GDPR Compliance

GDPR Compliance & Data Protection

Novura is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other data protection laws.

Our Commitment

As a consulting firm, we process personal data lawfully and transparently. We collect only what's necessary for our engagements, keep it secure, and fully respect your rights under GDPR.

Your Rights Under GDPR

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Request corrections to inaccurate personal data

Right to Erasure

Request deletion of your personal data

Right to Data Portability

Receive your data in a portable format

Right to Restrict Processing

Limit how we use your personal data

Right to Object

Object to certain types of data processing

To exercise any of these rights, please contact our Data Protection Officer

Data We Collect & Retention Periods

Client Information

7 years for financial records

Company name

Contact details

Business requirements

Project Data

1 year after project completion

Workflow documentation

System specifications

Process data

Development Data

Duration of engagement plus 6 months

Code repositories

Testing data

Performance metrics

Communication Data

3 years

Project emails

Meeting notes

Support correspondence

Technical & Organizational Measures

We implement comprehensive security measures to protect your personal data

End-to-end encryption for all client data

Confidentiality agreements with all team members

Secure development practices for custom solutions

Data residency compliance for EU clients

Limited access on need-to-know basis

Regular privacy and security training

Incident response procedures

Data minimization in all engagements

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

•Standard Contractual Clauses approved by the European Commission
•Adequacy decisions for countries with equivalent data protection
•Your explicit consent where required

Legal Basis for Processing

Contract Performance

We process data necessary to provide our services and fulfill our contractual obligations to you.

Legitimate Interests

We may process data for our legitimate business interests, such as improving our services and preventing fraud.

Legal Obligations

We process data when required by law, such as for tax purposes or regulatory compliance.

Consent

For certain processing activities, we rely on your explicit consent, which you can withdraw at any time.

Questions About Your Data?

Our Data Protection Officer is here to help with any questions about how we handle your personal data or to assist you in exercising your rights.

Email: dpo@novura.io | Response time: Within 30 days

Right to Lodge a Complaint

If you're not satisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority. We'd appreciate the chance to address your concerns first, so please contact us before filing a complaint.