Privacy Policy
Last updated: January 2025
1. Data Controller
The data controller responsible for your personal data is:
Nova AI Ventures
Registered in Poland
Email: hello@novaai.ventures
For any questions regarding data protection or to exercise your rights, please contact us at hello@novaai.ventures.
2. Information We Collect
2.1 Information You Provide
When you use our contact form, we collect:
- Name - to address you personally
- Email address - to respond to your inquiry
- Company name - to understand your business context
- Role (optional) - to tailor our response
- Mobile phone (optional) - for follow-up if preferred
- Project types - to understand your interests
- Message content - your inquiry details
2.2 Automatically Collected Information
When you visit our website, we may collect (with your consent):
- Analytics data - page views, session duration, bounce rate
- Device information - browser type, operating system, screen resolution
- Location data - country and city (approximate, from IP address)
- Referral source - how you found our website
2.3 Technical Information
Our servers automatically log certain technical data including IP addresses, access times, and pages visited. This data is used solely for security monitoring and service optimization.
3. Legal Basis for Processing
We process your personal data under the following legal bases as defined by the GDPR:
Consent (Article 6(1)(a) GDPR)
Analytics cookies and marketing communications - you can withdraw consent at any time via our cookie settings or by contacting us.
Contract Performance (Article 6(1)(b) GDPR)
Processing necessary to respond to your inquiry and provide services you have requested.
Legitimate Interest (Article 6(1)(f) GDPR)
Website security, fraud prevention, and improving our services - we always balance our interests against your rights.
Legal Obligation (Article 6(1)(c) GDPR)
Compliance with tax laws, court orders, or other legal requirements.
4. How We Use Your Information
We use your personal data for the following purposes:
- Responding to your inquiries and providing our services
- Sending confirmation emails about your submissions
- Improving our website and user experience
- Analyzing website traffic and usage patterns (with consent)
- Sending relevant business communications (only with explicit consent)
- Complying with legal obligations
- Protecting against fraud and security threats
5. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 3 years from last contact |
| Analytics data | 26 months (Google Analytics default) |
| Server logs | 90 days |
| Cookie consent records | Until withdrawal or 24 months from consent |
| Client project data | As specified in service agreement, minimum 7 years for legal compliance |
After the retention period expires, your data will be securely deleted or anonymized.
6. Third-Party Data Processors
We share your data with trusted third-party service providers who process data on our behalf. All processors are contractually bound to protect your data:
Google Analytics (Google LLC)
Purpose: Website analytics and performance monitoring
Privacy: Google Privacy Policy
SendGrid (Twilio Inc.)
Purpose: Email delivery for contact form confirmations and notifications
Privacy: Twilio Privacy Policy
Slack (Salesforce Inc.)
Purpose: Internal team notification for new inquiries
Privacy: Slack Privacy Policy
7. International Data Transfers
Some of our third-party service providers are located outside the European Economic Area (EEA), primarily in the United States. When transferring data outside the EEA, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework - Our US-based processors (Google, Twilio, Salesforce/Slack, Vercel) are certified under the EU-US Data Privacy Framework
- Standard Contractual Clauses - We use EU-approved contractual clauses where required
- Supplementary Measures - Additional technical and organizational safeguards as appropriate
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data in certain circumstances.
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Receive your data in a structured, commonly used format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at hello@novaai.ventures. We will respond to your request within 30 days.
9. Cookies
Our website uses cookies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
You can manage your cookie preferences at any time through the cookie banner or by clicking "Cookie Settings" in the footer of our website.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- HTTPS encryption for all data transmission
- Secure cloud infrastructure with access controls
- Regular security assessments and updates
- Limited access to personal data on a need-to-know basis
- Secure data disposal procedures
11. Supervisory Authority
If you believe that we have not adequately addressed your concerns regarding data protection, you have the right to lodge a complaint with a supervisory authority. As we are based in Poland, our lead supervisory authority is:
PUODO (Prezes Urzędu Ochrony Danych Osobowych)
President of the Personal Data Protection Office
ul. Stawki 2, 00-193 Warsaw, Poland
Website: uodo.gov.pl
You may also contact the data protection authority in your country of residence.
12. Children's Privacy
Our services are designed for businesses (B2B) and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
13. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated through our website or, where appropriate, by email. The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions about this privacy policy, our data practices, or wish to exercise your rights, please contact us: