Back to home

GDPR Compliance

Last updated: January 1, 2026

This page explains how Novara complies with the EU General Data Protection Regulation (GDPR) and the rights available to individuals located in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with equivalent data protection laws.

1. Scope

This section applies to personal data of individuals located in the EEA and UK that we process in connection with the Service. It supplements, and should be read together with, our Privacy Policy.

2. Data Controller

Novara acts as the data controller for the personal information collected through the Service. You can contact our data protection team using the details in the "Contact Us" section below.

3. Legal Basis for Processing

We process personal data on the following legal bases: performance of a contract (to provide the Service you subscribed to); legitimate interests (to improve, secure and personalize the Service); consent (for optional marketing communications and certain cookies); and compliance with legal obligations (such as tax and accounting rules).

4. Your Data Subject Rights

Under the GDPR, you have the right to:

— Access the personal data we hold about you;

— Rectify inaccurate or incomplete data;

— Request erasure of your data ("right to be forgotten"), subject to legal exceptions;

— Restrict or object to certain processing;

— Receive your data in a portable format;

— Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us using the details below. We will respond within one month, as required by the GDPR.

5. International Data Transfers

Where personal data is transferred outside the EEA or UK, we rely on adequacy decisions or appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to ensure an equivalent level of protection.

6. Data Protection Officer

You may contact our Data Protection Officer with any questions about our data protection practices or to exercise your rights, at dpo@novara.example.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where required by law.

8. Right to Lodge a Complaint

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

9. Contact Us

For GDPR-related questions or to exercise your data subject rights, contact our Data Protection Officer at dpo@novara.example.