Privacy Policy - NOVELUS

Data Protection Policy

-Novelus-

I- Aims and Principals:

Novelus Group (“Novelus”) is committed to protecting the privacy and security of your Personal Data.

Through this Data Protection Policy, Novelus aims to ensure that all the Personal Data collected by her is collected, stored, controlled and processed by Novelus in accordance with the following principals:

1- Lawfulness, Fairness, and Transparency: Data will be processed lawfully, fairly, and in a transparent manner.

2- Purpose Limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3- Data Minimization: Only the data necessary for the specific purpose will be processed.

4- Accuracy: Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, are erased or rectified without delay.

5- Storage Limitation: Data will be retained only for as long as necessary for the purposes for which it was collected.

6- Integrity and Confidentiality: Data will be processed in a manner that ensures its security through appropriate technical and organizational measures.

7- Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the principles related to the processing of personal data.

II- Applicable Laws:

This Data Protection Policy meets the requirements of:

The European Union General Data Protection Regulation (“GDPR”).
The UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (“PDPL”).

If you are a resident outside of the European Union and the United Araba Emirates, and engage with our websites, services or products, additional local Data protection laws may apply. In these cases, we will provide further details through separate disclosures.

Your personal data may also be processed by companies related to Novelus (sister company, mother company, daughter company, …). Such data processing is based on the Adequacy Decisions by the European Union Commission and the European Union standard contractual clauses, with additional safeguards where legally required.

III- Definitions:

1- Personal Data or DATA: it means any information relating to an identified, or identifiable natural person. This may include the person’s name, identification number, location data, online identifier; it may also include factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.

2- Data Subject: Data Subject refers to any identified or identifiable natural person whose Personal Data is being processed by a Data controller or processor.

3- Data Processing: Data Processing means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure or destruction.

4- HTTPS Data: HTTP(S) data refers to the protocol data generated when websites are visited using the Hypertext Transfer Protocol (Secure). This data can include the IP address, browser type and version, operating system, the specific page visited, the previous page visited, and the date and time of the visit.

5- Cookies: Cookies are small text files that store information on a website user’s device through the browser during a website visit. These files allow the stored information to be read and processed upon returning to the website using the same device. This process utilizes the processing and storage capabilities of your device’s browser, enabling the collection of information from the browser’s storage area.

IV- Data Processing Basic Provisions

1. Legal Grounds of our Data Processing

In principle, the legal ground of our Data Processing is your consent, according to the Article 6 Paragraph 1 (f) of the GDPR, and the Article 4 of the PDPL. As per the aforementioned articles, the Data Processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Accordingly, we ask for your consent before Processing your Personal Data.

Exceptionally, in certain specific cases stated by the Law, our data processing activities are deemed lawful, even when we process your data without obtaining your consent; for example, the Data Processing is Lawful if:

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 Paragraph 1 (b) of the GDPR, and the Article 4 (9) of the PDPL);
processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 Paragraph 1 (c) of the GDPR, and the Article 4 (10) of the PDPL);
processing is necessary in order to protect the vital interests of the data subject (Article 6 Paragraph 1 (d) of the GDPR, and the Article 4 (7) of the PDPL);
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6 Paragraph 1 (f) of the GDPR).

2. Rights of Data Subjects

In line with our commitments, we would like to remind you of the significant rights you hold concerning the processing of your Personal Data. These rights, outlined below, provide you with the necessary tools to manage and protect your personal information effectively.

You have the right to request information at any time about all your Personal Data which we are processing.
If your Personal Data is incorrect or incomplete, you have the right to have it rectified and completed.
You can request the erasure of your Personal Data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your Data.
You can request a restriction to the processing of your Personal Data, if the applicable legal requirements are met.
You have the right to object to the Data Processing if it’s based on profiling or direct marketing purposes.
If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
If we process your data based on a declaration of consent, you have the right to withdraw your consent at any time with future effect.
If the Data Processing is based on your consent or a contract, you have the right to a transfer of the data provided by you, as long as this does not infringe the rights and freedoms of others.
You have the right to file a complaint at any time with a data protection supervisory authority, if you believe that Data Processing has been carried out in violation of the applicable law.

3. Data Processing of Personal Data coming from Children Under 13 Years

We do not knowingly collect or use personal data from children under 13 years without obtaining verifiable consent from their parents.

V- Data Processing Overview for Various User Groups:

Here, we’ve outlined crucial details regarding how your Personal Data is typically handled, categorized by distinct user groups or data subject categories.

User Groups visiting Novelus’ Website are as follow:

Regular website visitors
Novelus Account Users, Novelus Product Customers
Newsletter Recipients
Participants in Surveys, Interviews, and Usability Tests
Job Applicants
Users Seeking Help and Support
Development Partners

1. Regular Website Visitors

1.1 Server-log Personal Data

The functionality of our website relies on the sharing of personal data such as the IP address; the usage of our website and the interaction via the website without providing such data is technically impossible.

Therefore, during your use of our websites, specific information will be automatically transmitted to our servers by the browser on your device. This data is then stored and processed on our server.

a- Purpose: Our purpose in handling this data is to provide the content of the website to you, to ensure the secure functioning of the IT infrastructure used, to correct errors, to enhance and expedite searches on the website, and to manage cookies.

b- Legal Ground: As per the Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in the operation of an online presence, in communication with our partners, and in internal compliance reporting, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The data processed is HTTPS data.

d- Duration: IP addresses are automatically rendered anonymous after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.

1.2 Cookies Policy

We use various types of Cookies on our websites. We categorize Cookies into two types: Technically Required cookies and Tracking Cookies.

1.2.1 Technically required cookies:

Technically required Cookies are essential for the website’s operation, and they cannot be turned off using the site’s cookie management feature. Even though you can disable Cookies through your device browser settings, you should take into consideration that disabling Cookies this way might prevent some functions of the website from working correctly. We use three types of Technically Required Cookies: Consent Cookies, Session Cookies, and Security Cookies.

i- Consent Cookies:

These are Cookies that record and store user preferences regarding the acceptance or rejection of various types of Cookies on our website, helping to streamline and personalize the browsing experience. Without the disclosure of the required Personal Data here, the use of our website is not possible.

a- Purpose: Our purpose of data processing here is to record the user’s decision concerning Cookies on our website.

b- Legal Ground: As per the Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in controlling Cookies according to the User’s decision in order to improve the User’s experience, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The processed data is limited to the HTTPS data and the User’s decision on Cookies.

d- Duration: The Data stored will be deleted after one year. Exceptionally, if the user’s decision was to reject Cookies, the Data will be deleted at the end of the session.

ii- Session Cookies:

These are temporary Cookies that store data like user preferences and account information for the duration of a website visit, facilitating smoother navigation and personalized user experiences. Without the disclosure of the required Personal Data here, the use of our website is not possible.

a- Purpose: Our purpose of data processing here is to enable login and specific settings related to the User.

b- Legal Ground: As per the Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in providing a better experience to our website’s users, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The processed data is limited to the costumer account, language selection, country, and Cookies settings. The Data will be automatically transmitted by the browser of the user.

d- Duration: The Data stored will be deleted after one year.

iii- IT Security Cookies:

These Cookies enhance the security of a website by protecting against cyber threats such as cross-site request forgery and other potential malicious attacks, ensuring a safer browsing environment for users. Without the disclosure of the required Personal Data here, the use of our website is not possible.

a- Purpose: Our purpose of data processing here is to prevent IT security attacks in order to insure a safe and secure experience for our website users.

Legal Ground: As per this article, the Article 6 Paragraph 1 (d) of the GDPR and the article 4 (7) of the PDPL, the Processing of the Personal Data shall be lawful if the processing is necessary in protecting the data subject interests. Accordingly, and since we use IT security Cookies in order to protect our website users from IT Security Attacks, therefore the processing of the Personal Data in this case is deemed to be lawful.

b- Processed Data: The processed data is limited to the HTTPS Data and the IT security test results. The Data will be automatically transmitted by the browser of the user.

c- Duration: The Data stored will be deleted at the end of the session.

1.2.2 Tracking Cookies

Tracking cookies are a type of cookie that monitors and records users’ online activities over a period of time, typically used by websites to collect data on user preferences and behaviors. Therefore, the function of the Tracking Cookies require the user’s consent, and without such consent the Cookies requiring consent are not activated.

When you visit our websites, we display our cookie banner, and you are required to choose between:

– Accepting: you can declare your consent to the use of all cookies requiring consent on this website by clicking on the “Accept” button.

– Refusing: you can also completely reject the use of cookies requiring consent By clicking the “decline” button. Your decision will be saved in a cookie, and your decision won’t affect the use of our website.

– Selecting: you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.

2. Novelus Account User, Novelus Product Customer

A Novelus Account User is an individual or an entity who has registered and established an account with Novelus to engage with the brand’s offerings, encompassing consultations, support, updates on product enhancements and new releases… A Novelus Product Customer is an individual or an entity that has engaged in a transaction to purchase a Novelus product. Disclosure of Personal Data is mandatory for Account Users and Product Costumers, otherwise the contractual relationship cannot be established.

a- Purpose: Our purpose of data processing here is to perform our contractual obligations coming from our contractual relationship, to provide assistance and support for our Account Users and Product Costumers, and to conduct verification and authentication procedures.

b- Legal Ground: As per the Article 6 Paragraph 1 (b) and (c) of the GDPR and the article 4 (9) and (10) of the PDPL, the Processing of the Personal Data shall be lawful if the processing is necessary for the performance of a contract, and if the processing is necessary for compliance with a legal obligation to which the controller is subject to. Accordingly, and since the processing of Data is crucial for us in order to perform our contractual obligations, therefore the processing of the Personal Data of our Account Users and Product Costumer is deemed to be lawful.

Furthermore, and as per the Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in communicating with our customers, in advertising our Products, in improving our products and services, in defending ourselves in any future legal dispute, therefore the processing of the Personal Data in this case is deemed to be lawful.

Kindly note that the legal basis for the transfer of historic order and payment information to payment providers is your consent (Article 6 Paragraph 1 (f) of the GDPR, and Article 4 of the PDPL).

c- Processed Data: The processed data includes: name, username, IP address, contact data, language settings, data of the registration of the account, account events, communication data, usage data, and content preferences. If you acquire a Novelus product, the processed data will also include billing address and details, data of the registration of the Novelus license, type of Novelus Product, download data, account events including validation, timestamps, and details on your usage behavior related to the Novelus products.

d- Duration: All data stored related to contracts and bookkeeping will be stored for a period of ten years after the contract’s end. Data that become relevant for a defense against possible claims is stored for three years.

3. Newsletter Recipients

We use newsletter to send to the subscribers information about Novelus, about our products, about our partners, about our offers, and other things. Without the disclosure of the required Personal Data here,

we won’t be able to send our newsletters to you. Kindly note that you can unsubscribe from the newsletter at any time.

a- Purpose: Our purpose of data processing here is to send newsletter, and to send relevant content to the subscribers according to their Data.

b- Legal Ground: the legal ground of our lawful Data Processing here is your consent, as per the terms of Article 6 Paragraph 1 (f) of the GDPR, and the Article 4 of the PDPL.

Furthermore, as per Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in the keeping you updated, in improving our services, and in showing our subscribers a more relevant content, therefore the processing of the Personal Data in this case is deemed to be lawful.

d- Processed Data: The processed data is limited to the HTTPS Data, the name, the email address, the web extend identifiers, and the opening and reading times of the newsletter. The Data will be transmitted by you when you subscribe to our newsletter, or when engage in a contractual relationship with us.

e- Duration: The Data stored regarding newsletters will be deleted when you unsubscribe from the newsletters. The remaining data will be deleted after one year, except the case where we find a legitimate interest in keeping your Data or where we need to comply with our legal retention obligations of the data.

4. Participants in Survey, Interview, and Usability Test

In our ongoing effort to align and enhance our products and services with the needs and preferences of our users, we invite you to voluntarily participate in various data collection methods including surveys, interviews, and usability tests. Participation in surveys involves providing your insights, feedback, or other information through structured questionnaires. Participation in interviews engage you in a more detailed discussion, potentially offering comprehensive insights on various topics. As a usability test participant, you assist us in evaluating the effectiveness and user-friendliness of our products or services.

a- Purpose: Our purpose of data processing here is to conduct Surveys, Interviews, and Usability Tests in order to evaluate the results accordingly.

b- Legal Ground: the legal ground of our lawful Data Processing here is your consent, as per the terms of Article 6 Paragraph 1 (f) of the GDPR, and the Article 4 of the PDPL.

Furthermore, as per Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in improving our products and services according to our users’ opinions, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The processed data is limited to the content of the Surveys, the Interviews and the Usability Tests, and to the timestamp and the metadata of the participation.

d- Duration: The Data stored regarding Surveys, Interviews and Usability Tests will be deleted after one year or at the end of the Contract, except the case where we find a legitimate interest in keeping your Data for follow-up or for compliance with our legal retention obligations.

5. Job Applicants

At Novelus, we are committed to fostering a transparent and responsible recruitment process. Accordingly, we receive job applications from candidates who express their interest in joining Novelus by submitting their job applications. Kindly note that without the submission of the required personal data, we won’t consider your job application.

a- Purpose: Our purpose of data processing here is the selection of job candidates for available jobs and for future jobs that matches the applicant’s profile.

b- Legal Ground: the legal ground of our lawful Data Processing here is your consent, as per the terms of Article 6 Paragraph 1 (f) of the GDPR, and Article 4 of the PDPL.

c- Processed Data: The processed data is limited to the Name, Contact Information, Attached Documents (CV, Cover Letter, Certifications, …) and to the timestamp and the metadata of the communication.

d- Duration: The Data stored regarding Job Applications will be deleted three months after the application process has ended. In the event of a requested inclusion in our applicant pool, your data will be deleted if you withdraw your consent or after two years.

6. Users Seeking Help and Support

At Novelus, we are devoted to offering you a comprehensive knowledge base and responsive contact support to address your sales inquiries and technical support requests. Kindly note that the Help and Support features are only available for Novelus Account Users, and that without the disclosure of the required Personal Data we won’t be able to provide you with Help and Support.

a- Purpose: Our purpose of data processing here to provide you with the support, help and assistance upon your request.

b- Legal Ground: As per Article 6 Paragraph 1 (b) of the GDPR and article 4 (9) of the PDPL, the Processing of the Personal Data shall be lawful if the processing is necessary for the performance of a contract. Accordingly, and since the processing of Data is crucial for us in order to perform our contractual obligations raised out of the Contract between us, therefore the processing of the Personal Data in here is deemed to be lawful.

Furthermore, as per Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest providing our users with help and support, and in improving our services and products according to the issues facing our Users, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The processed data is limited to the Name, Contact Information, Login Data of the Novelus Account, and the Description and attached files and Data of your request.

d- Duration: The Data stored regarding Help and Support requests will be deleted after you delete your Novelus account. Contractual data and data relevant for accounting is stored for 10 calendar years.

7. Development Partners

A development partner refers to an individual or an entity that collaborates with us on projects or initiatives aimed at fostering growth, innovation, or improvement. These partnerships can take various forms.

a- Purpose: Our purpose of data processing here the preparation and execution of a contractual relationship, and improving Novelus services and products

Furthermore, as per Article 6 Paragraph 1 (f) of the GDPR, the Processing of the Personal Data shall be lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Accordingly, and since we have a legitimate interest in verifying your contact Data, and in improving our services and products accordingly, therefore the processing of the Personal Data in this case is deemed to be lawful.

c- Processed Data: The processed data is limited to the Name, Contact Information, Data about development activities, usage data, and license contract data.

d- Duration: Contractual data will be deleted ten calendar years after termination of the contract.

For any purpose related to the subject of this Data Protection Policy, you can reach our data protection officer by sending an email to info@Novelus.com.