Who are we?

We are NOVENTIQ HOLDING PLC, a company incorporated under the laws of Cyprus whose principal office is at Kosta Charaki 11, Office 302, 3041, Limassol, Cyprus, and its subsidiaries and affiliated entities (hereinafter "NOVENTIQ", "we" or "us"), acting as data controllers.

What does this Privacy Notice cover?

This Privacy Notice applies to our public-facing NOVENTIQ branded websites and other online services and will be available by a link on all sites and services which it covers. Some NOVENTIQ websites, apps, or online services may collect and use personal information about you in a different way and so will have a different NOVENTIQ Privacy Notice. We encourage you to look at the applicable Privacy Notice, available on said websites, apps, or online services. Our sites contain links to other websites not owned by NOVENTIQ and we do not control the content or privacy practices of those sites.

Our websites and offerings are directed to people in their business or professional capacities. They are not intended for children under 16 years of age. We do not knowingly solicit information online from, or market online to, children under 16 years of age.

Please note, for purpose of this Privacy Notice, personal information means data or set of data that can identify an individual, such as name, address, telephone number, and email address. For what type of data we collect for a specific purpose see below.

What personal data do we collect and how do we intend to use it?

Data collected for marketing purposes (contacting you via email or telephone for offerings of services, news or events registration)

• Type of data: name, email address, telephone.
• Purpose: promoting our or our partners services and products.
• Legal basis: consent. You can unsubscribe any time by clicking the unsubscribe link available in all our marketing communication or contact us at the relevant contact points indicated below.
• Retention time: we will keep the data as long as necessary to provide you with the information you subscribed for, but no more than 2 years since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing of which you will be informed.
• Source of data: the data is provided by you directly through the subscription for our newsletter.
• Requirement to provide data and consequences of not providing: the fields are necessary for subscription, not providing such data will result in failure to register for the newsletter.

Data collected through webforms for events registration

• Type of data: business contact details that might include name, email address, telephone number, company, role, industry.
• Purpose: to register you for the specific event and provide you with the needed information to attend said event.
• Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing unless and until you ask us to provide specific services or products, in which case existing or intended contract provides a legal basis; we find such interests to be justified considering that the data is limited to what is usually shared by the people acting in their business or professional capacities.
• Retention time: we will keep the data as long as necessary to fulfil the purpose pursued but no more than 2 years since the last event registration.
• Source of data: the data is provided by you directly by filling in the webform.
• Requirement to provide data and consequences of not providing: some fields are marked necessary in our webforms in order to submit such forms; not providing such data will result in the inability to submit a form and register for the event.

Data collected and when you contact us directly via email, telephone or post:

• Type of data: depending on the content and channel of your communication to us, this includes business contact details, content of your communication.
• Purpose: to provide you with requested information and respond to your queries.
• Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing unless and until you ask us to provide specific services or products, in which case existing or intended contract provides a legal basis; we find such interests to be justified considering that the data is limited to what is usually shared by the people acting in their business or professional capacities and we provide easy opt-out (we will only refuse deleting your data if we have a compelling legal justification to keep them).
• Retention time: we will keep the data as long as necessary to fulfil the purpose pursued but no more than 2 years since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing of which you will be informed (data will be reviewed annually and data which is not relevant will be deleted). Notwithstanding the other provisions we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
• Source of data: the data is provided by you directly, through interactions with our company and websites, and from publicly available sources of business-related information.
• Requirement to provide data and consequences of not providing: not providing such data will result in no ability to obtain required information.

Data collected through cookies and similar technologies (for more details please visit our Cookie Policy) – upon visiting our website you will be provided with a customized cookie consent tool to make such choices as might be applicable:

• Type of data: IP address and related information such as location and internet provider, browser and content type, version and settings, viewed content and activities.
• Purpose: maintaining our websites, general statistics and measurement of effectiveness of our websites and marketing techniques, marketing.
• Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing for necessary cookies and consent for all the other ones. We find the legitimate interest to be justified considering that the data is necessary for making the website functional (our website does not offer any content directed to individual consumers as well as any content which might be used for any inferences about your private life habits or interests), and limit the retention of data.
• Retention time: for details of expiration of cookies/similar technologies please visit our Cookie Policy.
• Source of data: data is obtained automatically through your use of the website and from external parties such as Google Analytics.
• Requirement to provide data and consequences of not providing: you are not required to provide any data yourself.

Data collected for KYC purposes

• Data subject categories: Beneficial Owners, Key Controllers, Directors, and Related Parties of companies purchasing goods and/or services from the controller;
• Type of data: full name, citizenship, date of birth, manner of control over the controller’s client;
• Purpose: know your client due diligence process;
• Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that we have a legal obligation to conduct this diligence process (Anti-money laundering, and counter terrorist financing, trade sanctions);
• Retention time: we will keep the data as long as necessary to fulfil the purpose pursued unless an ongoing legal claim, legal requirement or applicable rule - including but not limited to the applicable statute of limitations - justifies an additional retention time.
• Source of data: We compile information from publicly available sources. These sources are in the public domain and are reasonably accessible or available to us, such as public websites, regulatory websites, open government databases, exchanges, and public registries.

Data collected for concluding and executing contracts for the sale of goods or services

• Data subject categories: representatives and employees of companies purchasing goods and/or services from the controller. Natural persons purchasing goods and/or services from the controller.
• Type of data: Full name, email address, delivery address, phone number. Additionally for companies: company name, VAT n°. During the execution of an order, the following data may be processed: clickstream, Data on payment methods, identifiers of payment transactions, methods and terms of payment, IP address;
• Purpose: concluding and executing contracts for the sale of goods or services;
• Legal basis: performance of a contract;
• Retention time: we will keep the data until the termination of the contract, plus the applicable statute of limitations. Full name, address, identifiers of payment transactions information will be kept to comply with the applicable financial and accounting records legislation;
• Source of data: the data is provided by you directly;
• Requirement to provide data and consequences of not providing: all information requested is necessary for the conclusion and execution of the contract. Not providing such data will result in failure to conclude and execute said contract;
• Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.

Data collected for customer support

• Data subject categories: employees of companies that require support, purchasing goods and/or services from the controller. Natural persons purchasing goods and/or services from the controller;
• Type of data: Full name, email address, phone number, recording of communication, company name;
• Purpose: customer support for ongoing contracts;
• Legal basis: performance of a contract;
• Retention time: we will keep the data until the termination of the contract, plus the applicable statute of limitations. The recordings of calls will be retained for a maximum period of one year unless the existing contract, a legal claim or legal requirement or applicable rule -other than the statute of limitations- justifies further processing.
• Source of data: the data is provided by you directly;
• Requirement to provide data and consequences of not providing: All requested data is necessary for the customer support service. Not providing such data will result in failure to provide said support;
• Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.

With whom we share your data?

We disclose your information to NOVENTIQ employees from the relevant teams, companies processing the data on our behalf (hosting providers, mail system provider, organizations providing maintenance services; entities providing services in the field of tax and legal services, subcontractors performing customer service and logistics tasks, providers of statistical, advertising and analytical services, payment service providers, independent third parties when this is necessary (auditors, lawyers, inspection agencies) or based on your choices and actions (as when you ask us to send you a shipment or letter using a third-party provider). Depending on applicable local laws you may obtain from us further information about specific entities having access to the data. Your data will be transferred to third countries and any subsequent transfers will follow applicable local and regional laws. For data transferred outside of EU/EEA, NOVENTIQ also implements EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of Serbia, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Serbian here). For data transferred outside of UK, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available here). For data transferred outside of Argentina, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Spanish here).

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim, whether in court proceedings or in an administrative or out-of-court procedure.

What are your rights?

• Right to withdraw your consent: You can unsubscribe any time by clicking the unsubscribe link available in all our marketing communication, change your preferences on the cookie consent tool or contact us at the relevant contact points indicated below.
• Right to information and transparency: You have the right to be informed on the manner in which we process your personal data.
• Right to access - You have the right to know what if any of your data we process and obtain a copy of it in most cases.
• Right to rectification - You have the right to request us to rectify or complete your data, as the case may be, on the basis of an additional statement.
• Right to restrict the processing - You can request us to restrict the processing of your personal data in certain cases.
• Right to erasure ("right to be forgotten") - You have the right to request and obtain the erasure of your personal data in some cases.
• Right to data portability - In certain cases you have the right to receive the personal data that you have provided us in a structured, commonly used and machine readable format or to request we transfer it to another controller.
• Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: We shall not make decisions about data subjects based solely on automated processing.
• Right to launch a complaint with the competent data protection authority. Depending on your location the contact data of the competent data protection authority might differ. You can find a comprehensive list of competent data protection authorities here.

You may exercise any of your rights in relation to your personal data by written notice to us, using contact details set out below.

How do we safeguard your personal data?

We use a range of security measures to protect your personal information, which based on the specific data we process and the risk that the processing activity might pose to your rights and freedoms, might be”

• Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
• Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
• Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing.
• Measures for user identification and authorisation.
• Measures for the protection of data during transmission Measures for the protection of data during storage.
• Pseudonymisation and/or encryption of personal data.
• Measures for ensuring physical security of locations at which personal data are processed.
• Measures for ensuring events logging.
• Measures for ensuring system configuration, including default configuration.
• Measures for internal IT and IT security governance and management.
• Measures for certification/assurance of processes and products.
• Measures for ensuring data minimisation.
• Measures for ensuring data quality.
• Measures for ensuring limited data retention.
• Measures for ensuring accountability.
• Measures for early detection, management and recovery for incidents.

How can you contact us?

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please report it via the contact points provided in Speak UP Policy.

How do we keep this Privacy Notice updated?

We may update this Privacy Notice from time to time. If we materially change it, we will take steps to inform you of the change.

The date at the bottom of this Privacy Notice shows when it was last updated.

April 14th, 2023