Privacy Policy - Aura-impact

Last updated: September 2022

Your privacy is important to Aura Impact. Privacy is a fundamental right and one of our core values.

Purpose of this Privacy Policy

This Privacy Policy governs the way in which Aura Impact as Data Controller processes Personal Data collected (i) in the context of the use of the Aura Impact Website ( (hereinafter “Website”) or in the course of exchanges between Aura Impact and any person who is not a client of Aura Impact and (ii) in the context of Aura Impact’s performance of its consultancy activity and its contractual relations with its Clients (hereinafter “Services”).

Compliance with data protection legislation

Aura Impact undertakes to make every effort to comply with the laws and regulations governing the processing of Personal Data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) and any other applicable national laws or regulations governing the processing of personal data.

Data Protection Officer

Aura Impact has appointed a data protection officer (the “DPO”). If you have any questions regarding the management and use of your Personal Data, you can contact him/her at the following address:

Form: Contact form

Address: 13-15 Avenue de la Liberté, L-1943, Luxembourg, Grand Duchy of Luxembourg

Email: [email protected]

Who are the Data Subjects?

The Data Subjects, i.e. the persons whose Personal Data Aura Impact processes are:

Origin of Personal Data

Data Subjects are informed of the purposes for which their Personal Data is collected via (i) the information provided in the various online data collection forms; (ii) the Cookie Policy and (iii) this Privacy Policy.

Personal Data collected from Data Subjects

All Personal Data concerning Data Subjects is collected from them by (i) Aura Impact via the forms or other documents they fill in when using the Website; (ii) Aura Impact during the various exchanges with Data Subjects, whether by mail, online requests, telephone calls or any other means of communication used to contact Aura Impact.

Personal Data that Aura Impact automatically collects when using the Services

Aura Impact automatically collects Personal Data, in particular through the use of Cookies, when the Data Subjects use the Website.

Who are the data controllers?

The Controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. The Processor is a person processing Personal Data on behalf of the Controller. He acts under the authority of the Controller and on the instructions of the Controller.

Aura Impact is responsible for the processing of the Personal Data of Data Subjects collected in the context of their browsing on the Website or any form of communication with Aura Impact.

Aura Impact takes all appropriate measures to ensure the protection and confidentiality of the Personal Data it holds or processes in compliance with the provisions of the GDPR and national legislation.

What Personal Data is processed and what is it used for?

All Personal Data processed by Aura Impact, are limited to those strictly necessary for the provision of the Services offered:

Some of these data are required to Aura Impact to provide its services, others are optional in order to benefit from all the Services offered. The mandatory or optional nature of the personal data to be provided is indicated at the time of collection. If you refuse to provide the mandatory data, Aura Impact will not be able to provide you with the requested services (such as the creation of your account or the processing of your teleconsultation request), nor to respond to your other possible requests.

Electronic Communications

Aura Impact may send informative emails for similar Services provided by Aura Impact (hereinafter the “Electronic Communications”) to Data Subjects whose electronic contact information Aura Impact has obtained by providing its Services when the Data Subjects in question have not objected to such use when their email address was collected.

Any other unsolicited electronic communication not covered by the above provisions will be made on the basis of the Data Subject’s consent only.

Data Subjects still have the opportunity to object to such use of their email address, free of charge and in a simple manner, (i) by clicking on the “unsubscribe” link contained within each Electronic Communication or (ii) by contacting the DPO directly at the contact details given above.

If a Data Subject objects to receiving Electronic Communications, he or she will not receive any such Communications once he or she has expressed his or her objection through one of the channels identified in the previous paragraph.

This processing is based on Aura Impact’s legitimate interest in providing information about its activity and sector news, thus enabling Aura Impact to continue to provide its services and promote its image to Data Subjects.

Use of social networks

The Personal Data of the Data Subjects collected through the use of social networks may be processed by Aura Impact, which has a legitimate interest in using them for marketing purposes and improving its advertising materials and its image on the basis of voluntary information transmitted or published by the Data Subjects.

You have the possibility to click on the icons dedicated to social networks on our site or any other communication medium, namely Linkedin, Twitter, Facebook, Instagram, or Youtube.

Social networks help to improve the usability of the site and help to promote it through sharing.

When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Linkedin, Twitter, Facebook, Instagram, or Youtube social profile. However, we do not create or use any independent database of these social networks from the personal information you may post on them and we do not exploit any of your privacy data in this way.

If you do not want us to have access to the personal information posted on the public area of your social profiles or accounts, then you should use the means provided by the social networks Linkedin, Twitter, Facebook, Instagram, and Youtube to limit access to your data.

Other social networks may also be added at any time by Aura Impact.

Use of Cookies

Aura Impact also uses Cookies to improve Data Subjects’ navigation on the Site and to compile data for anonymous statistics, to understand Data Subjects’ use of the Aura Impact Site and to improve its structure and content.

Some Cookies do not require the consent of the Data Subjects because they are purely technical and their use is in the legitimate interests of Aura Impact. For the others, Aura Impact collects the consent of the Data Subjects before collecting Personal Data about them via cookies.

For more information, in particular on the duration of the retention of Cookies, Data Subjects may consult Aura Impact’s Cookie Management Policy by clicking on the following link.

Links to Other Sites

We occasionally provide links to other websites for your convenience and information. These websites operate independently and are not under our control. These sites operated by third parties may have their own privacy notices or terms of use, which we strongly suggest you to review. We are not responsible for the content of these sites, for any products or services that may be offered on them or for any other use of them.

Retention of Personal Data

Aura Impact takes all reasonable steps to ensure that Personal Data is processed and retained for the minimum period necessary for the purposes set out in this Privacy Policy.

Unless a more specific provision is indicated in this Privacy Policy, the general principle applied by Aura Impact is to retain Personal Data according to the following criteria:

Aura Impact undertakes to delete or anonymise your personal data at the end of the retention period described above, plus a period of a few days or weeks, in proportion to the above-mentioned period, if this is necessary to ensure the deletion or anonymization of the data concerned in practice, unless there is an imperative reason for not doing so (e.g. in the context of a dispute).

How we protect Personal Data

Aura Impact implements all technical and organisational measures to ensure the security of the processing of Personal Data and the confidentiality of your data.

In this respect, we take all necessary precautions, in view of the nature of your data and the risks presented by our processing, to preserve the security of your data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties (physical protection of premises, authentication procedures for persons accessing the data with personal and secure access via confidential identifiers and passwords, secure https protocol, logging and tracing of connections, encryption of certain data, etc.).

Data Subjects are responsible for ensuring that all Personal Data they send to Aura Impact is secure.
Aura Impact takes reasonable steps to:

  • Ensure that your Personal Data is accurate and, where necessary, kept up to date by allowing Data Subjects to amend any inaccurate data at any time.
  • Ensure that the Personal Data of Data Subjects is collected for the purposes set out in this Privacy Policy.
  • To ensure that Subcontractors receiving Personal Data guarantee the security and confidentiality of such data.
  • Ensure that the protection and security of Personal Data is taken into account in the planning and development of its Services from the outset.

Recipient of personal data and subcontractors


The Personal Data of the Data Subjects may be processed within the limits of their respective attributions and exclusively in order to achieve the purposes of this Privacy Policy by the following persons:

By authorized personnel of AURA IMPACT:
Authorised staff of our marketing, sales, administrative, logistical, legal and IT departments, responsible for handling customer relations, prospecting and for control.
By the authorised personnel of AURA IMPACT’s subcontractors:
For some activities related to its operations, Aura Impact uses the services of several specialised companies (emailing, teleconsultation, CRM, etc.).
Each of these subcontractors is carefully selected for its professionalism and reliability, particularly in terms of privacy and protection of personal data.
Other :
If applicable, by the relevant courts, mediators, accountants, auditors, lawyers, bailiffs, debt collection companies.

Cross-border transfer

In order to provide its Services, Aura Impact may use service providers located outside the European Union. If the transfer takes place to a third country where the legislation has not been recognised as providing an adequate level of protection for Personal Data, Aura Impact ensures that the necessary measures are put in place in accordance with the GDPR.

Rights of Data Subjects

Rights of Data Subjects to their Personal Data:

In accordance with the European regulations in force, Data Subjects who visit the Site have the following rights:

How Data Subjects may exercise their rights regarding their Personal Data:

If the Data Subject wishes to know how Aura Impact uses his or her Personal Data, or to exercise his or her rights, the Data Subject may contact Aura Impact at the following contact details:

Form: Contact form

Address: 13-15 Avenue de la Liberté, L-1943, Luxembourg, Grand-Duchy of Luxembourg

Email: [email protected]

In this case, the Data Subject must indicate the Personal Data that he or she would like Aura Impact to correct, update or delete, by identifying himself or herself precisely with a copy of an identity document (identity card or passport) or any other element that can be used to prove his or her identity.

Requests for deletion of Personal Data will be subject to the obligations imposed on Aura Impact by law, in particular with regard to the retention or archiving of documents.

Users may file a complaint with the supervisory authorities, and in particular with the CNPD (

Users’ acknowledgement of this Privacy Policy

By using the Aura Impact Site, Data Subjects acknowledge that they have read and understood the terms of this Privacy Policy.

Changes to this Privacy Policy

Aura Impact may modify, supplement or update this Privacy Policy in order to take into account any legal, regulatory, jurisprudential and/or technical developments.

Aura Impact will revise the date of the last update at the top of this page for this purpose. Aura Impact encourages Data Subjects to check this page frequently for changes. Aura Impact has put in place various means for Data Subjects to review this Privacy Policy and Data Subjects acknowledge and agree that it is their responsibility to regularly review this Privacy Policy and become aware of any changes.

Each Data Subject is advised that the only authoritative version of the Privacy Policy is the one found online, which he or she acknowledges and accepts without limitation.

The Data Subject is required to refer to the version of the Policy in effect at the time of access and use of the Site.

If you have any questions or comments regarding this Privacy Policy, please contact us at [email protected].