Who are we?
NOVENTIQ SERVICES INDIA PRIVATE LIMITED, with its offices at A-614, Kanakia Wallstreet, Chakala, Andheri-Kurla Road, Andheri (East), Mumbai – 400 093, (hereinafter “NOVENTIQ”, "we" or "us"), acting as data controller (data fiduciary).
What does this Privacy Notice cover?
This Privacy Notice applies to our public-facing website https://noventiqindia.com/ and all included services available on this website or provided off-site by the controller. Some NOVENTIQ websites, apps, or online services may collect and use personal information about you in a different way and so will have a different NOVENTIQ Privacy Notice. We encourage you to look at the applicable Privacy Notice, available on said websites, apps, or online services. Our sites contain links to other websites not owned by NOVENTIQ and we do not control the content or privacy practices of those sites.
Our website and offerings are directed to people in their business or professional capacities. They are not intended for children under 16 years of age. We do not knowingly solicit information online from, or market online to, children under 16 years of age.
Please note, for purpose of this Privacy Notice, personal information means data or set of data that can identify an individual, such as name, address, telephone number, and email address. For what type of data we collect for a specific purpose see below.
What personal data do we collect and how do we intend to use it?
Data collected for concluding and executing contracts for the sale of goods or services
- Data subject categories: representatives and employees of companies purchasing goods and/or services from the controller. Natural persons purchasing goods and/or services from the controller.
- Type of data: Full name, email address, delivery address, phone number. Additionally for companies: company name, Tax registration no like GST, PAN. During the execution of an order, the following data may be processed: clickstream, Data on payment methods, bank account details identifiers of payment transactions, methods and terms of payment, IP address;
- Purpose: concluding and executing contracts for the sale of goods or services;
- Legal basis: performance of a contract;
- Retention time: we will keep the data until the termination of the contract, plus the applicable prescription term. The following data (Full name, address, identifiers of payment transactions) will be retained pass this retention term and archived in order to comply with the minimum retention terms for financial and accounting records legislation;
- Source of data: the data is provided by you directly
- Requirement to provide data and consequences of not providing: the fields are necessary for the conclusion and execution of the contract, not providing such data will result in failure to conclude and execute said contract;
- Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.
Data collected for customer support
- Data subject categories: employees of companies that require support. purchasing goods and/or services from the controller. Natural persons purchasing goods and/or services from the controller;
- Type of data: Full name, email address, phone number, recording of communication, company name;
- Purpose: customer support for ongoing contracts;
- Legal basis: performance of a contract;
- Retention time: we will keep the data until the termination of the contract, plus the applicable prescription term. The recordings of calls will be retained for a maximum period of one year unless the existing contract, legal claim or legal requirement justifies further processing.
- Source of data: the data is provided by you directly
- Requirement to provide data and consequences of not providing: the data is necessary for the customer support service, not providing such data will result in failure to provide said support;
- Additional purpose: the data will be used for statistical purposes in order to better understand our customers and deliver high quality of services and goods.
Data collected for marketing purposes (contacting you via email or telephone for offerings of services, news or events registration)
- Data subject categories: Natural persons that register or opt to get marketing communication from the controller;
- Type of data: name, email address, telephone;
- Purpose: promoting our or our partners services and products;
- Legal basis: consent. You can unsubscribe any time by clicking the unsubscribe link available in all our marketing communication or contact us at sales@noventiq.com;
- Retention time: we will keep the data as long as necessary to provide you with the information you subscribed for, but no more than 2 years since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing.
- Source of data: the data is provided by you directly through the subscription for our newsletter;
- Requirement to provide data and consequences of not providing: the fields are necessary for subscription, not providing such data will result in failure to register for the newsletter.
Data collected through webforms for events registration
- Data subject categories: Natural persons that register to events hosted or facilitated by the controller;
- Type of data: business contact details that might include name, email address, telephone number, company, role, industry;
- Purpose: to register you for the specific event and provide you with the needed information to attend said event;
- Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing unless and until you ask us to provide specific services or products, in which case existing or intended contract provides a legal basis; we find such interests to be justified considering that the data is limited to what is usually shared by the people acting in their business or professional capacities.
- Retention time: we will keep the data as long as necessary to fulfil the purpose pursued but no more than 2 years since the last event registration.
- Source of data: the data is provided by you directly by filling in the webform.
- Requirement to provide data and consequences of not providing: some fields are marked necessary in our webforms in order to submit such forms; not providing such data will result in the inability to submit a form and register for the event.
Data collected for KYC purposes
- Data subject categories: Beneficial Owners, Key Controllers, Directors, and Related Partiesof companies purchasing goods and/or services from the controller;
- Type of data: full name, citizenship, date of birth, manner of control over the controller’s client;
- Purpose: know your client due diligence process;
- Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that we have a legal obligation to conduct this diligence process (Anti-money laundering, and counter terrorist financing, trade sanctions);
- Retention time: we will keep the data as long as necessary to fulfil the purpose pursued unless an ongoing legal claim, legal requirement or applicable rule – including but not limited to the applicable statute of limitations – justifies an additional retention time.
- Source of data: We compile information from publicly available sources. These sources are in the public domain and are reasonably accessible or available to us, such as public websites, regulatory websites, open government databases, exchanges, and public registries.
Data collected and when you contact us directly via email, telephone or post:
- Data subject categories: Natural persons contacting the controller via different communication channels;
- Type of data: depending on the content and channel of your communication to us, this includes business contact details, content of your communication.
- Purpose: to provide you with requested information and respond to your queries.
- Legal basis: the legal basis may differ depending on local laws applicable, but generally we consider that our legitimate interests justify the processing unless and until you ask us to provide specific services or products, in which case existing or intended contract provides a legal basis; we find such interests to be justified considering that the data is limited to what is usually shared by the people acting in their business or professional capacities and we provide easy opt-out (we will only refuse deleting your data if we have a compelling legal justification to keep them).
- Retention time: we will keep the data as long as necessary to fulfil the purpose pursued but no more than 2 years since the last interaction, unless the existing contract, legal claim or legal requirement justifies further processing of which you will be informed (data will be reviewed annually and data which is not relevant will be deleted). Notwithstanding the other provisions we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Source of data: the data is provided by you directly, through interactions with our company and websites, and from publicly available sources of business-related information.
- Requirement to provide data and consequences of not providing: not providing such data will result in no ability to obtain required information.
With whom we share your data?
We disclose your information to NOVENTIQ employees from the relevant teams, companies processing the data on our behalf (hosting providers, mail system provider, organizations providing maintenance services; entities providing services in the field of tax and legal services, subcontractors performing customer service and logistics tasks, providers of statistical, advertising and analytical services, payment service providers, independent third parties when this is necessary (auditors, lawyers, inspection agencies) or based on your choices and actions (as when you ask us to send you a shipment or letter using a third-party provider). Depending on applicable local laws you may obtain from us further information about specific entities having access to the data. Your data will be transferred to third countries and any subsequent transfers will follow applicable local and regional laws. For data transferred outside of EU/EEA, NOVENTIQ also implements EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of Serbia, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Serbian here). For data transferred outside of UK, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available here). For data transferred outside of Argentina, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Spanish here).
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim, whether in court proceedings or in an administrative or out-of-court procedure.
What are your rights?
- Right to withdraw your consent: You can unsubscribe any time by clicking the unsubscribe link available in all our marketing communication, change your preferences on the cookie consent tool or contact us at the relevant contact points indicated below.
- Right to information and transparency: You have the right to be informed on the manner in which we process your personal data.
- Right to access – You have the right to know what if any of your data we process and obtain a copy of it in most cases.
- Right to rectification – You have the right to request us to rectify or complete your data, as the case may be, on the basis of an additional statement.
- Right to restrict the processing – You can request us to restrict the processing of your personal data in certain cases.
- Right to erasure („right to be forgotten”) – You have the right to request and obtain the erasure of your personal data in some cases.
- Right to data portability – In certain cases you have the right to receive the personal data that you have provided us in a structured, commonly used and machine readable format or to request we transfer it to another controller.
- Right to oppose the processing/ Right to oppose the processing in direct marketing purposes: We shall not make decisions about data subjects based solely on automated processing.
You may exercise any of your rights in relation to your personal data by written notice to us, using contact details of our Grievance Officer.
How do we safeguard your personal data?
We use a range of security measures to protect your personal information, which based on the specific data we process and the risk that the processing activity might pose to your rights and freedoms, might be”
- Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing.
- Measures for user identification and authorisation.
- Measures for the protection of data during transmission Measures for the protection of data during storage.
- Pseudonymisation and/or encryption of personal data.
- Measures for ensuring physical security of locations at which personal data are processed.
- Measures for ensuring events logging.
- Measures for ensuring system configuration, including default configuration.
- Measures for internal IT and IT security governance and management.
- Measures for certification/assurance of processes and products.
- Measures for ensuring data minimisation.
- Measures for ensuring data quality.
- Measures for ensuring limited data retention.
- Measures for ensuring accountability.
- Measures for early detection, management and recovery for incidents.
How can you contact our Grievance Officer?
Grievance Officer
|
Email
|
Address
|
S. Bhatnagar
|
Dataprotection.india@noventiq.com
|
New Delhi (Gurugram)
Unit No -515, 5th Floor, MGF Metropolis Mall, MG Road, Gurugram (Gurgaon), 122002, India
|
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please report it via the contact points provided in Speak UP Policy.
How do we keep this Privacy Notice updated?
We may update this Privacy Notice from time to time. If we materially change it, we will take steps to inform you of the change.
The date at the bottom of this Privacy Notice shows when it was last updated.
11.04.2022