Nova Logo

Nova Data & AI Limited - Privacy Policy

Effective Date: 15 April 2025

1. Introduction

Nova Data & AI Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our services, visit our website, or interact with us in other ways.  

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all personal data processed by Nova Data & AI Limited.  

2. Who We Are (Data Controller)

Nova Data & AI Limited is the controller responsible for your personal data.

Company Name: Nova Data & AI Limited

Company Registration Number: 16288380

ICO Registration Number: C1675116

If you have any questions about this privacy policy or our data protection practices, please contact us using the details in Section 11.  

3. What Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:  

Identity Data: Includes first name, last name, username or similar identifier.

Contact Data: Includes billing address, delivery address, email address, and telephone numbers.  

Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our services or website.  

Usage Data: Includes information about how you use our website, products, and services, including data captured and recorded during your use of our specific services.

Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.  

Data Provided Directly by You: Any other information you choose to provide to us directly, for example, when filling in forms, contacting customer support, or participating in surveys.

We do not typically collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences unless legally required or under specific, explicitly consented circumstances.  

4. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

Direct interactions: You may give us your Identity, Contact, and other data by filling in forms, using our services, or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

Use or apply for our products or services;

Create an account on our website or platform;

Subscribe to our service or publications;  

Request marketing to be sent to you;

Enter a competition, promotion or survey; or

Give us feedback or contact us.

Automated technologies or interactions: As you interact with our website or services, we will automatically collect Technical Data about your equipment, Browse actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy [Link to your Cookie Policy - You should create one] for further details.  

Third parties or publicly available sources: We may receive personal data about you from various third parties such as analytics providers (like Google), advertising networks, search information providers, or technical/payment service providers.  

5. Legal Basis for Processing Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:  

Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing you with the services you have requested).

Provision of services on behalf of a business with which you have granted permission in one form or another, typically by consuming their services for which we provide an aspect.

Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our services, ensuring network security, preventing fraud).

Legal Obligation: Where we need to comply with a legal obligation (e.g., reporting to HMRC or regulatory bodies).

Consent: Where you have given us specific, informed consent to use your personal data for a particular purpose (e.g., sending you direct marketing emails). You have the right to withdraw consent at any time.

6. How We Use Your Personal Data

We use your personal data for various purposes, including:

To register you as a new customer or user.

To provide and manage your account and our services.

To process and deliver our services, including managing payments, fees, and charges.

To manage our relationship with you (e.g., notifying you about changes to our terms or privacy policy, responding to your enquiries).

To enable you to participate in surveys or provide feedback.

To administer and protect our business and this website/our services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.  

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.  

To make suggestions and recommendations to you about goods or services that may be of interest to you (where we have a legal basis to do so).  

To comply with legal or regulatory requirements.

7. Data Sharing and Disclosure

We may share your personal data with the parties set out below for the purposes set out in Section 6:

Internal staff who need access to the data to perform their roles.

Third-party service providers acting as processors who provide IT, system administration, hosting, analytics, payment processing, and other services on our behalf. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.  

Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.  

HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.  

Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.  

International Transfers: Some of our external third parties may be based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are implemented (such as adequacy regulations or Standard Contractual Clauses approved by the UK authorities).  

8. Data Security

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include access controls, encryption (where appropriate), staff training, and confidentiality obligations.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.  

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (like the ICO) of a breach where we are legally required to do so.  

9. Data Retention and Deletion

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.  

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.  

In accordance with UK GDPR, you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. You can request erasure under certain circumstances (see Section 10). Upon receiving a valid request for erasure, we will delete your data unless we have a legal obligation or other overriding legitimate reason to retain it.  

10. Your Data Protection Rights

Under UK data protection law, you have rights including:

Right of access: You have the right to ask us for copies of your personal data.

Right to rectification: You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

Right to erasure (Right to be forgotten): You have the right to ask us to erase your personal data in certain circumstances.  

Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances.  

Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances (e.g., for direct marketing).  

Right to data portability: You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.  

Right to withdraw consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.  

To exercise any of these rights, please contact us using the details in Section 11. You will not usually have to pay a fee. We have one month to respond to you.

You also have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.  

11. Contact Us

If you have any questions about this privacy policy or our privacy practices, or wish to exercise any of your rights, please contact us:

By Email: [email protected]

12. Changes to This Privacy Policy

We keep our privacy policy under regular review. Any changes will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes. This policy was last updated on the effective date shown at the beginning.