Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data is:

2. Data We Collect

We may collect and process the following categories of personal data:

2.1. Data You Provide Directly

• Account and identity data: Full name, username, email address, phone number, postal address, company name (if applicable)
• Payment data: Billing address and payment card details (card number, expiration date, CVV). Note: full payment card data is processed directly by our payment processor and is not stored on our servers
• Communication data: Any information you provide when contacting us via email, support forms, or other communication channels
• Order data: Details of your purchases, licence keys, Dongle identifiers, and transaction history

2.2. Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution, language preferences
• Usage data: Pages visited, time and date of access, referring URLs, navigation paths, and interaction patterns on our website
• Software usage data: Licence activation data, Dongle identification, software version, and authentication logs necessary for licence management and security
• Log data: Server logs, error reports, and diagnostic data generated during use of the Service

2.3. Data from Third Parties

• Payment confirmation data: Transaction status and confirmation from our payment processor

3. Purposes and Legal Basis for Processing

We process your personal data for the following purposes, each supported by a lawful basis under Article 6 of the GDPR:

Purpose	Legal Basis (Art. 6 GDPR)
Processing your orders, delivering digital products, and managing your licence	Performance of a contract (Art. 6(1)(b))
Processing card payments and preventing payment fraud	Performance of a contract (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Providing technical support and responding to enquiries	Performance of a contract (Art. 6(1)(b))
Compliance with tax, accounting, and other legal obligations	Legal obligation (Art. 6(1)(c))
Licence enforcement, Dongle management, and prevention of unauthorised use	Legitimate interest (Art. 6(1)(f))
Improving our website, services, and user experience	Legitimate interest (Art. 6(1)(f))
Ensuring the security and integrity of our systems and preventing fraud or abuse	Legitimate interest (Art. 6(1)(f))
Sending essential service-related communications (e.g., licence expiry, security alerts, updates)	Performance of a contract (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Sending marketing communications (only with your explicit consent)	Consent (Art. 6(1)(a))

Where processing is based on legitimate interest, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

4. Third-Party Data Sharing

We may share your personal data with the following categories of third parties, only to the extent necessary for the stated purposes:

4.1. Payment Processor

Payment card data is transmitted securely to Borica AD for payment processing and 3D Secure (3DS) requirements. NuoVolta does not store full payment card numbers on its servers.

4.2. Service Providers (Data Processors)

We may engage trusted third-party service providers who process data on our behalf under written data processing agreements in accordance with Article 28 of the GDPR. These may include:

• Web hosting and cloud infrastructure providers
• Email service providers
• IT support and maintenance providers
• Analytics service providers

All data processors are contractually obligated to process your data only on our instructions, maintain appropriate security measures, and comply with applicable data protection laws.

4.3. Legal and Regulatory Authorities

We may disclose your personal data to public authorities, law enforcement agencies, courts, or regulatory bodies where required by law or necessary to protect our legal rights, safety, or property.

4.4. No Sale of Personal Data

We do not sell, rent, trade, or otherwise transfer your personal data to third parties for their own marketing or commercial purposes.

5. International Data Transfers

5.1. Your personal data is primarily stored and processed within the European Economic Area (EEA).

5.2. If personal data is transferred outside the EEA, we ensure appropriate safeguards under Chapter V of the GDPR.

• An adequacy decision by the European Commission (Art. 45 GDPR)
• Standard Contractual Clauses approved by the European Commission (Art. 46(2)(c) GDPR)
• Other lawful transfer mechanisms as permitted under the GDPR

5.3. You may request information about safeguards applied to international transfers by contacting us using the details in Section 1.

6. Cookies and Tracking Technologies

6.1. Our website may use cookies and similar tracking technologies to enhance your experience, analyse usage, and ensure proper service functionality.

6.2. Types of Cookies Used

• Strictly necessary cookies: Essential for website operation and service provision (session, authentication, security). These cannot be disabled.
• Functional cookies: Enable enhanced functionality and personalisation (e.g., language preferences, user settings).
• Analytical/performance cookies: Help us understand website usage anonymously and are only placed with your consent.

6.3. Cookie Consent

Except for strictly necessary cookies, we will obtain your consent before placing cookies on your device. You may manage preferences through browser settings or site consent tools.

6.4. Disabling certain cookies may affect service functionality.

7. Data Retention

7.1. We retain your personal data only as long as necessary for the original purposes or as required by law. Specific periods include:

• Account and licence data: Retained during active licence and for five (5) years after expiry/deletion
• Transaction and payment records: Retained for at least ten (10) years as required by law
• Communication records: Retained for three (3) years unless longer retention is required
• Technical and usage logs: Retained up to twelve (12) months unless needed for security/legal reasons
• Marketing consent records: Retained while consent is active and for a reasonable period as proof

7.2. After the applicable retention period, personal data is securely deleted or anonymised.

8. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR. You may exercise these rights by contacting us at [email protected]:

8.1. Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation whether we process your personal data and, if so, access it and receive a copy with processing information.

8.2. Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data and completion of incomplete data.

8.3. Right to Erasure ("Right to Be Forgotten") (Art. 17 GDPR)

You have the right to request deletion of your personal data in circumstances provided by law, subject to legal exceptions.

8.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in specific circumstances, including contested accuracy or pending objection review.

8.5. Right to Data Portability (Art. 20 GDPR)

Where processing is based on consent or contract and automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.

8.6. Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interest and an absolute right to object to direct marketing at any time.

8.7. Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.

8.8. Right Not to Be Subject to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to solely automated decisions with legal or similarly significant effects. We currently do not perform such decision-making.

8.9. Exercising Your Rights

To exercise your rights, send a written request to [email protected]. We may verify identity and respond within one (1) month, extendable by two (2) months where necessary.

9. Data Security

9.1. We implement appropriate technical and organisational safeguards under Article 32 GDPR, including:

• Encryption of data in transit (TLS/SSL) and at rest where appropriate
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Staff training on data protection obligations
• Secure payment processing through PCI DSS-compliant third parties

9.2. While we apply reasonable precautions, no internet transmission or storage method is completely secure.

10. Data Protection Officer

For questions about personal data processing or to exercise your rights, you may contact our Data Protection Officer at:

11. Supervisory Authority

If you believe our processing infringes data protection law, you may lodge a complaint with the competent supervisory authority. The lead authority for NuoVolta is:

You may also lodge a complaint with the supervisory authority in your country of residence or workplace.

12. Children's Privacy

The Service is not directed to individuals under eighteen (18). We do not knowingly collect children's personal data and will delete such data where required.

13. Changes to This Privacy Policy

13.1. We may update this Privacy Policy to reflect changes in practices, technology, legal requirements, or other factors.

13.2. Where changes are material, we will endeavour to notify you through the Service or via email before they take effect.

13.3. Continued use of the Service after publication of the revised Policy constitutes acceptance of the changes.

Contact

For questions, requests, or concerns regarding this Privacy Policy or personal data processing, please contact us at: