Privacy Policy

1. Data Controller

The controller responsible for the processing of your personal data is:

Personal data are processed in accordance with the applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).

2. Personal Data We Collect

2.1 When You Contact Us or Act as a Representative

If you contact us, including when you send us messages with questions or request a call back, we process personal data that include your contact details, such as your email address or any other data indicated in the content of your message.

If you fill in a contact form on our website, we collect the following personal data:

• Name and surname - to address you personally
• Email address - to respond to your inquiry
• Company name - to understand the business context
• Job title (optional) - to tailor our response
• Mobile phone number (optional) - to contact you if preferred
• Types of projects - to understand your interests
• Message content - details of your inquiry

Additionally, when you represent our potential or current partner or client and we hold discussions with you or the entity you represent about cooperation or begin such cooperation, we may receive from you or from the entity you represent additional personal data that you have not previously provided.

2.2 When You Visit Our Website

On our website, we use various cookies or other tools that allow us to automatically collect your personal data when you visit the website. Our servers automatically record certain technical data that are necessary for you to be able to use our website and for it to function properly.

During your visit to our website, we may also collect, with your consent:

• Analytical data - page views, session duration, bounce rate
• Device information - browser type, operating system, screen resolution
• Location data - country and city (approximate, based on IP address)
• Referral source - how you accessed our website

More information about the cookies and other tools we use can be found in our Cookie Policy.

2.3 When You Agree to Receive Information About Our Activities

If you consent to receiving information about our activities, we will process the data you provide that are necessary for sending such information, including, for example, your name and surname, role, and email address.

3. Purpose and Legal Basis for Processing

3.1 When You Contact Us or Act as a Representative

We process your personal data in order to respond to your messages and inquiries, communicate with you, and conduct discussions regarding potential cooperation for the purpose of providing an offer, negotiations, conclusion, and performance of a contract with the company connected to you or represented by you, as well as for the provision of our services.

3.2 When You Visit Our Website

When using our website, particularly when you access content and information we publish, the processing of your data is based on Art. 6(1)(b) GDPR, as such processing is necessary for the performance of the agreement on the use of our website that you conclude with us when visiting our website.

Depending on the purpose for which personal data are collected, processing is based on our legitimate interest consisting of ensuring the proper functioning of the website, ensuring its security, and preventing fraud (Art. 6(1)(f) GDPR), or on your consent (Art. 6(1)(a) GDPR) when information collected by cookies is processed for other purposes, e.g., for analytical or marketing purposes.

3.3 When You Agree to Receive Information Electronically

If you consent to receive information about our activities by email, the legal basis for processing your personal data is your consent (Art. 6(1)(a) GDPR). Your consent is voluntary and may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Data Retention

We store your personal data only for as long as necessary for the purposes for which they were collected. After the retention period expires, your data will be securely deleted or anonymised.

4.1 Contact and Representative Data

We store your personal data for as long as necessary to manage and respond to your inquiries or to take the necessary steps related to our correspondence. We store personal data of representatives, contact persons, or individuals who are parties to a contract for as long as necessary to manage the relationship with the company. We store the data for retention periods specified in applicable laws, such as tax law.

4.2 Website Visit Data

We store your personal data for as long as necessary to fulfil our obligations to ensure the functioning of the website and the agreement on the use of the website. If you have consented to the processing of data for other purposes, the data will be stored in accordance with the retention periods indicated in the Cookie Policy.

4.3 Marketing Communication Data

We store your contact data for the purpose of sending electronic marketing communication for as long as your consent to receive such communication remains valid.

5. Sharing Personal Data with Other Entities

We share your data with trusted external service providers who process data on our behalf. For example, some of our service providers may have access to your personal data when they provide services supporting our daily business operations (e.g., various IT service providers, accounting service providers, communication consultancy providers). Such service providers process personal data only on our instructions as processors on our behalf, and we remain responsible for their processing of personal data. All data processors are contractually obliged to protect your data.

In addition to processors, in some cases we may also share your personal data with third parties who process them as independent controllers. Such third parties include, for example, our auditors, legal service providers, and other consultants when sharing personal data is necessary in the context of services provided to us.

6. International Data Transfers

If the entity with whom we share personal data processes personal data outside the European Economic Area (EEA), including the European Union, we have applied additional safeguards in accordance with the GDPR to ensure protection of your personal data as a result of such transfer.

We implement contractual, technical, and organisational measures to ensure ongoing adequate protection and security of personal data. When transferring data outside the EEA, we ensure appropriate safeguards such as:

• EU-US Data Privacy Framework
• EU-approved Standard Contractual Clauses
• Additional technical and organisational protections

Copies of such measures are available upon contacting us.

7. Your Rights

Under the GDPR, you have the following rights concerning your personal data:

You may exercise these rights under the conditions and in the cases specified in Articles 15-21 of the GDPR. We will respond to your request within one month unless circumstances require more time, in which case we will inform you within one month and respond within the deadlines set out in the GDPR.

To exercise any of these rights, please contact us at hello@novaai.ventures.

8. Cookies

Our website uses cookies. Detailed information about the cookies we use and about ways to manage them can be found in our Cookie Policy.

You can manage your cookie preferences at any time via the cookie banner or by clicking "Cookie Settings" in the footer of our website.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all data transmission
• Secure cloud infrastructure with access control
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Secure data deletion procedures

10. Supervisory Authority

Regardless of your rights indicated above, or if you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

If your habitual residence, place of work, or the place of the alleged violation are located in another EU Member State, you also have the right to lodge a complaint with the data protection supervisory authority in that Member State.

11. Children's Privacy

Our services are intended for businesses (B2B) and are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via our website or, where appropriate, by email. The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this Policy periodically.

13. Contact

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your rights, please contact us: