Privacy Notice

NOVENTIQ Northern Europe each legal entity identified at the end of this notice (each hereinafter referred to as data controller).

This Privacy Notice applies to our public facing website https://www.noventiq.co.ukand all included services available on this website or provided off-site by the controller. Some of our websites, applications or online services may collect and use personal information about you, so they will be subject to a different Privacy Notice. We encourage you to review the applicable Privacy Notice available on these websites, apps or online services. Our sites contain links to third party websites, and we have no control over the content or privacy practices of those sites.

Our websites and offers are designed for people in their business or professional capabilities. They are not intended for children under the age of 16. We do not knowingly solicit information online from children under the age of 16 or sell it online.

Please note that for the purposes of this Privacy Notice, personal information means data or a set of data that can identify an individual, such as name, address, telephone number, and email address. Please refer to the list below for the types of data we collect in relation to each specific purpose.

Personal data collected for marketing purposes (contacting you by e-mail or phone for the purpose of offering services, news or registering for events) 

• Type of data: name, e-mail, company name, country, job title.
• Purpose: to promote us or our services and products.
• Legal basis: consent. You can unsubscribe at any time by clicking on the unsubscribe link available in all our marketing communications or by contacting us at the relevant contacts listed below.
• Retention period: we will retain the data for as long as it is necessary to provide you with the information to which you have subscribed, according to our internal policies. as well as for the applicable legal period of time to justify the processing of your data.
• Source of data: the data is provided by you directly through the subscription to our newsletter.
• Requirement to provide data and consequences of not providing: the fields are necessary for subscription, failure to provide such data will lead to the refusal to register for newsletters or attend the desired event.

• Data subject categories: natural persons that seek employment with the controller.  
• Type of data: name, email address, telephone, additional CV contained data (employment and education data, skills, certifications), referrals, background-checks, data related to the account created on our platform.
• Purpose: employment process.
• Legal basis: in order to take steps before entering into a contract.
• Retention period: we will keep the data as long as necessary to undergo the recruitment and selection process. For candidates that are not selected the information will be retained for future opportunities unless you object to such retention.
• Source of data: the data is provided by you directly via different recruitment channels or via referrals.
• Requirement to provide data and consequences of not providing: the information is necessary for the recruitment process. Not providing this information will result in the elimination from the recruitment process.
• Additional purpose:  the data will be used for training, statistical and analytics purposes to better understand our candidates and to ensure a higher quality recruitment process.
   

• Type of data: business contact information, which may include name, e-mail, phone number, company, position, industry.
• Purpose: to register you for a specific event or webinar and provide the necessary information to participate in the event.
• Legal basis: legitimate interest.
• Retention period: we will retain the data for as long as it is necessary to achieve the intended purpose, but no more than 2 years since the last event/webinar registration.
• Source of data: the data is provided by you directly by filling out a web form.
• Requirement to provide data and consequences of not providing: some fields in our web forms are marked as mandatory for sending such forms; failure to provide such data will result in the inability to submit the form and register for the event.

• Type of data: depending on the content and method of communication, this includes business contact information, the content of your message.
• Purpose: to provide you with the requested information and to answer your questions.
• Legal basis: legitimate interest.
• Retention period: we will retain the data for as long as it is necessary to achieve the intended purpose but no more than 2 years since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing of which you will be informed (data will be reviewed annually and data which is not relevant will be deleted).
• Source of data: the data is provided by you directly, through interaction with our company and websites.
• Requirement to provide data and consequences of not providing - failure to provide such data will result in the impossibility of obtaining the necessary information.

(for more information please read the Cookie Policy)  - when you visit our website, you will be provided with a customizable cookie consent tool to make such choices as might be applicable:

• Type of data: IP address and related information such as location and internet provider, browser and content type, version and settings, content viewed and activity.
• Purpose: to maintain our websites, general statistics and measure the effectiveness of our websites and marketing techniques, marketing.
• Legal basis: consent.
• Retention period: for more information on the expiration of cookies/similar technologies, please see our Cookie Policy.
• Source of data: data is obtained automatically when you use the website and from external parties such as Google Analytics.
• Requirement to provide data and consequences of not providing you are not obliged to provide any data yourself.

• Data subject categories: beneficial owners, key controllers, directors and related parties purchasing goods and/or services from the controller.
• Type of data: full name, nationality, date of birth, method of managing the client.
• Purpose: know your client due diligence process.
• Legal basis: legal obligation to conduct this diligence process (Anti-money laundering, and counter terrorist financing etc.).
• Retention period: we will retain the data for as long as it is necessary to achieve the intended purpose, unless an ongoing legal action, legal requirement or applicable rule, including, without limitation, the applicable limitation period, justifies an additional retention period.
• Source of data: we collect information from publicly available sources. These sources are in the public domain and are reasonably accessible or accessible to us, such as public websites, regulatory websites, open government databases, exchanges, and public registries.

• Categories of data subjects: representatives and employees of companies who intend to purchase goods and/or services from the controller. Individuals who intend to purchase goods and/or services from the controller.
• Type of data: full name, e-mail address, phone number. Additionally for companies: company name, job title, company registration number. During the execution of the order, the following data may be processed: visit history, payment method data, payment transaction IDs, payment methods and conditions, IP address.
• Purpose: conclusion and execution of contracts for the sale of goods or services.
• Legal basis: performance of the contract.
• Retention period: We will retain the data until the contract is terminated plus the applicable limitation period. Full name, address, payment transaction information identifiers will be retained in accordance with applicable financial and accounting laws.
• Source of data: the data is sent by you directly.
• Requirement to provide data and consequences of not providing: all the requested information is necessary for the conclusion and performance of the contract. Failure to provide such data will lead to the impossibility of concluding and executing the specified contract.
• Additional purpose: the data will be used for statistical purposes to better understand our customers and to ensure high quality services and goods.

• Categories of data subjects: employees of companies who require support, purchasing goods and/ or services from the controller. Individuals purchasing goods and/or services from the controller.
• Type of data: full name, e-mail address, phone number, communication record/recording, company name.
• Purpose: support of clients under current contracts.
• Legal basis: execution of a contract.
• Retention period: we will retain the data until the contract is terminated, plus until the end of the applicable limitation period.
• Source of data: the data is provided by you directly
• Requirement to provide data and consequences of not providing: All requested data is necessary for customer service. Failure to provide such data will result in the refusal to provide said support.
• Additional purpose:  the data will be used for statistical purposes to better understand our customers and to ensure high quality services and goods.

We disclose your information to the employees from the relevant teams, companies that process data on our behalf (hosting providers, postal system providers, service providers; tax and legal service providers, subcontractors performing customer service and logistics tasks, statistical, advertising and analytical service providers, payment service providers, independent third parties when this is necessary (auditors, lawyers, inspection bodies) or based on your choices and actions (for example, when you ask us to send you a shipment or letter using a third-party supplier). 

If necessary, your personal data may be transferred outside of EU/EEA/UK if any of our subsidiaries, service providers or strategic partners ("foreign entities") involved in the our business are located outside the EEA/EU/UK. We shall take reasonable steps to ensure that any such overseas entities are compliant with applicable laws, including conducting data transfer impact assessments and signing contracts with these entities to contractually bind them not to use your personal data for any purpose other than what they are contracted by us to provide and to adequately safeguard your personal data. These overseas entities will treat your personal data as confidential, in accordance with this Privacy Notice and with all applicable data protection legislation and will process such personal data only for the purposes and within the terms set out herein. For data transferred outside of EU/EEA, we also implement EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of UK, we also implement Standard Contractual Clauses (more information about such clauses is available here). 

We may disclose your personal data if such disclosure is necessary to comply with a legal obligation to which we are subject or to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data if such disclosure is necessary to bring, exercise or defend a legal action, whether in legal proceedings or administratively or extrajudicially.

• Right to withdraw your consent - you can unsubscribe at any time by clicking on the unsubscribe link available in all of our marketing communications, change your preferences in the cookie consent tool, or contact us at the relevant contacts listed below.
• Right to information and transparency - you have the right to be informed about how we process your personal data.
• Right of access – you have the right to know that if any of your data we process, and in most cases to receive a copy of it.
• Right to rectification - you have the right to request us to correct or supplement your data, as the case may be, on the basis of an additional application.
• Right to restriction of processing – you can ask us to restrict the processing of your personal data in certain cases.
• Right to erasure ("right to be forgotten") – In some cases, you have the right to request and obtain the deletion of your personal data.
• Right to data portability – in some cases, you have the right to receive the personal data you have provided to us in a structured, widely used and machine-readable format or to request that we transfer it to another controller.
• Right to object to processing/Right to object to processing for direct marketing purposes: we will not make decisions about data subjects solely on the basis of automated processing.
• The right to lodge a complaint with the competent personal data protection authority.  Depending on your location the contact data of the competent data protection authority might differ. You can find a comprehensive list of competent data protection authorities here.
• Right not to be subject to automated decision-making - we will not make decisions about data subjects based solely on automated processing.

You can exercise any of your rights in relation to your personal data by sending us a written notice using the contact information provided below.

We use a number of security measures to protect your personal information, which, based on the specific data we process and the risk that the processing activity may pose to your rights and freedoms, might be:

• Measures to ensure the continued confidentiality, integrity, availability and fault tolerance of processing systems and services.
• Measures to ensure that and access to personal data can be restored in a timely manner in the event of a physical or technical incident.
• Processes of regular testing, analysis and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing.
• Measures to identify and authorize users.
• Data protection measures during transmission. Measures to protect data at rest.
• Pseudonymization and/or encryption of personal data.
• Measures to ensure the physical security of the places where personal data are processed.
• Measures to ensure that events are logged.
• Measures to ensure the configuration of the system, including the default configuration.
• Measures for internal management and management of IT and IT security.
• Measures to certify/ensure the quality of processes and products.
• Measures to ensure data minimization.
• Measures to ensure data quality.
• Measures to ensure limited data storage.
• Accountability measures.
• Measures for early detection, management and elimination of incidents.

If you have an unresolved privacy or data use issue that we have not resolved satisfactorily, please report it through the contact details provided in Speak UP Policy.
 

We may update this Privacy Notice from time to time. 

The date at the bottom of this Privacy Notice shows when it was last updated.

 July 8, 2025