Privacy notice and cookies

Aurora World GmbH

Introduction

Welcome to the privacy policy of Aurora World GmbH.

Aurora World Ltd respects your privacy and is committed to protecting your personal data. This privacy statement informs you about how we search for your personal data, your data protection rights, and how the law protects you.

Although this privacy policy is provided in a concise, transparent, and easy-to-understand manner, please use the glossary to help you understand the meaning of some of the terms used in this privacy policy. If anything is unclear to you, or if you wish to exercise your legal rights, please contact us, providing the details listed below. This privacy policy is provided in a layered format so that you can click through to the sections listed below.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT ABOUT YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED?
  4. HOW WE USE YOUR PERSONAL DATA
  5. INFORMATION ABOUT YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. AUTOMATED DECISION-MAKING
  8. DATA SECURITY
  9. DATA STORAGE IN SERVER
  10. YOUR LEGAL RIGHTS
  11. GLOSSARY
  12. Important information and who we are

Purpose of this privacy policy

This privacy policy is intended to provide you with information about how Aurora collects and processes your personal data, including any data you provide to us through correspondence or your use of our website.

Our website is not intended for children and we do not knowingly collect data relating to children.

It is important that you review this Privacy Notice together with any other data protection notices or fair processing notices we may provide on certain occasions when we collect or process personal data about you, so that you are fully aware of how and why we use your data. This Privacy Notice supplements the other notices and is not intended to override them.

Controller

Aurora World Ltd is responsible for and in charge of your personal data (collectively referred to as "Aurora", "we", "us" or "our" in this Privacy Policy). We are part of a global group of companies headquartered in South Korea, Hong Kong and the USA.

We have appointed a Data Protection Officer ( DPO ) who is responsible for monitoring questions related to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details provided below.

Contact details

Our full details are:

Full name of the legal entity: Aurora World GmbH

Name or title of DPO: Jerome Kim

Email address: buero@auroraworld.eu

Postal address: Eschborner Landstraße 42-50, 60489 Frankfurt am Main, Germany

Telephone number: +49 (0)69 33995348

You have the right to lodge a complaint with the Office of the Information Commissioner ( ICO ), the UK's supervisory authority for data protection matters ( www.ico.org.uk ), at any time. However, we would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first.

Changes to the privacy policy and your obligation to inform us of changes

This version was last updated on October 24, 2025. It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your relationship with us.

Links from other providers

Our website and any correspondence between us may contain links to third-party websites, plug-ins, and applications. If you click on these links or activate these connections, third parties may collect or share data about you. We do not control these external websites and are not responsible for their privacy policies. When you visit a third-party website, we recommend that you read its privacy policy.

  1. The data we collect about you

Personal data is any information relating to an identified or identifiable natural person. It does not include data from which the identity has been removed (anonymous data).

We may collect, use, store and transfer various types of personal data about you, which we have grouped together:

  • Customer information that we collect when you set up your account with us, whether on your own behalf or on behalf of your employer/representative organization, by filling in forms on our website or otherwise, including your contact details such as name, email address, username, telephone number, organization, financial information and your role.
  • Supplier/provider and agent information that we collect before and during the entire negotiation and conclusion of our business relationship with you and/or your employer/representative organization (where applicable). This includes your contact details such as name, email address, telephone number, organization, financial information, billing address, and your role.
  • Transaction data about yourself and/or your employer/representative organization.
  • If you contact us, we may keep a record of this correspondence.
  • Information about you that you have posted on third-party websites such as Facebook and Twitter.
  • If you contact us to report a problem with our website or for technical or customer support, we may keep a record of that correspondence or conversation.
  • Information that you upload or share through our website.
  • Personal information, including contact and financial information, for third parties (see section 3 below for further information).
  • Cookie information (see below and our cookie policy for further details).
  • Details of your visits to our website, including but not limited to traffic data, location data, weblogs and other communication data, the resources you access, Internet Protocol (IP) address, login details, browser type and version, time zone setting and location, browser plug-in types, operating systems and versions, and other technology on the devices you use to access our website.
  • Information about your preferences for receiving marketing from us and our third parties, and your communication preferences.

We may also ask you to complete surveys which we will use for research purposes, although you are not required to respond to them.

We collect, use, and share aggregated data , such as statistical or demographic data, for any purpose. Aggregated data may be derived from your personal data but is not considered personal data under the law because it does not directly or indirectly reveal your identity. For example, we may aggregate data relating to your use of our website to calculate the percentage of users accessing a particular website feature. However, if we combine or link aggregated data with your personal data in a way that allows it to directly or indirectly identify you, we will treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also do not collect any information about criminal convictions and offenses.

If you do not provide any personal data

If we are required by law or under the terms of a contract we have with you, and you fail to provide this data when requested, we will be unable to perform the contract we have or are trying to enter into with you (e.g., to provide goods or services). In this case, we may have to cancel a product or service you have with us or not enter into the contract with you or your organization. If this happens, we will notify you at the time.

  1. How is your personal data collected?

We use various methods to collect data from and about you, including:

  • Direct interactions . You can send us your personal data by filling out forms or by contacting us by mail, telephone, email, or by allowing us to scan your brand at a trade fair or otherwise. This also includes personal data that you provide to the following people:
  • apply to our products or services;
  • Create an account with us;
  • Interact with us to discuss the goods and services we offer;
  • Subscribe to our service or publications;
  • To have marketing inquiries sent to you;
  • To have marketing inquiries sent to you;
  • to enter a competition, promotion, or survey;
  • Give us your feedback.
  • Automated technologies or interactions. When you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data using cookies and other similar technologies. We may also obtain technical data about you when you visit other websites that use our cookies.
  • Third parties or publicly available sources. We may receive personal data about you from various third-party providers and public sources as outlined below.
  • Technical specifications of the following parties:
    • Analytics providers like Google outside the EU
    • Advertising networks such as FW A (Tax Free World Association), VisitConnect
    • Search information providers such as Facebook, Google, Bing and any similar search engine within and outside the EU.
  • Personal data required for the completion of financial transactions by providers of technical, payment and delivery services such as Shopify, Worldpay and Paypal.
  • Personal information from publicly accessible sources such as company records, online databases, and the electoral register within the EU.
  • Contact your employer or a third party you have previously provided with your contact details, or seek information.
  • Agents, purchasing groups, member groups
  • Lists of attendees provided at trade fairs show that we are attending or are part of them.
  1. How we use your personal data

We will only use your personal data if the law allows us to. Most often, we will use your personal data in the following circumstances:

  • Where we need to fulfill the contract, we are in the process of contacting you or have already entered into an agreement with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests, these interests will not be overridden.
  • Where we have a legal or regulatory obligation to comply with.

See section 10 'Glossary' to learn more about the types of lawful basis we will rely on to process your personal data.

Generally, we do not rely on consent as the legal basis for processing your personal data, except in cases involving the sending of direct marketing communications to you by email or text message from third parties. You have the right to withdraw your consent to marketing at any time by contacting us.

Purposes for which we use your personal data

Below, in a table format, we have outlined all the ways in which we intend to use your personal data and the legal bases we rely on to do so. We have also identified our legitimate interests where applicable.

Please note that we may process your personal data for more than one lawful reason, depending on the purpose for which we are using your data. Please contact us if you require details of the specific legal basis we rely on to process your personal data when more than one basis is listed in the table below.

Purpose/Activity

Lawful basis for processing, including the basis of legitimate interest

The registration of new customers and the fulfillment of our obligations arising from contracts entered into between you, your respective organization and us.

Performance of a contract with you

If you are our supplier/provider or if you are an authorized representative of one of our suppliers/providers, to enter into negotiations and subsequently fulfill our obligations arising from contracts entered into between you, your respective organization and us.

(a) Performance of a contract with you or your organization

(b) Legal interests (to enter into negotiations with you regarding the services we request)

Here's how to process and deliver orders:

(a) Confirmation of an order, including but not limited to confirmation of the delivery time and place.

(b) Manage payments, fees and charges

(c) Collecting and winning money that is owed to us

(a) performance of a contract with you

(b) necessary for our legitimate interests (to recover debts owed to us)

To manage our relationship with you/your organization, which will include the following:

(a) They will inform you about changes to our Terms and Conditions, our services, or our Privacy Policy

(b) Administration and maintenance of our records

(c) Have a review conducted or take a survey

(a) performance of a contract with you

b) those necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to update our records and investigate how customers use our products/services)

To send you business-to-business marketing and, in particular, information about our products and services that we feel are of interest.

Necessary for our legitimate interests (for the development of our products/services, growth of our business)

To enable you to participate in interactive features of our service, including entering a contest, sweepstakes or survey, if you wish to do so.

(a) performance of a contract with you

(b) Necessary for our legitimate interests (to investigate how customers use our products/services, to develop them and to grow our business)

For the administration and protection of our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting)

(a) necessary for our legitimate interests (for the management of our business, the provision of administrative and IT services, network security, the prevention of fraud and in connection with a corporate reorganization or group restructuring)

b) those necessary to comply with a legal obligation

To provide you with relevant website content and advertisements, and to measure or understand the effectiveness of the advertising we provide to you.

Necessary for our legitimate interests (to investigate how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy)

Using data analytics to improve our website, products/services, marketing, customer relationships and experiences

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and marketing materials updated and relevant, to develop our business and to inform our marketing strategy)

To provide you with suggestions and recommendations for products or services that might be of interest to you.

Necessary for our legitimate interests (to develop our products/services and grow our business)

Conducting research, statistical analysis, internal customer service monitoring and market research

Necessary for our legitimate interests (to develop our products/services, grow our business, improve the services we provide to customers and inform you about our marketing strategy)

To facilitate the administration of the entire Aurora Group company, and in particular to preserve our internal records and databases, and to create a leaner and more efficient business system for our customers and those who interact with us.

Necessary for our legitimate interests (to develop our products/services, expand our business, improve the services we provide, and ensure a consistent corporate strategy)

To fulfill our duties and contractual obligations due to our role as principal debtor and to maintain our agency relationship with you.

(a) performance of a contract with you

b) those necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to promote our business in all the territories we serve)

marketing

We strive to give you a choice when selecting certain personal data, particularly in the area of ​​marketing and advertising.

Advertising offers from us

We may use your personal data to form an opinion about what we think you want or need, or what might be of interest to you. This helps us decide which products, services, and offers may be relevant to you (we call this marketing).

Except as set out above, you will receive marketing communications from us if you have requested information from us, purchased goods from us, or provided us with your details, entered a competition or registered for a promotion, and in any case you have not opted to receive this marketing.

If you are a sole trader or in a partnership and you have not purchased any goods from us in the past, we will only contact you for marketing purposes if you have expressly consented to receive electronic mail from us.

Third-party marketing

We will obtain your explicit consent before sharing your personal data with a company outside the Aurora Group for marketing purposes.

Opting out

You can request that we or third parties stop sending you marketing messages at any time by following the opt-out links in marketing messages sent to you or by contacting us at any time.

If you choose to receive these marketing messages, this does not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience, or other transactions.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

You can configure your browser to reject all or some browser cookies, or to warn you when websites set or access cookies. If you disable or reject cookies, please note that some parts of our website may be inaccessible or may not function correctly. For more information about the cookies we use, please see our Cookie Policy.

By continuing to use our website, you consent to our use of cookies. Our legal basis for processing the personal data we collect through our use of cookies, and the purposes for which it is processed, are set out above.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another reason, and that this reasonableness is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us .

If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent in accordance with the above rules, provided that this is required or permitted by law.

  1. Information about your personal data

We may share your personal data with the parties listed below for the purposes mentioned in point 4 of the table.

  • Internal third parties, as defined in the glossary.
  • External third parties, as defined in the glossary.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire or merge with other companies. If a change of ownership occurs, the new owners may use your personal information in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to handle it in accordance with the law. We do not allow our third-party providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.

  1. International transfers

We share your personal data within the Aurora Group. This means that your data will be transferred outside the European Economic Area ( EEA ).

When we transfer your personal data from the EEA, we ensure that it is afforded a similar level of protection by providing at least one of the following safeguards:

Please contact us if you would like more information about the specific mechanism we use when transferring your personal data out of the EEA.

  1. Automated decision-making

We do not make decisions about you using only technologies that none of our employees or other people have been involved in.

  1. Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed, altered, or disclosed in an unauthorized manner. Furthermore, we restrict access to your personal data to employees, agents, contractors, and other third parties who have a legitimate need to know about the company. They will only process your personal data on our instructions and are bound by confidentiality obligations.

We have procedures in place to deal with a suspected personal data breach and will notify you and any applicable regulatory authority of a breach where we are legally required to do so.

  1. Data storage

How long will you use my personal data?

We will only store your personal data for as long as is necessary to fulfill the purposes for which we have collected it, including to comply with legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as applicable legal requirements.

Details regarding retention periods for various aspects of your personal data are available in our data retention policy, which you can request from us. Contact us .

As a general guideline, we are legally required to keep basic information about our customers (since seven years after they have ceased using the customers for tax and other purposes).

Under certain circumstances you can ask us to delete your data: see Request Erasure below for more information.

In certain circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In this case, we may use this information indefinitely without further notice to you.

  1. Your rights

Under certain circumstances, you have the legal right to:

  • Request access to your personal information (commonly known as a "data access request"). This will allow you to obtain a copy of the personal data we hold about you and to check that we are processing it lawfully.
  • Request to correct the personal information we hold about you. This allows you to have any incomplete or inaccurate information we correct about you, although we will need to verify the accuracy of the new data you provide.
  • Request erasure of your personal information. This allows you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to rectification (see below), where we have processed your information unlawfully, or where we are required to erase your personal data to comply with local laws. However, please note that for specific legal reasons, we may not always be able to comply with your erasure request, which will be communicated to you, if applicable, at the time of your request.
  • The processing of your personal information is based on our legitimate interest (or that of a third party), and there is something about your particular situation that you wish to object to regarding this processing because you feel it affects your fundamental rights and freedoms. You also have the right to object if we process your personal data for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds for processing your information that override your rights and freedoms.
  • Request restriction of processing of your personal information. This allows you to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) if our use of the data is unlawful, but you do not want us to delete it; (c) you need us to keep the data even when we no longer need it, for example, if you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify that we have legitimate grounds for using that data.
  • Request the transfer of your personal information to another party. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you originally provided to us, or where we used the information to perform a contract with you.

If you wish to exercise any of the above rights, please contact us in writing.

No fee is usually required.

You do not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse the request in such circumstances.

What we need from you

We may need to request specific information from you to help us verify your identity and ensure your right to access the information (or to exercise your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone who has no right to receive it.

Time limit for responses

We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your request is particularly complex or if you have submitted several requests. In this case, we will notify you and keep you updated.

Right to withdraw consent

In the limited cases where you have given your consent to the collection, processing, and sharing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Practice Manager. Once we receive notification that you have withdrawn your consent, we will no longer process your data for the purpose(s) to which you originally consented, unless we have another legitimate legal basis to do so.