Privacy Policy
Last updated: February 5, 2024
Thank you for using AuraBuddy! AuraBuddy (the “Service” or “Services”) attaches great importance to the protection of the Personal Information and privacy of our users (“you”). When you register, sign in, and use AuraBuddy, we collect, use, retain, process, and retain your personal data. AURACAPITAL PTE. LTD. (“We” or “ACAP”) is the “controller” for those Services where we decide how personal data is used in connection with our Services, and we are the “processor” for those Services where we only use Personal Information as instructed by our clients, which would be the “controller” in this case. This Privacy Policy (“Privacy Policy”) applies to AuraBuddy’s processing of data in the capacity of the data controller. The Privacy Policy covers when, how and why we process your data and explains your choices and rights as a data subject.
Before you register an account with AuraBuddy, please make sure that you read this Privacy Policy and our Terms of Use carefully, and fully understand the terms and conditions, including but not limited to those that exclude or limit our liability. By proceeding with the use of AuraBuddy’s Service, you agree to this Privacy Policy. If you do not agree to the processing of your personal information in the way this privacy policy describes, please do not provide your information when requested and stop using the Service. By using the Service, you are accepting our rules regarding your personal information as described in this privacy policy.
This Privacy Policy applies to AuraBuddy websites, software and, mobile applications.
This Privacy Policy went into effect on the “Last updated” date noted at the top of the page. We may update this Privacy Policy from time to time. More information on updates and changes to this Privacy Policy is provided in section XI below.
Contents
- Personal Data We Collect
- How We Process Your Data
- How We Share or Disclose Your Data
- Transferring Data
- How We Protect Your Data
- How We Retain Your Data
- Your GDPR Rights and Choices
- Notice to California Residents
- How to Exercise Your Rights
- Children’s Data Privacy
- Changes to This Notice
- How to Contact Us
Personal Data We Collect
Personal data is any information from or about an identified or identifiable person, including information that AuraBuddy can associate with an individual person. We may collect or process your information for the provision of our services. The information we collect include:
- Information you voluntarily provide us, for example, your name and contact details; and
- Information we collect automatically from you when you use the Service, for example, application metadata and IP addresses.
More details on the specific data are provided in the next section. Information is collected when you register for an account and throughout your use of our Services.
How We Process Your Data
This section describes the purposes of our processing. It also identifies the legal basis under which we process your data in accordance with the General Data Protection Regulation (“GDPR”).
Individual User Account Data:Personal Data Collected: Information we collect when you register for an AuraBuddy individual account, including:
Legal Basis (EEA): Information is necessary for the performance of the contract between you and AuraBuddy to allow the provision of our services. Method of Collection: Information is collected from the AuraBuddy individual account registrant. Please note that an institution may register an AuraBuddy account on behalf of you with your consent by submitting your email address. For any queries on that, please contact the concerned institution directly. Purpose of Processing:
|
User Learning Records:Personal Data Collected:
Legal Basis (EEA): Information is necessary for the performance of the contract for the provision of the AuraBuddy Services. Method of Collection: Information is collected automatically through the use of the AuraBuddy services. Purpose of Processing:
|
Customer Service Data:Personal Data Collected: Information that has been provided by a user to us or is otherwise processed in connection with customer activities, such as support chats or calls (including recordings of those calls), system mode, language and service records. Legal Basis (EEA):
Method of Collection: Information is collected automatically through use of the AuraBuddy services, or directly from a AuraBuddy User. Purpose of Processing: Ensure completion of customer services. |
Operation DataPersonal Data Collected: Technical information from AuraBuddy’s software or systems hosting the Services, and from the systems, applications and devices that are used to access AuraBuddy services, such as:
Legal Basis (EEA):
Method of Collection: Information is collected automatically through the use of the AuraBuddy services. Purpose of Processing: Ensure network connection and basic security of services. |
How We Share or Disclose Your Data
1. Entrusted processing
In order to provide you with a better experience on our platforms, some functions may be provided by our service partners. We will entrust the service partners to process some of your Personal Information on our behalf.
These entrusted entities are subject to strict confidentiality agreement or data processing agreement with them, limiting their use and disclosure of information according to our specific instructions, as covered by this Privacy Policy.
If there are any changes to the purpose of processing your Personal Information, the third party will ask for your consent on those changes. Third parties should notify you whether the consent and/or information requested is necessary or optional. Please note that services may be affected if you refuse to provide necessary information.
2. Sharing of Personal Information
We will only share your Personal Information for legal, legitimate, necessary, specific and clear purposes, and only share the necessary Personal Information.
You may share your information with a third person (including any unspecified subject) on the basis of the AuraBuddy Service. The information you have shared to a third-party will be controlled by the third party and subject to its service terms and privacy policy. We have nothing to do with and you shall bear relevant legal liability for information disclosure or use due to your sharing.
In any or several of the following circumstances, we will share your information with a third party in accordance with applicable laws in your jurisdiction:
- You voluntarily request to share, or we obtain your prior consent;
- Share information within AuraBuddy;
- Share information with our business partners; and
- Your information shared in accordance with relevant laws or regulatory requirements.
3. Disclosure of Personal Information
We may disclose personal information to a third party, but only where it is required by law, where it is otherwise allowed under the General Data Protection Regulation (GDPR), or where we have obtained your consent to do so. We may disclose information when necessary to prevent risk of harm to an individual.
We will analyse the collected information, and use aggregated data to generate online teaching reports which no longer identify you. We will perform statistical analysis based on information that no longer identifies any persons. Those analyses may be made public and shared with our partners to better understand how users use our Services or to give the public an overview of our Services.
Furthermore, in accordance with applicable laws, regulations and national standards, the sharing and disclosure of Personal Information may be conducted without your prior consent in the following circumstances:
- In connection with the performance of our obligations under the laws and regulations;
- Directly related to national security or national defence security;
- Directly related to public safety, public health or vital public interest;
- Directly related to a criminal investigation, prosecution, trial and enforcement of judgement;
- If the sharing or disclosure is necessary or appropriate to protect vital legitimate rights and interests such as life and property of a AuraBuddy user or other individuals;
- Where you have voluntarily disclosed your Personal Information to the public by subjects;
- Lawfully collecting information disclosed to the public. For example: news reports, government information disclosure and other channels;
- When it is necessary for signing or performing contracts per your requests;
- When it is necessary for maintaining the safe and stable operation of software and related services, such as finding and handling failures of software and related services; and
- Other circumstances as stipulated by laws and regulations.
Transferring Data
Transferring Information to a New Controller
We will not transfer the control of your Personal Information to other companies, organisations or individuals unless we have obtained your express consent or unless we have confirmed that the third party has obtained your consent. In the case of acquisition, merger, restructuring, bankruptcy, asset transfer or any other changes which may involve the transfer of Personal Information, we will notify you of the relevant situation and require the new controller to continue to perform the obligations of Personal Information processor, and protect your Personal Information in accordance with this Privacy Policy and the applicable laws and regulations. If the new controller changes the purpose for which the Personal Information is used, we will require the new controller to obtain your express consent again.
For data subjects residing in the EEA region:
When transferring your data outside the EEA, we will take appropriate measures to ensure adequate level of data protection as required under the GDPR, including implementing the European Commission’s Standard Contractual Clauses in accordance with the GDPR.
How We Protect Your Data
We have implemented various organisational and technical security measures to safeguard users’ Personal Information and prevent unauthorised disclosure, damage, loss, and exploitation of Personal Information.
We have taken standard technological measures for data protection, such as network isolation, data classification, encryption (such as TLS and SSL), access control, identity authentication, malicious code prevention, de-identification and anonymization.
We have established a management system, procedures and organisational arrangements for the protection of Personal Information. For example, our employees are bound by confidentiality agreements, we have limited our employee’s access rights to users’ information, and we keep records of Personal Information processing.
We have developed a contingency plan for Personal Information security incidents and conducted emergency drills. We will inform you of the situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions on measures you can take to prevent and reduce risks, and the remedial measures for you by email, letter, telephone or push notice. We will try to inform you directly. However, if that is not possible, we will issue an announcement on our website detailing the issue. We will also report the disposal of Personal Information security incidents in accordance with the requirements of regulatory authorities.
Please be advised that while we take reasonable steps to protect your Personal Information, due to technical limitations and various malicious means, in the Internet industry, even if we do our best to strengthen security, no system or network is completely secure. Please be aware and understand that the system and communication network you use to access our services may have problems due to factors beyond our control. Therefore, we strongly recommend that you take full care to protect your Personal Information when using AuraBuddy products and services, including but not limited to using complex passwords, changing passwords regularly, and not disclosing personal information such as your account password to others. If you have any questions about the security of your data, please contact us via email at hello@aurabuddy.io
After we become aware that your personal information has been leaked, illegally compromised or abused, we will inform you in time according to the requirements of laws and regulations of: the basic situation and possible impacts of the security incident, the disposal measures we have taken or will take, the suggestions for you to mitigate and reduce risks, and the remedial measures for you, etc. When it is difficult to inform the personal subjects one by one, we will issue an announcement in a reasonable and effective way.
Once you browse or use other websites, services and content resources, we will not be in a capable position and be directly obligated to protect any personal information submitted by you during the use of third-party products, regardless of whether you log in, browse or use the above software and websites based on the link or guidance of the Service.
How We Retain Your Data
1. Where Information is Retained
We will retain the Personal Information collected and generated as necessary via our affiliates or third-parties based in Singapore or other countries.
2. How Long will Information be Retained
We retain your Personal Information for as long as needed to fulfil the purposes of processing, including the purposes of satisfying any legal, accounting, or reporting requirements establishing or defining legal claims, or for fraud prevention purposes. To determine the appropriate retention period for your Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of the Personal Information, the purposes for which we process the Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. If we anonymize your Personal Information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
3. Cessation of Operation of the Product or Services
In the case of cessation of operation of our products or services, we will notify you by email, announcement or other means, and delete or anonymize your Personal Information within a reasonable period of time, unless otherwise stipulated by laws and regulations.
Your GDPR Rights and Choices
This section applies to users residing in European Union (EU)/ European Economic Area (“EEA”), the United Kingdom, and Switzerland.
Legal Basis for Processing Your Personal Information
We process your Personal Information on the following bases:
- For the performance of AuraBuddy Terms of Service or other contracts to which you are a party;
- To comply with legal and regulatory obligations;
- For legitimate business purposes. Including using your Personal Information to improve our services and minimize any disruption to the services.
Your Rights as a Data Subject
Pursuant to applicable data protection and privacy laws and regulations, you enjoy the following rights:
- Right of Access: You have the right to access Personal Information that we hold about you and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
- Right to Rectification: If you notice that your information in our record is incorrect, you have the right to have the information rectified.
- Right to Erasure: You have the right to erase some or all of your Personal Information.
- Right to Restriction of Processing: You can request us to restrict further processing of your Personal Information. In such case, we may only process data for storage purposes and on other valid grounds under applicable data protection laws.
- Right to Data Portability: You have the right to receive a copy of Personal Information you provided in a structured, commonly used and machine-readable format, and the right to request the transfer of that Personal Information to another party without our hindrance.
- Right to Object: Where we process your data on the bases of public interest or for our legitimate interest, you have the right to object to our processing of your Personal Information.
- Object to Direct Marketing: You have the right to object to have your information processed for direct marketing purposes at any time.
- Object to Automated Decision-Making: You have the right to object to a decision based solely on automated processing, including profiling, where the decision has a significant legal impact on you.
- Withdraw Consent: Where we rely solely on your consent to process your personal information, you have the right to withdraw consent at any time. You can always provide your consent to us again at a later time. Please note that the withdrawal will not affect the processing of data based on prior consent.
- Right to Complaint: You have the right to lodge a complaint to an applicable supervisory authority or other regulators if you are not satisfied with your responses to your requests or how we manage your Personal Information. A list of the EU/EEA Data Protection Authorities are available here. We encourage you to first reach out to us via email at hello@aurabuddy.io so we have an opportunity to address your concerns.
We will respond to your requests within one month or, if the request is complex or if you make multiple requests, within two months. Please be noted that the Member States may introduce supplemental laws affecting data subjects’ rights. To exercise your rights, please follow the steps stated in section IX of the Privacy Policy or contact us directly via email at hello@aurabuddy.io
Notice to California Residents
The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers residing in California with specific rights regarding their Personal Information. This section describes your CCPA rights. To exercise any of these rights, please contact us via email at hello@aurabuddy.io
1. Right to Access and Data Portability Rights
You have the right to request access to certain information we process about you over the past 12 months. Upon receipt and confirmation of your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- The purposes for processing your Personal Information;
- The categories of third parties with whom we share that Personal Information; and
- If we disclosed your Personal Information for a business purpose, we would identify the Personal Information categories the recipient obtained.
You can also make a data portability request, which is requesting the disclosure of specific pieces of Personal Information we collect about you.
2. Right to Delete or Correct Personal data under certain circumstances
You have the right to request us to delete or correct any or all of your Personal Information that we collected from you and retained, subject to certain exceptions.
3. Right to Opt-out of Sale of Personal Information
California residents who are 16 or older have the right to opt-out of the sale of Personal Information. Please note that we do not knowingly sell your Personal Information, yet our use of tracking technologies may be considered a “sale” under California law.
4. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless otherwise permitted by the CCPA, we will not deny you goods and/or services; charge you different prices or rates for like-goods and/or services, including through granting discounts or other benefits, or imposing penalties; provide you with a different level or quality of like-goods or services; or suggest that you may receive a different price or rate for like-goods or services or a different level or quality of like-goods or services.
5. Shine the Light Act
California’s Shine the Light Act (California Civil Code § 1798.83) permits you to request certain information regarding the disclosure of Personal Information to any third parties for their direct marketing purposes over the past 12 months.
How to Exercise Your Rights
During your use of AuraBuddy, you can access, rectify, delete your personal data, exercise the right to modify the scope of consent, cancel your account, and we will respond to your requests within one month or, if the request is complex or you have made a number of requests, two months.
1. Access your personal data
You have the right to access your Personal Information, except provided otherwise by laws and regulations. If you wish to exercise the right to access, you may do so by sending an email to hello@aurabuddy.io
2. Edit or rectify your personal data
If you notice that your Personal Information collected and stored by us is incorrect, you can request for rectification by contacting us via email at hello@aurabuddy.io
3. Erase your personal data
You may contact us via email at hello@aurabuddy.io to request that your Personal Information be deleted, except where such information is anonymized or otherwise provided by law or regulation, where:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject;
Please note that the right of erasure may be restricted in the following circumstances:
- Exercising the right of freedom of expression and information;
- Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority;
- For reasons of public interests in the area of public health;
- Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- Establishment, exercise or defence of legal claims.
When you delete information from our service, we may not delete it immediately from the backup system. In that case, we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
4. Modify the scope of your consent
When you use our services, you may modify the scope of your consent and withdraw your consent at any time.
In addition to the Personal Information necessary for basic functions, you may contact us via email at hello@aurabuddy.io to modify the scope of your consent for the collection and use of additional Personal Information collected.
When you withdraw your consent, we will no longer process the corresponding Personal Information, and will take the initiative to delete your Personal Information or anonymize it. However, your decision to withdraw your consent will not affect any previous processing of Personal Information based on your prior consent. Please know and understand that unless you give your consent again subsequent to the withdrawal, we can no longer provide you with corresponding services.
5. Cancelling Account
If you want to cancel your account, please send your account information to our email address at hello@aurabuddy.io
If your account meets the following conditions, we will complete verification within 25 business days and cancel your account provided:
- The account is in normal conditions, is not involved in any dispute (including any complaint or tip-off), and is not subject to restrictive measures taken by competent authorities; and
- There are no unsettled rights and obligations in the account or disputes arising from the cancellation of the account;
- There are other circumstances that may affect account cancellation.
The cancellation of your account is an irreversible process. Upon cancellation, we will immediately cease to provide products or services to you, collect your Personal Information and delete or anonymize the Personal Information related to your account upon your request unless otherwise provided by laws and regulations or otherwise required by regulatory authorities.
Please back up all information and data related to the account before cancelling. After the your account is successfully cancelled, you will no longer be able to use it, and you will not be able to retrieve any content or information related to this account (even if you re-register and use AuraBuddy with the same email address)
During the cancellation of your account, if your account receives any complaints, if it is under the investigation of state organs, or if it is related to a litigation or arbitration proceedings, we have the right to pause or dismiss the cancellation request without your consent.
Please note that the cancellation of your account does not mean that all account behaviours and related responsibilities before the cancellation are exempted or mitigated.
6. Get a copy of your data
If you want to obtain a copy of your Personal Information we collect or if you encounter difficulties in exercising this right by following the mentioned above, you can contact us via email at hello@aurabuddy.io. We will respond to your request after verifying your identity, unless otherwise stipulated by laws and regulations or this policy. If you request for transferral of your Personal Information to your designated Personal Information processor, we will provide the way of transfer as long as the request meets the conditions specified by the national network information department.
7. Complaint and report
If you have any complaints or would like to report on issues regarding the processing of your Personal Information, please contact us via email at hello@aurabuddy.io. We will respond to your complaints or reports within a reasonable period of time.
8. To respond to the above request
If you are unable to exercise your rights in the manner set out above, you may contact us using the contact details set out at the bottom of this Privacy Policy. For security reasons, you may be asked to verify your identity before we can process your request. We will respond to your request within a reasonable period of time.
Under the condition of meeting relevant legal requirements, your close relatives can exercise the above rights to your relevant Personal Information, unless you have made other arrangements.
For reasonable requests from you, we do not charge any fees unless the initial request is manifestly unfounded or excessive. In that case, we may charge a reasonable fee for the administrative costs of complying with the request. We may reject requests that are manifestly unfounded or excessive.
We may not be able to respond to your request under the following circumstances:
- In connection with our obligations under the laws and regulations;
- For reasons of national security or national defence security;
- For reasons of public safety, public health or vital public interest;
- Directly relating to a criminal investigation, prosecution, trial and enforcement of judgement;
- For the purpose of protecting the life, property and other major legitimate rights and interests of a Personal Information subject or other individuals but difficult to obtain the consent of the said person;
- Responding to the request of a Personal Information subject will lead to serious damage to the legitimate rights and interests of a Personal Information subject or other individuals or organisations;
- Involving trade secrets.
Children’s Data Privacy
We attach great importance to the protection of children’s privacy. We define “children” (or “child”) as: (i) individuals under the age of 16 residing in Europe; or (ii) individuals under the age of 13 residing outside Europe. We ensure children’s privacy is protected through the following steps:
- Notify parents and/or guardians about our data processing practices;
- We will not process your children’s data unless and until you have given us your express consent in accordance with applicable laws;
- We only process children’s data for the purpose of enabling the provision of our services;
- Parents and/or guardians can always access and correct their children’s personal information.
If you have any questions about the personal data of the child under your guardianship, please contact us via email at hello@aurabuddy.io
Changes to This Notice
We may amend this Privacy Policy from time to time, and we will process your Personal Information according to the updated Privacy Policy. We will notify you by pop-up window, in-app alert, email, push or other appropriate means, and let you know when the new Privacy Policy will take effect. Please read the updated Privacy Policy carefully. We will process data according to the updated Privacy Policy upon its effective date.
If major and substantive changes are made, we will notify you in a way according to the specific circumstances including via emails. Major and substantial changes include but are not limited to the following circumstances:
- Significant changes to our service model. Such as the purpose of processing Personal Information, the type of Personal Information processed, the use of Personal Information, etc;
- Significant changes to your right as a data subject and/or the way in which you can exercise your rights;
- Significant changes to our ownership structure and organisational structure. Such as owner change caused by business adjustment, bankruptcy, merger and/or acquisition;
- The main purposes of Personal Information sharing, transfer or public disclosure have changed;
- The responsible department, contact information and complaint channels responsible for handling Personal Information security have changed;
- The Personal Information security impact assessment report indicates that there is a high risk.
Changes to this Privacy Policy are effective when they are posted. Your use of the AuraBuddy Services after we have made changes to this Privacy Policy will mean that you have accepted those changes.
How to Contact Us
If you have any questions, comments or suggestions concerning this Privacy Policy or the protection of Personal Information, please contact us via email at hello@aurabuddy.io. You may also contact us at the following address:
AURACAPITAL PTE. LTD.
Attention: Privacy Team
743 LORONG 5 TOA PAYOH, #08-02 STORHUB, SINGAPORE 319457
After we receive your questions, comments or suggestions, we will verify your user identity and respond within 25 business days. But, except for otherwise specified by laws in relevant countries/regions, in the following circumstances we may not respond to your request if:
- It is related to national security or national defence security;
- It is related to public security, health or important public interest;
- It is related to criminal investigation, prosecution or trial;
- There is solid evidence of your subjective malice or abuse of rights;
- Response to your request will cause serious damages to lawful rights and interests of yours or other individuals or organisations; or
- Other circumstances specified by laws and regulations.
In such circumstances, we will notify you of the reason why we cannot respond to your request.