Aura Privacy Policy

1. WHO WE ARE AND WHAT WE DO

We are Aura Intelligence Inc (“Aura”, “us”, “we”, “our”). Aura is the developer and owner of the Aura website located at getaura.ai (the “Aura Website”) and the web-based portal and application which provides certain functionality and tools to analyze and review workforce data and information, which includes, without limitation, all associated computer software, functionality, features, media, printed materials, and “online” or electronic documentation (collectively, the “Aura Portal”). The Aura Portal is available through the website at app.getaura.ai. Aura provides to its clients and their users (individually, a “Client” and collectively, “Clients”) the right to use the Aura Portal pursuant to your agreement with Aura and the Aura Portal Terms of Use (“Terms”) entered into by and between Aura and Clients. Please review our Terms, which governs your use of the Aura Portal and any content you submit to the Aura Portal. Your privacy is important to Aura.

As part of your use of the Aura Website and Aura Portal, Personal Data is gathered about you (individually, a “User” and collectively, “User”). This Privacy Policy contains explanations regarding the types of information collected, how that information may be used or disclosed, and how to correct or change the information. As we operate on a global scale, numerous data protection laws may be relevant to our data processing activities and therefore, we will process your Personal Data in accordance with applicable legislation.

2. PURPOSE OF THIS PRIVACY NOTICE

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

3. WHO THIS PRIVACY NOTICE APPLIES TO

This privacy notice applies to you if:

• You visit our website
• Your organization purchases services from us
• You access our Customer Portal
• You enquire about our products and/or services
• You request a demo from us
• You sign up to receive newsletters and/or other promotional communications from us
• You sign up to a talk

4. WHAT PERSONAL DATA IS

‘Personal Data’ means any information from which someone can be identified either directly orindirectly. For example, you can be identified by your name or an online identifier.

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

5. PERSONAL DATA WE COLLECT

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.

Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

Inferred Gender

In the provision of our services to our clients, we acquire data where an individual's gender has been inferred by our data provider based on their social media profile name. As this information has not been provided by the data subject themselves, Aura does not make any assertion as to whether this particular data is an accurate or a true reflection of a relevant individual's gender. As a result, Aura does not accept any liability for how this data is used by its clients; it is Aura’s clients’ responsibility to ensure that they comply with applicable legislation when processing data where gender has been inferred.

6. HOW WE COLLECT YOUR PERSONAL DATA

We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website.

However, we may also collect your Personal Data from third parties such as:

• reputable companies who provide lead generation contact lists
• others to whom you have provided consent
• publicly available sources such as social media platforms
• reputable companies that provide data on professional individuals

For details about how we use cookies and other tracking technologies, please see our specific page on Cookies and similar technologies.

7. PURPOSES, LAWFUL BASES AND RETENTION PERIODS

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

8. SHARING YOUR PERSONAL DATA

We may share your Personal Data with carefully selected third parties, for example, we may use asupplier to provide services which support the services which we provide to you. In this case, weremain responsible for your Personal Data and will ensure we have a written agreement in place withany third party provider. We currently use third-party suppliers:

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

• for invoice purposes

  • to set up direct debits and payments.
  • for software for internal business purposes
  • for accountancy services
• for communicating with all Aura stakeholders

9. YOUR RIGHTS AND HOW TO COMPLAIN

You have a number of rights in respect of your Personal Data. The specific rights available to you depend on your country of residence. If you are in the European Economic Area (“EEA”) or UK, please refer to Section 10 of this Privacy Policy. If you are a resident of California, please refer to Section 11 of this Privacy Policy. Irrespective of where you reside, we will respect the rights available to you in the relevant jurisdiction.

You can exercise your rights or complain to us about how we use your Personal Data by contacting us using the information set out below.

10. UK/EU GDPR SPECIFIC PROCESSING

You have certain rights in relation to the processing of your Personal Data, including to:

• Right to be informed
  You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.
• Right of access (commonly known as a “Subject Access Request”)
  ‍You have the right to receive a copy of the Personal Data we hold about you.
• Right to rectification
  ‍You have the right to have any incomplete or inaccurate information we hold about you corrected.
• Right to erasure (commonly known as the right to be forgotten)
  ‍You have the right to ask us to delete your Personal Data.
• Right to object to processing
  ‍You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
• Right to restrict processing
  ‍You have the right to restrict our use of your Personal Data.
• Right to portability
  ‍You have the right to ask us to transfer your Personal Data to another party.
• Automated decision-making
  ‍You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
• Right to withdraw consent
  ‍If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
• Right to lodge a complaint
  ‍You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

or by telephone on 0303 123 1113

For supervisory authorities in other countries within the EU see the link below:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.

Transfers of personal data outside the UK/EEA

If you are located in the EEA or UK, we may transfer Personal Data that we collect from you to locations outside of the UK and EEA for processing and storing. Also, it may be processed by employees operating outside the EEA who work for us or for one of our suppliers. For example, employees maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. Where we transfer your information outside of the UK/EEA we will ensure safeguards are in place to ensure it remains secure and adequately protected. We do this by ensuring that:

Your personal data will only be transferred to and processed in a country which has adequacy status as determined by the European Commission or UK Government (whichever is applicable); or

We enter into an International Data Transfer Agreement (“IDTA”) or IDT Addendum or Standard Contractual Clauses (“SCCs”) with the receiving organisation and adopt supplementary measures, where necessary. A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk) A copy of the SCCs can be found

11. CALIFORNIA SPECIFIC PROCESSING

If you are a resident of California, this Privacy Policy applies as follows:

• Aura may sell your following Personal Data within the meaning of the CCPA:

  • Identifiers, such as name, alias and online identifiers
  • Education information
  • Professional or employment-related information, such as your current and past job history and job title

• You have the following rights in respect of your Personal Data to the extent required by the CCPA:

  • You have the right to disclosure of specific information to you about the collection and use of your personal data over the last 12 months.
  • You have the right to request that your personal data is deleted, subject to certain exceptions.
  • You have the right not to be discriminated against for exercising your rights under the CCPA.
  • You have the right to-opt out of your Personal Data being sold.
• To exercise your rights in respect of your personal data you can contact us using the contact details below.
• The Service does not respond to ‘Do Not Track’ signals.
• California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. If this applies to you, please contact us using the contact details below. We will action your request to the extent required by law.
• California Civil Code Section 1798.83 (California's ‘Shine the Light’ law) enables California residents with an established business relationship with us to request information once a year about the sharing of their personal data with third parties for direct marketing purposes. If this applies to you, please contact us using the details provided below.

12. HOW TO CONTACT US AND OUR DATA PROTECTION OFFICER

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us at dataprivacy@auraintel.com.

We have also appointed a Data protection Officer (“DPO”). Our DPO Evalian Limited and can be contacted at dataprivacy@auraintel.com

13. MINORS UNDER THE AGE OF 18

Aura is committed to protecting the privacy of minors. Our policy is that we do not knowingly collect, use or disclose Personal Data about Clients or other users that we know are under 18 years of age. This Aura Website or Portal is not directed in any respect to anyone under the age of 18. If we learn that we have collected or received personal information from an individual under the age of 18 without verification of parental consent, we will delete that information. If you believe we might have information from or about an individual under the age of 18, please contact us at: info@auraintel.com.

14. CHANGES TO THIS PRIVACY NOTICE

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.