HARMONYBIT PRIVACY POLICY

Harmonybit Limited(“Harmonybit”, “we”, “us” or “our”) is acompany registered in the Republic of Cyprus with
company numberHE 3920773 and a registered address at Prodromou, 75, 4th Floor2063, Nicosia, the Republic of
Cyprus.

We are a data controller and are responsible for the collection, use,disclosure, retention and
protection
of your “personal data” (whichhas the meaning as set out in the General Data ProtectionRegulation (the “Data
Protection Laws”)).

When you use Harmonybit’s “Pixel Cat” app, “Facetory: Face Yoga & Skin Care” app, “My Water” app or other apps (each being,
our
“Platform”), we will collect, store andprocess certain personal data. This privacy policy (“PrivacyPolicy”) sets
out the basis on which the personal data collectedfrom you, or that you provide to us, will be processed by us.
Pleaseread the following carefully to understand how we will use yourpersonal data. For Data Protection Laws in
the Republic of Cyprus,we are the controller of your personal data.

1. WHAT PERSONAL DATA DO WE COLLECT AND PROCESS?

   When you visit our Platform, you may provide us with the following types of personal data, and we may
   collect and process such personal data in accordance with his Privacy Policy, as follows:

   1. Contact Data: This may include your name and your email address. This information
      will be collected by us if you communicate with us, for example if you use the links on our Platform
      to communicate with us via email.
   2. Physical Data: This may include your gender identity, weight, age, sleep time.
   3. Correspondence Data: This includes the information you provide when you request
      support through our Platform, contact us via the email address provided in this Privacy Policy and
      elsewhere on our website and your views, opinions and feedback which you choose to provide in relation
      to the Platform and our services, including any comment facilities and message boards.
   4. Session Data: This includes your IP address, your device’s unique identifier details,
      browser details including version, device operating system, geo-location, time zone setting and
      time/date of access requests, the amount of data transmitted and the requesting provider. We may also
      capture other information about visits to our Platform such as pages viewed and traffic patterns.

   5. Cookie Data: Cookies are small files which are downloaded to your device when
      accessing our platform. Most web browsers automatically accept cookies. Please refer to paragraph 4
      below for further details about our use of cookies.
   6. Preference data: are small files which are downloaded to your device when accessing
      our platform. Most web browsers automatically accept cookies. Please refer to paragraph 4 below for
      further details about our use of cookies.
   7. Preference data: This includes any information you choose to provide us.
   8. Payment data: When you purchase a subscription or any in-app content, you provide our
      payment processor with your payment information. We do not store such information on our servers.
2. INFORMATION WE USE BUT NOT COLLECT

   For use of “Facetory: Face Yoga & Skin Care” app you may provide us and upload to “Facetory: Face Yoga & Skin Care” app your face images (photo). In order to make possible for you to use certain functions of “Facetory: Face Yoga & Skin Care” app, we will process (provided by you) human face images (photo) that will provide us information about such human faces’ position, orientation and their topology on your image.
   Images (photo), that you provide us in or through “Facetory: Face Yoga & Skin Care” app, and/or other information related to human faces obtained from your images (photo), are the “Face Data”. The Face Data shall be considered the Personal Data.

   Notwithstanding anything to the contrary in other Sections of this Privacy Policy in relation to the Personal Data, we do not:
   
   • collect, store, share or transfer the Face Data off the User devices;
   
   • use the Face Data to identify any particular individual user;
   
   • use the Face Data for authentication, advertising, or marketing purposes, or to otherwise target a user in a similar manner;
   
   • use the Face Data to build a user profile, or otherwise attempt, facilitate, or encourage third parties to identify anonymous users or reconstruct user profiles based on the Face Data;
   
   • transfer, share, sell, or otherwise provide the Face Data to advertising platforms, analytics providers, data brokers, information resellers or other such parties.

You hereby express your informed written consent on processing of your Face Data as described in this Section 2 of the Privacy Policy.

3. HOW DO WE USE YOUR PERSONAL DATA?

   We use your personal data in the following ways:

   1. We use your Contact Data to:
      1. respond to communications that you send to us. The legal basis for such processing is your and our
         legitimate interests; and
      2. market products and services to you only where you have requested that we do so, or otherwise
         provided your explicit consent (either via our website, by emailing us or by accepting push
         notifications on your device). The legal basis for such processing is that you have consented to
         us doing so; and
      3. for customer relationship management (“CRM”) purposes;
      4. additionally, we may request access to your device’s contacts for the purposes of enabling
         social functionality, such as giving you the option to follow your contacts on the Platform.
   2. We use your Physical Data to:
      1. analyze the audience;
      2. configure water rate per day;

      The legal basis for such processing is for the performance of the contract between you and us.

   3. We use your Correspondence Data to help address issues you raise with us and to improve the Platform
      and our services. The legal basis for such processing is your and our legitimate interests.
   4. We use your Session Data to administer, maintain and improve the Platform and our services, including
      identifying you or your device across our Platform and apps. Additionally, Session Data is used to
      identify and respond to potential risks to the security of our Platform (for example spammers,
      phishing attempts, screen scraping and other actions which may violate our Terms of Use found here). The legal basis for such
      processing is our legitimate interest.
   5. We use your Preference Data to infer your interests, including serving and suggesting content that you
      might like, and tailoring advertising to you based on such preferences.
4. PERSONAL DATA RETENTION
   1. By using our Platform, you consent for us to store your personal data in line with legal, regulatory,
      financial and good-practice requirements.
   2. The period for which we may retain your personal data will depend on the type of personal data
      collected, the purposes for which it was collected, applicable limitation periods for the exercise of
      legal rights and whether any legal or regulatory obligations require the retention of the personal data.
5. COOKIES AND TRACKERS
   We use cookies and other software development kits (“SDKs”) and third-party libraries. Our Platform uses
   the following categories of cookies: 
   1. Strictly necessary cookies: These are cookies that are required for the operation
      of our Platform. They include, for example, cookies that enable you to load webpages.
   2. Analytical/performance cookies: These cookies allow us to recognise and count the
      number of visitors to our Platform and to see how visitors move around our Platform. This helps us to
      improve the way our Platform works, for example, by ensuring that visitors are finding what they are
      looking for easily.
   3. Functionality cookies. These are used to recognise you when you return to our
      Platform. This enables us to personalise our content for you, greet you by name and remember your
      preferences (for example, your choice of language or region).
   4. Tracking ID. Every iOS and Google Android device has a unique Tracking ID, for iOS
      devices, called an Identifier for Advertising (IDFA) and for Android devices, called a Google
      Advertising ID (AAID). These Tracking IDs enable app providers and advertisers to track user activity
      and target ads at those users.
   5. Please note that third parties (including, for example, advertising networks and providers of external
      services like web traffic analysis services) may also use cookies, over which we have no control.
   6. You may block cookies by updating the relevant settings on your device or browser to allow you to refuse
      the setting of some or all types of cookies. However, if you use your browser settings to block all
      cookies (including strictly necessary cookies) you may not be able to access all or parts of our site.
6. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

   We may need to share your personal data with selected third parties in the following circumstances:

   1. Group companies: We are an international organisation, with businesses both inside
      and outside of the European Union (“EU”). When you create User Content you will be asked if you’d like
      to share such User Content with other users of our Platform who could be based both inside and outside
      of the EU.
   2. Third party service providers: This may include providers of certain systems and
      services that we use to host, administer and maintain our Platform, including for example the servers
      used to host our Platform.
   3. Third party service providers for marketing purposes: If you explicitly consent to
      any marketing from us, certain personal data may be shared with third party service providers we use
      to help us carry out marketing including, for example, third party marketing automation platforms.
   4. To comply with legal or regulatory requests: If we are under a duty to disclose or
      share your personal data to comply with any legal or regulatory obligation, we may share your personal
      data with a regulator or law enforcement agency.
   5. Prospective buyers or sellers: If Harmonybit Limited, or its owners, buys or sells
      any business or assets, we may disclose your personal data to the prospective buyer or seller of such
      business or assets. If Harmonybit Limited (or substantially all of its assets) is acquired by a third
      party, your personal data held by Harmonybit Limited, or within such assets, may be transferred to
      such third party.
7. WHERE IS YOUR INFORMATION STORED?
   1. We will store your data in Europe where possible. We will do our best to keep this information secure.
      No information security system is perfect so please remember to be careful.
   2. Where will your data be stored? The information we hold will primarily be stored and processed in the
      EU, but there may be circumstances where we need to work with trusted third parties outside of the EU in
      order to provide the Services to you (e.g. where we run servers in the US). By submitting your personal
      data, you explicitly agree to such transfer, storing or processing of data outside the EU. We will take
      all steps reasonably necessary to ensure that this information is treated securely and in accordance with
      this Privacy Policy.
   3. All information we hold is stored on our secure servers (which we own or license from appropriate third
      parties). We use industry standard procedures and security standards to prevent unauthorised access to our
      servers, however no online service or website can be completely secure, so please protect the data in your
      possession as well.
8. THIRD PARTY WEBSITES

   Our Platform may contain links to third party websites. If you follow a link to a third-party website,
   please note that this Privacy Policy does not apply to those websites. We are not responsible or liable for
   the privacy policies or practices of those websites, so please check their policies before you submit any
   personal data to those websites.

9. SECURITY

   We take data security seriously. We implement and maintain appropriate technical and organisational
   measures including resilient security systems and protocols to protect the personal data we store.

10. ACCESSING YOUR PERSONAL DATA AND YOUR RIGHTS
    

    As a result of us collecting and processing your personal data, you have the following legal rights:

    1. to access personal data we hold on you;
    2. to request us to make any changes to your personal data if it is inaccurate or incomplete;
    3. to request your personal data is erased where we do not have a compelling reason to continue to
       process such personal data in certain circumstances;
    4. to receive your personal data provided to us as a data controller in a structured, commonly used and
       machine-readable format where our processing of the personal data is based on: (i) your consent; (ii)
       our necessity for performance of a contract to which you are a party to; or (iii) steps taken at your
       request prior to entering into a contract with us and the processing is carried out by automated
       means;
    5. to object to, or restrict, our processing of your personal data in certain circumstances;
    6. if we use your personal data for direct marketing, you can ask us to stop and we will comply with
       your request;
    7. if we use your personal data on the basis of having a legitimate interest, you can object to our use
       of it for those purposes, giving an explanation of your particular situation, and we will consider
       your objection;
    8. to object to, and not be subject to a decision which is based solely on, automated processing
       (including profiling), which produces legal effects or could significantly affect you; and
    9. if we are processing your personal data with your consent, you can withdraw your consent at any time.
       Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your
       withdrawal, nor will it affect the processing of your personal data conducted pursuant to lawful
       processing grounds other than consent. You may do so by contacting us;
    10. to lodge a complaint with a data protection supervisory body, which at present, is the Information Commissioner’s Office.
11. OUR POLICIES CONCERNING CHILDREN

    We recognize we have a special obligation to protect personal data obtained from children. Legally you must
    be at least 13 years old to use the Platform. We do not and will not knowingly collect personal data from
    any child under the age of 13 without consent from their parent or guardian. If you are a parent or guardian
    and are concerned about the transfer of personal data about your child, please contact [email protected]

12. CONTACTING US AND CHANGES TO YOUR PERSONAL DATA

    If you have any questions or comments about this Privacy Policy or your personal data, or if you want to
    exercise any of your rights, including as set out in paragraph 9 above, or you wish to withdraw your
    consent where we have stated we are processing your personal data based on your consent, then please
    contact our Data Protection Officer:

    1. via e-mail at: [email protected];
    2. via post to: Prodromou, 75, 4th Floor 2063, Nicosia, the Republic of Cyprus
13. CHANGES TO THIS PRIVACY POLICY
    
    1. Any changes we may make to this Privacy Policy in the future will be posted on this page and, where
       appropriate, notified to you by email. Please check back regularly to keep informed of updates or changes
       to this Privacy Policy.
    2. This Privacy Policy was last updated in April 2019.