Privacy Policy

1. Introduction

auroranovae AG ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website auroranovae.world or use our corporate vendor compliance tracking services.

We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws. Our registered office is located at Währinger Straße 191, 1032 Vienna, Austria (Registration Number: FN256374a).

2. Data We Collect

The data we collect includes personal information you provide directly to us and information automatically collected through your use of our website and services. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, company name, and postal address
• Professional Information: Job title, department, business requirements, and compliance needs
• Communication Data: Records of correspondence, support requests, and feedback
• Technical Information: IP address, browser type, device information, and website usage data
• Service Data: Information related to your use of our compliance tracking systems

3. How We Use Your Information

We use your personal data for the following purposes and on the following legal bases:

• Service Provision: To provide our vendor compliance tracking services (legal basis: contract performance)
• Communication: To respond to your inquiries and provide customer support (legal basis: legitimate interest)
• Service Improvement: To enhance our services and develop new features (legal basis: legitimate interest)
• Legal Compliance: To comply with legal obligations and regulatory requirements (legal basis: legal obligation)
• Marketing: To send you information about our services with your consent (legal basis: consent)

4. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please see our Cookie Policy.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our website and services
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: With your explicit consent for specific purposes

6. International Data Transfers

As we operate within the European Union, your data is primarily processed within the EU/EEA. When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods include:

• Contact Information: Retained for 3 years after last contact
• Service Data: Retained for the duration of the service contract plus 7 years
• Marketing Data: Retained until you withdraw consent or 2 years of inactivity
• Legal Documentation: Retained as required by applicable laws

8. Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request information about the personal data we hold about you
• Right of Rectification: Request correction of inaccurate or incomplete data
• Right of Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in specific situations
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interest or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us using the information provided below.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

10. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) if you believe your data protection rights have been violated.