you to register for the Services, create accounts [and log-in to them via the Website/app] Lawful basis To perform a contract with you For our legitimate interests - It is in our interests to grant you access to a private log-in where you can access information relevant to you and your Physical NFTs.

Purposes of processing - Transaction and asset Information

k) Providing you with the Services Lawful basis To perform a contract with you l) Taking payment from, or making payment to, you in respect of your use of the Services and any sales, purchases and leases of Physical NFTs acquired/disposed of through the Services Lawful basis To perform a contract with you m) Sharing relevant information in relation to your Physical NFTs and transactions Lawful basis To perform a contract with you For our legitimate interests - It is important that we keep you updated as to the growth of value of your Physical NFTs and connected Assets n) Sharing relevant information with third parties (certifiers or another party to a transaction) Lawful basis To perform a contract with you

Purposes of processing - Interaction information

o) Sharing relevant information with third parties (certifiers or another party to a transaction) Lawful basis To perform a contract with you

Purposes of processing - All categories

p) Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity and keep the Website and our systems protected against viruses and other malware Lawful basis To comply with a legal obligation For our legitimate interests - It is important that we keep the Website and our systems safe to protect your information and Physical NFTs q) Complying with instructions from law enforcement agencies, any court or otherwise as required by law Lawful basis To comply with a legal obligation

r) For our general record-keeping and customer relationship management Lawful basis To perform a contract with you For our legitimate interests - We need to store customer related information so we can refer back to it.

s) Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation Lawful basis To comply with a legal obligation For our legitimate interests - We have a legitimate interest in being able to sell any part of our business.

We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand the input spread of our customers.

Marketing

We will only use your data for marketing and promotional purposes of you have opted in. Where you have opted in, you have the right to opt out at any time.

6. Who do we share your personal data with, and why?

Sometimes we need to disclose your personal data to other people. This may be to internal third parties, such as our contractors or officers, or external third parties such as specialist IT support, marketing services or others.

External third parties From time to time we may ask third parties to carry out certain business functions for us. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include service providers and/or sub-contractors, which include IT systems software and maintenance, back up, and server hosting providers.

We have set out below a list of the categories of recipients with whom we are likely to share your personal data: (a) IT support – we use a third party development company to assist us with the build, they are based in Poland; (b) cloud platform and data hosting providers based in the UK; (c) communication providers based in Latvia, U.S.A.; (d) anti-money laundering and background checking vendors and other compliance providers (based in Hong Kong); (e) payment processors in relation to your transactions with us based in the EU, UK, US; (f) other parties involved in your transactions; (g) consultants and professional advisors including legal advisors and accountants; (h) courts, court-appointed persons/entities, receivers and liquidators; (i) governmental departments and statutory and/or regulatory bodies in the EEA and UK; and (j) analytics providers [based in the US].

In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right, where: (a) we buy, sell or transfer our business (or part of it) in connection with a share or asset sale or outsourcing, we may disclose or transfer your personal data to the prospective seller, buyer or transferor and their advisors; and (b) we need to disclose your personal data in order to comply with a legal obligation, to enforce a contractor to protect the rights, property or safety of our employees, customers, investors or others.

7. Where in the world is your personal data transferred to?

As you can see from the list in paragraph 6 above, we may transfer your personal data to external recipients that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions outside of the UK and EEA may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction. We will always seek to ensure that adequate protections are put in place when transferring your personal data from within to outside the UK/EuropeanEconomic Area. For more information regarding the transfers undertaken by us and the protections put in place, please contact us using the details set out at the end of this Notice.

8. How do we keep your personal data secure?

We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage. For example all information submitted to us via forms on the Website are stored in a secureGoogle drive with 2 factor authentication.

9. How long do we keep your personal data for?

We will only retain your personal data for a limited period of time (for example, for so long as you have assets passported through us, or the benefit of any warranty, or otherwise are registered to use the Services with us plus a period of time following, based on the factors below), and for no longer than is necessary for the purposes for which we are processing your personal data. This will depend on a number of factors, including: (a) any laws or regulations that we are required to follow; (b) whether we are in a legal or other type of dispute with each other or any third party; (c) the type of information that we hold about you; and d) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason. For example:

  1. Registering for a Physical NFT, managing our relationship with you – your account details will be kept in our database unless deleted by you (or you request us to delete your details). We will also delete your account approximately five years after the account was last active.
  2. Marketing – we will be sending our newsletter to you. You will be able to unsubscribe from it anytime you wish.
  3. To keep records of transactions and processing activities – we will retain all financial information for the legal retention period for tax, audit and associated reports/accounting
  4. To operate the website, provide support etc – we will maintain this information while we continue to operate the Website and provide Services and for a period of up to 6 years afterwards
  5. To use data analytics and map data flows to improve the Website, Services, etc – this will be in accordance with our cookies policy. At the end of each retention period we will delete the applicable personal data (for example deleting your details from the Website database).However, if such data is also necessary to fulfil other purposes, we will keep your personal data in relation to such other purposes. We rely on the legal retention period, at the end of the legal retention period personal data held in databases will be deleted, paper documents containing personal data will be securely shredded and personal data stored in other electronic documents will be deleted.

10. How do we communicate with you?

We will use your personal data to communicate with you: · to administer our relationship with you; · to respond to any questions or complaints that you may have; and · to invite you to take part in market research or request feedback on our products and Services.

From time to time and with your consent (where required), we will provide you with information about sales, Services, promotions and/or offers which may be of interest to you. Please note that you may opt-out of receiving marketing materials by unsubscribing at any time.

11. What are your privacy rights and how can you exercise them?

Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.

Where our processing of your personal data is based on the legitimate interests (please see the tables above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.

Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.You have the right to (subject to applicable laws and certain limitations): (a) access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored; (b) require us to correct any inaccuracies in your personal data without undue delay; (c) require us to erase your personal data; (d require us to restrict processing of your personal data; (e) receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and (f) object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).

If you wish to exercise any of these rights please contact info@fayre.com in the first instance.You may also have the right to lodge a complaint with the relevant data protection regulator (for example the Information Commissioner’s Office in the UK).

12. Updates to this Notice

We may update this Notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will update you on material changes to this Notice. We also encourage you to check this Notice on a regular basis – updated copies can be found at: info@fayre.com.

13. Where can you find out more?

If you want more information about any of the subjects covered in this Notice or if you would like to discuss any issues or concerns with us, you can contact info@fayre.com.