Privacy Policy

Welcome to Aurora Global!

Thank you for choosing Aurora Group. This Privacy Policy explains how we collect, use, process, store, share, and protect information when you use our platform and services. By accessing or using our services, you agree to the collection and use of your information in accordance with this Privacy Policy and our Terms and Conditions.

‍

For the purposes of this Privacy Policy, "Aurora Group" refers to the following entities:

‍

Aurora Global Holdings Limited, a company incorporated and operating in Hong Kong.
Aurora Global Limited, a company incorporated and operating in Bulgaria.
Aurora Group Platforms LLC, a company incorporated and operating in Wyoming, United States.

‍

Your personal data may be processed by any of these entities depending on the services you utilise and the jurisdiction in which you operate. Aurora Group acts as the data controller in respect of the personal data collected through the platform.

‍

This Privacy Policy has been drafted to comply with applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"), and other applicable national and international data protection laws.

‍

Your continued use of our services after any changes to this Privacy Policy indicates your acceptance of those changes. We encourage you to review this policy periodically for updates.

1. Data Controller and Contact

The data controller responsible for your personal data is:

‍

Aurora Group

support@agency-aurora.com

‍

For any data protection enquiries, requests to exercise your rights, or complaints, please contact us at the email address above or at the addresses listed in Section 14 of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

You provide information when you register on our platform, use our services, top up advertising accounts, communicate with us, or submit verification documentation. This may include:

‍

Full name, email address, phone number, and postal address.
Company name, registered address, company registration number, and jurisdiction of incorporation.
Names, identification documents, and details of directors, beneficial owners, or authorised representatives (where requested for verification or compliance purposes).
Proof of source of funds or other documentation requested in connection with our compliance obligations.
Advertising content, URLs, campaign data, and ad account preferences.
Communications with our support team, account managers, or through the platform.
Any additional information you provide to us directly or indirectly through the platform.

‍

2.2 Information Collected Automatically

When you access the platform, we automatically collect:

IP address, browser type and version, device characteristics, and operating system.
Referring URLs, pages visited, and usage patterns on the platform.
Device identifiers (including mobile device ID, model, and manufacturer).
Access times, session duration, and interaction data.

‍

2.3 Payment and Financial Information

Payment information (such as credit/debit card details) is processed by our third-party payment processors, including Stripe, and is not stored on Aurora Group's servers. Payment processors store and process your data securely and solely for the purpose of processing transactions. See Stripe's privacy policy at https://stripe.com/gb/privacy.

‍

2.4 Cryptocurrency and Blockchain Data

Where you make payments using cryptocurrency (including USDT, USDC, or other supported digital assets), we collect and process the following additional data:

‍

Cryptocurrency wallet addresses used to send funds to Aurora Group.
Blockchain transaction hashes, amounts, timestamps, and network identifiers.
Risk scores, screening results, and analytics data generated by blockchain analytics and Know Your Transaction (KYT) tools, including but not limited to Elliptic, Chainalysis, and Phalcon.
Records of any sanctions screening, transaction monitoring alerts, or compliance flags associated with your wallet address or transactions.

‍

You acknowledge that blockchain transactions are recorded on public, immutable ledgers and that wallet addresses and transaction data are inherently transparent. Aurora Group processes this data for the purposes of compliance, fraud prevention, and the legitimate interests described in Section 4. You further acknowledge that data recorded on a public blockchain (including transaction hashes, wallet addresses, and transfer amounts) cannot be modified, deleted, or erased by Aurora Group or any other party. Where you exercise your right to erasure under applicable data protection law, Aurora Group will delete or anonymise the internal records linking your identity to blockchain data, but cannot delete the on-chain data itself. This limitation is inherent to blockchain technology and does not constitute non-compliance with any data deletion request.

‍

2.5 Compliance and Verification Data

In connection with our Know Your Business (KYB), anti-money laundering (AML), sanctions screening, and other compliance obligations, we may collect and process:

‍

Company registration documents and certificates.
Identity documents of directors, beneficial owners, or authorised signatories.
Sanctions screening results and watchlist data.
Politically Exposed Person (PEP) screening results.
Adverse media screening results.
Records of compliance decisions, risk assessments, and due diligence outcomes.

‍

2.6 Information Received from Third Parties

Aurora Group may receive personal data about you from third-party sources, which may be combined with information we already hold about you. These sources include:

‍

Blockchain analytics providers (such as Elliptic, Chainalysis, and Phalcon), which may provide risk scores, entity attributions, and compliance flags associated with your wallet addresses or transactions.
Sanctions lists and watchlist databases maintained by governmental authorities (including OFAC, OFSI, the EU, and the United Nations).
Publicly available blockchain data, including transaction histories and wallet activity recorded on public distributed ledgers.
KYB and identity verification providers, company registries, and adverse media databases.
Law enforcement agencies, regulatory authorities, or other financial institutions, in the context of compliance enquiries or investigations.

‍

This data may be used to verify your identity, assess the risk profile of your account or transactions, comply with our legal obligations, and protect Aurora Group and its users from fraud and financial crime.

‍

2.7 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your use of the platform. This includes:

‍

Google Analytics — for website traffic analysis and usage patterns. See Google's privacy policy at https://policies.google.com/privacy.
Meta Pixel (formerly Facebook Pixel) — for advertising measurement and optimisation. See Meta's privacy policy at https://www.facebook.com/privacy/explanation.
Essential cookies — required for the functioning of the platform, including authentication and session management.

‍

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the platform.

3. Lawful Bases for Processing

We process your personal data on the following lawful bases under applicable data protection law:

‍

3.1 Contractual Necessity

Processing necessary for the performance of our contract with you, including: providing the platform and services, managing your account, processing payments and top-ups, providing advertising accounts, and communicating with you about your account and services.

‍

3.2 Legal Obligation

Processing necessary to comply with our legal obligations, including: anti-money laundering and counter-terrorist financing requirements, sanctions screening and compliance, tax reporting obligations, responding to lawful requests from law enforcement or regulatory authorities, and retaining records as required by applicable law.

‍

3.3 Legitimate Interests

Processing necessary for our legitimate interests or those of a third party, where not overridden by your rights, including: fraud prevention and detection, platform security and integrity, transaction monitoring and risk assessment, blockchain analytics and wallet screening, improving our platform and services, and enforcing our Terms and Conditions.

‍

3.4 Consent

Where we rely on your consent for specific processing activities (such as marketing communications), you have the right to withdraw your consent at any time by contacting us or using the unsubscribe option provided. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4. How We Use Your Information

We use the information we collect for the following purposes:

‍

Providing and maintaining the platform and services, including account registration, advertising account provisioning, and payment processing.
Processing transactions, including cryptocurrency payments and fiat payments.
Conducting KYB verification, sanctions screening, transaction monitoring, and other compliance activities.
Screening cryptocurrency wallet addresses and transactions using blockchain analytics tools for compliance and fraud prevention purposes.
Detecting, preventing, and investigating fraud, financial crime, and unauthorised or illegal activity.
Responding to your enquiries and providing customer support.
Sending transactional communications, including confirmations, invoices, security alerts, and service updates.
Improving the platform, our services, and the user experience.
Marketing and promotional communications (with your consent, where required).
Complying with applicable laws, regulations, legal processes, and enforceable governmental requests.
Exercising or defending our legal rights.

5. How We Share Your Information

We do not sell your personal data. We share your information only as described below:

‍

5.1 Third-Party Service Providers

We engage third-party service providers to perform functions on our behalf, including:

‍

Payment processing (Stripe and other payment processors).
Cryptocurrency wallet and payment infrastructure providers.
Blockchain analytics and transaction screening providers (including Elliptic, Chainalysis, and Phalcon).
KYB, AML, and sanctions screening providers.
Cloud hosting and data storage (AWS).
Website analytics (Google Analytics).
Advertising measurement (Meta Pixel).
Customer support and communication tools (Slack, WhatsApp, Telegram).

‍

These providers process data solely on our behalf and in accordance with our instructions, subject to appropriate data processing agreements.

‍

5.2 Law Enforcement, Regulators, and Legal Process

We may disclose your personal data, including account information, transaction records, wallet addresses, blockchain analytics data, and compliance documentation, to law enforcement agencies, regulatory authorities, governmental bodies, stablecoin issuers, or courts where:

‍

Required by applicable law, regulation, or legal process.
Necessary to comply with a lawful request from a competent authority.
Necessary to protect the rights, property, or safety of Aurora Group, its users, or others.
Necessary for the detection, prevention, or investigation of fraud, financial crime, or sanctions violations.

‍

Such disclosures may be made without your prior knowledge or consent where permitted or required by law.

‍

5.3 Compliance Information Sharing

Aurora Group may share your personal data, including transaction records, wallet addresses, and compliance documentation, with other financial institutions, cryptocurrency exchanges, payment processors, or counterparties where such sharing is necessary for the purposes of: (a) responding to compliance enquiries or information requests from regulated entities regarding the legitimacy or source of transactions; (b) fulfilling obligations under applicable anti-money laundering, counter-terrorist financing, or sanctions regulations; (c) cooperating with industry-wide fraud prevention or financial crime detection initiatives; or (d) verifying the source or destination of funds in connection with a transaction involving Aurora Group. Such sharing will be limited to the information reasonably necessary for the stated purpose and will be conducted in accordance with applicable data protection law.

‍

5.4 Business Transfers

In the event that Aurora Group is involved in a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any changes to the applicable privacy policy.

‍

5.5 With Your Consent

We may share your information with third parties where you have given your explicit consent to do so.

6. International Data Transfers

Aurora Group operates through entities in Hong Kong, Bulgaria, and the United States. Your personal data may be transferred to and processed in jurisdictions outside your country of residence, including jurisdictions that may not provide the same level of data protection as your home jurisdiction.

‍

Where we transfer personal data from the European Economic Area (EEA) or the United Kingdom to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, which may include: Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office, the recipient country's adequacy determination, or other lawful transfer mechanisms under applicable data protection law.

‍

By using our services, you acknowledge and consent to the transfer, processing, and storage of your personal data in accordance with this section.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

‍

Account data: retained for the duration of your account and for a reasonable period thereafter to allow for account reactivation or dispute resolution.
Transaction and payment records: retained for a minimum of six (6) years from the date of the transaction, as required by applicable financial record-keeping and anti-money laundering regulations.
Compliance and verification data (including KYB documents, sanctions screening results, and blockchain analytics records): retained for a minimum of six (6) years from the date of the relevant compliance activity or account closure, whichever is later.
Cryptocurrency wallet addresses and blockchain transaction data: retained for a minimum of six (6) years from the date of the last transaction, or such longer period as required by law.
Marketing and communication preferences: retained until you withdraw your consent or request deletion.

‍

Where we are required by law, regulation, or court order to retain data for a longer period, we will do so in compliance with the applicable requirement. Once the applicable retention period expires, personal data will be securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit using SSL/TLS, secure cloud hosting infrastructure (AWS), access controls limiting data access to authorised personnel with a legitimate need to know, and regular review and updating of our security practices.

‍

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Your Rights

Depending on your location and applicable law, you may have the following rights in respect of your personal data:

‍

Right of access — to obtain confirmation of whether we process your personal data and to request a copy of it.
Right to rectification — to request correction of inaccurate or incomplete personal data.
Right to erasure — to request deletion of your personal data, subject to our legal retention obligations.
Right to restriction — to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format.
Right to object — to object to the processing of your personal data where we rely on legitimate interests as the lawful basis.
Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time.
Right to lodge a complaint — to lodge a complaint with the relevant supervisory authority in your jurisdiction.

‍

To exercise any of these rights, please contact us at support@agency-aurora.com. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may request additional information to verify your identity before processing your request.

‍

Please note that certain rights may be limited where we have a lawful basis to continue processing your data, including where retention is required for compliance with legal obligations (such as anti-money laundering record-keeping requirements). In such cases, we will inform you of the reason for any limitation.

10. Automated Decision-Making

Aurora Group uses automated tools, including blockchain analytics platforms and Know Your Transaction (KYT) solutions, to screen cryptocurrency transactions and wallet addresses for compliance and fraud prevention purposes. These tools generate risk scores based on algorithmic analysis of blockchain data, including the transaction history of wallet addresses, their proximity to flagged or sanctioned entities, and patterns consistent with illicit activity.

‍

Automated screening may result in the rejection, delay, or flagging of a transaction, or the suspension or restriction of your account. Where an automated decision has a significant effect on you, you have the right to: (a) be informed that the decision was made using automated means; (b) receive a meaningful explanation of the logic involved; (c) request human review of the decision by contacting us at support@agency-aurora.com; and (d) contest the decision and provide additional information for consideration. Aurora Group will review such requests promptly and communicate the outcome to you.

11. Children’s Privacy

Our platform and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete that information and terminate the associated account.

12. Third-Party Links and Services

The platform may contain links to third-party websites, services, or platforms (including advertising networks, social media platforms, and payment processors). Aurora Group is not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party service you interact with.

13. Social Media

Our platform may include links and features connected to social media platforms. We recommend reviewing the privacy policies of each platform:

‍

Meta (Facebook/Instagram): https://www.facebook.com/privacy/explanation
Google: https://policies.google.com/privacy
TikTok: https://www.tiktok.com/legal/privacy-policy
Snapchat: https://snap.com/en-US/privacy/privacy-policy
X (formerly Twitter): https://twitter.com/en/privacy

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, Aurora Group will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with applicable data protection law. Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, Aurora Group will also notify the affected users without undue delay, providing information about the nature of the breach, the likely consequences, and the measures taken or proposed to address it. Aurora Group maintains internal procedures for detecting, investigating, reporting, and responding to data breaches.

15. Sub-Processors and Record of Processing

Aurora Group’s third-party service providers (as described in Section 5.1) may engage their own sub-processors to assist in the provision of their services. Aurora Group requires, through contractual data processing agreements, that all third-party processors and their sub-processors implement appropriate technical and organisational measures to protect personal data and process it only in accordance with Aurora Group’s instructions and applicable data protection law. Aurora Group remains responsible for the acts and omissions of its processors in relation to your personal data.

‍

Aurora Group maintains a record of its processing activities in accordance with Article 30 of the GDPR, which is available to relevant supervisory authorities upon request. This record includes the categories of personal data processed, the purposes of processing, the categories of recipients, international data transfers, and applicable retention periods.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Where changes are material, we will notify you by posting a prominent notice on the platform or by sending you an email. The date at the top of this policy indicates when it was last updated. Your continued use of the platform after any changes constitutes your acceptance of the updated Privacy Policy.