Last Updated: 18/11/2025

Introduction

Welcome to FFAIR Ltd. This Privacy Policy explains how we collect, use and protect your personal data when you use our website, platform and related services. It applies to all users of ffair.io and any other FFAIR-operated services.
By using our services, you agree to the practices described in this Privacy Policy.

1. Data We Collect
We may collect the following types of personal data:

Personal Identification Information
Name, email address, phone number, company details and job title.

Account Information
Login credentials, account preferences and activity within the platform.

Payment Information
Billing details and transaction information.

FFAIR does not store or process full payment card numbers. All card data is handled exclusively by our payment provider, Stripe.

Technical Information
IP address, browser type, operating system, time zone, and usage data collected through cookies, log files, web beacons and similar technologies.

Device Information
Details about the device and browser you use, including referring and exit pages.

Order Information
Billing details, products or services ordered, and purchase history.

Communications
Any correspondence, support queries or feedback you send to us.

Client Information via Task List
Event organisers may collect information from exhibitors through task lists they configure within the platform. The organiser determines the type of information collected and the lawful basis for doing so.

FFAIR processes this data solely under the organiser’s instructions as a data processor.

2. How We Use Your Data

We use personal data to:

• Provide, operate and maintain our services

• Process orders and manage billing

• Improve, personalise and enhance the user experience

• Communicate updates, service information and support messages

• Detect, prevent and address security or fraud-related issues

• Comply with legal or regulatory obligations

3. Legal Basis for Processing

Under UK GDPR, we process personal data on one or more of the following grounds:

• Performance of a contract (e.g., providing platform access)

• Legitimate interests (e.g., improving our services or ensuring security)

• Compliance with legal obligations

• Your consent, where applicable

• Protection of vital interests

4. Data Sharing and Transfers

We may share your data with:

• Third-party service providers, such as hosting providers, support tools and payment processors

• Legal authorities, where required by law

• Business partners, in connection with joint offerings

• Event organisers and suppliers, when required to fulfil event-related services

Some third-party service providers act as sub-processors, meaning they process data on our behalf. All sub-processors are bound by written, GDPR-compliant agreements that include confidentiality, security and data protection obligations.

If data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including the UK Addendum to the EU Standard Contractual Clauses (SCCs) or the International Data Transfer Agreement (IDTA).

4A. Roles of Controller and Processor

For most event-related data, the event organiser is the Data Controller, and FFAIR acts as the Data Processor. This means organisers decide why and how personal data is processed, and FFAIR processes it only in line with their instructions.

4B. Data Residency

FFAIR stores and processes personal data within the UK and EU:

• Primary hosting: Amazon Web Services (AWS), eu-north-1 (Stockholm, Sweden) and Google Cloud Platform (GCP), europe-west2 (London, UK)

No data is stored or processed outside the UK or EU.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law.

Event and exhibitor data is retained for up to 24 months after the end of an organiser’s licence term, unless earlier deletion is requested.

6. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Correct inaccurate or incomplete data

• Request deletion of your data

• Restrict processing in certain circumstances

• Request data portability

• Object to processing based on legitimate interests or direct marketing

We may decline certain requests where permitted by UK GDPR Schedule 2, for example if disclosure would prejudice legal or regulatory obligations.

To exercise your rights, contact us at support@ffair.io.

7. Cookies and Tracking Technologies

Our website uses cookies, web beacons, log files, tags and pixels to analyse usage and improve performance.
You can manage cookie preferences through your browser settings.
For more details, please refer to our Cookie Policy.

8. Data Security

We use appropriate technical and organisational measures to protect personal data, including encryption, secure access controls and regular security assessments.

FFAIR is currently migrating remaining legacy components from Google Firebase to AWS. All environments operate to the same security and data protection standards, and no data residency changes will occur as part of this migration.

9. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. Significant changes will be communicated via email or a notice on our website.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

Email: support@ffair.io
Postal Address: Knoll House, Knoll Road, Camberley, Surrey, GU15 3SY
ICO Registration: ZB033445

If you have concerns that we cannot resolve, you may lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk.