Last updated: September 2022
Your privacy is important to Aura Impact. Privacy is a fundamental right and one of our core values.
Compliance with data protection legislation
Aura Impact undertakes to make every effort to comply with the laws and regulations governing the processing of Personal Data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) and any other applicable national laws or regulations governing the processing of personal data.
Data Protection Officer
Aura Impact has appointed a data protection officer (the “DPO”). If you have any questions regarding the management and use of your Personal Data, you can contact him/her at the following address:
Form: Contact form
Address: 13-15 Avenue de la Liberté, L-1943, Luxembourg, Grand Duchy of Luxembourg
Email: [email protected]
Who are the Data Subjects?
The Data Subjects, i.e. the persons whose Personal Data Aura Impact processes are:
- Users of the Site or any other person who contacts Aura Impact without being a client;
- Persons responding to a job offer posted on the Site or sending an unsolicited application to the following address: [email protected], or via the contact form (hereinafter “Form”);
- Aura Impact’s clients who are natural persons or representatives and/or employees of Aura Impact’s clients who are legal persons; and
- Any other natural person whose Data Subject or partner transmits Personal Data to Aura Impact. The Personal Data of these other persons are submitted to Aura Impact under the responsibility of the Data Subjects who undertake to transmit them to Aura Impact in accordance with the applicable legal provisions. The data will only be used by Aura Impact if it is necessary for the provision of its Services by Aura Impact.
Origin of Personal Data
Personal Data collected from Data Subjects
All Personal Data concerning Data Subjects is collected from them by (i) Aura Impact via the forms or other documents they fill in when using the Website; (ii) Aura Impact during the various exchanges with Data Subjects, whether by mail, online requests, telephone calls or any other means of communication used to contact Aura Impact.
Personal Data that Aura Impact automatically collects when using the Services
Who are the data controllers?
The Controller is, within the meaning of the GDPR, the person who determines the means and purposes of the processing. The Processor is a person processing Personal Data on behalf of the Controller. He acts under the authority of the Controller and on the instructions of the Controller.
Aura Impact is responsible for the processing of the Personal Data of Data Subjects collected in the context of their browsing on the Website or any form of communication with Aura Impact.
Aura Impact takes all appropriate measures to ensure the protection and confidentiality of the Personal Data it holds or processes in compliance with the provisions of the GDPR and national legislation.
What Personal Data is processed and what is it used for?
All Personal Data processed by Aura Impact, are limited to those strictly necessary for the provision of the Services offered:
- Identification and contact details: The identification and contact details of the Data Subjects may correspond to (i) the name and e-mail address given in the contact form on the Site or (ii) the data given in the business card given by the Data Subject or in the Data Subject’s e-mail signature. This data will be processed by Aura Impact in order to respond to the Data Subject’s requests or in the context of contractual relations with the Data Subject.
- Content of CVs and cover letters: The data submitted by Candidates will be used in connection with applications and vacancies. This data includes surnames, first names, date of birth, nationality, means of contact (e-mail address, postal address, telephone number), education, professional qualifications, professional experience and any other personal data contained in these documents.
- Content of messages from Data Subjects transmitted by any means of communication: Data Subjects may contact Aura Impact via various means, including social networks, to formulate their requests. This data will be processed by Aura Impact to respond to the Data Subject’s requests or in the context of contractual relations with the Data Subject.
- Any other personal data provided to Aura Impact by Data Subjects concerning other persons: This data, collected directly or indirectly, enables Aura Impact to provide its consultancy services within the framework of legal obligations and in particular professional secrecy.
- Content and metadata: These elements correspond to the operations carried out on the Site, i.e. the data flows generated by the activity of the Data Subjects on the Site. In principle, this data is not used by Aura Impact, for which the Site is simply the medium for exchanging this data. However, some of these elements may be used by Aura Impact to enable Aura Impact to better understand how Users interact with the Aura Impact Site and to improve its functioning.
- Technical Information: This technical information may include browser type, language settings, country and time zone, cookie ID and settings, type of device used for connection, hardware model and operating system, unique identifiers such as IDFA (for iOS), MAC address or user ID, IP addresses and mobile network information, social network sharing, geolocation data. This data is used to ensure optimal use of the Site.
Some of these data are required to Aura Impact to provide its services, others are optional in order to benefit from all the Services offered. The mandatory or optional nature of the personal data to be provided is indicated at the time of collection. If you refuse to provide the mandatory data, Aura Impact will not be able to provide you with the requested services (such as the creation of your account or the processing of your teleconsultation request), nor to respond to your other possible requests.
Aura Impact may send informative emails for similar Services provided by Aura Impact (hereinafter the “Electronic Communications”) to Data Subjects whose electronic contact information Aura Impact has obtained by providing its Services when the Data Subjects in question have not objected to such use when their email address was collected.
Any other unsolicited electronic communication not covered by the above provisions will be made on the basis of the Data Subject’s consent only.
Data Subjects still have the opportunity to object to such use of their email address, free of charge and in a simple manner, (i) by clicking on the “unsubscribe” link contained within each Electronic Communication or (ii) by contacting the DPO directly at the contact details given above.
If a Data Subject objects to receiving Electronic Communications, he or she will not receive any such Communications once he or she has expressed his or her objection through one of the channels identified in the previous paragraph.
This processing is based on Aura Impact’s legitimate interest in providing information about its activity and sector news, thus enabling Aura Impact to continue to provide its services and promote its image to Data Subjects.
Use of social networks
The Personal Data of the Data Subjects collected through the use of social networks may be processed by Aura Impact, which has a legitimate interest in using them for marketing purposes and improving its advertising materials and its image on the basis of voluntary information transmitted or published by the Data Subjects.
You have the possibility to click on the icons dedicated to social networks on our site or any other communication medium, namely Linkedin, Twitter, Facebook, Instagram, or Youtube.
Social networks help to improve the usability of the site and help to promote it through sharing.
When you use these buttons, we may have access to personal information that you have indicated as public and accessible from your Linkedin, Twitter, Facebook, Instagram, or Youtube social profile. However, we do not create or use any independent database of these social networks from the personal information you may post on them and we do not exploit any of your privacy data in this way.
If you do not want us to have access to the personal information posted on the public area of your social profiles or accounts, then you should use the means provided by the social networks Linkedin, Twitter, Facebook, Instagram, and Youtube to limit access to your data.
Other social networks may also be added at any time by Aura Impact.
Some Cookies do not require the consent of the Data Subjects because they are purely technical and their use is in the legitimate interests of Aura Impact. For the others, Aura Impact collects the consent of the Data Subjects before collecting Personal Data about them via cookies.
For more information, in particular on the duration of the retention of Cookies, Data Subjects may consult Aura Impact’s Cookie Management Policy by clicking on the following link.
Links to Other Sites
Retention of Personal Data
- For Data Subjects who are not Clients of Aura Impact: five (5) years from the end of the relationship between the Data Subject and Aura Impact, except in the case of applications where the period is two (2) years after the last contact with the Applicant;
- For Data Subjects who are Clients of Aura Impact: ten (10) years from the end of the contractual relationship, except where there is a statute of limitations or a longer legal retention requirement.
- For all Data Subjects: The implementation of backups by Aura Impact ensures the availability of the data as well as their access within an appropriate timeframe in case of a physical or technical incident. The data included in the backups are kept until they are overwritten by a new backup. This is “out of use” data that is only used for backup purposes. In case a Data Subject requests the deletion of his or her personal data, the personal data contained in these backups will be deleted insofar as this is technically possible.
Aura Impact undertakes to delete or anonymise your personal data at the end of the retention period described above, plus a period of a few days or weeks, in proportion to the above-mentioned period, if this is necessary to ensure the deletion or anonymization of the data concerned in practice, unless there is an imperative reason for not doing so (e.g. in the context of a dispute).
How we protect Personal Data
Aura Impact implements all technical and organisational measures to ensure the security of the processing of Personal Data and the confidentiality of your data.
In this respect, we take all necessary precautions, in view of the nature of your data and the risks presented by our processing, to preserve the security of your data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties (physical protection of premises, authentication procedures for persons accessing the data with personal and secure access via confidential identifiers and passwords, secure https protocol, logging and tracing of connections, encryption of certain data, etc.).
Data Subjects are responsible for ensuring that all Personal Data they send to Aura Impact is secure.
Aura Impact takes reasonable steps to:
- Ensure that your Personal Data is accurate and, where necessary, kept up to date by allowing Data Subjects to amend any inaccurate data at any time.
- To ensure that Subcontractors receiving Personal Data guarantee the security and confidentiality of such data.
- Ensure that the protection and security of Personal Data is taken into account in the planning and development of its Services from the outset.
Recipient of personal data and subcontractors
THE USER’S PERSONAL DATA WILL NOT BE COMMUNICATED TO COMMERCIAL OR ADVERTISING ENTITIES.
By authorized personnel of AURA IMPACT:
Authorised staff of our marketing, sales, administrative, logistical, legal and IT departments, responsible for handling customer relations, prospecting and for control.
By the authorised personnel of AURA IMPACT’s subcontractors:
For some activities related to its operations, Aura Impact uses the services of several specialised companies (emailing, teleconsultation, CRM, etc.).
Each of these subcontractors is carefully selected for its professionalism and reliability, particularly in terms of privacy and protection of personal data.
If applicable, by the relevant courts, mediators, accountants, auditors, lawyers, bailiffs, debt collection companies.
In order to provide its Services, Aura Impact may use service providers located outside the European Union. If the transfer takes place to a third country where the legislation has not been recognised as providing an adequate level of protection for Personal Data, Aura Impact ensures that the necessary measures are put in place in accordance with the GDPR.
Rights of Data Subjects
Rights of Data Subjects to their Personal Data:
In accordance with the European regulations in force, Data Subjects who visit the Site have the following rights:
- Right of access (article 15 RGPD) and rectification (article 16 RGPD), update, completeness of the Personal Data of the Data Subjects: the Data Subjects have the right to access their Personal Data held by Aura Impact and to request rectification or updating.
- Right to erasure of Personal Data of Data Subjects (Article 17 of the GDPR), where (i) it is no longer necessary, (ii) the Data Subject has withdrawn consent, (iii) the Data Subject objects to the processing, (iv) the processing is unlawful or to comply with legal obligations.
- Right to withdraw consent at any time (Article 13-2c GDPR) if such processing is based on consent.
- Right to limit the processing of Personal Data of Data Subjects (Article 18 GDPR): this right means that the processing of Personal Data of Data Subjects that Aura Impact may carry out is limited, so that the Personal Data is retained, but Aura Impact may not use or process it.
- Right to object to the processing of Personal Data of Data Subjects (Article 21 GDPR): Data Subjects may at any time object to the processing of their Personal Data where the processing is based on the legitimate interest of Aura Impact.
- Right to portability of Personal Data provided by Data Subjects, where such Personal Data is subject to automated processing based on their consent or on a contract (Article 20 RGPD). Data Subjects have the right to move, copy or transmit their Personal Data from Aura Impact’s database to another.
- Right to determine the fate of the Data Subjects’ Personal Data after their death and to choose to whom Aura Impact shall disclose (or not) their Personal Data to a third party that they have previously designated. As soon as Aura Impact becomes aware of the death of a Data Subject and in the absence of instructions from him or her, Aura Impact undertakes to destroy his or her Personal Data, unless its retention is necessary for evidentiary purposes or to comply with legal obligation.
- For more information on their rights, Data Subjects may consult the CNPD website.
How Data Subjects may exercise their rights regarding their Personal Data:
If the Data Subject wishes to know how Aura Impact uses his or her Personal Data, or to exercise his or her rights, the Data Subject may contact Aura Impact at the following contact details:
Form: Contact form
Address: 13-15 Avenue de la Liberté, L-1943, Luxembourg, Grand-Duchy of Luxembourg
Email: [email protected]
In this case, the Data Subject must indicate the Personal Data that he or she would like Aura Impact to correct, update or delete, by identifying himself or herself precisely with a copy of an identity document (identity card or passport) or any other element that can be used to prove his or her identity.
Requests for deletion of Personal Data will be subject to the obligations imposed on Aura Impact by law, in particular with regard to the retention or archiving of documents.
Users may file a complaint with the supervisory authorities, and in particular with the CNPD (https://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.html).
The Data Subject is required to refer to the version of the Policy in effect at the time of access and use of the Site.