NFT PLATFORM PRIVACY AND COOKIES POLICY

Last update: September 28, 2022.

This Privacy and Cookies Policy describes how ANHEUSER-BUSCH INBEV SA/NV, a company organized and existing under the laws of Belgium, having its registered office at Grote Markt 1, 1000 Brussels, Belgium, registered with the Register of Legal Entities under company number VAT 0417.497.106 RPM Brussels and its Affiliates including the listed in the appendix 1 (“ABI”, “we”, “our” or “us”) collect, use, share, and otherwise process personal data (defined below) as controller about visitors to this platform (the “Platform”). The main purpose of the Platform is to provide users with the opportunity to purchase and collect non-fungible tokens (“NFTs”) that are associated with exclusive content from ABI.

In this Privacy and Cookie Policy, "personal data" means information that (either in isolation or in combination with other information held by us) enables you to be identified as an individual or recognized directly or indirectly.

Overview

This Privacy Policy is not part of the Terms of Use and shall be read as an independent document provided to ensure that you feel safe and happy visiting and using our Platform and to give you a comprehensive guide as to what we, as a Data Controller, do with your personal data and more specifically how we collect, use, and pass on your personal data when you use this Platform. This Privacy and Cookie Policy also describes our use of cookies, how your personal data is secured and how you can contact us about our privacy practices, including:

1. Data collection: What information do we collect?. 2
2. For which purposes do we use your information and on which legal bases?. 2
3. How do we share your information?. 4
4. How long do we retain your personal data?. 4
5. What are your rights?. 5
6. Third-Party Sites and functionalities. 6
7. Do-Not-Track Signals and Similar Mechanisms. 6
8. Cookies and similar technologies. 6
9. LOCATION DATA.. 7
10. Security. 7
11. Children’s Privacy. 7
12. California Privacy Rights and Supplemental California Privacy Notice. 8
13. Changes to this Privacy and Cookie Policy. 9
14. Who to contact in case you have questions or requests. The data protection contact point 9

Please read this Privacy and Cookie Policy before using or submitting any personal data on this Platform.

By accessing and using this Platform, you confirm that you have read and that you understand the way we collect, process, use, and disclose your personal data as described herein.

Please note that before using or submitting personal data on certain sections of this Platform, you may be asked to confirm electronically your understanding and acceptance of this Privacy and Cookie Policy by ticking a specific box(es). Your use of this Platform or your affirmative action in ticking that box and/or clicking on that button signify that you understand and agree to the collection, processing, use, and transfer of your personal data as described in this Privacy and Cookie Policy.

1. Data collection: What information do we collect?

Depending on the purpose of the processing, we may need to process the following categories of personal data about you:

• Contact information: your personal details such as name, address, email, online identifier, username, phone number, date of birth.
• Information you submit or post in a public space on this Platform or your social media account when you choose to link it to this Platform (posts, photos, followers, social media handle)
• Connection and/or browsing data that we collect by using cookies and similar tracking technologies as described under Section 8.
• Financial information: if you are making a purchase on this Platform, our platform may ask for your payment details such as credit card information and information related to your cryptocurrency wallet. In such events, it is our policy to redirect you to a payment processing portal hosted by third-party payment companies. Please read the privacy policy on such third-party payment companies’ websites regarding the use, storage, and protection of your credit card information and cryptocurrency information before submitting such information.
• Digital wallet information: whenever you purchase an NFT-certified digital collectible, we will process information related to the digital wallet in which the NFT will be recorded.
• Know Your Client and Anti-Money Laundering procedures: we may receive information in connection with our Know Your Client and Anti-Money Laundering compliance activities. This may include the processing of your name, date of birth, address, and government ID to confirm your identity and additional checks to combat unlawful activities and to prevent fraud.

We collect this information from various sources, including from you when you provide your information to us, and when we collect it automatically, as described below under Section 8. We may also collect your information from other sources, including from digital wallets, payment services, and platforms that you have connected to or used with the Platform, as well as from public and commercially available sources when permitted by the applicable law.

2. For which purposes do we use your information and on which legal basIs?

The main purpose of the Platform is to provide users with the opportunity to purchase and collect non-fungible tokens (“NFTs”) that are associated with exclusive content from ABI.

Depending on the actions that you wish to perform on the Platform and subject to applicable laws, we will process your personal data for the following purposes, as justified on the following legal bases:

Where required under applicable law, we will also collect your express consent to any of the above-mentioned activities. Please see Section 5 for information about how to withdraw consent you have provided.

3. How do we share your information?

For the purposes for which we collect your personal data and subject to the appropriate legal basis described under Section 2 above, we may disclose your personal data to the following categories of recipients:

1. Affiliates and subsidiary companies of ABI, primarily for business and operational purposes;
2. Serviceproviders: companies that provide services to ABI for the purposes of providingthe Platform, including hosting, data storage, development, and technical support services. We adopt measures to ensure that these service providers will only process your personal in compliance with the applicable data protection laws.
3. Third parties to complete transactions and provide you with NFTs: companies that are involved in fulfilling transactions, such as Top Drawer (for merch claim); companies that provide our NFT store; companies that provide payment and financial transactions such as Shopify. Digital wallet providers or unaffiliated payment service providers that you choose to purchase an NFT or third parties that mint your NFT. Depending on your location, companies that support us with any applicable sweepstakes, such as Probability, LLC. These parties may have their own privacy policies.
4. Other parties when required by law: ABI may share your personal data with other third parties:
   • to comply with the law, regulatory requests, court orders, subpoena, or legal processes;
   • to verify or enforce compliance with ABI’s policies and agreements; and
   • to protect the rights, property or safety of ABI, its customers, visitors to this Platform and/or the public.
5. Other parties in connection with corporate transactions such as a merger, acquisition, sale of assets, joint venture, or any other transaction that results in a change in control or ownership of ABI or its assets, in whole or in part.

For service efficiency purposes, some of these recipients are located in territories outside the country where your personal data has been collected, including countries which may not offer a level of data protection comparable to that of the country where your data has been collected. In particular, the Platform is hosted on servers in the United States. In such cases, we inform you that, where required under applicable data protection law, we will transfer your data with adequate safeguards designed to keep your data safe and complying with the relevant privacy legislation. With our providers that process data on our behalf and as per our instructions, where legally required, we have Standard Contractual Clauses, as approved by the European Commission, the contents of which you may consult through the following link: https://ec.europa.eu/info/law/law-topic/data-protection/.

4. How long do we retain your personal data?

For personal data that we collect and process for the purposes outlined in Section 2, we will typically retain such personal data for as long as it is necessary to fulfil each of these purposes.

Whenever your personal information is processed to comply with legal obligations, such retention periods may vary depending on the laws and regulations applicable in the countries in which we operate.

Please note that NFT transactions are not implemented by ABI. Due to the intrinsic nature of blockchain operations, some personal data shared with third parties for effectuating NFT transactions will be permanently stored via blockchain technologies As these operations are not under ABI control or influence, you understand that we cannot guarantee exercising of rights mentioned in Section 5 below and the application of data retention on these processing operations.

5. What are your rights?

Where applicable and under the conditions set forth under applicable data protection laws, you may have the following rights concerning the processing of your personal data:

• Confirmation and information. The right to request confirmation of the existence of the processing and to obtain information about the public or private entities with which ABI has shared your personal data.
• The right to request information on the data we store concerning you as well as the purpose of storage and a copy of the personal data we are processing about you, and to request that we provide it to you in electronic form pursuant to law. If you require multiple copies of your personal data, we may charge a reasonable administration fee.
• Rectification.The right to request that any incomplete or inaccurate personal data that we process about you is amended.
• The right to request that we delete personal data that we process about you, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. You may also have to right to request the anonymisation, blocking or deletion of unnecessary, excessive, or non-conforming personal data.
• The right to request that we restrict our processing of your personal data where:
  • you believe such data to be inaccurate;
  • our processing is unlawful; or
  • we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
• Portability.The right to request that we transmit the personal data we hold in respect of you to another data controller, where this is:
  • personal information which you have provided to us; and
  • we are processing that data based on your consent or in order to perform our obligations under contract to you (such as to provide legal services).
• Where the legal justification for our processing of your personal data is our legitimate interest, the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
• Withdrawing Consent. If you have consented to our processing of your personal data, the right to withdraw your consent at any time, free of charge. Consent withdrawal will have effects on future processing operations.

You may exercise these rights by sending a written request to our data protection contact (see Section 14). Please note that these rights are not absolute and there are relevant exceptions under applicable data protection laws. At our discretion we may require you to prove your identity before providing the requested information or addressing certain other requests.

If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.Access a list of local data protection authorities in EEA countries.

If you are in Brazil, you can contact the Brazilian Data Protection Authority here.

6. Third-Party Sites and functionalities

We are not responsible for the security or privacy of any information collected by other websites, applications, or other services or by your mobile operating system operator, wireless carrier, or other similar providers. You should exercise caution and review the privacy statements applicable to the third-party websites, applications, and services you use.

To perform payment transactions with cryptocurrency and to record and transact NFTs, you will be directed to third-party platforms which are not managed by ABI. For example, the e-commerce functionality on the Platform is operated by Top Drawer Merch, as well payments methods that are managed by Shopify. You may be required to have a digital wallet account with a third party to purchase NFTs. In addition, your NFT will be hosted on a blockchain network operated by a third party. You understand that such providers will be acting independently as data controllers and that the processing of your personal data will be subject to the privacy policies made available to you on the platforms of those service providers.

7. Do-Not-Track Signals and Similar Mechanisms

Some web browsers may transmit “do-not-track” signals to websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them.

We activate tracking technologies on this site following your consent provided via the cookies banner. Please note that this consent will overwrite any general signal or blocker from your browser asking not to track. In case you would like to have more information on this topic, please see section 8.

8. Cookies and similar technologies

8.2. What are cookies and similar tracking technologies?

We and our third-party partners may use cookies, pixels, and other tracking technologies (collectively, “cookies”) on the Platform. Browser cookies are small pieces of data being placed on the hard drive of a visitor’s device. With the help of cookies you can store information for a certain period of time and identify the user’s device. For a better user experience and an individual representation of performance we use permanent cookies. We also use so-called session cookies which are automatically deleted once you close your browser. You can set your browser to inform you of the potential downloading of cookies. The Platform uses different types of cookies as explained below.

For “strictly necessary cookies” we are processing your personal data for our legitimate purposes explained below. With regards to “performance cookies”, “functional cookies” and “targeting cookies”, we are processing your personal data based on your consent for the purposes explained below. Your consent is collected and registered following the selection of your cookie preferences in our cookie banner. In case you would like to change your cookies preferences, please go to “cookie settings” at the end of this Section 8.

8.3. Strictly Necessary Cookies

These cookies are necessary for the Platform to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for Services, such as setting your privacy preferences, logging in or filling in forms.

Depending on your browser settings, you may be able set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

8.4. Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. They may be set by us or by third party providers whose services we have added to our pages.

All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance, and some or all of the services from third party providers we have added to our pages may not function properly.

8.5. Targeting Cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will still receive advertising, but it may be less relevant.

9. LOCATION DATA

We may collect and use information about the location of the device you are using to help us identify the country where you are located and (a) redirect you to the relevant Platform for your country; and (b) improve security of the Platform; and (c) comply with legal restrictions regarding the use of the Platform.

10. Security

We have put in place technical and organisational security measures designed to protect against unlawful or unauthorised access or use of your personal data, as well as against accidental loss or damage to the integrity of your personal data. However, no one can guarantee the complete safety of your information.

11. Children’s Privacy

Our Platform is not to directed to or intended for individuals under the legal drinking age. If we learn that an individual under the legal drinking age has provided us with personal information, we will delete it in accordance with law. If you are under the legal drinking age and have entered this Platform by providing a false date of birth, you must immediately leave this Platform.

12. California Privacy Rights and Supplemental California Privacy Notice

The California Consumer Privacy Act of 2018 ("CCPA") requires us to provide additional privacy-related information to residents of California.

12.1. CCPA Disclosures

The section entitled "Data Collection: What Information Do We Collect?” above (Section 1) lists the categories of personal information we have collected about California residents in the preceding 12 months. These categories of personal information correspond with the following categories of personal information provided under the CCPA:

• Identifiers including name, postal address, unique personal identifier, online identifier, username, IP address, email address and account name;
• Information that identifies or is capable of being associated with you including payment information and social media information;
• Information about products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies;
• Geolocation data, for compliance purposes and to provide you relevant services;
• Internet or another electronic network activity information;
• Inferences drawn from any of the information identified above reflecting your preferences and characteristics.

The section entitled "For Which Purposes Do We Use Your Information And On Which Legal Basis?” above (Section 2)lists the business and commercial purposes for which we collect California residents’ personal information. As described above in the section entitled "How do we share your information?” (Section 3), we also share and/or disclose your personal information as follows:

• Sharing your personal information for business purposes: we may share the following categories of your personal information with service providers, third parties, business partners, public or government (including enforcement) authorities, creditors, and successors for our business purposes: identifiers, information capable of being associated with you, information about products and services, internet or other electronic activity information (as described above), geolocation information, and inferences drawn from information about you. As described above, examples of business purposes include performing transactions, registering accounts, managing our relationship with you, and monitoring for security threats and fraud.

• Sharing your personal information for commercial or other purposes: we may share the following categories of your personal information with third parties, business partners, and affiliates in a manner that constitutes a "sale" under California law: identifiers, information capable of being associated with you, information about products and services, internet or other electronic activity information (as described above), geolocation information, and inferences drawn from information about you. This information may be shared for the following purposes: personalization, analytics, marketing, retargeting, and sales.

• Limitation or Opt-Out from Sales of Personal Data. You may have the right to limit the use or disclosure of your personal data with third parties.

12.2. California Residents' Privacy Rights

Subject to certain exceptions and qualifications, as a California resident, you have the right to: (i) request access to your personal information; (ii) request deletion of your personal information; (iii) request information about the personal information about you that we have "sold" (as such term is defined under California law) to third parties within the past 12 months; and (iv) opt-out of the "sale" of your personal information, as detailed above.

12.3. Do Not Sell My Information

To opt-out of the "sale" of your personal information as described in this section, clickhere.

12.4. Exercising other California consumer rights

Should you wish to request the exercise of your other rights as detailed above with regard to your personal information, you or your authorized agent may submit requests to one of the options provided below in the “Who to contact in case you have questions or requests. The Data Protection contact point” (Section 14).

We may need to take steps, including to request additional information from you, to verify your identity. Please indicate in your request that you are a California resident making a “California privacy rights” inquiry.

13. Changes to this Privacy and Cookie Policy

Except to the extent limited by applicable law, ABI may decide at any time − at its discretion − to change, modify, and/or add all or parts of this Privacy and Cookie Policy in the future. Any change to this Privacy and Cookie Policy will be posted on this page and, notified to you by e-mail (where appropriate or required by law and to the extent that we have your e-mail address). We will indicate at the top of this Privacy and Cookie Policy the date on which the Policy was last modified.

Where required by law, we may also ask you to expressly confirm your consent to the modified Privacy and Cookie Policy.

14. Who to contact in case you have questions or requests. The data protection contact point

ABI has in place a data protection contact point available for you to submit your questions or requests relating to the processing of your personal data. You can access this data protection contact point in our global “contact us” website (https://contactus.ab-inbev.com). Please select the typology “Contact Data Protection Officer” in the ContactUs Form.

If you are in the EEA, you can also contact our appointed data protection officer, FIRST PRIVACY GmbH, at: abi-team@firstprivacy.com or +49 421 69663282.

If you are in Brazil, you can contact our appointed data protection officer at: dataprivacy@ambev.com.br.

When you exercise these rights, you may have to provide ABI with the minimum information set forth in applicable data protection law, such as your name, e-mail address and your request details. Please be aware that ABI will require such information in order to process your request. Other details are optional for you to share with us. Your personal details will be saved only so that we can respond to your request and will be deleted when they are no longer necessary for the original purpose, unless there are legal requirements stipulating the retention of these data.

Please contact our data protection contact point or our data protection officer indicated above if you wish to exercise your rights as data subject (see Section 5 (Rights) above).

Thank you for visiting our Platform.

©2022, Anheuser-Busch InBev