Our priority at Novo is keeping your data secure and treating it with respect. We aim to handle your data fairly and lawfully at all times. We’re also committed to being transparent about what we do.This statement explains how we collect, use, transfer and store your personal data. We know that there’s a lot of information here, but it’s important that you understand your rights as a customer.
It’s likely that we’ll update this Notice from time to time in order to reflect changes in the law and/or to our privacy practices, but we will notify you of any significant changes. When we make these changes we will place the revised version on our website that can be viewed under the Privacy Information section.
Who is responsible for your data?
We refer to ‘Novo’ in this statement. This means Novo Innovations Limited, a company registered in England & Wales.
Novo is the ‘data controller’ for your personal data. This means we have legal responsibility for how we collect and handle your data.
How can you contact us?
Novo can be contacted at:
Novo’s Data Protection Officer has overall responsibility for the way that Novo collects and handles personal data. If you have any queries about how we use your personal data, please contact the Data Protection Officer at the address above or by email to: firstname.lastname@example.org
Who does this statement apply to?
Individuals, sole traders and partnerships
People we wish to promote products and services to
People who contact us on social media
People who visit our website
Individuals, sole traders and partnerships
What personal data do we collect?
Data we collect from you includes:
Data we may collect from otherpeople or organisations:
What do we use your personal data for?
It is important that you understand what we will do with the data that we hold about you.
We will process your data for the purposes necessary for our contract with you including:
If required, we will process your data to comply with legal obligations including:
This may include release of data if required by law.
We will process your data where we or someone else has a legitimate interest. We will ensure that our interest has been balanced against your rights and freedoms as an individual. This includes:
Who do we share your personal data with?
We'll get information from various sources, including our partners, otherorganisationsinvolved in providing services to you and publicly available information. We'll match it with our own data to make sure the information we have about you is accurate and up to date.
We might also share your data with:
Please be advised that we do not reveal information about identifiable individuals to our advertisers but we may, on occasion, provide them with aggregate statistical information about our visitors such as your area of residence or age group.
Automated decision-making and profiling
We may use automated decision making, including profiling. Automated decision-making involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests and behaviour, for instance in relation to a contract entered into by you with us. We may do this for the following reasons:
All this activity is on the basis of our legitimate interests in protecting our business, tailoring the offers we make and developing and improving our products and services.
People we wish to promote products and services to
We would like to use your personal data to communicate with you by email, text, letter, telephone, social media and via our website.
With your consent, we will tell you about products and services, promotions, tailored special offers and discounts that we think are likely to interest you. If you’ve given us permission to send you marketing information we will respect your choices as to how you would like to receive this.
We may send you letters or call you without your prior agreement when we have a legitimate interest in doing this. Our legitimate interest might be:
Sometimes we may also want to rely on these legitimate interests to share your information with other organisations, both within Novo and externally, for marketing purposes. Some examples are:
You’re in control
We won’t use your personal data to promote anything to you, or for any marketing purpose at all (including profiling you for marketing), if you have told us not to. We will give you the opportunity to opt out of receiving marketing information whenever we contact you directly for this purpose. You can also opt out, and change your consent preferences, by calling us directly or going online.
People who contact us via social media
We have accounts on most major social media channels and use their ‘public’ platforms to manage our social media interactions. We do not have any control over how these companies use any data shared with us through their services, and we recommend you review their privacy notices yourself. We would also remind you that any information you post publically is visible to anyone.
If we know you are a Novo customer and you send us personal data using a private or direct message via social media that data will be stored along with your other account records in line with our standard data retention period.
Visitors to our website
By using our website, you're allowing us to collect and use the information you give us for the purposes of your visit or as explained to you.
Our website contains tracking code provided by Google Analytics and Facebook Pixel. This code enables Google Analytics and Facebook Pixel to track activity on the business section of our website and provide Novo with information on the IP address of the requesting computer (this data is notanonymised), the date and duration of the user’s visit, and the web pages which the user visits. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason.
You can opt out of the collection, storage and processing of IP data at any time by clicking on this link:
Most internet browsers, like Firefox, Safari or Google Chrome, let websites store simple text files called 'cookies' on your computer.
They let websites remember things like your username or password so you don't need to re-type them every time you visit. They also help websites see how you use them, and this can be used to improve how websites work.
We have a legal responsibility to tell you about the kind of cookies we use, what they're for and how to turn them off. We strongly suggest you accept our cookies to get the best possible service from our website.
These are known as website tracking tools and they're used on most websites. They give us general information about how people are using our website, including what pages they visit, how long they visit for and the kind of things they do. This helps us spot problems and improve the website.
Facebook Pixel uses retargeting cookies to provide you with personalised adverts. It also allows us to see the effectiveness of our advertising on Facebook. By tracking sales we can offer more relevant content.
How you disable or delete cookies depends on which version of your internet browser you're using.
You should be able to check this by going to the About section in the Help or Tools section of your browser.
To find out more, we suggest you visit aboutcookies.org, where you'll find easy to follow instructions for both deleting or controlling cookies from your browser.
aboutcookies.org is a third-party website, so we're not responsible for the information on it, but we're more than happy to recommend it.
If we collect or handle your personal data you have rights as an individual which you can exercise in relation to the information we hold about you.
Right of access to your personal data
Individuals can find out if we hold any personal data about them, and access that data, by making a ‘subject access request’. If we do hold your personal data, we will provide you with a copy and information about what we do with it. Unless you ask us to provide it in a different way, we will email this to you where you have given us an email address.
You can request access to your data using any of the methods on our Contact Us Page.
If you only want to see certain items and you agree, we will try to deal with your request informally, for example, by providing you with the specific information you need over the telephone.
Other rights you have
If you’ve given us consent to process your personal data, you have the right to withdraw that consent at any time by contacting us. If you have an online account with us, you can also make changes to that preference in your account.
You can request that we:
It’s worth noting that if you do ask us to correct, delete or stop processing it, we won’t always be required to do so. For example we may need to continue in order to service your account in line with our contract. If this is the case, we will explain why.
If we are making decisions about you based solely on automated processing, including profiling, then in certain circumstances (where we are processing on the basis of a legitimate interest and the decision has legal or similar effects on you), you have the right to have a person make the decision instead. Of course, if we are profiling you for marketing purposes, we will stop altogether.
In certain circumstances where you provide your information to us:
you can require that we provide the data we hold about you either to you or a third party in a commonly used format. This only applies if we are processing it using automation only. If you would like more information about this, let us know.
Your right to contact the Information Commissioner
If you're unhappy with any aspect of how we handle your personal data you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by going to their website at https://ico.org.uk, phoning them on 0303 123 1113 or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
How long do we store your personal data for?
If we have entered into a contract with you we will retain your personal data for seven years following the end of our contractual relationship with you (which might be when your app account last shows activity). There may be circumstances when we need to keep it for longer, for instance, if we are dealing with a complaint from you or to meet our legal obligations, but we will delete it as soon as we have no need to keep it further.
If we hold your data for any other reason we will delete it as soon as we no longer have a valid reason to retain it.
How we keep your information safe
When you log in to your online website account or purchase from our website, our pages are secure, which means all the personal details you type in are encrypted before they’re sent to us. The Novo app also holds customer data in a secure way using password encryption.
We then store and use this information securely, so it can't be read by anyone who doesn't need to see it.
When you get in touch with us, we'll ask you a couple of security questions before we share any personal details, just to check it's you.
When we use other organisations to help us provide services and manage your account, we have appropriate contracts in place, which limits their use of your data to only what we have asked them to do. We provide only the information they need to perform their specific services and we work closely with them to ensure that your privacy is respected and protected at all times. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
What happens if we send your data out of the European Economic Area
Data protection laws allow us to transfer personal data to organisations in countries within the European Economic Area (EEA), as those countries are signed up to the same laws and have to have the same controls and safeguards in place to protect your data. We may transfer your personal data to an organisation in a country outside the EEA, in which case we will only do so where the European Commission has declared that the receiving country has an adequate level of protection, or we have a contract in place which includes appropriate data protection clauses requiring that your data is handled to the same standards as we uphold.
If your data is being transferred outside the EEA, then you can obtain details of the relevant safeguards by contacting our Data Protection Officer.