Privacy Policy

INTRODUCTION FXHASH FOUNDATION and its affiliates (hereinafter referred to as "fxhash", the "Company", "we", "us" or "our") are committed to protecting and respecting your privacy (hereinafter referred to as "Users", "you" or "your"). This privacy policy (hereinafter referred to as "Privacy Policy"), together with our legal notice, disclaimers, documentation, and general terms and conditions, explain how fxhash operates and how it may - from time to time only - use your personal information (hereinafter referred to as "Personal Information" or "Personal Data") when Users access the website: https://www.fxhash.xyz/ (hereinafter referred to as the "Site"). For more information about the Company, the User is invited to consult the legal notice. fxhash has developed a platform (hereafter referred to as the “Application” or the "Marketplace") that brings together professional and non-professional collectors who have reached the legal age of majority in their country of residence (the "Collector") and creators, professional or not, who have reached the legal age of legal age in their country of residence (the "Artist") in order to allow the latter to:

• convert their original creations into Non-Fungible Tokens ("NFT") and store the NFT metadata on an Interplanetary File System (IPFS),

• offer their NFTs to Collectors and enter into contracts with them to sell these NFTs for digital assets ("Primary Marketplace"). The Marketplace also allows Collectors to resell NFTs acquired from Artists to each other from Artists ("Secondary Market"). In addition, the Marketplace allows Artists to sell and ship to Collectors tangible goods (the "Products") that may be ordered by Collectors when redeeming the NFT on the Marketplace. In this context, this Privacy Policy describes why and how we may collect and use Personal Information and provides information about individuals’ rights in relation to Personal Information.

1. PURPOSE OF PRIVACY POLICY 1 The purpose of this Privacy Policy is to set out in an accountable and transparent way the collection and use of information by fxhash. In order to comply with General Data Protection Regulation (GDPR) and applicable regulations, fxhash may gather personal information from Collectors and Artists to facilitate the delivery of the Products from Artists to Collectors (if applicable) when purchasing an NFT on the Platform. fxhash may also gather personal information from Collectors and Artists for the purpose of verifying that they have reached the legal age of majority in their country of residence.

2. ELIGIBILITY fxhash does not allow persons under the age of 18 to use the fxhash Services and does not knowingly collect personal data from children under the age of 18.

3. PERSONAL INFORMATION COLLECTION - PURPOSE - LEGAL BASIS Personal information is information which identifies you personally or by which your identity can reasonably be ascertained. The Personal Information which may be processed is listed below. What personal data does fxhash collect and process? Why does fxhash process my personal data? Legal basis for our use of personal data

• First and last name,

• email address,

• telephone number,

• nationality,

• personal address,

• content, within any messages you send to us via our contact address: team@fxhash.xyz (such as feedback, questions, job applications, etc.). Transaction Services. We use your personal information to process your orders and to communicate with you about orders and services, in connection with the above-mentioned Products. Communicating with you. We use your personal information to communicate with you regarding fxhash Services. Fulfilment of a contract when we provide products or services to you, or communicate with you about them. This includes where we use your personal data to take and process orders, and to process payments. Legal obligation to comply with our legal obligations under applicable laws and regulations. Your consent where we ask for your consent to process your Personal Data for a specific purpose that we communicate to you. Where you consent to fxhash processing your Personal Data for a specific purpose, you may withdraw your consent at any time, and we will stop processing your Personal Data for that purpose. Withdrawal of consent does not affect the lawfulness of the processing based on the consent prior to its withdrawal.

• the Internet Protocol (IP) address used to connect your computer to the Internet, To provide, troubleshoot and improve the fxhash Services. We use your personal data to Legitimate interest and the interests of our Users when, for example, we detect and prevent 2

• audience and technical measurements of the fxhash Services (e.g., occurrences of technical errors, your interactions with the features and content of the Services, and your preferences for settings),

• version and time zone settings. provide functionality, analyze performance, correct errors, and improve the usability and efficiency of the fxhash Services. fraud and abuse to protect the safety of our Users, ourselves or others. Fulfilment of a contract when we provide products or services to you, or communicate with you about them. This includes where we use your personal data to take and process orders, and to process payments. Important notice: Blockchains provide transparency into transactions, and fxhash is not responsible for preventing or managing information broadcasted on a blockchain.

1. PROTECTION AND USE OF PERSONAL INFORMATION fxhash is committed to protecting your privacy. Internally, only a specified number of employees within our business have access to your Personal Information. fxhash’s systems and data are constantly under review to ensure that you are getting the best access and that market borrowing and lending security features are in place. fxhash reserves the right to retain and share certain Personal Information in order to meet our regulatory and statutory requirements. In addition, fxhash reserves the right to retain and share certain Personal Information with our corporate partners, and third parties acting on behalf of fxhash. Personal Information and other related data may be exported outside of the jurisdiction in which you reside. Your Personal Information may be processed and stored in a foreign country or countries. Under those circumstances, the governments, courts, law enforcement or regulatory agencies of that country or those countries may be able to obtain access to your Personal Information through foreign laws. You need to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which you reside.

2. ACCESS AND CHANGING OF PERSONAL INFORMATION You have the right to access the Personal Information we hold about you, and to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us. We will aim respond to your request within 14 days. You may also request the deletion or destruction of your Personal Information, your account details, etc. fxhash will act on your request only when it is not inconsistent with its legal and regulatory obligations and compliance procedures. Upon your written request, we will inform you of the use and general disclosure of your Personal Information. Important notice: The exercise of these rights is nevertheless limited, with regard to Personal Information that may be necessary for the operation of a blockchain. Indeed, this Data required for the operation of blockchains cannot be modified or erased during the lifetime of the blockchain in question. In addition, the retention / storage of said Data in said blockchains is not the responsibility of fxhash, which does not manage nor control said blockchains and therefore has no power to determine or control the processing of Personal Information which may be implemented in connection with said blockchains, nor to pass on the exercise by Users of their rights to said blockchains. 3

3. RIGHTS You benefit, under the terms and conditions and within the limits defined by the legal and regulatory provisions on the protection of Personal Information, the following rights with regard to your Data: ● Right of access: you can obtain confirmation whether or not Personal Information concerning you is processed by the Company and, when they are, access to said Personal Information, as well as certain information relating to the processing of your Personal Information and the characteristics of such processing; ● Right of rectification: you can request the correction of your Personal Information that you consider incomplete or inaccurate; ● Right to erasure: you can, in certain cases, request the erasure of your Personal Information (except for example if they are necessary for the execution of your contractual relations with the Company where applicable, or if they are necessary for the Company to comply with its legal or regulatory obligations or to ascertain or exercise its rights); ● Right to limitation of processing: you can request limitation of processing of your Personal Information, allowing you to request in certain cases the marking of your Personal Information in order to limit future processing; ● Right to the portability of your Personal Information: you have the right in certain cases and under certain conditions to request to receive the Personal Information concerning you that you have provided to us or, when technically possible, to they are transferred to a third party, in a machine-readable form (it being specified that this right to data portability only applies to processing based on the consent of the Persons concerned or on the execution of contractual relations, and this provided that the Data processing is carried out using automated processes); ● Right to withdraw your consent: you can withdraw your consent if the processing is carried out on the basis of your consent, without the withdrawal of such consent prejudicing the lawfulness of the processing based on the consent made before the withdrawal of it; ● Right to define guidelines for the retention, erasure or communication of your Personal Information after your death: in this regard, in the event of death which would be brought to our attention, please be aware that your Personal Information will in principle be deleted (unless it is necessary to keep it for a specified period for reasons relating to our legal and regulatory obligations), after having been communicated to a third party possibly designated by you. Regarding the processing of your Personal Information implemented by the Company, these rights are exercised: (i) by email to the following email address: [privacy@fxhash.xyz] or, (ii) by post to the address next: 13 Place du couvant, 43150 Le Monastier-sur-Gazeille, In any event, in the event of reasonable doubt as to the identity of the person submitting such a request to exercise their rights, the Company may always request that it be provided with additional information necessary to confirm the identity of the Person concerned and request for this purpose, when the situation so requires, a photocopy of an identity document bearing the signature of the holder.

4. COOKIES (i) THE COMPANY’S COOKIES POLICY? With regard to cookies, the Company does not wish to implement any kind of cookies. 4 Cookies and other tracers or similar technologies will not be installed and / or read in your browser or terminal during your visit to the site. (ii) WHAT IS A COOKIE? A cookie is a small file for storing and retrieving information, generally made up of alphanumeric characters (cf. letters and numbers), deposited by a web server on the computer or electronic terminal of the User of the site to send state information to said browser and likewise obtain such information back from the browser. The status information can be, for example, a session identifier, a language, an expiration date, a response domain, etc. Cookies usually make it possible to obtain certain information on the browsing habits of the User, his computer or his terminal, in particular in order to improve the content and the service offered by the site in question, to know the traffic of said site and to provide Internet Users with personalised services. The notion of cookies covers all types of tracers or other similar technologies, for example: ● HTTP Cookies; ● but also the use of other techniques: o “local shared objects” sometimes called “Flash Cookies”; o “local storage” implemented within HTML 5; o identifications by calculating the fingerprint of the terminal (“device fingerprinting”); o identifiers generated by operating systems (whether advertising or not: IDFA, IDFV, Android ID, etc.); o hardware identifiers (MAC address, serial number or any other identifier of a device); o etc. In any case, cookies can be: ● session cookies, which disappear as soon as the User leaves the browser or the Site; ● where permanent cookies that remain until the expiration of their lifespan or validity, or until the User deletes them by means of the functionalities of his browser for example or through the cookie management module set available on our Site. (iii) WHAT ARE THE MAIN “FAMILIES” OF COOKIES? "Functional" cookies not subject to User consent Functional Cookies, ie those whose sole purpose is to allow or facilitate electronic communication on, from or to a site or which are strictly necessary for the provision of a communication online at the express request of the User of a site, are exempt from the need for the publisher of a site to request the User's consent for their installation. The Company may thus use such functioning cookies, in particular technical cookies essential for navigation on the Site and cookies strictly necessary for the provision of certain services explicitly requested by the User, without requesting prior consent from you. If the User deactivates these “operating” cookies for example by means of the functionalities offered by his browser, he may not be able to access the Site, and / or not correctly receive the content and information available on the Site and / or not being able to benefit from all the features of the Site. Other cookies, subject in principle to the consent of the User The use of other cookies as referred to below is subject in principle to the prior consent of the User, the latter being free to either accept them by expressly consenting to their installation and reading in his 5 browser (it being specified that the latter will then have the possibility to withdraw his consent at any time), or to refuse them.

5. SECURITY We take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure, including implementing appropriate security measures. The security measures in place will, from time to time, be reviewed in line with legal and technical developments. However, we give no guarantee that such misuse, loss, unauthorised access, modification or disclosure will not occur. There are protective measures that you should take, which as well include but are not limited to changing passwords regularly and not sharing your Personal Information with others unless you clearly understand the purpose of their request and you know with whom you are dealing.

6. RETENTION OF PERSONAL INFORMATION We will hold your Personal Information only for as long as we must do so, having regard to the purposes described in this Privacy Policy and our own legal and regulatory requirements. In general, Personal Information relating to you shall be deleted after a period of five (5) years after your account is closed. Similarly, we usually retain information about transactions on your account for a period of five (5) years from the date of the transaction.

7. LINKS There may be links from our Site to other sites and resources provided by third parties. This Privacy Policy applies only to our Site. Accessing those third-party sites or sources requires you to leave our Site. We do not control those third party sites or any of the content contained therein and you agree that we are in no circumstances responsible or liable for any of those third party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

8. CHANGES Our policies, content, information, promotions, disclosures, disclaimers and features may be revised, modified, updated, and/or supplemented at any time and without prior notice at the sole and absolute discretion of the Company. If we change this Privacy Policy, we will take steps to notify all Users by a notice on our Site and will post the amended Privacy Policy on the Site.

9. COMPLAINTS TO THE SUPERVISORY AUTHORITY If you consider that we have not responded adequately to your request or your questions, you are entitled to lodge a complaint with the competent authority in matters of Personal Information protection, the National Commission for Informatics and Liberties (CNIL), at the following Internet address:

• https://www.cnil.fr/fr/plaintes ;

• or to the following postal address: CNIL - 3 PLACE DE FONTENOY - TSA 80715 - 75334 PARIS CEDEX 07.

1. CONSULTATION OF APPLICABLE TEXTS 6 The text of the General Data Protection Regulation (GDPR) is freely accessible at the following Internet address: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX:32016R0679; or on the CNIL website at the following internet address: https://www.cnil.fr/fr/reglement-europeen-protection-donnees as well as all applicable texts on the protection of Personal Information and protection of rights and freedoms on the Internet (https://www.cnil.fr ). To understand your rights, you can also refer to the explanations provided by the Cnil here: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles. We point out that in application of articles L.223-1 et seq. Of the Consumer Code, you can, if you are a consumer, object at any time to being canvassed by telephone by registering for free on the site www.bloctel.gouv.fr.

2. CONTACT US If you have any questions, comments, or concerns regarding our Privacy Policy, please contact us at privacy@fxhash.xyz FXHASH FOUNDATION is a French société par actions simplifiée having its registered office at 13 Place du couvant, 43150 Le Monastier-sur-Gazeille, registered with the Lepuy-en-velay Trade and Companies Register under number 908 947 617, and represented by Mr. Baptiste Crespy, acting as Chief Executive Officer (Président), fxhash contact email address: team@fxhash.xyz