This Privacy Policy describes how Aura Elevation, LLC and its subsidiaries (collectively, “Aura” “we,” “our” or “us”) collect, use, process and share personal information. This Policy applies to visitors and users (individually, “you”) of Aura’s websites, applications, social media accounts, and other services (collectively, our “Services”). If you are an event or other hospitality, service provider, or other partner, please view additional information in our Event Service Providers Privacy Policy, available here. Your use of our Services is also subject to the Aura Terms of Use.
As a leading brand for lounge and bar experiences and event space reservations, Aura helps connect patrons and lounge and event spaces. This involves sharing personal information with third parties, including lounge and event spaces, lounge and event space groups, and lounge and event space affiliates, amongst others. In some cases, these third parties may collect personal information directly from you and share it with us.
For more information about the information we share with third parties and the recipients of such information, please refer to the How We Share Your Information section of this Policy. Please note that this Policy does not otherwise cover the use of personal information by third parties or their services, and we do not take responsibility for their privacy practices.
You may have certain rights or choices that relate to your personal information, including choices about how we share your personal information with others. For more information, please refer to the Your Choices and Rights section of this Policy.
“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For purposes of this Policy, there is no meaningful distinction between the terms “personal information” and “personal data.”
Personal Information We Collect Directly From You. As you visit or use our Services, we collect the following categories of personal information directly from you:
You may choose not to provide some of the personal information described above. Please note, however, that many of our Services require some personal information to operate, so if you choose not to provide the personal information necessary to operate and provide you with a particular Service or feature of that Service, you may not be able to use that Service or feature.
Sensitive Personal Information. We do not proactively collect sensitive personal information, such as health-related information. We do not use this information for the purpose of marketing or advertising products to you. In addition, certain features of our Services may prompt your device or browser to request access to your precise geolocation information, which may be considered sensitive personal information. We do not process precise geolocation absent you granting permission through your device or browser. Sensitive personal information you voluntarily submit is processed on the basis of your consent, which you may revoke at any time by contacting us at the details set out in the How to Contact Us section below.
Personal Information Generated By Us. As you use our Services, we generate certain personal information about you, including through automatic data collection and by inferences based on the information we collect about you and your activity. We may automatically collect information about your interactions with the Services or communications you receive (such as email) using certain technologies, such as cookies, web beacons and other technologies. We generate the following categories of personal information about you:
Personal Information We Obtain from Third Parties. We may also receive certain categories of personal information from third parties, such as third-party websites, applications, social media networks, and services (which may include publicly-available sources; each of these is a “third-party platform”), other lounge and event spaces, and other third parties, including individuals who have added you as a guest to their reservation. If you are an existing Aura customer, we will combine this information with information we collect through our Services and use and share it for the purposes described below. The categories of personal information we may obtain from third parties include:
Aggregate Information. We aggregate personal information collected directly from you, information generated about you by us, and information obtained from third parties (with your consent, where required) with personal information collected about other users in order to produce general statistics that cannot be linked to you or any other specific user. Information that has been aggregated and de-identified is no longer considered “personal information” and may be subsequently used for any purpose.
Anonymized Information. We may process information that cannot be linked to you or any other specific user using any means available to us, either because it was collected anonymously or has been subsequently anonymized. Information that is anonymous or has been anonymized is no longer considered “personal information” and may be subsequently used for any purpose.
We use your personal information for the following purposes (“Purposes”), to:
We may use artificial intelligence (“AI”) tools, including machine learning and generative AI tools to process your personal information. You have choices about your personal information, and in some circumstances, you may have the right to opt-out or object to our uses of your personal information for these Purposes. For more information, or to exercise these or other rights (where available), see the Your Choices and Rights section below.
Electronic Communications. Consistent with the above Purposes and as permitted by applicable law, we may communicate with you via electronic messages, including email, text message, or mobile push notification to:
With your consent, where required, we may contact you at the mobile phone number that you provide to us by way of direct dial calls, autodialed and prerecorded message calls, text messages and push notifications in connection with the above Purposes.
Our Role as Data Controller and Data Processor. For purposes of European Union law and similar data protection regimes, we generally act as a data controller, meaning we determine the purposes and means of processing your personal information through our Services. Under certain Aura programs, however, lounge and event spaces may engage us to provide them with certain processing services related to information owned or controlled by the lounge and event space. We seek assurances from lounge and event spaces that they will process information in accordance with applicable laws, but we are not responsible for any lounge and event space’s use of information (including information used by its affiliates and service providers) for which it is an owner or controller. To learn more about how a lounge and event space may use such information, you should review its privacy notice.
Processing Bases and Consequences. When we process your personal information, we rely on the following legal bases:
III. HOW WE SHARE YOUR INFORMATION
We disclose the personal information we collect (or otherwise generate or obtain) as follows:
In some circumstances, you may have the right to opt-out or object to our sharing of your information with certain third parties. For more information, or to exercise these or other rights, see the Your Choices and Rights section below.
Sharing with Affiliates as a controller of your personal information. When you make a request through our Services, such as a lounge or event reservation, join a waitlist, make a payment to through our Services, purchasing an event ticket, or if you are a guest of the person making the request, we provide or otherwise make available certain categories of your information. For reservation requests, this information may include your name, profile, time and date of visit, party size, your phone number, your dining preferences, guest information, any special requests, information or comments that you choose to submit (if any), and your email address. When making reservations directly with lounge and event spaces that are part of the Aura Network, your information will similarly be provided to the lounge and event space if you have an Aura account. If you provide a mobile phone number in connection with your request, lounge and event spaces may send you text messages regarding your request. Aura requires you to provide credit or debit card account information to secure your reservation. When you leave a review for a lounge and event space on our platform, your review and your public profile will be made available to the relevant lounge and event space. We will not tie your comments with other information that can identify you directly, but a lounge and event space may be able to tell who you are from your comments, particularly if you give your name in the comments or provide contact information, such as an email address.
Sharing with Our Business Partners. We share your information with other third-party business partners for our and their own marketing purposes. These third parties include online advertisers or ad tech companies, who may provide you with targeted advertising and marketing communications, where permitted under law. The information we share includes information collected through your use of our Services (e.g., bookings, reservations, or other purchases) and information we collect about you through the use of cookies and similar technologies (e.g., information about the websites you visit; information about your searches, including the cities or neighborhoods you search in, the type of lounge and event space or cuisine you searched for, price range, intended dining date, and the number of diners).
To learn more about your choices related to how we share your information with our business partners, please see the Your Choices and Rights section below.
Sharing with Social Networking Services. Our Services allow you to connect and share your actions, comments, content, and information publicly or with friends. Our Services may also allow you to connect with us on, share on, and use third-party platforms, including those on which Aura has a presence. Please be mindful of your personal privacy needs and the privacy needs of others as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others. Aura also does not control the privacy practices of third-party platforms. Please contact those sites and services directly to learn about their privacy practices.
Sharing to Process Payment Information. To use certain Services (such as to make reservations at certain lounge and event spaces; to make payments to certain lounge and event spaces or to secure reservations; and to purchase tickets to events, or other products or services), we require credit or debit card account information. When you submit your credit or debit card account information through our Services, we share that information with lounge and event spaces, third-party payment processors, and other third-party service providers (including, but not limited to, vendors who provide fraud detection services to us and other third parties) to the extent necessary to meet our contractual obligations to you (e.g., to secure your reservation or make a payment to a lounge and event space where required), to meet our legitimate interests in preventing fraud and other misuse of our platforms, or with your consent where this is required by law. In particular:
Sharing with Other Service Providers. We share information with third-party vendors, consultants, and other service providers who perform services or functions on our behalf (e.g., hosting or operating our Services, data collection, reporting, ad response measurement, site analytics, data analysis, delivering marketing messages and advertisements, processing credit card payments, and providing fraud detection services). We do not authorize these third parties to use or disclose your information for purposes other than for which it has been provided. We require these third parties to maintain and implement security measures to protect your information from unauthorized access or processing.
Consent to Data Collection by Google Analytics. If you provide us with your consent to use Functional Cookies and, thus, Google Analytics, we use Google Analytics to continuously optimize our website. We use Google Analytics to collect aggregated, anonymous data. This data helps us understand how customers use our platform and identify opportunities for improvement. Google Analytics anonymizes your IP address to protect your data. No other personal data is collected that would allow an identification. The legal basis for this data processing is Article 6 (1) lit. a GDPR. You may provide your consent or withdraw your consent to the described data processing by Google Analytics here.
Google Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA and and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics cookies and similar technologies that are stored on your terminal device enable an analysis of your use of this website. This information is used to evaluate your use of the website and to compile reports on website or app activities. The processing of the data after its transmission by Aura to Google is carried out by Google as the sole data controller. In this context, Google, as the sole data controller, may store data about you in the USA. The European Court of Justice has previously determined that the USA provide for an insufficient level of data protection. In this context, there is a risk that your data may be processed by US institutions or authorities for control and monitoring purposes without you having an adequate legal remedy against this. However, Aura complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. You can learn more in the section entitled “International Transfers of Information.”
Aura maintains commercially-reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. That said, please note that no Internet transmission can ever be guaranteed 100 percent secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online.
You play an important role in keeping your information secure. You should not share your username, password, or other security information for your Aura account with anyone. If we receive instructions using your username and password, we will assume you have authorized the instructions. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in the How to Contact Us section below.
Card Information. When your credit or debit card account information is being transmitted to our Services or through our Services, it will be protected by cryptographic protocols. To be clear, Aura does not itself store your credit or debit card account information, and we do not have direct control over or responsibility for your credit or debit card account information. We use third party payment processors that are the controllers of your credit card information. Our contracts with third parties that receive your credit or debit card account information require them to keep it secure and confidential.
However, we cannot guarantee that transmissions of your credit or debit card account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by Aura or our third-party service providers. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.
Retention. We may retain your personal information for as long as your account is active and for a period of time thereafter to allow you to re-activate your account without loss of information. We may also retain your personal information as necessary to:
When you use or visit the Services, we collect information about your usage and activity using cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, our group companies, and other business partners may also place web beacons for these third parties. The use of these technologies by third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law.
Choices Regarding Electronic Communications.
Cookies and Interest-Based Advertising. To exercise choices regarding cookies set through our websites or Services, as well as other types of online tracking and online advertising. We currently do not employ technology that recognizes “do-not-track” signals from your browser, but if you enable browser-level opt-out preferences through global privacy control, our Services will treat this signal as a request to opt-out of the selling or sharing of your data collected through cookies for interest-based advertising purposes.
Application Location. As explained in more detail in the Information We Collect and Use section above, we collect information about your location if you enable location services through the settings in your mobile device, or with your consent, as may be required by law. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Services. If you choose to turn off location services, this could affect certain features of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
Choices Regarding Sharing with Third Parties
You can opt-out of us sharing your information with:
You can opt-out of such sharing by changing your Aura account preferences. You may also send such opt-out requests to us as described in the How to Contact Us section below.
Control Over Information in Your Account. If you have created an online account with us and would like to update the information you have provided to us, you can access your account to view and update your information. You may also contact us as described in the How to Contact Us section below.
Other Legal Privacy Rights. In addition to the rights described above in this section, you may have the following additional rights regarding your personal information, depending on where you reside and under applicable local law:
If you wish to exercise legal rights you may have under applicable law, please submit your request to EMAIL ADDRESS or by using this request form. So that we can better process your request, please provide the email you use to log into your Aura account. If you do not have an Aura account, please provide the email you used to make requests or to use our Services.
Some jurisdictions also permit you to appeal a decision made with respect to your exercising of your privacy rights. If you wish to appeal a decision to a request you have made, please send your appeal request to SAME EMAIL FOR NOTICES OF OPT-OUTS.
VII. ADDITIONAL DISCLOSURES FOR US CONSUMERS
These disclosures describe how Aura collects, uses, processes, and discloses personal information of U.S. consumers and the rights you may have under U.S. state laws. These disclosures are intended to supplement Aura’s Privacy Policy with information required by certain U.S. state privacy laws.
Disclosures Regarding Personal Information Processing. Certain laws require that we describe the personal information we collect with additional specificity, including by identifying specific categories of information. As we describe in more detail in the “Information We Collect and Use” section of the Privacy Policy, we have collected the following categories of personal information in the past 12 months:
For information about the categories of sources from which we obtain personal information, or for additional details about the specific types of personal information we collect, please refer to the “Information We Collect and Use” section of the Privacy Policy. For information about our purposes for collecting, or possibly sharing your personal information, please refer to the “How We Use Your Information” section of the Privacy Policy. We retain the above categories of personal information consistent with our retention processes as described in “How We Store and Protect Your Information.”
We may disclose or share your personal information with third parties for the purposes described in the “How We Share Your Information” section of the Privacy Policy. Under certain U.S. state privacy laws, some of these disclosure activities may be considered “sales”, even if no money changes hands, and some of these disclosure activities are considered “sharing” for purposes of cross-context behavioral advertising. The categories of personal information we have “sold” or “shared” as described in “How We Share Your Information” in the past 12 months include the following: (1) personal details, contact information or identifiers (2) commercial information; (3) device, usage and internet or other electronic network activity information; (4) location data; and (5) inferences. In addition, as described in the section entitled Children below, we have not knowingly “sold” personal information of individuals under the age of 16.
We also disclose certain personal information for “business purposes,” such as disclosures to service providers who assist us with securing our Services or delivering marketing messages and advertisements. We may disclose the following categories of personal information for our business purposes: (1) personal details, contact information, or identifiers; (2) location data; (3) photos or visual information; (4) commercial information; (5) device, usage and internet or other electronic network activity information; and (6) inferences.
We do not use or disclose sensitive personal information for purposes other than as necessary to provide you with our Services.
Privacy Rights. Certain U.S. state privacy laws grant certain rights to consumers. These include:
Exercising Your Privacy Rights. To exercise your Privacy Rights under applicable law, please contact us using our request form or by contacting Aura at PRIVACY EMAIL ADDRESS. Please note that you can make a request to know twice within a 12-month period.
To exercise your right to opt out of “sale” or “sharing” of your personal information, click this Do Not Sell or Share My Personal Information link. If you have enabled “do not track” signals on your browser, our Services will treat this signal as a request to opt-out of “sale” or “sharing.”
Please note that we may need to verify your identity before completing your requests. This may include sending an email to the email account associated with your Aura account, asking you to sign into your user account, or answering some security questions.
If you are an authorized agent wishing to exercise rights on behalf of a consumer, please contact us using our request form along with a copy of the consumer’s written authorization designating you as their agent.
We will not discriminate against you for exercising any of your rights under applicable U.S. state privacy law. Please note, however, that there may be certain circumstances where we are unable to complete your request, such as when we are unable to verify your identity or as otherwise permitted under applicable law.
Request Report. The following metrics below include the aggregate number of requests to know, requests to delete, and requests to opt-out received, complied with in whole or in part, and denied by Aura in the last calendar year. Please note that these numbers reflect the total number of global requests received by Aura, including requests received by U.S. consumers.
Requests Received | Requests Complied in Whole or in Part | Average Business Days to Respond | |
Access Requests | |||
Deletion Requests | |||
Do Not Sell Requests | |||
Other (including correct, limit processing) |
“Shine the Light”. California residents also have the right under certain circumstances to request information regarding how we share personal information with third parties for their own direct marketing purposes. To opt-out of this type of sharing, please see the section entitled “Choices Regarding Sharing with Third Parties”.
VIII. INTERNATIONAL TRANSFERS OF INFORMATION
Information about you will be transferred to, or accessed by, entities located around the world as described in this Policy. Some of these entities may be located in countries (such as the United States) that do not provide an equivalent level of protection for personal information as your home country.
We have put in place safeguards to provide adequate protection for transfers of certain information, in accordance with applicable legal requirements. For more information on the appropriate safeguards in place, or to request a copy of these safeguards, please contact us using the contact details listed in the How to Contact Us section below.
Data Privacy Framework
Aura complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
In compliance with the Data Privacy Framework Principles, Aura commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact [email protected]. We will respond to your inquiry promptly.
Aura further commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Aura is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. In addition there may be the possibility, under certain conditions, for an individual to invoke binding arbitration.
Our Services contain links to other websites or services that are not owned or controlled by Aura, including links to websites of lounge and event spaces and lounge and event space affiliates and our advertisers, our group companies, and other business partners. This Policy only applies to information collected by our Services. We have no control over these third party websites, and your use of third party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third party websites when you leave one of our Services.
Our Services are not directed at or intended for use by children. We do not knowingly collect information from, children under 16 years of age. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at using the contact details listed in the How to Contact Us section below.
Except to the extent limited by applicable law, we will update this Privacy Policy from time to time to reflect changes in our privacy practices, legal requirements, and other factors by prominently posting notice of the update on our Services. Changes to our Privacy Policy will be effective when posted and the new effective date will be identified.
If we make any changes to the Privacy Policy that materially impact previously collected personal information about you, we will make reasonable efforts to provide notice and obtain consent to any such changes as may be required by law.
To request a copy of this Policy, or to request a copy of the Privacy Policy in place at the time you signed up for an account, please contact us at the details below.
XII. HOW TO CONTACT US
If you have any questions about this Policy or the way in which your personal information has been used, please contact us by email at EMAIL ADDRESS or by postal mail at:
Aura Elevation, LLC
c/o Fay US Investments Corporation
1185 Avenue of the Americas
3rd, Floor
New York, NY
Attention: Legal Department