Website Privacy Policy of Aurora Virtual Chains

About Us

This privacy policy ("Privacy Policy") outlines how Aurora Labs Limited (“Aurora”, “we”, “our”, “us” or “Company”) collects, processes, and protects your personal data when you access and use our Website and when you apply to participate in the Aurora Blocks Incubator Program (“Program”). This Privacy Policy specifically governs the collection, storage, and processing of data provided by applicants and participants in the Program, detailing how Aurora handles their personal information. This Website and Program are managed by Aurora Labs Limited, located at Madison Building, Midtown, Queensway, Gibraltar, GX11 1AA. Aurora acts as the data controller for all personal data collected and processed in relation to the Program.

Unless otherwise specified in this Privacy Policy, the terms used here have the same definitions as outlined in the UK GDPR (as defined in section 3(10), as supplemented by section 205(4), of the UK’s Data Protection Act 2018) and the EU GDPR (General Data Protection Regulation (EU) 2016/679)) ("GDPR").

By submitting your application or participating in the Program, you acknowledge and agree to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, you should refrain from applying to or engaging with the Program.

This Privacy Policy applies to personal data collected through:

The Program application form, ClickUp Forms;

The Program’s official website at https://aurora.dev/incubator;

Definitions

User (“you”, “your”) – an individual over 18 years old who can be identified, directly or indirectly, in particular by reference to – an identifier such as a name, an identification number, location information, or an online identifier, or any relevant factors of the individual;

Privacy Policy – means the terms which set out how we will deal with confidential and personal information received from you via the Platform;

Personal Data – any content that can be linked or identified, directly or indirectly, with the User.

The personal data we collect

Categories of Personal Data Collected

We gather personal data for different purposes associated with our business operations as you utilize our Website. In particular, we process:

• Identification details (e.g. name,photo, address);

• Contact details (e.g. personal email, Telegram handle, Twitter profile, LinkedIn profile, Aurora wallet address);

• Online identifiers (e.g. IP address, cookie identifiers, device identifiers, terminal ID);

• Behavioural data (e.g. tracking data, logfiles, activity logs);

• Project details (e.g., project name, project Twitter handle, project Discord, project website, prototype link, or deck);

• Business and technical information (e.g., project stage, competitive landscape, problem-solving approach, traction data, and funding history);

• How you use the Platform, such as the pages you visit;

• your IP address;

• the date, times, and frequency with which you access the Platform;

• your operating system;

• information about your browser;

You are under no obligation to provide your personal data. Nonetheless, it's important to be aware that we cannot provide you access to the Website without the essential personal data required to guarantee that access.

Participation in the Program requires the collection of this data. Failure to provide required information may result in disqualification from the application process.

The data is also stored in the log files of our system. The data is stored to ensure the Platform’s proper operation and for analytical purposes. In addition, the data serves us to optimize the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For you, these purposes are our legitimate interest. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

The collection of such data is absolutely necessary for the operation of the Platform and conducted on the basis of the performance of the Terms of Use to which you are a party and safeguard a legitimate interest of our company. Consequently, there is no possibility of objection on your part, except for cookies, which are collected only after receiving your consent.

How do we collect them

We acquire information about you as you engage with us. This includes:

Direct collection

• When you fill out forms we provide you;

• When you submit your inquiries to us;

• When you communicate with us via our Website and other electronic means;

• When you interact with our Website’s functionalities.

Indirect collection

• When cookies and similar technologies are installed on your device or access information included therein;

• From our service providers;

• Through public sources, public registers, news articles, social media platforms and internet searches.

• Why do we collect personal data

Overview of our purposes for data processing

Our legal basis for collecting and processing personal data, as described in this Privacy Policy, depends on the category of personal data collected and the purposes for which it is collected.

Contractual Obligations: We collect and process personal data to fulfil our contractual obligations or to take pre-contractual measures related to a contract to be concluded with you. In particular, we rely on contractual obligations to:

• To provide and manage your access to the Website and its functionalities;

• To provide you with customer support and respond to your inquiries submitted through our Website or other electronic means.

• Assess your eligibility and suitability for the Program;

Consent: We rely on your voluntary consent, provided when we collect your personal data. In particular, we rely on your consent to:

• To provide you with news, special offers, newsletters and general information about the services we offer;

• To place non-essential cookies and similar technologies on your device;

• To publish reviews, testimonials and photos on our Website.

Legitimate Interests: We use legitimate interests as a legal basis for processing your personal data, based on our assessment that the processing is necessary and proportionate and does not infringe your interests or fundamental rights and freedoms. In particular, we rely on our legitimate interests to:

• To detect, prevent and address security threats related to the Website;

• To place essential cookies and similar technologies on your browser that are technically necessary for our Website to function;

• To collect and analyse your feedback to improve our Website and user experience;

• To enforce the terms and conditions of the Website and protect against fraudulent activities.

Legal Compliance: We process personal data when necessary to fulfil legal and regulatory obligations. In particular, we rely on the fulfilment of legal obligations to:

• To notify you about changes to our Privacy Policy;

• To comply with applicable regulations and legislation;

• For the legal enforcement of claims and rights.

• Our data processing in detail

Newsletter Subscription

We send newsletters and various notifications via email and other communication channels and may employ third parties to facilitate their delivery.

In principle, you must provide explicit consent to receive newsletters and other notifications from us, unless such communication is permissible for other legal reasons. We implement a "double opt-in" approach for email consent, meaning you will receive an email containing a web link that you must click to confirm your consent. This process is designed to prevent any misuse by unauthorized third parties. We may also log this consent, including the Internet Protocol (IP) address, date, and time.

Our newsletters and notifications might include web links or tracking pixels, which register whether a specific newsletter or notification has been opened and which web links were clicked (for performance measurement). These web links and tracking pixels record the utilization of newsletters and other notifications. We use this statistical data, including measurements of success and outreach, to effectively and user-friendly provide newsletters and notifications, ensuring they are delivered consistently, securely, and reliably, tailored to the preferences of the recipients.

You have the option to unsubscribe from newsletters and other notifications at any time, enabling you to object to the usage data collection mentioned above. You can do this by directly contacting us or by following the unsubscribe link included in the footer of each newsletter you receive.

Cookies and similar technologies

Our Website uses cookies and similar technologies (collectively “tools”) provided either by us or by third parties.

A cookie is a small text file stored on your device by your browser. They are useful since they allow us to recognise your device, in order for our Website to work properly or more efficiently. They can also be used to provide information to the owners of websites on how users engage with them. Without cookies or some other similar technology (e.g. web storage, fingerprints, tags, or pixels), we would have no way of 'remembering' our visitors. While most browsers accept these by default, you can adjust settings to reject or store them only with your consent. Refusing may impact your ability to use our Website seamlessly.

In addition, we also use temporary cookies that are stored on your end device to optimize user-friendliness. If you visit our platform again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our Platform and to evaluate it for you for optimizing our Platform and further marketing. These cookies enable us to automatically recognize when you return to our Platform that you have already been with us.

The data processed by cookies for the aforementioned purposes is justified to protect our legitimate interests and those of third parties.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies can lead to the fact that you cannot use all functions of our Platform.

We use Google Analytics on our Platform. These are services provided by third parties, which may be located in any country (Google LLC is based in the US but Google Ireland Ltd. is the data controller for customers based in the EU, for more information visit https://policies.google.com/?hl=en) and allow us to measure and evaluate the use of our Platform (without identifying individuals). Permanent cookies, which are placed by the service provider, are also used for this purpose. Although such service providers do not receive personal data from us (and do not retain any IP addresses), they may track your use of the Platform, combine this information with data from other websites you have visited, which are also tracked by service providers, and use this information for their own purposes (e.g. to manage to advertise). If you have registered with the service provider concerned, the service provider will also know your identity. The service provider concerned will then be responsible for processing your personal data by the applicable data protection provisions. Service providers only provide information on how a particular website is used (but not any personal details).

We also use plugins from social networks such as Facebook, Twitter, YouTube, Google+, and LinkedIn on our Platform. This will be evident to you, as the relevant symbol will typically be displayed. We have configured these elements to be disabled by default. If you enable these (by clicking on them), the social network operators may register that you are on our website and where you are on our website and may use this information for their purposes. The operator concerned will then be responsible for processing your personal data by the applicable data protection provisions. We will not receive any information regarding you from the operator concerned.

Retention of Personal Data

We retain personal data for the period necessary to fulfill the purposes for which it was collected, in accordance with legal, regulatory, and contractual obligations.

If an applicant is not selected for the Program, the Company will retain the applicant's data for a period of six (6) months. This allows Aurora to reconsider the applicant for future opportunities or alternative programs.

After six months, the data will be permanently deleted or anonymized, unless the applicant provides consent for extended retention.

Third-party apps and websites

Our Website contains links to websites or apps that are not operated by us. When you click on a third-party link, you will be directed to that third-party's website or app. We have no control over the content, privacy policies, or practices of any of these third-parties.

We maintain a presence on social networks to communicate with you, our clients and prospective clients, as well as to provide information about our Program, products and services. If you have an account on the same network, it is possible that your information and media are made available to us, for example, when we access your profile.

As soon as we transfer personal data into our own system, we are responsible for this independently. This is done to carry out pre-contractual steps or to fulfil a contract with you.

Below is the list of social networks on which we are present:

• Discord: Privacy policy;

• Telegram: Privacy policy;

• X: Privacy policy;

• YouTube: Privacy policy.

For how long do we store personal data

We retain personal data for the period necessary to fulfil the purposes for which it was collected, in accordance with the legal, regulatory and contractual obligations to which we are subject. Once this retention period is over, we delete the personal data or irreversibly anonymise it.

With whom we share personal data

Our service providers

We collaborate with third-party entities ("service providers") to support the functioning of our Website. These service providers assist in various activities, such as analyzing service usage, facilitating payments, and providing IT infrastructure. They are granted access to your personal data solely to the extent required to carry out these tasks.

Categories of service providers that can access your personal data:

• Cloud service, hosting and infrastructure providers;

• E-mailing service providers;

• Advertising and affiliate networks;

• IT and security services;

• Social media and content platforms;

• Professional advisers we use, such as accountants and lawyers;

• Other group entities that are involved in your matter.

Third-Country Transfers

Please note that we process personal data and hire service providers located in countries outside the EU/EEA. These third countries may not offer a level of data protection equivalent to that of the EU/EEA.

To ensure the security of your personal data during these transfers, we fulfil applicable legal obligations by adopting appropriate safeguards. These safeguards include:

• Transfer of data to countries that have received an adequacy decision from the European Commission.

• Implementation of standard contractual clauses provided by the European Commission, in accordance with Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as well as supplementary measures for the transfer, where we consider that such measures are necessary to guarantee a level of protection essentially equivalent to that of the EU.

In the event of a transfer to a third country where adequacy decisions or appropriate safeguards are absent, it is conceivable that authorities in the third country, such as intelligence services, could access the transferred data. Consequently, the enforceability of your data subject rights may not be guaranteed.

We and/or our service providers transfer your personal data to and process it in countries outside the EU/EEA. These countries include:

• United States of America;

• United Kingdom.

In cases where the transfer to a third country is based on the use of standard contractual clauses provided by the European Commission, you have the right to request a copy of the clauses under which your personal data is transferred to a third country. However, the contract may be redacted in those parts that must remain confidential (i.e. other people's personal data). You can request the applicable copies by contacting: [email protected] .

Data Disclosure

We may disclose your personal data when we have a sincere belief that such disclosure is essential for the following purposes:

• To fulfil a legal obligation, which includes cases where such disclosure is required by law or in response to lawful requests from public authorities, such as a court or a government agency.

• To safeguard the security of our services and safeguard our rights or property.

• To prevent or investigate potential unlawful conduct related to our operations.

• How we keep personal data safe

We implement reasonable technical and organizational security measures that we consider appropriate to safeguard your stored personal data from manipulation, loss, or unauthorized access by third parties. Our security measures are continuously updated to align with advancements in technology.

We place significant emphasis on internal data privacy. Our staff and engaged service providers are bound by confidentiality and must comply with relevant data protection laws. Moreover, they are granted access to personal data only to the extent necessary for the performance of their respective duties or obligations.

We value the security of your personal data; however, please bear in mind that no method of transmitting data over the internet or electronic storage can be guaranteed 100% secure. While we make every effort to employ commercially reasonable measures to protect your personal data, we cannot provide absolute security. We recommend employing antivirus software, firewalls, and similar tools to enhance the protection of your system.

Your Rights

You possess the following data protection rights. To exercise these rights, please reach out to us at the provided address or send an email to [email protected]. Please be aware that we may ask you to verify your identity before addressing your requests.

• Right to Access: You have the right to request a copy of your personal data, which we will furnish to you in an electronic format.

• Right to Correction: You can request us to rectify any inaccuracies or incompleteness in your data.

• Right to Withdraw Consent: If you've given your consent for the processing of your personal data, you have the right to withdraw it at any time, affecting future processing. This applies, for example, when you wish to opt out of marketing communications. Once we receive your withdrawal of consent, we will no longer process your information for the purpose(s) you initially consented to, unless there exists another legal basis for processing.

• Right to Erasure: You have the right to request the deletion of your personal data when it is no longer necessary for the purposes it was collected, or if it was processed unlawfully.

• Right to Restrict Processing: You can request the limitation of our processing of your personal data in cases where you believe it to be inaccurate, processed unlawfully, or no longer needed for the original purpose, but cannot be deleted due to legal obligations or your own request.

• Right to Data Portability: You can request that we transmit your personal data to another data controller in a standard format (e.g., Excel), if you provided this data to us and we processed it based on your consent or to fulfill contractual obligations.

• Right to Object to Processing: If the legal basis for processing your personal data is our legitimate interest, you have the right to object to such processing based on your specific situation. We will respect your request, unless we have a compelling legal basis for the processing that outweighs your interests or if we need to continue processing the data for legal defense purposes.

• Right to File a Complaint with a Supervisory Authority: If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a data protection supervisory authority. In the EU and EEA, you can exercise this right by contacting a supervisory authority in your country of residence, workplace, or where you believe the infringement occurred. You can find a list of the relevant authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members.

We will respond to your requests within 30 days of receiving them. This response period may be extended if the request is particularly complex, which we will inform you of promptly. Within this period, we will respond to your request or inform you of the reasons why your request cannot be met.

Changes to This Privacy Policy

Our privacy policy may be updated from time to time. We advise the data subject to check this privacy policy periodically for any changes.

When possible, we inform data subjects before making these changes, notifying them at least 30 days before the changes come into force.

Changes to this privacy policy take effect from the moment they are published on this page.

Contact Us

If you have any inquiries or concerns regarding this Privacy Policy, please do not hesitate to contact us at:

Aurora Labs Limited

Madison Building, Midtown, Queensway, Gibraltar, GX11 1AA

[email protected]