Privacy Policy

1. Introduction

AURORA HORIZON Inc. (hereinafter referred to as "we") is committed to protecting the personal data privacy and legal rights of EU users (hereinafter referred to as "you") who use our products and services. This Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and relevant laws and regulations. It clearly informs you of the scope and methods of our collection, use, storage, and transfer of personal data, as well as your rights. It aims to ensure that all data processing activities are conducted in a fair, transparent, and lawful manner.

This Privacy Policy applies when you visit our website (auorizon.com), communicate via email ([email protected]), purchase our wallets and key cases, or participate in related services. Please read and understand this Policy carefully. If you do not agree to its terms, you should immediately cease using our products and services.

2. Scope and Lawful Basis of Data Collection and Processing

(I) Types of Personal Data Collected

Identity and Contact Data: including but not limited to your name, email address, phone number, shipping address, etc., is collected primarily through account registration, order submission, inquiry feedback, and other situations. Transaction Data: includes but is not limited to transaction-related information such as the product model, order amount, payment method, and transaction time.

Technical Data: includes but is not limited to technical information such as the device model, IP address, browser type, access time, and page view history you use when accessing the website, automatically collected by the website system.

Other Data: With your explicit consent, we may collect other service-related information, such as product usage feedback and personalized requests.

(II) Lawful Basis for Data Processing

According to Article 6 of the GDPR, our data processing activities are based on the following lawful grounds:

Obtaining Your Explicit Consent: If we collect your personalized request information for product recommendations, we will obtain your prior written or online consent.

Necessary for Performance of Contractual Obligations: For example, collecting your shipping address and contact information is necessary to facilitate the shipping and delivery of products such as wallets and keychains.

Complying with Legal Obligations: For example, retaining your transaction data for tax reporting and regulatory purposes as required by tax regulations. Protecting Legitimate Interests: For example, collecting technical data for purposes such as monitoring website security and preventing fraud is in our legitimate interest in ensuring service security and does not infringe upon your legal rights.

3. Purposes and Limitations of Data Processing

(I) Purposes of Processing

We process your personal data only for the following specific and explicit purposes:

Completing product sales and service delivery, including order processing, logistics delivery, and after-sales service;

Optimizing the website experience and product design, improving website functionality and the design details of wallets and key holders based on technical data and user feedback;

Ensuring service security, preventing and addressing security risks such as fraud and cyberattacks;

Providing personalized communications, and with your consent, sending you product updates, event notifications, and other related information;

Responding to your inquiries and complaints, and resolving issues you encounter while using our products or services;

Complying with other obligations prescribed by laws and regulations.

(II) Purpose Limitation

If we need to use your data for a new purpose beyond the scope outlined above, we will first assess the relevance of the new purpose to the original purpose. If there is a conflict between the new purpose and the original purpose, we will obtain your explicit consent again before processing and inform you of the new purpose and the specific methods of data processing. For example, if we plan to use your transaction data for third-party market research, we will separately inform you and obtain your permission.

4. Core Principles of Data Processing

We strictly adhere to the seven data processing principles set forth by the GDPR to ensure the comprehensive protection of your personal data:

Fairness, Transparency, and Lawfulness: All data processing activities are publicly disclosed to you, discriminatory or misleading practices are not employed, and all processing has a lawful basis. For data analysis involving AI algorithms (such as personalized recommendations), we implement manual intervention mechanisms to prevent algorithmic discrimination.

Data Minimization: We only collect the minimum data necessary to achieve the processing purposes. For example, if you purchase an electronic product manual, we will not ask for your physical shipping address; if you purchase a physical wallet, we only collect the necessary shipping information. We will promptly delete or pseudonymize any redundant data.

Data Accuracy: We will take reasonable steps to ensure the accuracy of your personal data, such as providing an account information modification function that allows you to update your name, contact information, and other information at any time. If any inaccuracies are discovered, they will be promptly corrected or deleted.

Storage Limitation: Data is stored for the minimum necessary period. Transaction data will be retained for no more than three years from the date of transaction completion, and technical data will be deleted immediately after achieving website optimization goals. If extended storage is necessary for public interest or historical research, the reasons will be provided in writing and encryption protection measures will be implemented.

Integrity and Confidentiality: We implement multi-layered technical and organizational protection measures, including encrypted data storage, access control, regular security audits, and employee confidentiality training, to prevent unauthorized access, disclosure, destruction, or tampering of personal data. All employees who access data must sign a confidentiality agreement and assume data protection responsibilities.

Accountability and Compliance: We have established a comprehensive data processing compliance system and maintain complete documentation of data processing activities, including data sources, processing purposes, and protection measures, to demonstrate the compliance of our data processing practices at all times. In the event of a data security incident, we will proactively provide documentation demonstrating compliance.

5. Data Sharing and Cross-Border Transfer

(I) Data Sharing

We only share your personal data with third parties in the following circumstances, and we will use encryption and other protection measures in all cases:

Service Partners: For example, we share your shipping address and contact information with logistics providers to facilitate product shipments; we share transaction data with payment institutions to facilitate payment settlements. Such partners may only use your data to provide services to us and must adhere to the same privacy protection standards.

Legal Requirements: Upon receipt of a lawful order from a regulator or court in an EU member state, we will provide necessary personal data to them in accordance with the law.

Mergers and Acquisitions: In the event of a merger, acquisition, or other business transaction, personal data may be transferred as part of the assets. We will notify you in advance and ensure that the transferee continues to comply with this Privacy Policy.

We will never sell your personal data to third parties for commercial marketing purposes without your explicit consent.

(II) Cross-border Transfers

If your personal data needs to be transferred outside the European Economic Area (EEA), we will implement the following safeguards to ensure compliance:

Transfers will only be made to countries or regions that comply with GDPR data protection standards;

Enter into a data processing agreement with the recipient to clearly define the data protection responsibilities and obligations of both parties;

Use technical means such as encrypted transmission and data desensitization to mitigate cross-border transmission risks.

6. Your Rights

According to the GDPR, you have the following rights with respect to your personal data, and we will provide necessary assistance in exercising them:

Right to Information: You have the right to request information about the scope of personal data we collect, the purpose of processing, and the storage period at any time. We will respond in writing within one month.

Right to Access: You have the right to request a copy of the personal data we hold about you, which we will provide free of charge (reasonable costs may apply for repeated requests).

Right to Correction: If you discover that your personal data is incorrect or incomplete, you have the right to request that we promptly correct or supplement it.

Right to Erasure (Right to Be Forgotten): You have the right to request that we erase your personal data if, for example, the data is no longer necessary for the purposes of processing, you have withdrawn your consent, or our processing is unlawful. We will complete the deletion and notify you of the result within 15 days after verification.

Right to Restrict Processing: If the accuracy of the data is in dispute or the legitimacy of the processing is in doubt, you have the right to request that we suspend the processing of the data until the issue is resolved. Right to data portability: You have the right to request that we provide your personal data in a structured, commonly used, machine-readable format, or transmit it directly to another data controller (where technically feasible).

Right to object: You have the right to object to data processing based on legitimate interests or public interest. We will cease such processing unless there are overriding legitimate grounds or it is necessary to comply with a legal obligation.

Right to withdraw consent: You have the right to withdraw your consent at any time for data processing based on your consent. Your withdrawal of consent will not affect any prior lawful processing based on consent.

If you wish to exercise any of these rights, you may submit a request by email at [email protected] or using the contact form on our website. We will respond to your request within the legally prescribed timeframe. If you are not satisfied with our response, you may lodge a complaint with your EU member state's data protection supervisory authority.

7. Data Security and Breach Notification

(I) Security Protection Measures

We have established a data security management system that complies with ISO 27001 certification standards and implements the following specific measures to ensure data security:

Technical Measures: We use the AES-256 encryption algorithm to encrypt data during storage and transmission, deploy firewalls and intrusion detection systems to prevent network attacks, and regularly conduct security vulnerability scans and penetration tests.

Organizational Measures: We establish a data access permission system to limit access to personal data to only necessary personnel; we conduct regular employee GDPR compliance training and data security drills; and we maintain a data processing log to record data processing activities in real time.

(II) Data Breach Notification

In the event of a personal data breach, we will immediately activate our emergency response plan and notify the EU data protection regulator within 72 hours of discovery (without unjustifiable delay). If the breach may pose a high risk to your rights and freedoms, we will promptly notify you by email, text message, or other means, informing you of the scope of the breach, the potential impact, and the remedial measures we have taken, and provide any necessary assistance.

8. Data Protection Officer (DPO)

In accordance with GDPR requirements and given that our business involves large-scale user data processing, we have designated a dedicated Data Protection Officer to oversee compliance management. Details are as follows:

[email protected]

Responsibilities: Oversee the implementation of this Privacy Policy, provide data protection advice, communicate with regulatory authorities, and handle data protection complaints.

You can contact the Data Protection Officer directly regarding data privacy issues through the above contact information.

9. Policy Updates and Effective Date

This Privacy Policy is effective from the date of publication. We will update this policy as needed based on GDPR revisions and business development needs. We will notify you of any updated policy through announcements on our website and email notifications. Your continued use of our products or services after any policy updates constitutes your agreement to all updated terms.

10. Contact Information

If you have any questions, suggestions, or complaints regarding this Privacy Policy, you may contact us through the following methods:

Company Name: AURORA HORIZON Inc.

Website: auorizon.com

Email: [email protected]

Privacy Policy

My Account

Customer Service

About Us