PRIVACY NOTICE
Novalia Limited privacy notice at a glance
The data controller responsible for processing your personal information is Novalia which you can contact online via: info@novalia.co.uk or by post at:
Novalia Limited, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS
The data we collect about you includes identity data and contact data (such as name or identifier, postal and email address, telephone), technical data and usage data (such as IP address, login data, browser type and other technical data, information on how you use our services and websites).
The main ways we use your data are:
-
to register you as a prospect, visitor or customer to process your orders including managing payment(s)
-
to provide you with resources from this site
-
to manage our relationship with you
-
to deliver relevant content to you
-
to use data analytics to measure, understand and improve the effectiveness of our services.
We may share your personal data with carefully selected third parties such as our partners who may use the information to contact you in relation to our products and services.
You can exercise your rights to access the information we hold about you, to correct or delete information from our records, to object to processing of your information or exercise any other of your legal rights by contacting us through either of the above methods.
Introduction
Novalia is committed to protecting and respecting your privacy and personal data. This privacy notice will explain how we look after your personal data; please read it carefully.
1. Purpose of this privacy notice
This notice aims to give you information on how Novalia collects and processes your personal data through your use of any of our websites and participation in our events, including any data you may provide when you sign up to receive information about our products, any newsletter we might release, register for or attend one of our events, request further information about or purchase any of our services. This privacy notice supplements any specific privacy notices we may provide to you when collecting specific information directly from you and is not intended to override them.
Third-party links
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be directly or indirectly identified. It does not include data where the identity has been removed (anonymous data).
We collect, use, store and transfer different kinds of personal data about you, as described below. In some cases, the data may not be personal data by itself but where it is associated with other data from which you can be identified, we treat it as personal data:
-
Identity Data includes first name, last name, username or similar identifier, title and gender.
-
Contact Data includes billing address, delivery address, email address and telephone numbers.
-
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
-
Profile Data includes your username and password, enquiries or orders made by you, your interests, preferences, feedback and survey responses.
-
Usage Data includes information about how you use our website, products and services.
-
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also utilise the above information to create Aggregated Data such as statistical or demographic data. Whilst Aggregated Data may be derived from your personal data it is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions
You may give us your Identity and Contact Data by filling in forms, providing us with your business card or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
-
apply or enquire for one of our services;
-
register to attend one of our events;
-
create an account on one of our websites;
-
subscribe to a service provided by us;
-
view and access our content;
-
request marketing to be sent to you;
-
give us some feedback.
Automated technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our COOKIES NOTICE for further details.
Third parties or publicly available sources
We may receive personal data about you from publicly available sources such as Companies House, LinkedIn, or from third parties (examples of which are set out below), who may be based outside of the EU. Once we receive such data we will look after it in accordance with the terms of this privacy policy.
Examples of third party sources:
-
Analytics providers, Search information providers and advertising networks who provide Technical Data about your use of websites.
-
Data brokers or aggregators who provide us with Identity and Contact Data of individuals likely to be interested in our services.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
-
To register you as a new customer
-
To register you as a visitor at one of our events
-
To process and deliver your services including:
-
Manage payments, fees and charges
-
Collect and recover money owed to us
-
To manage our relationship with you which will include:
-
Notifying you about changes to our terms or privacy policy
-
Asking you to leave a review or take a survey
-
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
-
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
-
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
-
To make suggestions and recommendations to you about content, goods or services that may be of interest to you.
The table at the end of this policy informs you in more detail of the legal basis of processing your data, and in particular what our legitimate interest is in each case. Generally, we do not rely on consent as a legal basis for processing your personal data unless you have gone through a specific consent process for a particular service.
Marketing
We may use your Identity, Contact, Technical, Usage and Profile Data for marketing products and services to you where we have a lawful basis on which to do so.
Unless you opt-out, you will receive marketing communications from us if you have requested information from us, registered to attend one of our events or purchased services from us. You have the right to opt-out of these communications at any time by following the unsubscribe links on any marketing message sent to you or by contacting us.
Third-party marketing
Where we have your express consent to do so, we may share your personal data with trusted partners outside of Novalia for marketing purposes.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For more information about the cookies we use, please see our COOKIES NOTICE.
Change of purpose
We will only use your personal data for the purposes for which we collected it or for a compatible purpose, if we reasonably consider that we need to use it for that purpose and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch with us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5. Sharing your personal data
We may share your personal data with selected third parties, including:
-
Novalia partners who may be acting as joint controllers or processors
-
Service providers who provide IT systems, customer management systems and administration services and who will process your data in accordance with the terms of our data processing agreements with them. These include providers such as Google, Amazon Web Services and Microsoft Azure
-
Service providers who provide marketing services at our control.
We may share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
-
comply with legal obligation, process or request;
-
enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
-
detect, prevent or otherwise address security, fraud or technical issues; or
-
protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
We may also disclose your information to third parties:
-
in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets; or
-
if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. Data transfers outside the EEA
Sometimes we may transfer your details to third parties outside of the European Economic Area (EEA) to support the delivery of our services. If this happens we remain responsible to you for the transfer, processing and storage of your information.
7. Data security
Novalia have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure and whilst we will do our best at all times to protect your information we cannot guarantee the security of your information shared over the internet; & any transmission is at your own risk. We will use strict procedures and security features to try to prevent unauthorised access to your information within our control and possession.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and for no longer than six years (unless a longer period is required by law). In certain circumstances you can ask us to delete your data: see ‘Your rights’ below for further information. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. Your rights
You have the right to:
-
Ask for a copy of any information we hold about you
-
Withdraw any consents you have given.
-
Ask us to correct any inaccurate or incomplete information we have about you.
-
Ask us to delete your information from our records.
-
Ask us to send a copy of your information to a third party in a data portable format.
-
Object to the processing of your information when we process it for direct marketing purposes on the basis of our legitimate interest.
-
Ask us to suspend the processing of your information.
-
Lodge a complaint with us or the Information Commissioner’s Office or with any other relevant supervisory authority about how we handle your personal data.
If you wish to exercise any of the rights set out above, please contact us. A fee is not usually payable to exercise your rights (although we reserve the right to charge you a reasonable fee if your request is unfounded, repetitive or excessive). We will ask you to provide identification to ensure that we are providing information to the correct person. We will try to respond to requests within a month.
Data Subjects’ Rights in California
If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal data that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties.
10. Contact us
Novalia Limited is the controller and responsible for this website.
Contact details:
Full name of legal entity: Novalia Limited
Email address: info@novalia.co.uk
Postal address: Novalia Limited, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS
If you have any questions about this privacy notice, please contact us at info@novalia.co.uk
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. This website is not intended for children and we do not knowingly collect data relating to children. Where we have inadvertently collected information from a child, we will delete it as soon as possible. If you suspect, or are aware that a child has given their information to us, please contact us at info@novalia.co.uk
Updates
This notice was last updated on 31st January 2024. Any changes we may make to this notice in the future will be posted on this page. Please check back frequently to see any updates or changes to this notice. Archived copies can be obtained by contacting us at the address above.
11. Legal basis of processing
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
PURPOSE/ACTIVITY
TYPE OF DATA
LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST
To register you as a new customer
To process and deliver your services including: Managing payments, fees and charges
To deliver relevant website content to you and measure or understand the effectiveness of the content we serve to you.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
To make suggestions and recommendations to you about goods or services that may be of interest to you
(a)Identity
(b)Contact
(a)Identity
(b)Contact
(c)Marketing & Communications
(a)Identity
(b)Contact
(c)Profile
(d)Usage
(e)Marketing & Communications
(f)Technical
(a)Technical
(b)Usage
(a)Identity
(b)Contact
(c)Technical
(d)Usage
(e)Profile
Performance of a contract with you
Performance of a contract with you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
(Necessary for our legitimate interests (to develop our products/services and grow our business)
12. Glossary of terms
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.