Novatech's GDPR Policy

1. Personally Identifiable Information (PII)

1.1. When We Store PII

Novatech mainly collects personally identifiable information about you in the following cases.

• You have sent us an inquiry over the phone, email, message boards, or other channels

• You have requested access in accordance with the Public Access to Information Act

• You subscribe to our newsletter

• You have applied for a job with us

• You have ordered documents or material

• You are a journalist and have contacted us for a statement

• You visit our website novatech.no, and submit your PII

• You are using one of our online services (authentication)

• Voluntarily completed customer survey

 We may also receive information about you from others in the following cases:

• We have asked a company for a statement, and your information appears in the statement

• A non-conformance report contains information about you

• A complaint, tip, or guidance case contains information about you

• We receive information about you from a customer or potential customer

• A job seeker has provided you with a reference

Novatech AS stores information on Google Workspace, which is compliant with GDPR:

https://cloud.google.com/privacy/gdpr 

1.2. What Information We Store

Novatech can collect, store and process the following personal data about registered users:

• Name

• Email address

• Phone number(s)

• Organization

• Organizational position

• Office address

The information above can be linked to the projects Novatech is involved in.

Novatech is only interested in professional contact information.

• Exception: We will store your CV if you apply for a job at Novatech AS.

  • Your CV will be stored on Novatech servers if you are chosen and employed

  • Applications and CVs will be deleted after the employment process if you are not chosen and employed

1.3. Storage of PII

Novatech AS is a digital company and will only store information digitally on cloud servers.

1.4. Purpose

• User authentication and access control

• Log of activities

• Technical support

• Communication

• Regulatory issues

• Invoices

• Incident handling

• Debugging

• Assistance

Personal data storage is necessary for providing customers with efficient, good, and reliable services.

2. Visit to Our Web Pages

2.1. Cookies

Cookies are small text files that are placed on your computer when you visit a web page. Some of the cookies are necessary for various services on our website to work. Novatech AS uses cookies to analyze the use of our websites.

Novatech AS reserves the right to use cookies for three purposes:

• For various services on our website to work.

• To offer form functionality.

• For web analysis and statistics, i.e., to assess how the website is used and map the potential for improvement.

2.2. Web Analytics

Novatech AS reserves the right to use cookies for web analytics to improve our services.

Web analytics is not linked to a personal account

2.3. Statistics

Novatech AS reserves the right to use logs from our web server to generate statistics on visits. These statistics allow us to improve the information on our website. The information contains various variables, such as which page you have visited, what you have searched for in our search engine, the date and time of the visit, and technical information about your device. In practice, it will not be possible to identify the visitors from the stored parameters. Therefore, the statistics are anonymous. This information can, therefore, not be linked to you as an individual.

The basis for processing the generation of anonymous statistics is the Privacy Regulation, Article 6 (1) (f), which allows us to process information that is necessary to safeguard a legitimate interest that outweighs the consideration of the individual's privacy. The legitimate interest is to improve and further develop information on our websites.

2.4. Activity in Online Applications

We store activity logs in our online applications. This includes failed and successful logins, user actions, timestamps, IP addresses, errors, data retrieval, and data modifications. These logs are only available to authorized personnel such as Novatech management, support staff, developers, and auditors.

3. PII from Minors

Novatech AS does not have any minors as customers and does not store information about minors. Novatech will immediately delete any and all PII submitted to Novatech through any channel as soon as we are informed.

A minor is defined as anyone below the age of 16.

Novatech does not provide any service that is considered sensitive for minors.

4. Individual Rights

4.1. Request Information About Stored PII

You have the right to receive a copy of the PII Novatech has stored. Contact us at post@novatech.no with the request. Novatech is required to reply within 30 days.

4.2. Request to be Deleted

You have the right to request that Novatech delete your PII. Contact us at post@novatech.no with the request. Please note that some information cannot be deleted for technical and contractual reasons, including but not limited to the following:

• Contract signatures

• Email threads

• Log entries

 Novatech is required to comply within 30 days.

4.3. Rectification

You have the right to rectification of your PII stored by Novatech. Contact us at post@novatech.no with the request. Novatech is required to reply within 30 days.

4.4. Data Portability

You have the right to download and transfer your PII stored by Novatech to any provider of your choice. Contact us at post@novatech.no with the request. Novatech is required to reply within 30 days.

5. Processing of PII

Your PII is not processed to create new information, such as personal profiles. We will not sell or share your personal information.

6. Data Processor Agreement

A data processor agreement will be made with the subcontractor, should Novatech AS decide to use any subcontractors that may come in contact with PII. The data processor agreement will be according to the GDPR regulations and can not be more lenient than this GDPR policy.

7. Work done for clients

Reports and other work done on behalf of clients may be printed or otherwise distributed by the client. This work is owned by the client and does not fall under the Novatech GDPR policy, but under the PII/GDPR policy of the client.

PII collected by Novatech AS collected outside the frame of these projects shall not be included in these projects. E.g., Novatech cannot use PII collected from its website or its applications or from other clients in any projects delivered to a client.

8. Novatech's Employees

Novatech will not collect more information than necessary to efficiently perform our business from our employees.

It is the responsibility of the Novatech CEO to inform employees about the GDPR policy and to follow up on the GDPR policy if employees should be in contact with PII from people outside Novatech AS.