Privacy Notice
Who are we?
NOVENTIQ CYPRUS LTD, a company incorporated and existing under laws of Republic of Cyprus, with office at Kosta Charaki 11, 3rd floor, Flat/Office N302, 3041, Limassol, Cyprus, registered under number: HE190472 and having VAT-ID: CY-10190472H (part of the Noventiq Group hereafter referred to as “Noventiq”) is the data controller of this website (hereafter the “the Website”).
You can read more on Noventiq’s approach to privacy and data protection here.
What does this Privacy Notice cover?
This Privacy Notice applies to the Website and all included services available on this or provided off-site by Noventiq and it is meant to explain who we are, what personal data we process, why, for how long, with whom we might share your data, what are your rights and where you can contact us.
Our sites contain links to other websites not owned by Noventiq and we do not control the content or privacy practices of those sites.
Our website and offerings are not intended for children under 16 years of age. We do not knowingly solicit information online from, or market online to, children under 16 years of age.
For purpose of this Privacy Notice, personal information means data or set of data that can identify an individual, such as name, address, telephone number, and email address. For what type of data we collect for a specific purpose see below.
What personal data do we collect and how do we intend to use it?
Data collected for concluding and executing contracts for the sale of goods ordered by the buyer using the Website:
- Data Subject categories:
- Representatives and employees of companies purchasing goods and/or services from Noventiq;
- Natural persons purchasing goods and/or services from Noventiq.
- Categories of data:
- Customer Data: name, surname, e-mail address, logs;
- For companies: company name, address, VAT number;
- Goods/Services details: name and price, order number;
- Payment Data: inner payment identifier, payment systems identifier, date of payment, transaction identifier, card number mask, card type, IP address.
- Purposes: Concluding and executing contracts for the sale of goods
- Legal basis:
- Applicable from data subjects located in countries listed in Annex 1A: performance of a contract;
- Applicable from data subjects located in countries listed in Annex 1B: consent;
- Retention time: we will keep the data until the termination of the contract, plus the applicable statute of limitations. Full name, address, identifiers of payment transactions information will be kept to comply with the applicable financial and accounting records legislation.
- Source of data: the data is provided by you directly.
- Requirement to provide data and consequences of not providing: all information requested is necessary for the conclusion and execution of the contract. Not providing such data will result in failure to conclude and execute said contract.
- Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.
Data collected for customer support:
- Data subject categories:
- Representatives and employees of companies that require support, purchasing goods and/or services from the controller.
- Natural persons purchasing goods and/or services from the controller.
- Type of data:
- Customer Data: name, surname, e-mail address;
- For companies: phone number, company name, address, VAT number;
- Goods/Services details: name and price, order number;
- Payment Data: date of payment;
- Content of the communication.
- Purpose: customer support for ongoing contracts, providing with requested information and respond to queries;
- Legal basis:
- Applicable for users located in countries listed in Annex 1A: performance of a contract;
- Applicable for users located in countries listed in Annex 1B, 1C: consent;
- Retention time: we will keep the data until the termination of the contract, plus the applicable statute of limitations. The recordings of calls will be retained for a maximum period of one year unless the existing contract, a legal claim or legal requirement or applicable rule - other than the statute of limitations - justifies further processing.
- Source of data: the data is provided by you directly;
- Requirement to provide data and consequences of not providing: All requested data is necessary for the customer support service. Not providing such data will result in failure to provide said support.
- Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.
Data collected upon a direct contact (email, telephone or post):
- Data subject categories: Natural persons contacting the controller via different communication channels;
- Type of data: depending on the content and channel of your communication to us, this includes business contact details, content of your communication.
- Purpose: to provide you with requested information and respond to your queries.
- Legal basis:
- Applicable for users located in countries listed in Annex 1A: performance of a contract;
- Applicable for users located in countries listed in Annex 1B, 1C: consent;
- Retention time: we will keep the data for a period that shall not exceed a 2 years’ time since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing of which you will be informed (data will be reviewed annually and data which is not relevant will be deleted). Notwithstanding the other provisions we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, the applicable statute of limitations or in order to protect your vital interests or the vital interests of another natural person.
- Source of data: the data is provided by you directly, through interactions with our company and website, and from publicly available sources of business-related information.
- Requirement to provide data and consequences of not providing: not providing such data will result in no ability to obtain the requested information.
Data collected through cookies and similar technologies (for more details please visit our Cookie Policy):
- Type of data: IP address and related information such as location and internet provider, browser and content type, version and settings, viewed content and activities;
- Purpose: see the Cookie Policy;
- Legal basis (for strictly necessary cookies):
- the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing for necessary cookies. We find the legitimate interest to be justified considering that the data is necessary for making the website functional (our website does not offer any content directed to individual consumers as well as any content which might be used for any inferences about your private life habits or interests), and limit the retention of data;
- Legal basis (for all other types of cookies): consent.
- Retention time: see the Cookie policy;
- Source of data: data is obtained automatically through your use of the website;
- Requirement to provide data and consequences of not providing: you are not required to provide any data yourself.
With whom we share your data?
We disclose your information to NOVENTIQ employees from our relevant teams and to the providers of services such as:
- hosting (AWS, Germany),
- technical operations (APAC PTE. LTD, Singapore),
- payments processing (NICE Payments Co., Ltd, South Korea) and to
- the entities providing services in the field of tax and legal services, subcontractors performing customer service and logistics tasks, providers of statistical, advertising and analytical services, independent third parties such as auditors, lawyers, inspection agencies, if necessary.
Depending on applicable local laws you may obtain from us further information about specific entities having access to the data.
Your data will be transferred to third countries and any subsequent transfers will follow applicable local and regional laws.
For data transferred outside of EU/EEA, NOVENTIQ also implements EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of Argentina, NOVENTIQ implements Standard Contractual Clauses (more information about such clauses is available only in Spanish here).
When required by the law, we collect your consent to transfer your personal data outside your country of origin in these instances.
We shall take reasonable steps to ensure that any such overseas entities are contractually bound not to use your personal data for any reason other than the purpose they are contracted by us to provide and to adequately safeguard your personal data. These overseas entities will treat your personal data as confidential, in accordance with this Privacy Notice and with all applicable data protection legislation and will process such personal data only for the purposes and within the terms set out herein.
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim, whether in court proceedings or in an administrative or out-of-court procedure.
What are your rights?
- Right to withdraw your consent: You can withdraw your consent any time by writing us privacy.ecom@noventiq.com;
- Right to information and transparency: You have the right to be informed on the manner in which we process your personal data.
- Right to access – You have the right to know what if any of your data we process and obtain a copy of it in most cases.
- Right to rectification – You have the right to request us to rectify or complete your data, as the case may be, on the basis of an additional statement.
- Right to restrict the processing – You can request us to restrict the processing of your personal data in certain cases.
- Right to erasure („right to be forgotten”) – You have the right to request and obtain the erasure of your personal data in some cases.
- Right to data portability – In certain cases you have the right to receive the personal data that you have provided us in a structured, commonly used and machine-readable format or to request we transfer it to another controller.
- Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: We shall not make decisions about data subjects based solely on automated processing.
- Right to launch a complaint with the competent data protection authority. Depending on your location the contact data of the competent data protection authority might differ. You can find a comprehensive list of competent data protection authorities here.
You may exercise any of your rights in relation to your personal data by written notice to us, using contact details set out below.
How do we safeguard your personal data?
We use a range of security measures to protect your personal information, which based on the specific data we process and the risk that the processing activity might pose to your rights and freedoms, might be:
- Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing.
- Measures for user identification and authorisation.
- Measures for the protection of data during transmission Measures for the protection of data during storage.
- Pseudonymisation and/or encryption of personal data.
- Measures for ensuring physical security of locations at which personal data are processed.
- Measures for ensuring events logging.
- Measures for ensuring system configuration, including default configuration.
- Measures for internal IT and IT security governance and management.
- Measures for certification/assurance of processes and products.
- Measures for ensuring data minimisation.
- Measures for ensuring data quality.
- Measures for ensuring limited data retention.
- Measures for ensuring accountability.
- Measures for early detection, management and recovery for incidents.
How can you contact us?
Subject | Address | |
For personal information collected from individuals INSIDE Europe and MENA, written inquiries to the data protection responsible may be addressed to | London | |
For personal information collected from individuals INSIDE LATAM, written inquiries to the data protection responsible may be addressed to: | Buenos Aires | |
For personal information collected from individuals INSIDE INDIA, written inquiries to the data protection responsible may be addressed to | New Delhi (Gurugram) | |
For personal information collected from individuals INSIDE APAC, written inquiries to the data protection responsible may be addressed to: | Ho Chi Minh City | |
For personal information collected from individuals INSIDE CIS, written inquiries to the data protection responsible may be addressed to | Kazakhstan, Almaty, Medueskyi district, Dostyk ave., build. #210, BC «Koktem Grand», office 72, 050051 |
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please report it via the contact points provided in Speak UP Policy.
How do we keep this Privacy Notice updated?
We may amend this Privacy Notice from time to time and the updated version shall apply and supersede any and all previous versions. Please check our website for information on our most up-to-date practices.
The date at the bottom of this Privacy Notice shows when it was last updated.
ANNEX 1A
Country | Country |
EEA[1] | Ukraine |
Argentina | Mexico |
South Korea | Brazil |
ANNEX 1B[2]
Country |
Kazakhstan |
Chile |
Turkey |
[1] All countries in the European Economic Area
[2] Plus any other country not listed in 1A