EXTERNAL DATA PROTECTION AND INTERNAL
PRIVACY POLICY

1. INTRODUCTION

This Data Protection and Privacy
Policy sets out how Company Aura Limited (“we”, “our”,
“us”, “CCA”) handle the personal data we collect from the
following categories of data subjects:

• Aura Member Organizations’
employees and senior employees/officers (“Reps”) (including Aura
Directors, Working Group members.)

• Service providers, professional
advisors or suppliers (e.g. Ameyo) (“Suppliers”)

This Policy applies to all personal
data we process regardless of the media on which that data is stored or whether
it relates to past or present data subjects. It is important that you read this
privacy notice together with any other privacy notice or fair processing notice
we may provide on specific occasions when we are collecting or processing
personal data about you so that you are fully aware of how and why we are using
your data. This privacy notice supplements the other notices and is not
intended to override them. The business of Aura is as a trade organization to
support and to represent the interests of its Member Organizations Reps and
Aura considers that all personal data is collected and processed for the
purpose of promoting that business and that therefore it has a legitimate
interest to collect and process such personal data.

2. SCOPE AND CATEGORIES OF PERSONAL DATA COLLECTED

Protecting the confidentiality and
integrity of personal data is a critical responsibility that we take seriously
at all times.

a. Aura collects the following
categories of personal data about Vodafone customer data (where appropriate in
each case):

• Identity Data includes first
name, last name or similar identifier, employer, date of birth, contact
details.

• Contact Data includes billing
address, delivery address, email address, residential address and telephone
numbers.

b. Personal Data on representatives
of Outside Bodies is limited to Identity Data and Contact Data.

3. CONTACT DETAILS

 Aura is the controller and responsible for
your personal data. We have appointed a data privacy manager who is responsible
for overseeing questions in relation to this privacy notice.

If you have any questions about
this privacy notice, please contact the data privacy manager using the details
set out below.

Our full details are:

Full name of legal entity: AURA
Communication

Name or title of data privacy
manager: Account Manager

Email address:
MMarzouk@AURACom-eg.com

Postal address: 11757 Mohamed Adel
AbulMaaty-Nozha-Cairo

4. PERSONAL DATA PROTECTION PRINCIPLES

We adhere to the principles
relating to processing of personal data set out in applicable law

(Particularly GDPR) which requires
personal data to be:

 (a) Processed lawfully, fairly and in a
transparent manner.

 (b) Collected only for specified, explicit and
legitimate purposes.

 (c) Adequate, relevant and limited to what is
necessary in relation to the purposes for which it is processed.

 (d) Accurate and where necessary kept up to
date.

 (e) Not kept in a form which permits
identification of data subjects for longer than 3 days.

(f) Processed in a manner that
ensures its security using appropriate technical and organizational measures to
protect against unauthorized or unlawful Processing and against accidental
loss, destruction or damage.

(h) Made available to data subjects
and data subjects allowed to exercise certain rights in relation to their
personal data.

(i) We are responsible for and must
be able to demonstrate compliance with the data protection principles listed
above.

 5. PURPOSE LIMITATION

The business of Aura is as a trade
organization to support and represent its Member COMMUNICATION Organizations
and Aura considers that all personal data is collected and processed for the
purpose of promoting that business and that therefore it has a legitimate
interest to collect and process such personal data.

a. Aura collects and processes
personal data about Reps for the following purposes:

• Keeping Reps up to date with
information which may be of interest to them

•Providing Rep management and
administration

•Event management, administration,
minuting and reporting

•Account management

•Providing reports to Member
Organizations

• Supporting network and security
system

• Auditing

• Detecting and preventing fraud

• Complying with legal obligations

6. HOW WE USE YOUR DATA

We will only use your personal data
when the law allows us to. Most commonly, we will use your personal data in the
following circumstances:

• Where we need to, to perform the
contract we are about to enter into or have entered into with you.

• Where it is necessary for our
legitimate interests (or those of a third party) and your interests and  fundamental rights do not override those
interests.

• Where we need to comply with a
legal or regulatory obligation.

Generally, we do not rely on
consent as a legal basis for processing your personal data other than in
relation to sending third party direct marketing communications to you via
email or text message.

You have the right to withdraw
consent to marketing at any time by contacting us.

We will get your express opt-in
consent before we share your personal data with any third-party company for
marketing purposes.

  9. DATA SECURITY

We have put in place appropriate
security measures to prevent your personal data from being accidentally lost,
used, or accessed in an unauthorized way, altered, or disclosed. In addition, we
limit access to your personal data to those who have a business need to know.
They will only process your personal data on our instructions, and they are
subject to a duty of confidentiality. We have put in place procedures to deal
with any suspected personal data breach and will notify you and any applicable
regulator of a breach where we are legally required to do so.