Aura Australian Investor Privacy Policy

Aura Sub, LLC and its affiliates, including Aura Consolidated Group, Inc, (collectively referred to as “Aura”, “we”, or “us”) are committed to protecting your privacy. This Australian Investor Privacy Policy describes how we collect and process personal data in connection with investments made or proposed in Aura (“Investments”) (including when you are a prospective, current or former investor ("Investor"). The term “personal data” has the same meaning in this policy as “personal information” in the Australian Privacy Act 1988 (Cth).

This policy applies exclusively to the personal information we collect and process in relation to Investors and investment in Aura.  If you are also a user or customer of Aura’s digital security products, apps, and websites, our data practices regarding those services are entirely separate. For information on how we collect and process your personal data as a customer, please review our main Aura Privacy Policy.

1. What Personal Data Do We Collect?

This section describes the various categories and types of personal data we collect from and about you as an Investor or when you interact with us in relation to an Investment. The personal data we collect may include:‍

1. ‍Identity and Registration Information. This may include your name, username, email address, phone number, password, your government ID numbers (e.g. tax file number (“TFN”), holder identification number (“HIN”), security reference number (“SRN”)) and certain other information, including if applicable, your account and login information to access any investor portal that may be available.
2. Billing and Payment Information. For example, bank account details.‍
3. Investment Information. This may include information regarding your Investment and the exercise of your rights, such as voting rights.‍
4. Communications and Submissions. We collect data when you communicate with us (e.g. via email, phone, or chat for support or to inquire about an Investment), including when you fill out an online form, respond to surveys, provide feedback and engage with our websites, social media and other digital platforms.
5. ‍Photos and Documents. You may choose to upload and provide us with images and files that are available on your device in relation to an Investment.‍
6. Website Activity Information. We collect information about how you interact with our websites. This information when and for how long you use our websites, device identifiers (such as IP address or mobile device identifiers), browser types, device types and settings, device manufacturer and model, operating system versions, mobile, wireless, and other network information (such as internet service provider name, carrier name and signal strength), application version numbers and the nature of the requests that you make to our servers (such as what is being requested, information about the device and app used to make the request, timestamps, and referring URLs). We may also collect your approximate location by calculating an imprecise latitude and longitude based on your IP address. 

Where we collect your TFN, we do so under the authority of the Income Tax Assessment Act 1936 (Cth) and related taxation laws. You are not required to provide your TFN, but if you do not, tax may be withheld from any distributions paid to you at the highest marginal rate.

If we are unable to collect your personal data, we may not be able to process your Investment application or properly manage your Investment relationship with us.

In some cases, we are required or authorized to collect your personal data under various laws, including the Corporations Act 2001 (Cth) and Australian tax laws.

2. How Do We Collect Your Personal Data?

We collect personal data in a range of ways. We collect this information via forms (including on our websites), when you contact us, when you make an application to us, and when you communicate or interact with us. We automatically collect some personal data (such as Website Activity Information) to monitor for problems and look for opportunities to make improvements. Some of this personal data is collected using cookies and similar technologies (see below for more information).We may also collect your personal data from third parties (including where it is unreasonable or impracticable to collect the information from you directly, or where you have authorized a third party to provide it to us), including:

• Your professional advisers, representatives, or agents, such as your stockbroker.
• Our designated share registry provider (Computershare). You can view Computershare’s privacy policy at www.computershare.com/au/help/privacy-policy.
• The third parties described in section 4. 

3. Why Do We Collect and Process Your Personal Data?

We collect and process your personal data primarily for investment services and administration. Specifically, we collect, hold, use and disclose that data:

1. To Facilitate and Manage Investments. This includes processing Investment applications, conducting identity verification and due diligence and providing ongoing investment services.
2. For Billing and Payment Purposes. We process your personal data in order to perform billing administration activities and process payments, including distributions.
3. To Communicate With You. We use your personal data to communicate with you via email, SMS, push notifications or other messaging about Investments or relevant updates, including by responding to your requests, and sending you investor-relations communications, including notices of meetings, distribution statements and corporate-action information.‍
4. To Prevent Harm or Liability. We may use your personal data for security purposes (such as to investigate security issues or to monitor and prevent fraud) and to prevent abuse. We may do this to comply with our legal obligations, to protect an individual’s vital interests, or because we have a legitimate interest in preventing harm or liability to Aura.
5. For Legal Compliance and In Accordance With Applicable Law. We process your personal data as required or authorized by applicable law, legal process, or regulation. To learn about our practices regarding sharing your information with third parties for legal compliance purposes, see Section 4 below. We also use your information to enforce and defend our legal rights and resolve disputes and complaints.
6. In Accordance With Your Instructions or Consent.

If we are unable to collect your personal data, we may not be able to do these things, for example we may not be able to process your Investment application or properly manage your Investment relationship with us.

4. Who Do We Share Your Information With?

We may disclose your personal information to certain third parties including:

1. Affiliates. This includes subsidiaries and other Aura group companies.
2. Third-Party Service Providers. We work with trusted third parties and partners (including our professional advisors, and our affiliate companies when they act as our service providers). Examples of third-party services providers we may share personal data with include:
   
   • Financial and Operational Institutions: This includes financial institutions, payment system operators, lenders, and credit providers.
   • Market and Settlement Facilities: This includes any financial market, clearing house, settlement facility, custodian, share registry (such as Computershare), and related software providers.
   • Professional Advisors: This includes our auditors, accountants, consultants, legal advisors, and other professional advisors.
   • Business Service Providers: This includes those assisting with investor services, communications, account maintenance, fraud monitoring, and the production and mailing of statements.
   • Your Representatives: Your authorized agents, legal representatives, attorneys, and other professional advisers.
   • Brokers and Advisers: We may share information with your financial adviser, dealer, or broker, provided you have given us (or our service providers) written consent to do so.
3. Parties Involved in Corporate Transactions: If a corporate transaction occurs, such as a change in ownership or control of all or part of our services, assets or business, sale of a website, or an initial public offering, we may share personal data to execute that transaction, conduct due diligence or facilitate transitional arrangements.
4. Regulators and Government Agencies: The Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO), the Australian Securities Exchange (ASX) and its related entities, the Australian Transaction Reports and Analysis Centre (AUSTRAC), and other Australian or foreign regulators.

5. Tracking Technologies & Cookies

For more information on Tracking Technologies and Cookies and how we use Tracking Technologies and Cookies please see our Cookie Policy.

6. Security

Securing your personal data is an important aspect of protecting privacy. Aura employs a range of administrative, organizational, technical, and physical safeguards designed to help protect your data against unauthorized access, use, disclosure, loss, or modification.

We endeavor to use reasonably available state-of-the-art network and information security standards, protocols and technologies, including encryption, intrusion detection and data loss prevention, and we monitor our systems to ensure that they comply with our security policies.

We implement physical, technical and organizational safeguards to protect your personal data under our control, both at rest and in transit, and should these measures fail to prevent a data breach, we have procedures in place to help us identify and take the necessary remedial measures, and to provide notices as required by applicable law.

If you have any questions about the security of your personal data, or wish to report a potential security issue, please contact security@aura.com. When reporting a potential security issue, please describe the matter in as much detail as possible and include any information that might be helpful.

7. Cross-Border Data Transfers

Aura may transfer your personal data to regions outside of Australia, including the United States. 

When your personal data is transferred outside of Australia, it becomes subject to the laws of that specific jurisdiction and may be subject to access by foreign courts, law enforcement and regulatory agencies under those laws. Where we disclose your personal information to an overseas recipient, we are required to ensure the disclosure is made in accordance with applicable laws, for example we may need to take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information.

8. Your Rights with Your Personal Data

You may have certain legal rights in relation to your personal data that we maintain. Subject to exceptions and limitations provided by applicable law, these may include the right to:

• Access and receive a copy of your personal data that we hold.
• Update or correct your personal data if you believe it is incomplete, inaccurate, or out-of-date.

As permitted by law, we may ask you to verify your identity before taking further action on your request.

If you have registered as an Investor with our share registry provider, Computershare, you may be able to access and update your personal data directly on your profile there, subject to authentication and authorization measures designed to protect your security.

We will acknowledge requests for access to, or correction of, personal information within a reasonable time and aim to respond substantively within 30 days of receiving your request.

If you believe that Aura has breached the Privacy Act 1988 (Cth) (which includes the Australian Privacy Principles) in relation to your personal information, you may make a complaint to us using the contact details set out in Section 9. Our process is to acknowledge your complaint, investigate the issues raised, and provide a written response, generally within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by:

• Phone: 1300 363 992;
• Website: www.oaic.gov.au; or
• Mail: GPO Box 5288, Sydney NSW 2001.

9. Updates to this Policy

We may revise this policy from time to time. Review it occasionally so that you keep up-to-date on our most current practices. We will put the “Last Updated” date at the top of each policy. We encourage you to review our website regularly to ensure you are viewing the most current version of our policy.

10. Contact Us

We welcome your feedback and are here to help if you have any questions, access requests, or complaints regarding our privacy practices. You can contact us using the following details:

• Email: privacy@aura.com
• Phone: +1 (844) 914-299
• Mail: Aura Sub LLC dba Aura, 250 Northern Ave., 3rd Floor, Boston, MA 02210