FFAIR User Policy

This User Policy explains how the FFAIR platform may be used and sets out the responsibilities and expectations for all users, including event organisers, exhibitors, suppliers and any authorised users acting on their behalf.

By accessing or using the FFAIR platform, you agree to comply with this User Policy.

About FFAIR

FFAIR provides a software platform designed to help event organisers manage exhibitor administration and, where enabled, to facilitate the ordering of goods and services through a centralised marketplace. The marketplace may include goods and services supplied by third party suppliers selected or approved by the organiser, as well as goods and services supplied directly by the organiser to exhibitors.

FFAIR is a technology provider. Unless expressly stated otherwise in a written agreement, FFAIR does not act as the seller of goods or services offered through the platform.

User accounts and access

Access to the FFAIR platform is provided by invitation or other authorised methods approved by FFAIR. Users may include organisers, exhibitors, suppliers and their respective team members, contractors or representatives.

Each user is responsible for ensuring that all information associated with their account is accurate and kept up to date. Users must not share login credentials and must ensure that access is limited to authorised individuals only. Where multi-factor authentication (MFA) is enabled or required, all users must comply with that requirement.

Account administrators are responsible for promptly removing access for individuals who no longer require it — for example when an employee, contractor or representative leaves or changes role.

Acceptable use

All users must use the FFAIR platform lawfully and in accordance with this User Policy. Users must not:

• use the platform for any unlawful, fraudulent or deceptive purpose

• upload false, misleading or inaccurate information

• infringe the intellectual property or confidentiality rights of any person

• interfere with or disrupt the operation of the platform or its underlying infrastructure

• attempt to gain unauthorised access to accounts, systems or data

• introduce viruses, malware, trojans, logic bombs or other malicious or harmful code

• share, sell or transfer account credentials or access to any third party

• use the platform to send spam or unsolicited communications

• engage in any conduct constituting bribery, corruption or a breach of applicable anti-money laundering laws

FFAIR reserves the right to suspend or restrict access where misuse is identified or suspected.

Security obligations

All users are responsible for maintaining the security of their account and the data they access through the platform. Users must:

• keep login credentials confidential and not share them with others

• use a strong, unique password for their FFAIR account

• comply with any multi-factor authentication requirements

• log out of the platform when using shared or public devices

• ensure their devices are protected with up-to-date security software

• avoid accessing the platform from untrusted or unsecured networks where possible

Reporting security incidents

If you become aware of or suspect any security incident, data breach, unauthorised access or unusual activity affecting your account or the platform, you must report it to FFAIR immediately by emailing support@ffair.io. Do not attempt to investigate or remediate a suspected incident yourself — notify us promptly.

FFAIR will acknowledge your report and respond in accordance with our Incident Management Policy. Where a breach involves personal data, FFAIR will take appropriate steps to contain the incident and notify the ICO and affected individuals as required under UK GDPR.

Organiser responsibilities

Organisers are responsible for managing exhibitor and supplier access, configuring tasks and deadlines accurately, ensuring information presented to exhibitors and suppliers is clear and current, and complying with all applicable laws and regulations relating to their events.

Organisers are responsible for determining which third party suppliers are made available through the platform and for any commercial arrangements agreed with those suppliers.

Where organisers collect personal data from exhibitors or other users through the platform — for example through task lists or forms they configure — the organiser acts as the data controller and is responsible for ensuring that collection and processing is lawful. Organisers must have a valid lawful basis under UK GDPR for each category of personal data collected. A Data Processing Agreement (DPA) with FFAIR is required before any such data is collected. Please contact dpo@ffair.io to request a DPA.

Exhibitor responsibilities

Exhibitors are responsible for providing accurate and complete information, completing required tasks by published deadlines, ensuring submitted materials comply with event and venue requirements, and reviewing orders, invoices and confirmations for accuracy. Exhibitors must ensure they have authority to submit information and place orders on behalf of their organisation.

Supplier responsibilities

Suppliers are responsible for the accuracy of product and service descriptions, pricing, availability and lead times; the correct classification of goods and services offered; fulfilling orders in accordance with agreed terms and event requirements; complying with all applicable legal, regulatory and tax obligations; and providing accurate information required for invoicing, payments and tax reporting.

Suppliers remain the seller of record for the goods or services they provide and are responsible for their contractual relationship with the customer.

Marketplace, orders and payments

Where marketplace functionality is enabled, FFAIR facilitates the ordering of goods and services by exhibitors or organisers from third party suppliers selected or approved by the organiser, and from organisers acting as suppliers.

FFAIR may process payments, generate invoices and distribute funds on behalf of suppliers using integrated payment providers. Payment flows may include automatic splitting of funds between suppliers, organisers and FFAIR. FFAIR is not responsible for the performance, quality, delivery or suitability of goods or services supplied by third parties or by organisers acting as suppliers.

VAT, sales tax and tax responsibility

Third-party suppliers and organisers offering goods or services are the seller of record for their respective goods or services. FFAIR acts as a technology provider and sales agent only and does not supply the underlying goods or services.

The seller of record is solely responsible for determining whether VAT, sales tax or any other indirect tax applies, for applying the correct tax treatment and rate, and for complying with all related registration, invoicing, reporting and remittance obligations.

FFAIR may generate invoices and collect payments on behalf of the seller of record, including through integrated payment providers. FFAIR does not provide tax advice and does not accept responsibility for the accuracy of any automated tax calculations. Where automated tax tools or third-party tax services are used, these rely on information supplied by the seller of record.

Exhibitors remain responsible for reviewing invoices and for their own tax compliance obligations.

Data and content

All users are responsible for the content they upload to the platform. Users must ensure they have the necessary rights and permissions to upload any materials, including personal data, documents, images or designs. FFAIR reserves the right to remove content that breaches this User Policy or applicable law.

Data protection

FFAIR processes personal data in accordance with UK GDPR, the Data Protection Act 2018, and as set out in our Privacy Policy. Organisers, exhibitors and suppliers must ensure that any personal data submitted through the platform is collected, shared and processed lawfully. Organisers who act as data controllers for event-related personal data must ensure a Data Processing Agreement is in place with FFAIR before collecting personal data through the platform.

Platform availability

FFAIR aims to provide a reliable service but does not guarantee uninterrupted availability. Maintenance, updates or technical issues may result in temporary interruptions. FFAIR is not responsible for any losses arising from platform downtime.

Suspension and termination

FFAIR may suspend or restrict access to the platform where this User Policy is breached, where unlawful activity is suspected, or where required to comply with legal obligations. Suspension or termination of access does not affect obligations that have already arisen.

Following termination or the end of an organiser's licence term, FFAIR will retain event and user data for up to 24 months, after which it will be securely deleted unless an earlier deletion is requested or a longer period is required by law. Users may request deletion of their personal data at any time by contacting dpo@ffair.io, subject to any overriding legal retention obligation.

Changes to this User Policy

FFAIR may update this User Policy from time to time. Where changes are material, reasonable notice will be provided. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Contact

If you have any questions about this User Policy, please contact us at support@ffair.io or write to us at: FFAIR Limited, Knoll House, Knoll Road, Camberley, Surrey, GU15 3SY. For data protection queries, please contact dpo@ffair.io.