Privacy policy

Updated version on March 24, 2024

This AURAX Online Store Privacy Policy (hereinafter, the "Policy") describes how we collect, use, and share your personal information when you visit or use our portal https://auraxtechnology.com (hereinafter, the "Portal"), communicate with us, or make a purchase of our products.

1.1. Who is responsible for processing your personal data?

The data controller is XPND TECHNOLOGIES, S.L., a Spanish company, with its registered office at Carrer Josep Irla i Bosch nº5 1º 08019 Barcelona (Spain), NIF B13919741, registered in the Barcelona Commercial Registry, volume 48,849, folio 153, sheet B-598.478 (hereinafter, "AURAX").

Contact details for personal data protection issues:

• Contact phone number: +34 930 477 582

• Email address: dataprotection@auraxtechnology.com

• Postal address: Carrer Josep Irla i Bosch nº5 1º 08019 Barcelona (Spain)

2. Access to the Portal

3. Categories of personal data:

When accessing our Portal, your browser automatically sends certain information about your interaction with it to our server, without your intervention. To do this, we may use cookies, pixels, and similar technologies (hereinafter, "Cookies"), described in section 8 "Use of Cookies" of this Policy. The information collected may include:

• IP address of the device used

• Date and time of access

• Name and URL of the requested file

• Website or application from which you access (referral URL)

• Type of browser and, if applicable, the operating system of the device

• Name of the access provider

4. Purpose:

• Ensure a smooth connection

• Ensure proper functioning of our Portal

• Evaluate the security and stability of the system

• Detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activities that could affect the Portal or our users. We strongly recommend that you do not share your user account details with third parties. If you suspect that your account has been compromised, please contact us immediately through the provided channels

• Address the specific purposes of each Cookie, described in section 8 "Use of Cookies" of this Policy

5. Legal basis:

• The processing of personal data through personalization, analytics, or marketing Cookies is based on the user's consent

• The processing derived from the use of technically necessary Cookies is based on our legitimate interest, which consists of ensuring proper viewing of our Portal, protecting our systems, and preventing unauthorized access

• If the processing of data is carried out to prepare or execute a sales contract, the legal basis will be the execution of that contract, in which the user is a party

6. Retention period

The retention period for the Cookies can be consulted in section 8 "Use of Cookies."

7. User Account Registration

Purpose: Create and manage your user account, identify you, and authenticate you as a user of the account, send you related notifications. Additionally, we can provide you with information and purchase history. Once registered, you will be able to use the AURAX mobile app with the same email and access your user data and purchase history.

Legal basis: Execution of the contract

Retention period: Personal data collected and used to provide your user account will be deleted once you cancel it

8. Sale and/or pre-sale of the product

Categories of personal data:

• Identifying and contact data: first and last name, age, language, country, phone number, email address, user number

• Delivery postal address, billing address, and payment method

• Purchase history: purchased products, their characteristics, price, and quantity

• Comments provided through the contact form, the registration form for the product demonstration session, and/or during the phone call with potential buyers may include other categories of personal data

Special categories of personal data:

• Information provided through the contact form, the registration form for the product demonstration session, and/or information provided during the phone call with potential buyers may contain information about the user's health status or lead to inferences about their health

• Anatomical data in the dental scanner: 3D images of the mouth, teeth, and oral structure, exact measurements of the oral cavity, possible dental alignment or misalignment, characteristics of oral tissue and possible visible anomalies, specific parameters of the personalized MouthX device, and if applicable, a history of adjustments or modifications made to the device

Purpose: Online sale of the MouthX device, its customized manufacturing, and delivery to the user. Additionally, to facilitate future purchases, you will have the option, with prior consent, to save your payment card details in the AURAX payment gateway provided by the bank. In this case, the saved card will appear pre-set as a payment method option in the user profile. AURAX will not have access to the full card details.

Legal basis: Execution of the contract and the user's consent, with regard to special categories of personal data and payment card storage. You can revoke this consent at any time in the future through dataprotection@auraxtechnology.com. The saved card can be managed by you in the Shop Pay portal at https://shop.app/pay/account in the cards section. If you revoke consent for the processing of your health data, we will not be able to manufacture your device or deliver your order.

Retention period: A maximum of 10 years from the date of the sales contract. We need to retain the information in case of legal disputes related to the sales contract

9. Advertising Dispatch

Categories of personal data:

• Email address

• Phone number

• Name

• History of your orders

• Language

• Country of residence

Purpose: Generate and send commercial communications, such as newsletters, including personalized recommendations. We also use your data to ensure that our marketing communications are effective and tailored to your preferences.

Legal basis: User consent. The user can revoke this consent at any time in the future

Retention period: If you revoke your consent to receive our newsletters or oppose certain advertising actions, your data will be deleted from the respective distribution lists. If you exercise your right to object, the affected contact address will be blocked for future advertising processing. However, we will keep proof of the granted consent for four years to demonstrate compliance with our legal obligations

10. Customer Service

Categories of personal data:

• Identifying and contact data: first and last name, age, language, country, phone number, email address, user number

• Delivery postal address, billing address, and payment method

• Purchase history: purchased products, their characteristics, price, and quantity

• Interaction and correspondence with AURAX

• Subscription management for commercial communications

• If applicable, images and recordings (only with your consent)

• Any other data you provide when filling out the contact form, by phone, or by email

Special categories of personal data:

• Information provided through the contact form, the registration form for the product demonstration session, and/or information provided during the phone call with potential buyers may contain information about the user's health status or lead to inferences about their health

• Anatomical data in the dental scanner: 3D images of the mouth, teeth, and oral structure, exact measurements of the oral cavity, possible dental alignment or misalignment, characteristics of oral tissue and possible visible anomalies, specific parameters of the personalized MouthX device, and if applicable, a history of adjustments or modifications made to the device

Purpose: Respond to your inquiries related to your order, inform you about product availability — when requested — and address your questions and concerns through the various communication channels we provide. This also includes instances when you contact us to exercise your rights regarding personal data protection

Legal basis: Our legitimate interest, which consists of appropriately responding to user requests, resolving incidents, and generally maintaining and improving their experience as customers or users of the Portal. Regarding the exercise of personal data protection rights, the legal basis is compliance with our legal obligations

Retention period: 4 years from the response to your inquiry

11. Commercial Operational Analysis

Categories of personal data:

• Unique user identification

• Payment information, purchase history

• Browsing information

• Preference information

• Interaction and correspondence with AURAX

• Location information

Purpose: We create and use data models for various analytical purposes to understand how our product is marketed in different markets, what aspects are effective or ineffective in our marketing and advertising campaigns, as well as in the design of the Portal and overall user experience. This includes, for example, analyzing user browsing behavior to improve their experience and optimize our business strategy. To protect your privacy, we remove any information that could directly identify you (such as your name, email address, or phone number) and only use a unique user identifier. This allows us to minimize the potential risks associated with processing personal data.

Legal basis: Legitimate interest to assess our performance as a company

Retention period: 10 years

12. Use of Cookies

What are cookies and what do we use them for?
Cookies are files installed on your computer, phone, tablet, or any other device to record activities during your browsing time on our Portal. The Portal uses them to make your visit as comfortable as possible. Some of them are designed solely to make our Portal available to you and are installed directly without requiring your consent. Other Cookies will only be stored if you have granted your consent

Types of Cookies
Cookies based on who owns them:

• Own Cookies: These are sent to your device from the AURAX Portal domain

• Third-party Cookies: These are sent to your device from a domain that we do not manage but another entity that processes data obtained through Cookies

Additionally, depending on their purpose, Cookies can be classified as follows:

• Mandatory Cookies: These Cookies allow you to browse our Portal and use the different options or services available. They are downloaded by default

• Customization Cookies: These Cookies remember information to differentiate your experience from other users, such as language, appearance, or content of the Portal based on the browser you use or the region you are accessing from

• Marketing Cookies: These Cookies are used to optimize marketing communications and display ads on other sites

• Analytical Cookies: These Cookies allow us to quantify the number of users, the sections visited on the Portal, and how they interact with it. Their purpose is to measure and analyze the statistical use of the Portal to identify areas for improvement

How can I disable Cookies?

• You can manage your Cookie preferences through the “Cookie Preferences” link available at the bottom of the Portal and on the checkout page. You have the option to accept all categories of Cookies, reject all, or only accept those that are not strictly necessary

• By accepting a category, you consent to the use of all Cookies included in that category. You can modify your preferences or revoke your consent at any time by accessing “Cookie Preferences” again

• You can also configure your browser to block or delete cookies. Most browsers offer features to manage cookies stored on your device

13. Cookie Declaration

Cookie declaration last updated on 23/03/2024:

NOMBRE	PROVEEDOR	DESCRIPCIÓN	CADUCIDAD	TIPO	Finalidad
_tracking_consent	Shopify	Management of the user’s consent regarding the use of cookies	1 year	own	Necessary for the functioning of the Portal
cart_currency	Shopify	Used to remember the currency selected by the user in their shopping cart. Ensures that prices are displayed correctly during browsing.	2 weeks	own	Necessary for the functioning of the Portal
keep_alive	Shopify	Keeps the user session active while navigating the site. Helps improve user experience by avoiding premature logouts.	Session (30 minutes)	own	Necessary for the functioning of the Portal
localization	Shopify	Remembers the user's location or language preference, and displays the appropriate version of the Portal	2 weeks	own	Necessary for the functioning of the Portal
secure_customer_sig	Shopify	Used to identify a user after they have logged into the store as a customer, so they do not have to log in again.	1 year	own	Necessary for the functioning of the Portal
_gcl_ls	Google (Google Ads / AdSense)	Stores information about ad clicks and facilitates conversion tracking (e.g., purchases made after clicking an ad).	90 days	own	marketing
_fbp	Meta (Facebook)	Set by Meta to store a unique visitor identifier for showing personalized ads on Facebook and Instagram and analyzing user behavior. Allows Meta to associate activity on our Portal with its own user data. Meta Platforms Ireland Limited is the entity responsible for this processing. See their privacy policy and cookie policy.	3 months	third	marketing
lastExternalReferrerTime	Shopify	Stores the date and time the user last accessed the Portal from an external source.	2 years	own	Analytics
lastExternalReferrer	Shopify	Stores the URL of the external website from which the user accessed the Portal.	2 years	own	Analytics
__hssrc	HubSpot	Helps identify if the browser has been closed and reopened.	Session (deleted when the browser is closed)	own	Analytics
_shopify_y	Shopify	Generates internal statistics on user activity over time. Allows identification of visitors between successive sessions.	1 year	own	Analytics
_shopify_s	Shopify	Used to identify a specific browser/store session combination.	Session (30 minutes)	own	Analytics
_orig_referrer	Shopify	Allows us to identify where users are visiting from.	2 weeks	own	Analytics
_landing_page	Shopify	Captures the landing page of the visitor when they come from other sites.	2 weeks	own	Analytics
_ga_D1371EL0C1	Google (via Google Analytics 4 script)	Set to maintain the user's session state and collect usage statistics for the Portal.	13 months	own	Analytics
_ga	Google (via Google Analytics script)	Used to distinguish users of the Portal using a unique identifier. Collects information about user browsing and behavior for statistical purposes.	13 months	own	Analytics
_clck	Microsoft Clarity	Stores a unique user identifier to recognize repeated visits to the Portal.	1 year	own	Analytics
_clsk	Microsoft Clarity	Used to group multiple page visits into a single user session for analytical purposes.	24 hours	own	Analytics
_cltk	Microsoft Clarity	Registers technical data from the current session.	Session	own	Analytics

 

13. Links to Other Websites and Applications

Our Portal may contain links to other websites or applications operated by third parties, including partner companies, selected partners, or other external providers. By clicking on one of these links, you will be redirected to the corresponding website, application, or app store. Some of these links may incorporate tracking mechanisms that allow the operators of those sites to know and measure the origin of the received traffic, including the user's origin. We want to inform you that we have no control nor assume any responsibility for the processing of personal data carried out on those third-party sites or applications. Therefore, we recommend that you consult the privacy policy applicable in each case to learn how your data will be handled. If the redirection to another site or application occurs as a result of an action requested by you (e.g., by clicking on an external link), the processing of the personal data linked to such redirection is done to fulfill your technical navigation request.

14. Security Measures

AURAX is committed to protecting users' personal data by implementing technical and organizational measures so that data is processed lawfully, fairly, transparently, appropriately, limited, accurately, and updated. AURAX takes all reasonable measures to ensure that data is deleted or rectified promptly when inaccurate or incomplete, and will apply any other security measures that may be legally required in the future.

15. Who Receives Your Data?

In some cases, and within the framework of the data processing described in this Policy, your personal data may be processed by data processors, always on behalf of AURAX and pursuant to a contract under Article 28 of the General Data Protection Regulation (GDPR).

These recipients include:

• Social network operators

• Advertising partners

• Providers of specialized services, such as digital marketing, system providers

All of them process personal data on our behalf, following our instructions and under confidentiality and security conditions.

• For the delivery of your order, we will provide your contact details (delivery address, email, and phone number) to the relevant logistics or transportation companies. They may contact you to coordinate the delivery. These details are shared solely for the purpose of managing the delivery.

• Regarding payments, when you select a method like a bank card or Google Pay, we will transmit your data to the relevant payment service provider. AURAX does not store or access your full card data; these are managed directly through the payment gateway of the provider, in a secure environment.

• Additionally, and in compliance with PSD2 regulations on payment security, AURAX may share certain personal data (name, surname, postal address, and contact details) with the issuing bank of your card to verify the authenticity of the payment and prevent fraud.

Whenever not mentioned as (co-)controllers in this Policy, all companies listed as providers in our cookie policy will act as data processors for us.

16. Are Your Data Transferred to Third Countries?

In certain circumstances, it may be necessary to transfer your personal data to recipients located in third countries outside the European Union (EU) or the European Economic Area (EEA).

• The European Commission has determined that some of these countries offer a level of data protection equivalent to that of the GDPR, through an adequacy decision. You can consult the updated list of countries with adequacy decisions here.

• In cases where no adequacy decision exists, AURAX guarantees that the transfer will be carried out with the appropriate safeguards, such as:

  • Standard contractual clauses adopted by the European Commission

  • Binding corporate rules

  • Or adherence to recognized codes of conduct or certifications

17. What Data Protection Rights Do You Have?

You have the right to request, at any time and free of charge, access to your personal data that we hold.

Additionally, under certain legal conditions, you may exercise the following rights:

• Rectification of your data (Art. 16 GDPR)

• Erasure of your data (Art. 17 GDPR)

• Restriction of processing (Art. 18 GDPR)

• Portability of the data you have provided to us (Art. 20 GDPR)

• When the processing is based on public interest or AURAX's legitimate interest, you have the right to object to the processing (Art. 21 GDPR). In such cases, we will stop processing your data unless there are legitimate overriding reasons that prevail over your interests, rights, and freedoms.

• When processing is based on your consent, you may revoke that consent at any time with future effect, without affecting the lawfulness of processing carried out before the revocation

You can exercise your rights at any time by sending an email to:
📩 dataprotection@auraxtechnology.com

Additionally, you have the right to file a complaint with the competent supervisory authority. In the case of AURAX, you can contact:
Agencia Española de Protección de Datos (AEPD)
📍 C/ Jorge Juan, 6 – 28001 Madrid
🌐 www.agpd.es