Privacy Policy
Your privacy is important to us. This policy outlines how we handle your personal information.
Welcome to Aurion. This Privacy Policy explains how we collect, use, disclose, and protect your personal data under the Personal Data Protection Act 2012 (PDPA) of Singapore. For users located in the European Union (EU), we also strive to meet the requirements of the General Data Protection Regulation (GDPR).
By accessing or using our Platform or Services, you agree to the terms of this Privacy Policy.
Who We Are
Aurion Group is a Singapore-incorporated company providing digital services globally. For the purpose of applicable data protection laws:
If you are outside the EU, Aurion Group is governed by Singapore's PDPA.
If you are in the EU – Aurion Group operates as a data controller under the GDPR.
What Personal Data We Collect
Depending on how you interact with our Platform or Services, we may collect:
Identification data
name, email address, contact number
Account data
login credentials, account settings, profile details
Transactional data
payment details and order information
Usage data
IP address, browser type, device information, activity logs
Communications
messages, feedback, or inquiries
We do not knowingly collect data from children under 13. If we do, we will require verifiable parental or guardian consent.
How We Use Your Data
We may use your personal data to:
provide, maintain, and improve our services
create and manage your account
communicate with you (e.g. support, service notices)
process payments and transactions
conduct security, analytics, and fraud prevention
comply with legal or regulatory obligations
Legal Basis:
Under PDPA
We rely primarily on your consent or deemed consent, unless an exception applies (e.g., legal obligations, vital interests, legitimate interests).
Under GDPR
We process data based on your consent, to perform a contract, comply with legal obligations, or pursue legitimate interests.
Your Rights
We are committed to respecting your privacy rights. Your rights differ slightly depending on jurisdiction:
| All Users (PDPA) | EU/Swiss Users (GDPR) |
|---|---|
✓Access your personal data | ✓Access and portability of your data |
✓Correct inaccurate or outdated data | ✓Rectify or delete your data ("right to be forgotten") |
✓Withdraw consent for data use | ✓Object to or restrict processing |
✓Lodge a complaint with Singapore's PDPC | ✓Lodge a complaint with your local supervisory authority |
Note: Singapore's PDPA does not currently provide a right to erasure or data portability, though withdrawal of consent is permitted.
Data Retention
We retain your personal data only as long as:
It is needed for the purposes stated above; or
Required under law or for legitimate business purposes.
When no longer required, we securely delete or anonymise your data.
Disclosure of Personal Data
We may share your data with:
any entity within the Aurion Group and technology partners
cloud service providers and contractors
legal or regulatory authorities (if required)
other parties at your request or with your consent
We ensure that third parties are subject to comparable data protection obligations.
Cross-Border Data Transfers
We may transfer your personal data to locations outside your country. To protect your rights:
Under PDPA
We ensure recipients provide protection comparable to Singapore's PDPA, including by contract or certification (e.g., APEC CBPR).
Under GDPR
We use Standard Contractual Clauses or other appropriate safeguards, where required.
Security Measures
We implement reasonable administrative, technical, and physical safeguards to protect personal data.
These include:
Encryption and secure storage
Access controls and authentication
Monitoring and incident response protocols
While we take reasonable precautions, no system is 100% secure.
Data Breach Notification
If a data breach involving your personal data is likely to cause significant harm or affects a large number of individuals:
We will notify Singapore's PDPC within 3 calendar days and affected individuals as soon as practicable.
We will notify the relevant supervisory authority within 72 hours where legally required.
Automated Decision-Making
We do not use your personal data for automated decision-making that produces legal or significant effects on you.
Jurisdiction Specific Disclaimer
Unless explicitly required by local law, our Privacy Policy is governed by the data protection laws of Singapore and applies globally across our Platform and Services we offered. While we aim to align with international best practices (including the GDPR), we do not submit to the jurisdiction of foreign privacy regulations, including but not limited to the U.S. CCPA or COPPA, unless legally compelled.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any material changes will be posted on this page with the revised effective date.
Your continued access and use of our Platform or Services means you accept the updated policy.
Contact Us
For any questions, access requests, or complaints, please contact:
Aurion Group Pte. Ltd. (202447681K)
For EU users
You may also contact your national supervisory authority.