Privacy Policy

1.

Introduction

a.

Purpose of the Privacy Policy

This Privacy Policy aims to inform users about how AuroraWise Limited ("AuroraWise," "AW," "we," "us," or "our"), a financial technology company registered under company number 15186955 in the United Kingdom, collects, uses, discloses, and protects the personal information of its users ("you" or "your"). This policy applies to all users of the AuroraWise platform, website, mobile application, and related services (collectively, the "Services"), including but not limited to retail investors in the United Kingdom.
We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices regarding the collection, use, storage, sharing, and protection of your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please refrain from using our Services.

b.

Scope of the Privacy Policy

This Privacy Policy applies to all personal information collected, used, or disclosed by AuroraWise in connection with the Services. It covers information collected through our website, mobile application, platform, and any other channels where we interact with users.
This Privacy Policy also applies to personal information collected by AuroraWise from third-party sources, such as credit reference agencies, retail banks, HMRC tax records, social media platforms, and messaging platforms, to the extent permitted by applicable laws.
The Privacy Policy does not apply to any third-party websites, applications, or services that may be linked to or accessible through our Services. We encourage you to review the privacy policies of those third parties to understand their data practices.

c.

Definition of key terms

For the purposes of this Privacy Policy, the following key terms are defined as:

  1. "Personal information" refers to any information that directly or indirectly relates to an identified or identifiable natural person. This may include but is not limited to, name, address, email address, phone number, financial information, and online identifiers.
  2. "Processing" means any operation or set of operations performed on personal information, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  3. "Data controller" refers to the entity that determines the purposes and means of processing personal information. In this case, AuroraWise Limited is the data controller for the personal information collected in connection with the Services.
  4. "Data processor" refers to the entity that processes personal information on behalf of the data controller. AuroraWise may engage third-party data processors to assist in providing the Services.
  5. "Consent" means any freely given, specific, informed, and unambiguous indication of the user's wishes by which they, through a statement or clear affirmative action, signify agreement to the processing of their personal information.

By providing clear definitions and explanations in the introduction, AuroraWise aims to ensure that users have a comprehensive understanding of the purpose, scope, and key terms used throughout the Privacy Policy.

2.

Information We Collect

AuroraWise collects various types of personal information from users in order to provide, maintain, and improve our Services. We collect this information directly from users, through automated means, and from third-party sources. The types of information we collect may include:

a.

Personal Information

  1. Identity Information
    1. Full name, including middle name
    2. Date of birth
    3. Gender
    4. Father's name
    5. Mother's name
    6. Guardian's name
  2. Contact Information
    1. Residential address, including postcode
    2. Billing address, including postcode
    3. Gender
    4. Email address
    5. Phone number
  3. Employment Information
    1. Occupation
    2. Employer name and address
    3. Employment status
    4. Employment history
  4. Education Information
    1. Highest level of education
    2. Educational institutions attended
    3. Qualifications obtained

b.

Financial Information

  1. Income Information
    1. Gross income
    2. Net income
    3. Sources of income (e.g., employment, investments, rental properties)
    4. Frequency of income (e.g., monthly, annually)
    5. Dates of income receipt
  2. Tax Information
    1. Tax identification number (e.g., National Insurance Number)
    2. Tax code
    3. Tax allowances and deductions
    4. Tax payment history
  3. Expense Information
    1. Types of expenses (e.g., housing, transportation, utilities, groceries)
    2. Amounts of expenses
    3. Frequency of expenses
  4. Liability Information
    1. Mortgages (e.g., lender, outstanding balance, monthly payments, interest rate)
    2. Loans (e.g., personal loans, student loans, car loans)
    3. Credit card balances and limits
    4. Other debts and financial obligations
  5. Asset Information
    1. Bank account details (e.g., account numbers, balances, transaction history)
    2. Investment accounts (e.g., brokerage accounts, ISAs, pensions)
    3. Property ownership and value
    4. Vehicle ownership and value
  6. Credit Information
    1. Credit scores and reports
    2. Credit history, including past credit applications and decisions

c.

Transactional Information

  1. Records of purchases, sales, and other transactions made through the Services
  2. Payment information, such as bank account details or payment card information
  3. Transaction amounts, dates, and counterparties

d.

User-Generated Content

  1. Profile information, such as biography, profile picture, and interests
  2. User preferences and settings
  3. Uploaded documents, images, or videos
  4. Comments, feedback, and reviews provided through the Services
  5. Messages and communications sent through the Services

e.

Usage Information

  1. IP address
  2. Device type, operating system, and browser type
  3. Referring and exit pages, and clickstream data
  4. Dates and times of access
  5. Pages viewed and features used within the Services
  6. Search queries made through the Services

f.

Location Information

  1. Approximate geographic location based on IP address
  2. Precise location (if permitted by the user's device settings)

g.

Cookies and Similar Technologies

  1. Information collected through cookies, web beacons, and other tracking technologies
  2. Unique device identifiers
  3. Advertising IDs
  4. Information about user preferences, interests, and online behaviour

h.

Information from Third-Party Sources

  1. Credit reference agencies
  2. Retail Banks
  3. HMRC tax records
  4. Electoral register
  5. Social media platforms
  6. Messaging platforms
  7. Publicly available sources

Please note that the specific types of information collected may vary depending on the nature of the Services used and the user's interactions with AuroraWise. We will only collect personal information that is necessary for the purposes outlined in this Privacy Policy and in accordance with applicable data protection laws.
If you choose not to provide certain personal information when requested, we may not be able to provide you with the full range of Services or features available through the AuroraWise platform.

3.

How We Use Your Information

AuroraWise uses the personal information collected from users for various purposes, including providing and improving our Services, personalizing user experiences, communicating with users, and complying with legal obligations. We may use your information for the following specific purposes:

a.

Providing and Improving Our Services

  1. To create and maintain user accounts
  2. To process transactions and deliver the Services requested by users
  3. To provide customer support and respond to user inquiries
  4. To assess user eligibility for specific products or services
  5. To develop, test, and improve new features and functionality
  6. To conduct research and analysis to understand user needs and preferences
  7. To monitor and analyse usage trends and patterns
  8. To troubleshoot and resolve technical issues
  9. To maintain the security and integrity of our Services

b.

Personalization and Profiling

  1. To tailor the content, features, and advertisements displayed to users
  2. To recommend products, services, or information that may be of interest to users
  3. To create user profiles based on information such as:
    1. Initial knowledge assessment, financial literacy, end-of-module tests, simulation outcomes, and performance in the sandbox environment
    2. Past and current trade performance
    3. Information about who the user follows and copies their strategy for trade
    4. Information on what stories users liked, bookmarked for follow-up and shared
    5. Various third-party integrations that the user follows or uses and for what purpose
    6. Information about the genre and literacy level of users
    7. Cookies and other tracking methods to assess user interests, preferences, and buying behaviour
  4. To use artificial intelligence (AI) and machine learning to:
    1. Determine user affordability and product eligibility
    2. Recommend products and services
    3. Provide investment and financial well-being advisory
    4. Curate personalized financial intelligence

c.

Marketing and Advertising

  1. To send promotional emails, newsletters, and other marketing communications
  2. To display targeted advertisements on our Services or third-party platforms
  3. To measure the effectiveness of our marketing and advertising efforts
  4. To organize events, promotions, surveys, and other marketing activities

d.

Communication and Customer Support

  1. To send administrative notices, updates, and alerts related to the Services
  2. To respond to user comments, questions, and requests for assistance
  3. To provide information about changes to our Services, policies, or terms
  4. To request user feedback and ratings
  5. To communicate with users for other purposes related to the Services

e.

Legal Obligations and Protection of Rights

  1. To comply with applicable laws, regulations, and legal processes
  2. To enforce our Terms of Service, Privacy Policy, and other policies
  3. To investigate and prevent fraudulent, unauthorized, or illegal activities
  4. To protect the rights, property, and safety of AuroraWise, our users, and the public
  5. To establish, exercise, or defend legal claims

f.

Aggregated and Anonymized Data

  1. To create aggregated or anonymized data that does not identify individual users
  2. To use aggregated or anonymized data for statistical analysis, research, and business purposes
  3. To share aggregated or anonymized data with third parties, such as advertisers, partners, or the public

We will only use your personal information for the purposes described in this Privacy Policy or as otherwise disclosed to you at the time of collection. If we intend to use your personal information for a new or different purpose, we will obtain your consent or provide you with an opportunity to opt out, as required by applicable law.
We will retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods may vary depending on the type of information and the applicable legal requirements.

4.

Information Sharing and Disclosure

AuroraWise may share or disclose your personal information in certain circumstances, as described below. We will only share your information with third parties when necessary for the purposes outlined in this Privacy Policy or as required by law.

a.

Service Providers and Business Partners

  1. We may share your personal information with third-party service providers and business partners who assist us in providing, maintaining, and improving our Services. These may include:
    1. Payment processors and financial institutions
    2. Cloud storage and hosting providers
    3. Analytics and advertising platforms
    4. Customer support and communication services
    5. Fraud detection and prevention services
    6. Identity verification and background check providers
  2. We require these third parties to maintain the confidentiality and security of your personal information and to use it only for the purposes specified in our agreements with them.

b.

Structured Product Providers

  1. When executing structured product agreements between users and third-party providers, such as investment banks, wealth management entities, brokers, and agents, we may share necessary personal information to facilitate the transaction.
  2. The information shared may include identity, contact, and financial information required to complete the agreement and comply with applicable laws and regulations.

c.

Credit Reference Agencies and Compliance Vendors

  1. We may share your personal information with credit reference agencies for the purpose of assessing your eligibility for instalment-based products or services.
  2. We may also share your information with vendors performing Know Your Customer (KYC) or other compliance checks, as required by law or to prevent fraudulent activities.

d.

Legal Requirements and Protection of Rights

  1. We may disclose your personal information if required to do so by law, regulation, or legal process, such as a court order or subpoena.
  2. We may also disclose your information if we believe, in good faith, that such disclosure is necessary to:
    1. Comply with a legal obligation.
    2. Protect and defend the rights, property, or safety of AuroraWise, our users, or the public.
    3. Prevent or investigate possible wrongdoing in connection with the Services.
    4. Enforce our Terms of Service, Privacy Policy, or other agreements.

e.

Business Transfers and Corporate Restructuring

  1. In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, your personal information may be among the assets transferred to the acquiring entity.
  2. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

f.

Aggregated and Anonymized Data

  1. We may share aggregated or anonymized data that does not identify individual users with third parties, such as advertisers, partners, or the public.
  2. This data may be used for statistical analysis, research, or business purposes, and may be shared in the form of reports or insights.

g.

Affiliates and Subsidiaries

  1. We may share your personal information with our affiliates and subsidiaries, who may use it for the purposes described in this Privacy Policy.
  2. Our affiliates and subsidiaries are bound by the same privacy and security obligations as AuroraWise.

h.

Consent and User Requests

  1. We may share your personal information with third parties if you have given us your consent to do so, or if you have requested that we share your information with a specific third party.
  2. You may revoke your consent or request at any time, subject to legal or contractual restrictions and reasonable notice.

We will not sell, rent, or lease your personal information to third parties for their marketing purposes without your explicit consent.
If we share your personal information with third parties, we will use reasonable efforts to ensure that they maintain appropriate safeguards to protect your information and use it only for the purposes specified in our agreements with them.
We may also disclose your personal information in other ways, with your prior consent or as otherwise permitted or required by law.

5.

Your Choices and Rights

At AuroraWise, we respect your privacy rights and strive to provide you with meaningful choices regarding the collection, use, and sharing of your personal information. This section outlines the choices and rights you have in relation to your personal information.

a.

Accessing and Updating Your Information

  1. You have the right to access, correct, and update the personal information we hold about you.
  2. You can review and update certain account information by logging into your AuroraWise account and visiting the account settings page.
  3. If you need assistance accessing or updating your information, or if you wish to request a copy of the personal information we have about you, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

b.

Deleting Your Account

  1. You have the right to request the deletion of your AuroraWise account and the personal information associated with it.
  2. To delete your account, please log into your account, navigate to the account settings page, and follow the instructions for account deletion. Alternatively, you can contact us directly with your deletion request.
  3. Please note that certain information may be retained for legal, regulatory, or business purposes, as permitted by applicable law.

c.

Opting Out of Marketing Communications

  1. You have the right to opt-out of receiving marketing communications from AuroraWise.
  2. You can unsubscribe from our marketing emails by clicking the "Unsubscribe" link at the bottom of the email or by contacting us directly.
  3. Please note that even if you opt-out of receiving marketing communications, we may still send you important transactional or administrative messages related to your account and the Services.

d.

Cookies and Tracking Technologies

  1. You have the right to control the use of cookies and similar tracking technologies on your device.
  2. Most web browsers are set to accept cookies by default. You can usually change your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies may affect the availability and functionality of our Services.
  3. For more information on how we use cookies and similar technologies, please refer to our Cookie Policy.

e.

Data Portability

  1. You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.
  2. You also have the right to request that we transfer your personal information to another data controller, where technically feasible.
  3. To exercise your data portability rights, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

f.

Right to Object and Restrict Processing

  1. You have the right to object to the processing of your personal information, including for direct marketing purposes.
  2. You also have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when the processing is unlawful.
  3. To exercise these rights, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

g.

Right to Withdraw Consent

  1. Where we rely on your consent as the legal basis for processing your personal information, you have the right to withdraw your consent at any time.
  2. Withdrawing your consent will not affect the lawfulness of any processing carried out before you withdrew your consent.
  3. To withdraw your consent, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

h.

Lodging a Complaint

  1. If you have any concerns or complaints about how we handle your personal information, you have the right to lodge a complaint with the relevant supervisory authority.
  2. In the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO). You can find more information about lodging a complaint on the ICO's website: https://ico.org.uk/make-a-complaint/.

We will respond to your requests to exercise your rights within the timeframes required by applicable law. Please note that in some cases, we may need to verify your identity before processing your request or may have valid legal reasons to deny your request.
If you have any questions or need assistance exercising your rights, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

6.

Data Security

At AuroraWise, we take the security of your personal information seriously and have implemented appropriate technical and organizational measures to protect your data from unauthorized access, use, disclosure, alteration, or destruction.

a.

Secure Data Storage and Transmission

  1. We store your personal information on secure servers and systems that are protected by firewalls, encryption, and other industry-standard security measures.
  2. When transmitting sensitive information, such as financial data or payment details, we use secure encryption protocols, such as Transport Layer Security (TLS) or Secure Socket Layer (SSL), to ensure the confidentiality and integrity of the data.

b.

Access Controls and Authentication

  1. We employ strict access controls to ensure that only authorized personnel can access your personal information on a need-to-know basis.
  2. Our employees and contractors are required to sign confidentiality agreements and undergo training on data protection and security best practices.
  3. We use multi-factor authentication, strong passwords, and regular access reviews to prevent unauthorized access to our systems and data.

c.

Third-Party Security Measures

  1. When sharing your personal information with third-party service providers or business partners, we require them to maintain appropriate security measures to protect your data.
  2. We conduct regular security assessments and audits of our third-party providers to ensure they meet our security standards and comply with applicable data protection laws.

d.

Data Breach Response Plan

  1. We have implemented a comprehensive data breach response plan to detect, investigate, and respond to any suspected or confirmed security incidents promptly.
  2. In the event of a data breach that may affect your personal information, we will notify you and the relevant authorities as required by applicable law and take appropriate measures to mitigate any potential risks or damages.

e.

Regular Security Monitoring and Updates

  1. We continuously monitor our systems and networks for potential vulnerabilities and threats, and regularly update our security measures to address new risks and maintain a high level of protection.
  2. We keep abreast of the latest security best practices and industry standards to ensure that our security measures remain effective and up-to-date.

f.

Employee Training and Awareness

  1. We provide regular training and awareness programs to our employees and contractors on data protection, security best practices, and the importance of maintaining the confidentiality and integrity of personal information.
  2. Our employees are required to comply with our internal security policies and procedures, which are designed to safeguard your personal information and prevent unauthorized access or disclosure.

g.

Physical Security Measures

  1. We have implemented physical security measures at our offices and data centers to prevent unauthorized access to our systems and data.
  2. These measures include access controls, surveillance systems, and secured storage for physical records containing personal information.

Despite our best efforts, no security measures are perfect or impenetrable. Therefore, while we strive to protect your personal information, we cannot guarantee the absolute security of your data. In the event of a data breach, we will take prompt action to investigate the incident, notify affected individuals, and take appropriate measures to prevent future occurrences.
It is also important for you to take steps to protect your personal information, such as keeping your account credentials secure, using strong passwords, and being cautious when sharing personal information online.
If you have any concerns about the security of your personal information or suspect any unauthorized access to your account, please contact us immediately using the information provided in the "Contact Us" section of this Privacy Policy.

7.

Data Retention

AuroraWise retains your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

a.

Retention Period

  1. We will retain your personal information for the duration of your relationship with AuroraWise, and for a reasonable period thereafter, as required or permitted by applicable law.
  2. The specific retention period may vary depending on the type of personal information, the purpose for which it was collected, and the applicable legal or regulatory requirements.
  3. For example, we may retain your account information for a longer period to comply with tax, accounting, or anti-money laundering laws, or to prevent fraud and abuse.

b.

Criteria for Determining Retention Periods

  1. When determining the appropriate retention period for your personal information, we consider various factors, including:
    1. The purpose(s) for which we collected the information
    2. The sensitivity and volume of the information
    3. The potential risk of harm from unauthorized use or disclosure of the information
    4. The applicable legal, regulatory, tax, accounting, or other requirements
    5. The need to defend against potential legal claims or disputes
    6. The feasibility of anonymizing or pseudonymizing the information while still retaining its utility

c.

Anonymization and Pseudonymization

  1. In some cases, we may choose to anonymize or pseudonymize your personal information instead of deleting it entirely.
  2. Anonymization involves irreversibly altering the personal information so that it can no longer be used to identify an individual, even when combined with other data.
  3. Pseudonymization involves replacing personally identifiable information with a pseudonym or alias, which can only be re-identified with additional information that is kept separately and securely.
  4. Anonymized or pseudonymized data may be retained for longer periods, as it no longer constitutes personal information and is not subject to the same retention limitations.

d.

Data Deletion and Destruction

  1. When your personal information is no longer needed for the purposes for which it was collected, or when required by applicable law, we will securely delete or destroy the information.
  2. We follow industry-standard practices for data deletion and destruction, such as secure wiping, physical destruction of storage media, or other methods that ensure the data is permanently and irreversibly erased.
  3. In some cases, we may be required to retain certain information for legal or regulatory purposes, even after a deletion request has been made. In such instances, we will limit the use of the retained information to the specific purpose for which it is being retained.

e.

Your Rights Regarding Data Retention

  1. You have the right to request the deletion of your personal information, subject to certain exceptions and limitations, as outlined in the "Your Choices and Rights" section of this Privacy Policy.
  2. If you request the deletion of your personal information, we will promptly review your request and take appropriate action in accordance with applicable law.
  3. Please note that deleting your personal information may affect your ability to use certain features or services provided by AuroraWise, and we may need to retain certain information to comply with our legal obligations or enforce our agreements.

f.

Third-Party Data Retention

  1. When we share your personal information with third-party service providers or business partners, we require them to adhere to appropriate data retention policies and securely delete or destroy your information when it is no longer needed for the purposes for which it was shared.
  2. However, we are not responsible for the data retention practices of third parties with whom you choose to share your personal information directly. We encourage you to review the privacy policies and data retention practices of any third parties with whom you share your information.

We periodically review our data retention policies and practices to ensure that we are only retaining your personal information for as long as necessary and in compliance with applicable laws and regulations. If you have any questions or concerns about our data retention practices, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

8.

International Data Transfers

AuroraWise is based in the United Kingdom, but we may transfer your personal information to other countries for processing and storage in accordance with this Privacy Policy and applicable laws.

a.

Legal Basis for Transfers

  1. When transferring your personal information outside of the United Kingdom or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data and comply with applicable data protection laws.
  2. We may rely on various legal bases for international data transfers, including:
    1. Adequacy decisions: We may transfer your personal information to countries that have been deemed to provide an adequate level of data protection by the European Commission or the UK government.
    2. Standard Contractual Clauses: We may use Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office (ICO) when transferring your personal information to countries that do not provide an adequate level of data protection.
    3. Binding Corporate Rules: We may transfer your personal information within our group of companies under Binding Corporate Rules approved by the relevant data protection authorities.
    4. Your consent: In some cases, we may seek your explicit consent to transfer your personal information to a country that does not provide an adequate level of data protection.

b.

Transfers to the United States

  1. If we transfer your personal information to the United States, we will ensure that the recipient is certified under the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework, or that other appropriate safeguards are in place, such as Standard Contractual Clauses.
  2. However, please note that the Privacy Shield Frameworks were invalidated by the Court of Justice of the European Union in July 2020, and we may need to rely on alternative transfer mechanisms or seek your explicit consent for such transfers.

c.

Transfers to Other Countries

  1. If we transfer your personal information to countries other than the United States, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, Binding Corporate Rules, or your explicit consent.
  2. We will carefully assess the data protection laws and practices of the recipient country to ensure that your personal information will be adequately protected in accordance with applicable data protection laws.

d.

Safeguards for Transfers

  1. Regardless of the country to which your personal information is transferred, we will implement appropriate technical, organizational, and contractual safeguards to protect your data and ensure that it is processed in accordance with this Privacy Policy and applicable data protection laws.
  2. These safeguards may include:
    1. Encryption and pseudonymization of personal information
    2. Confidentiality and security obligations imposed on the recipient of the information
    3. Restrictions on the use and disclosure of the information by the recipient
    4. Your rights to access, correct, delete, or object to the processing of your information
    5. The right to seek legal remedies in case of a data breach or violation of your rights

e.

Your Rights Regarding International Transfers

  1. You have the right to receive information about the safeguards we have put in place for international data transfers and to obtain a copy of any Standard Contractual Clauses or other relevant transfer agreements.
  2. If you have concerns about the transfer of your personal information to a specific country, you may object to the transfer or withdraw your consent, where applicable. However, please note that objecting to or withdrawing consent for international transfers may affect our ability to provide certain services to you.

If you have any questions or concerns about our international data transfer practices, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.
We will regularly review and update our international data transfer practices to ensure compliance with applicable data protection laws and to protect your personal information when it is transferred outside of the United Kingdom or the EEA.

9.

Children's Privacy

AuroraWise is committed to protecting the privacy of children and complying with applicable laws and regulations, such as the United Kingdom's Age Appropriate Design Code (AADC) and the United States' Children's Online Privacy Protection Act (COPPA).

a.

Age Restrictions

  1. Our Services are not intended for use by children under the age of 18 or the age of majority in their jurisdiction, whichever is higher.
  2. We do not knowingly collect personal information from children under the age specified above without obtaining verifiable parental consent, except as permitted by applicable law.
  3. If we learn that we have inadvertently collected personal information from a child under the specified age without parental consent, we will take prompt steps to delete the information from our records.

b.

Parental Consent and Control

  1. If we offer Services that are specifically designed for children or where we have actual knowledge that a user is under the age specified above, we will obtain verifiable parental consent before collecting, using, or disclosing the child's personal information, except as permitted by applicable law.
  2. We will provide parents or legal guardians with the ability to review, update, or delete their child's personal information, and to withdraw their consent for the collection, use, or disclosure of their child's personal information at any time.
  3. We will also provide parents or legal guardians with information about our practices regarding the collection, use, and disclosure of children's personal information, and the specific controls available to them.

c.

Information Collected from Children

  1. We will limit the collection of personal information from children to only what is reasonably necessary for their participation in the Services and as permitted by applicable law.
  2. We will not condition a child's participation in an activity or Service on the disclosure of more personal information than is reasonably necessary for that activity or Service.
  3. We will not use children's personal information for marketing or advertising purposes, except as permitted by applicable law and with verifiable parental consent.

d.

Disclosure of Children's Information

  1. We will not disclose children's personal information to third parties, except as necessary to provide the Services, comply with applicable law, or protect the safety of the child or others.
  2. If we disclose children's personal information to third-party service providers, we will ensure that they are contractually obligated to protect the information and use it only for the specific purposes for which it was disclosed.

e.

Age Verification and Parental Notification

  1. Where required by applicable law, we will use reasonable efforts to verify the age of our users and obtain verifiable parental consent for the collection, use, or disclosure of children's personal information.
  2. We may use various methods for age verification and obtaining parental consent, such as requiring a credit card or other online payment system, providing a consent form to be signed and returned, or verifying a parent's identity through a third-party verification service.
  3. If we learn that we have collected personal information from a child under the specified age without parental consent, we will promptly notify the parent or legal guardian and seek to obtain their consent or delete the information from our records.

f.

Educational and Child-Directed Services

  1. If we offer Services that are specifically designed for schools, educational institutions, or other child-directed purposes, we will comply with any additional legal requirements applicable to such Services, such as the Family Educational Rights and Privacy Act (FERPA) in the United States.
  2. We will clearly disclose our practices regarding the collection, use, and disclosure of children's personal information in connection with these Services and obtain any necessary consents from parents, legal guardians, or educational institutions.

If you have any questions or concerns about our practices regarding children's privacy or if you believe that we have collected personal information from a child under the specified age without parental consent, please contact us immediately using the information provided in the "Contact Us" section of this Privacy Policy.
We will regularly review and update our children's privacy practices to ensure compliance with applicable laws and regulations and to protect the privacy and safety of children who use our Services.

10.

Third-Party Links and Services

AuroraWise's Services may contain links to third-party websites, applications, or services that are not owned, controlled, or operated by us. This Privacy Policy does not apply to those third-party services, and we encourage you to review the privacy policies of any third parties before providing them with your personal information.

a.

Links to Other Websites

  1. Our Services may include links to other websites or online services for your convenience and information. These websites may operate independently from AuroraWise and may have their own privacy policies or notices.
  2. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such other websites or online services.
  3. Clicking on links to third-party websites or online services may allow those third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements or practices.
  4. We strongly advise you to review the privacy policy of every website you visit, especially before providing any personal information to those websites.

b.

Third-Party Services and Integrations

  1. Our Services may allow you to connect or interact with third-party services, such as financial institutions, payment processors, or social media platforms, through APIs, SDKs, or other integrations.
  2. When you choose to connect or interact with a third-party service through our Services, you are authorizing AuroraWise to share your personal information with that third party, and the collection, use, and disclosure of your information will be subject to the third party's privacy policy and practices.
  3. We do not control the privacy practices of these third-party services and are not responsible for how they collect, use, or share your personal information. We encourage you to carefully review the privacy policies of any third-party services you connect to or interact with through our Services.

c.

Third-Party Advertisements and Analytics

  1. We may allow third-party advertising companies to serve advertisements on our Services or use web beacons, cookies, or other tracking technologies to collect information about your use of our Services and other websites over time.
  2. These third parties may use this information to display advertisements that are more relevant to you, to measure the effectiveness of their advertising campaigns, or for other purposes.
  3. We may also use third-party analytics services, such as Google Analytics, to collect information about your use of our Services and other websites over time. These analytics providers may use cookies, web beacons, or other tracking technologies to collect this information and may combine it with information collected from other sources.
  4. We do not have control over these third-party advertising companies or analytics providers, and their use of tracking technologies and the information they collect are subject to their own privacy policies.
  5. If you wish to opt-out of interest-based advertising or analytics, you may be able to do so by adjusting your browser settings, using ad-blocking tools, or following the instructions provided by the relevant third-party service.

d.

Social Media Features and Widgets

  1. Our Services may include social media features and widgets, such as the Facebook "Like" button, the Twitter "Tweet" button, or other interactive mini-programs that run on our Services.
  2. These features may collect your IP address and information about which pages you visit on our Services and may set a cookie to enable the feature to function properly.
  3. Your interactions with these features are governed by the privacy policy of the third party providing them, not by this Privacy Policy.
  4. We are not responsible for the privacy practices or content of the social media platforms providing these features, and we encourage you to review their privacy policies before using these features on our Services.

If you have any questions or concerns about the privacy practices of any third parties linked to or from our Services, please contact those third parties directly.
While we strive to work with trusted and reputable third-party partners, we cannot be held responsible for the privacy practices or content of external websites, services, or platforms. We encourage you to be aware of when you leave our Services and to carefully review the privacy policies of any third-party websites or services you visit or use.

11.

Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the Services we offer, or applicable laws and regulations. We will notify you of any material changes to this Privacy Policy and obtain your consent, where required by law, before making any significant changes to how we collect, use, or share your personal information.

a.

Notification of Changes

  1. When we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of the policy and provide a prominent notice on our website or Services, or by sending you an email notification.
  2. We may also provide additional notice or obtain your explicit consent for certain changes, as required by applicable law.
  3. It is your responsibility to review this Privacy Policy periodically to stay informed about our data practices and your rights.

b.

Effective Date of Changes

  1. Any changes to this Privacy Policy will become effective on the date specified in the notice or, if no date is specified, on the date the revised Privacy Policy is posted on our website or Services.
  2. Your continued use of our Services after the effective date of the changes constitutes your acceptance of the revised Privacy Policy.
  3. If you do not agree with the changes to the Privacy Policy, you should stop using our Services and contact us to request the deletion of your personal information.

c.

Archived Versions

  1. We will archive previous versions of this Privacy Policy and make them available on our website or upon request, so that you can review the changes and understand how our data practices have evolved over time.
  2. However, please note that the archived versions of the Privacy Policy are provided for informational purposes only and are not legally binding. The current version of the Privacy Policy, as posted on our website or Services, will always govern our data practices and your use of the Services.

d.

Significant Changes

  1. If we make significant changes to this Privacy Policy that materially affect your rights or the way we collect, use, or share your personal information, we will take additional steps to bring these changes to your attention and obtain your consent, where required by law.
  2. Significant changes may include, but are not limited to:
    1. New purposes for collecting, using, or sharing your personal information that are incompatible with the purposes disclosed in the previous version of the Privacy Policy
    2. Changes to the categories of personal information we collect or the sources from which we collect that information
    3. Expansion of the categories of third parties with whom we share your personal information or the purposes for which we share that information
    4. Changes to your rights or choices regarding your personal information, such as limiting your ability to access, correct, or delete your information
  3. In such cases, we may provide additional notice, such as prominent banners or pop-up notifications on our website or Services, or send you a separate email notification, to ensure that you are aware of the changes and have the opportunity to exercise your rights.

e.

Contact Us

  1. If you have any questions or concerns about the changes to this Privacy Policy or our data practices, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.
  2. We will make every effort to address your inquiries and resolve any issues you may have regarding the changes to the Privacy Policy or the way we collect, use, or share your personal information.

We encourage you to regularly review this Privacy Policy to stay informed about how we protect your privacy and handle your personal information. By continuing to use our Services after any changes to this Privacy Policy become effective, you acknowledge that you have read, understood, and agree to be bound by the revised Privacy Policy.

12.

Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy, our data practices, or your personal information, please do not hesitate to contact us. We are committed to addressing your inquiries and resolving any issues you may have in a timely and transparent manner.

a.

Data Protection Officer

  1. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with applicable data protection laws and handling any privacy-related inquiries or complaints.
  2. You can contact our DPO using the following information:
    1. Name: [DPO Name]
    2. Email: dpo@aurorawise.com
    3. Postal Address:
      1. Data Protection Officer
      2. AuroraWise Limited
      3. 71-75 Shelton Street, Covent Garden
      4. London, WC2H 9JQ
      5. United Kingdom

b.

General Contact Information

  1. For general privacy inquiries or concerns, you can contact us using the following methods:
    1. Email: privacy@aurorawise.com
    2. Contact Form: [Link to contact form on the website]
    3. Postal Address:
      1. Privacy Team
      2. AuroraWise Limited
      3. 71-75 Shelton Street, Covent Garden
      4. London, WC2H 9JQ
      5. United Kingdom
    4. Phone: [Phone number]

c.

Response Time

  1. We will make every effort to respond to your inquiry or complaint within a reasonable period, typically within 30 days of receipt.
  2. If we require additional time to investigate your inquiry or resolve your complaint, we will notify you of the delay and provide an estimated timeline for our response.

d.

Dispute Resolution

  1. If you are not satisfied with our response to your privacy-related inquiry or complaint, you may have the right to lodge a complaint with the relevant supervisory authority, such as the Information Commissioner's Office (ICO) in the United Kingdom.
  2. Before lodging a complaint with a supervisory authority, we encourage you to contact us directly and give us the opportunity to address your concerns.
  3. If we are unable to resolve your complaint to your satisfaction, we will provide you with the contact information for the relevant supervisory authority and assist you in the complaint process, as required by applicable law.

e.

Feedback and Suggestions

  1. We welcome your feedback and suggestions on how we can improve our privacy practices or the clarity and usability of this Privacy Policy.
  2. If you have any ideas or recommendations, please contact us using the information provided above or through any feedback channels we may provide on our website or Services.

f.

Accessibility

  1. We strive to make this Privacy Policy and our communications about privacy accessible to individuals with disabilities.
  2. If you need this Privacy Policy or any related information in an alternative format, such as large print, Braille, or audio, please contact us using the information provided above, and we will make reasonable efforts to accommodate your request.

g.

Language

  1. This Privacy Policy is written in English. If there are any discrepancies or conflicts between the English version and any translated versions of the Privacy Policy, the English version shall prevail.
  2. If you have any questions or concerns about the interpretation of the Privacy Policy in your language, please contact us for clarification.

We are committed to building and maintaining a trusted relationship with our users, and we believe that open, honest, and transparent communication is essential to that goal. If you have any questions, concerns, or feedback about our privacy practices or this Privacy Policy, please do not hesitate to reach out to us. We are here to listen, learn, and work with you to ensure that your privacy is protected, and your personal information is handled with the utmost care and respect.

13.

Specific Provisions for UK Users

As AuroraWise is based in the United Kingdom and subject to UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we have included this section to address specific provisions and rights that apply to users located in the UK.

a.

Legal Basis for Processing

  1. Under the UK GDPR, we are required to have a valid legal basis for processing your personal information. The legal bases we rely on include:
    1. Consent: Where you have provided your explicit, informed, and freely given consent for us to process your personal information for a specific purpose.
    2. Contract: Where processing your personal information is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
    3. Legal Obligation: Where processing your personal information is necessary for us to comply with a legal obligation under UK law.
    4. Legitimate Interests: Where processing your personal information is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your fundamental rights and freedoms.
  2. If you have any questions about the legal basis we rely on for a specific processing activity, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

b.

Your Rights Under UK Data Protection Law

  1. Under the UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal information:
    1. Right to be Informed: You have the right to be informed about how we collect, use, and share your personal information, as set out in this Privacy Policy.
    2. Right of Access: You have the right to request access to the personal information we hold about you and to receive a copy of that information in a structured, commonly used, and machine-readable format.
    3. Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
    4. Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected or when you withdraw your consent (where applicable).
    5. Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when you object to the processing.
    6. Right to Data Portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller, where technically feasible.
    7. Right to Object: You have the right to object to the processing of your personal information, including for direct marketing purposes and where we are relying on legitimate interests as the legal basis for processing.
    8. Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply.
  2. To exercise any of these rights, please contact us using the information provided in the "Contact Us" section of this Privacy Policy. We will respond to your request within the timeframes required by the UK GDPR and will provide you with any additional information required by law.

c.

Data Protection Authority

  1. If you are located in the UK and have any concerns about our data practices or believe that we have violated your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
  2. You can find more information about lodging a complaint with the ICO on their website: https://ico.org.uk/make-a-complaint/.
  3. Before lodging a complaint with the ICO, we encourage you to contact us directly and give us the opportunity to address your concerns.

d.

International Data Transfers

  1. Following the UK's withdrawal from the European Union (Brexit), the UK is considered a third country under the EU GDPR. As a result, transfers of personal information from the European Economic Area (EEA) to the UK must comply with the EU GDPR's requirements for international data transfers.
  2. AuroraWise has implemented appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure that personal information transferred from the EEA to the UK is adequately protected in accordance with the EU GDPR.
  3. If you have any questions or concerns about the transfer of your personal information from the EEA to the UK, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

e.

Retention of Personal Information

  1. We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with our legal obligations under UK law.
  2. When determining the appropriate retention period for your personal information, we will consider factors such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, and whether we can achieve those purposes through other means.
  3. If you have any questions or concerns about our retention of your personal information, please contact us using the information provided in the "Contact Us" section of this Privacy Policy.

f.

Children's Personal Information

  1. If you are a child under the age of 13 and located in the UK, we will not knowingly collect or process your personal information without obtaining verifiable parental consent, except as permitted by the UK GDPR and the Data Protection Act 2018.
  2. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete the information from our records.
  3. If you are a parent or legal guardian and believe that your child under 13 has provided us with personal information without your consent, please contact us using the information provided in the "Contact Us" section of this Privacy Policy, and we will take steps to delete the information.

g.

Cookies and Similar Technologies

  1. We use cookies and similar technologies on our website and Services to collect information about your use of our Services and to provide certain features and functionality.
  2. Under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR), we are required to obtain your consent before placing certain types of cookies on your device, unless the cookies are strictly necessary for the operation of our website or Services.
  3. When you first visit our website or use our Services, we will provide you with information about the types of cookies we use and the purposes for which we use them, and we will ask for your consent to place non-essential cookies on your device.
  4. You can manage your cookie preferences at any time by adjusting your browser settings or using the cookie consent tools we provide on our website.
  5. For more information about the cookies and similar technologies we use and how to manage your preferences, please refer to our Cookie Policy.

We are committed to ensuring that our data practices comply with UK data protection laws and that we protect the rights and freedoms of our UK users. If you have any questions or concerns about how we collect, use, or share your personal information, or if you would like to exercise any of your rights under UK data protection law, please do not hesitate to contact us using the information provided in the "Contact Us" section of this Privacy Policy.