PRIVACY POLICY
Aurixum

This Privacy Policy (hereinafter – the “Privacy Policy”) outlines how Aurixum ("we", "us", "our") manages information from users of aurixum.com ("Website"). It covers how we collect, use, process, store, and share data when providing our services. We're dedicated to protecting user privacy and handling Personal Data in compliance with relevant laws, including the GDPR, ePrivacy Directive, and Data Protection Act.

This Privacy Policy applies to the Website, the Services, and products offered by Aurixum (whenever you use Services through the Website or by corresponding with us - for example, by e-mail or by filling a messaging form on the Website). We assume that you have carefully read this document and accepted it.

Using our Website, services, or products, or contacting us, indicates your agreement with this policy. Submitting a message through our Platform's form explicitly confirms your acceptance of our data practices as described here and in our Terms and Conditions, including how we process, store, and use your Personal Data. If you don't agree, please don't use our Website or services.

This Privacy Policy is an integral part of our Terms and Conditions

1. What is personal data and why we process it:

Personal data, as defined by the GDPR, encompasses any information relating to an identified or identifiable natural person. This includes individuals who can be directly or indirectly identified through various identifiers or personal characteristics.

At Aurixum, we process personal data for several purposes:

• 1. Service Delivery: We use your data to provide requested services, including responding to inquiries, offering support, and processing transactions (GDPR Art. 6.1.b).
• 2. Marketing: With your consent, we send marketing communications such as newsletters and special offers (GDPR Art. 6.1.a).
• 3. Platform Improvement: We analyze user data to enhance our platform's efficiency and optimize user experience (GDPR Art. 6.1.f).
• 4. Legal Compliance: We process data to meet legal obligations, including KYC/AML requirements and responding to legal orders (GDPR Art. 6.1.c).

Aurixum will only process your personal data for the purposes outlined in this Privacy Policy, and we will not process it for any other purpose without your consent.

2. Personal data we process:

At Aurixum, we may process the following types of personal data in the course of providing our services and developing creative solutions:

• 1. Identity Information:
  • ○ Title, name, and surname
  • ○ Date of birth and birth number
  • ○ ID card number
• 2. Contact Details:
  • ○ Permanent residence address
  • ○ Email address
  • ○ Telephone number
• 3. Employment Information:
  • ○ Employee number
• 4. Sole Proprietor Data (if applicable):
  • ○ Business ID, tax ID, and VAT ID
  • ○ Business name and location
• 5. Legal Entity Representative Information:
  • ○ Personal data of managers, board members, and authorized representatives
• 6. Communication Records:
  • ○ Video or audio recordings of customer calls
  • ○ Customer-provided photographs
• 7. Digital Footprint:
  • ○ Website usage data, including cookies
  • ○ IP address allocation information
• 8. Publicly Available Information:
  • ○ Social media profiles (e.g., Facebook, Instagram)
  • ○ Professional networking data (e.g., LinkedIn)
  • ○ Information you've posted on business or employment-focused websites or apps

This list encompasses the main categories of personal data we may process. The specific data processed depends on the nature of our interaction and the services provided.

3. To whom we disclose personal data:

In some cases, it may be necessary for Aurixum to share your personal data with third parties. We assure you that we only do so when it is necessary and that we take steps to ensure that the third parties process the data in accordance with GDPR and the Law.

Here are the categories of recipients of your personal data:

• ○ Authorized employees within our company who have access to your personal data are bound by confidentiality and their obligation continues after the end of their employment with us.
• ○ Our contractual partners who process your personal data on our behalf to the extent necessary for the specified purpose. We have taken steps to ensure that our contractual partners provide sufficient security, technical, organizational, and personnel measures to ensure the protection of your rights.
• ○ Our contractual partners who process your personal data on the instructions of the controller, with whom we have concluded a contract for the processing of personal data as an intermediary, to the extent necessary for the specified purpose.
• ○ Law enforcement authorities, courts, executors, and other authorities to fulfill our legal obligations or to respond to their requests.

Aurixum may update this list of recipients from time to time, depending on the specific purpose of processing your personal data.

4. Purposes of processing personal data:

Aurixum only collects and processes personal data for specific, predetermined purposes. Our services are diverse, and we may collect personal data for a variety of reasons, including:

• ○ To provide our services to you: we may collect personal data such as your name, contact details, and other identifying information to enable us to deliver our services to you. This may be a requirement for the conclusion of a contract with us, and failure to provide this information may result in our inability to provide services to you.
• ○ Invoicing and payment processing: we may process personal data such as your name, contact details, and bank account information to enable us to issue invoices and process payments. This is a legal requirement for us to be able to conduct business.
• ○ Communication with you: we may process your personal data to enable us to communicate with you regarding our services, updates, and other relevant information. This may be a requirement for the performance of a contract with you or for our legitimate business interests.
• ○ Direct marketing: we may process your personal data to send you marketing materials, such as newsletters, promotions, and special offers. This will only be done with your explicit consent, and you may withdraw this consent at any time.
• ○ Event planning and management: we may process your personal data to enable us to plan and manage events, including verifying attendance, arranging accommodation, and processing competition entries. This may be a requirement for the performance of a contract with you or for our legitimate business interests.
• ○ Recruitment: we may process your personal data to enable us to evaluate your suitability for a role with us and to communicate with you regarding the recruitment process. This may be a requirement for the performance of a contract with you or for our legitimate business interests.
• ○ For other purposes arising from our contracts with our partners: we may process your personal data for other purposes as required by our contracts with our partners. This will only be done in accordance with applicable data protection laws and regulations.

5. International data transfers

At Aurixum, we manage personal data with utmost care, adhering to stringent principles for international data transfers. Our primary data storage is on EU/EEA servers, either owned by Aurixum or third parties, complying with national data localization requirements where applicable.

We conduct cross-border transfers only when necessary for service provision or efficient communication. These transfers may involve countries outside the EU/EEA, UK, or other relevant jurisdictions, with data sent to authorized third parties. For EU/UK transfers, we comply with Chapter V of EU GDPR or UK GDPR, using methods such as EU Adequacy Decision, UK Adequacy Regulations, or Standard Contractual Clauses.

For non-European transfers, we either transfer data to countries with adequate protection levels or use data transfer tools compliant with applicable laws, implementing appropriate contractual measures as safeguards.

We continuously monitor and update our data transfer practices to ensure compliance with evolving international data protection regulations. Our goal is to maintain the highest standards of data protection while providing seamless services globally. This commitment to data security and compliance underpins all our international data transfer activities, ensuring that your personal information is protected regardless of its geographic location.

6. Data security:

At Aurixum, we prioritize the protection of your personal data through robust security measures. We adhere to applicable data protection laws and regulations, including GDPR and the Data Protection Act. Our comprehensive security protocols encompass technical safeguards, organizational policies, and personnel training and oversight.

Your personal data is stored electronically in secure, monitored databases and systems. Access is restricted to authorized personnel only, granted on a need-to-know basis and aligned with specified processing purposes.

We regularly review and update our security measures to maintain optimal data protection. Our multi-faceted approach aims to prevent unauthorized access, data breaches, and other security incidents. We strive to safeguard your personal data against potential risks such as damage, destruction, loss, and misuse.

While we maintain high security standards, we also recommend users follow best practices for personal data protection, such as using strong passwords and being cautious about sharing sensitive information.

7. Processing of children's personal data:

At Aurixum, we take special precautions when handling personal data of children, defined as individuals under the age of majority according to their country's national laws. We process such data only under two specific circumstances:

• ○ When the client confirms that a person with parental responsibility for the child has provided consent.
• ○ When the child themselves can legally provide consent without parental involvement, as permitted by their national laws.

In case Aurixum unintentionally receives a child's personal data, it will be promptly deleted.

8. Duration of retention of personal data:

At Aurixum, we adhere to strict data retention policies, processing personal data only for the necessary duration and in full compliance with applicable laws. Our retention periods vary based on the purpose of data processing:

• 1. Contractual Data:
  • ○ Retention period: Duration of the contract plus 10 years post-termination
  • ○ Reason: To cover potential limitation periods for contract-related rights and obligations
• 2. Dispute-Related Data:
  • ○ Retention period: Until full settlement of claims or final binding decision, plus limitation period for enforcement
  • ○ Reason: To manage any claims, judicial, administrative, or other proceedings related to the contract or service
• 3. Consent-Based Data (e.g., marketing, cookies):
  • ○ Retention period: Until consent withdrawal
  • ○ Reason: To respect user preferences and rights
• 4. Other Data:
  • ○ Retention period: As required by specific legal obligations or legitimate business needs

We conduct regular reviews of our retention periods to ensure we do not retain personal data longer than necessary. Our aim is to balance our operational needs with our commitment to data minimization and user privacy.

If you have concerns about how long we retain your data, please contact us for more information about our retention policies for specific data types.

9. Consumers' data protection rights:

• 1. As a data subject under the GDPR and the Data Protection Act, you have the following rights:
• 2. Right of Access: You can request confirmation of whether we process your personal data and, if so, access that data. We'll provide one free copy, with additional copies available for a reasonable fee.
• 3. Right to Rectification: You can have inaccurate personal data corrected and incomplete data completed.
• 4. Right to Erasure: You can request the deletion of your personal data if it's no longer necessary, you've withdrawn consent, objected to processing, or if the processing doesn't comply with regulations.
• 5. Right to Restrict Processing: You can limit data processing in certain circumstances, such as when contesting data accuracy or if processing is unlawful but you oppose erasure.
• 6. Right to Data Portability: For automated processing, you can receive your provided personal data in a structured, machine-readable format and have it transferred to another controller.
• 7. Right to Object: You can object to the processing of your personal data at any time, based on your particular situation.
• 8. Right to Withdraw Consent: If applicable, you can withdraw your consent at any time without affecting the lawfulness of previous processing.
• 9. Right to Lodge a Complaint: If you believe we're mishandling your data, you can complain to the national data protection authority (in Estonia, the Data Protection Inspectorate).

You can exercise your rights by sending us an email to legal@aurixum.com with the subject line "Personal Data Protection."

10. Cookies

Our website uses cookies to enhance your browsing experience. These small text files, stored in your browser's memory, contain anonymous information about your visit, including language preferences, browser settings, and other configurations.

We employ cookies for several purposes:

• 1. Analyzing site traffic
• 2. Personalizing services and content
• 3. Tailoring advertising
• 4. Measuring promotional effectiveness
• 5. Enhancing trust and security

The data collected is anonymous, aggregated, and harmless to your device. We utilize Google Analytics for data analysis.

To use cookies, we require your consent. You can provide this by clicking the "I agree" box on our website.

You have control over cookie settings through your internet browser. While you can delete or block cookies and still access our website, some features may not function optimally.

We respect your privacy choices and are committed to transparency in our data practices. If you have any questions about our cookie policy or wish to learn more about how we use this technology, please contact our website administration team.

Remember, you can adjust your cookie preferences at any time to align with your comfort level regarding data collection and use.

11. Changes to this Privacy Policy

This Privacy Policy is constantly reviewed and amended to comply with the relevant data protection laws.

Aurixum reserves the right to amend this Policy at any time and for any reason. Any amendments will be effective immediately upon us posting the updated Privacy Policy on our Website. You are invited to review this Privacy Policy anytime to stay informed about updates.