Privacy Notice

1. Identity of the Controller

Aura DPO (“we”, “us”, “our”) acts as Data Controller for personal data processed through this website.

Aura DPO
Luxembourg, Grand Duchy of Luxembourg
Email: contact@auradpo.com

For any data protection-related inquiry, you may contact us at the email address above.

---

2. Scope of This Notice

This Privacy Notice explains how we collect, use and protect personal data when you:

• Visit our website
• Submit a contact request
• Request information regarding our services
• Engage with us in a professional capacity

This notice is provided in accordance with Articles 12, 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (GDPR).

---

3. Categories of Personal Data

We may process the following categories of personal data:

• Full name
• Professional email address
• Company name
• Job title
• Information voluntarily provided in your message
• Technical data (such as IP address, browser type, device information)

We do not collect unnecessary data.

---

4. Purposes of Processing

Personal data is processed for the following purposes:

• Responding to contact or service inquiries
• Assessing whether an organisation requires an External DPO
• Providing pre-contractual information
• Managing professional communications
• Ensuring website functionality and security

We do not use personal data for unrelated marketing purposes.

---

5. Legal Basis for Processing

Processing is based on one or more of the following legal grounds under Article 6 GDPR:

• Article 6(1)(b) – Pre-contractual steps at your request
• Article 6(1)(c) – Compliance with legal obligations
• Article 6(1)(f) – Legitimate interests in providing professional services

Where applicable, processing may also rely on consent (Article 6(1)(a)).

---

6. Data Retention

Personal data submitted via contact forms or email inquiries is retained for a maximum period of 12 months, unless:

• A contractual relationship is established
• Legal or regulatory obligations require longer retention

Data is not retained longer than necessary for its intended purpose.

---

7. Recipients and Processors

Personal data may be processed by:

• Website hosting providers
• IT service providers
• Professional advisors where required by law

All processors act under appropriate contractual safeguards.

---

8. International Transfers

Where service providers are located outside the European Economic Area (EEA), data transfers are carried out in accordance with Chapter V GDPR, including:

• Adequacy decisions adopted by the European Commission
• Standard Contractual Clauses (SCCs)

---

9. Data Subject Rights

Under the GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent where applicable

You also have the right to lodge a complaint with the competent supervisory authority in Luxembourg.

---

10. Security Measures

Aura DPO implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

---

11. Updates

This Privacy Notice may be updated periodically. The latest version will always be available on this page.