Privacy Notice

Who are we?

Umbrella Infocare Private Limited, with its registered office at 72, Taimoor Nagar, Delhi, New Friends Colony, India, 110065, trading under Noventiq brand, (hereinafter referred to as “Noventiq”, “Controller“ or “we”), acting as a Data Controller/Data Fiduciary. This Privacy Notice (“Notice”) explains how we collect and manage your personal data in accordance with Data Protection Laws.

We will process your personal data in accordance with the provisions of this Notice, the Law, and in compliance with all relevant regulations, standards, codes of conduct, and applicable guidelines.

What does this Privacy Notice cover?

This Notice applies to our website aws.noventiq.com. Certain Products/Services may collect and use your personal data in ways other than those specified in this Notice. In such cases, we or our partners will provide you with a dedicated privacy notice.

Our websites and offerings are directed towards individuals in the context of business or professional activities. They are not intended for individuals under 18 years of age. We do not knowingly request or market online information from individuals under 18 years of age.

We inform you that, in the context of this Notice, personal data means any information or set of information that can identify a person, such as name, address, telephone number, and email address. For more details on how we process this data, please read the information below.

What data do we collect and how do we intend to use it?

Data collected for concluding and executing contracts related to the Products/Services provided to you

  • Datasubject categories: representatives, employees of companies purchasing Products/Services.
  • Type of data: first and last name, email address, password, logs, IP address, browsing Information, address, company name. During the execution of an order, the following data may be processed: data on payment methods, identifiers of payment transactions, methods and terms of payment. We will also send you automated reminders and notifications about subscriptions’ status and balance to help you manage your activity.
  • Purpose: we collect this data to enable the provision and management of the Products or/and Services that you are interested in, and also to conclude and execute the contracts for the sale of Products/Services.
  • Legal basis. Contract execution.
  • Retention time:we will keep the data until the termination of the contract, plus the applicable prescription period. However, certain data, such as full name, address, payment details, will be retained even after the expiration of these periods, as they are archived to comply with financial and accounting record-keeping legislation.
  • Source of data:the data is provided directly by you or by your company’s representatives or is obtained in the context of the conclusion and execution of the contract.
  • Provision of data and possible consequences of refusal: the data is necessary for the conclusion and execution of the contract, and failure to provide this data will result in the inability to conclude and execute the respective contract.
  • Subsequent purpose: the data will be used for statistical purposes to better understand our customers and to provide high-quality Products and Services.

Data processed when using Customer Support Portal

  • Datasubject categories: representatives, employees of companies purchasing Products/Services.
  • Type of data: email address, password, logs, IP address, company name.
  • Purpose: we gather this information to facilitate the administration of the Products and/or Services and to help as needed.
  • Legal basis: contract execution.
  • Retention time:we will keep the data until the termination of the contract, plus the applicable prescription period. However, certain data, such as full name, address, payment details, will be retained even after the expiration of these periods, as they are archived to comply with financial and accounting record-keeping legislation. The data related to the User Account will be erased after 12 months after the contract termination date in order to comply with the storage limitation requirements. Also, you can delete your account at any time directly from the Portal. However, you can create another account if you want to use the Portal.
  • Source of data:the data is provided directly by you or by your company’s representatives or is obtained in the context of the conclusion and execution of the contract.
  • Provision of data and possible consequences of refusal:the data is essential for providing you with the required support, and failing to provide this information will result in our inability to help you through this dedicated channel.
  • Subsequent purpose: the data will be used for statistical purposes to better understand our customers and to provide high-quality Products and Services.

Data collected for customer support:

  • Data subject categories: employees of companies requiring assistance regarding Products and/or Services.
  • Types of data:full name, email address, phone number, communication records, company name, other information provided.
  • Purpose: customer support for ongoing contracts.
  • Legal basis: contract performance.
  • Retention period: we will keep the data until the termination of the contract, plus the applicable prescription period.
  • Source of data: the data is provided directly by you when you are interested in our Products/Services or is obtained in the context of the conclusion and execution of the contract.
  • Provision of data and possible consequences of refusal:the data is necessary for the customer support service, and failure to provide this data will result in the inability to receive the mentioned support/information.
  • Subsequent purpose: the data will be used for statistical purposes to better understand our customers and to provide high-quality Products and/or Services.

Data collected when you download our eBooks and Whitepapers

  • Data subject categories: employees of companies interested in our Products and/or Services.
  • Types of data: full name, email address,
  • Purpose:customer support for ongoing contracts.
  • Legal basis:our legitimate interest to respond to the request of our web visitors.
  • Retention period: we will keep the data only to provide you with the materials requested and to contact you
  • Source of data: the data is provided directly by you when you are interested in our Products/Services.
  • Provision of data and possible consequences of refusal:the data is necessary for providing you with the requested materials, and failure to provide this data will result in the inability to receive the mentioned information.
  • Subsequent purpose: the data will be used for statistical purposes to better understand our customers.

Data collected for marketing purposes (when contacting you by email or phone for service/products offers):

  • Data subject categories:individuals who register or opt-in to receive marketing communications related to our or our partners products and services.
  • Types of data:name, email address, phone number.
  • Purpose:promotion of the Products and/or Services.
  • Legal basis:consent. You can unsubscribe at any time by clicking the unsubscribe link provided in all our marketing communications.
  • Retention period: we will keep the data for as long as necessary to provide you with the information you have subscribed to, but no longer than 2 years from the last interaction, unless legal action or legal provisions justify further processing.
  • Source of data: the data is provided directly by you when you subscribe to our newsletter.
  • Provision of data and possible consequences of refusal: the fields are necessary for subscription, and failure to provide this data will result in the inability to register for receiving marketing communications.

Data collected through web forms for event registration:

  • Data subject categories:individuals who register for events hosted or facilitated by the Controller.
  • Types of data: business contact details that may include name, email address, phone number, company, role, industry.
  • Purpose:registration for the specific event and providing the necessary information to participate in that event.
  • Legal basis:execution of a contract, consisting of participation in the event.
  • Retention period: we will keep the data for as long as necessary to fulfil the intended purpose, but no longer than 2 years from the last event registration, unless legal action or legal provisions justify further processing.
  • Source of data: the data is provided by you directly through the web form.
  • Provision of data and possible consequences of refusal:some fields are marked as required in our web forms to submit such forms; failure to provide this data will result in the inability to submit a form and register for the event.

Data collected for customer knowledge (KYC) purposes:

  • Data subject categories:beneficial owners, key officers, directors, and affiliated individuals of companies purchasing Products and/or Services from the Controller.
  • Types of data: full name, citizenship, date of birth, means of control over the customer of the Controller.
  • Purpose:fulfilling the customer knowledge process.
  • Legal basis: legal obligation to conduct this process against money laundering and for combating terrorism financing.
  • Retention period: we will keep the data for as long as necessary to fulfil the obligations and applicable legal provisions.
  • Data source: the data is collected either directly from the data subject or from publicly available sources. These sources are in the public domain and are reasonably accessible or available to us, such as public websites, regulatory websites, open government databases, exchanges, and public registers.

Data collected when contacting us directly via email, phone, mail or by using the chat box available on our website:

  • Data subject categories:individuals who contact the Controller through various communication channels.
  • Types of data: depending on the content and channel of communication, these may include your contact details and the content of your communication.
  • Purpose: to provide you with the requested information and respond to your inquiries.
  • Legal basis: legitimate interest in providing the requested information.
  • Retention period: we will keep the data for as long as necessary to fulfil the intended purpose, but no longer than 2 years from the last interaction, unless there is a legal justification for further processing, about which you will be informed (data will be reviewed annually, and if no longer relevant, will be deleted).
  • Source of data:the data is provided by you directly through interactions with the company and our websites.
  • Provision of data and possible consequences of refusal: failure to provide this data will result in the inability to obtain the information you require.

Data collected through cookies and similar technologies (for more details, please visit our Cookie Policy) – when visiting our website, you will be provided with a personalized cookie consent tool to make applicable choices.

  • Types of data: IP address and related information such as location and internet provider, browser and content type, version and settings, viewed content and activities.
  • Purpose: maintaining our websites, general statistics, and measuring the effectiveness of our websites.
  • Legal basis: the legal basis is our legitimate interest for necessary cookies and consent for all others. We consider the legitimate interest justified as the data is necessary to make the website functional.
  • Retention period: for details on the expiration of cookies/similar technologies, please refer to our Cookie Policy.
  • Source of data: the data is automatically obtained through your use of the website and from external parties such as Google Analytics.

With whom we share your data?

We disclose your data to relevant Noventiq employees and to companies processing data on our behalf (website hosting provider, electronic communication provider, maintenance service providers, chat box provider, support platform provider, tax and legal service organizations, subcontractors providing services for clients and logistics), advertising and statistical analysis providers, independent third parties when necessary (auditors, lawyers, inspection agencies), or based on your choices and actions (such as when you request us to send a communication or letter using a third-party provider).

You can obtain additional information from us about the entities that have access to your data. If necessary, your personal data may be transferred outside of your country if any of our affiliates, service providers, or partners involved in Noventiq’s business are located in third countries. In these cases, international transfers comply with applicable legal provisions.

For data transferred outside of EU/EEA, NOVENTIQ also implements EU Standard Contractual Clauses (more information about such clauses is available here) to ensure similar level of protection as in EU/EEA. For data transferred outside of Serbia, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Serbian here). For data transferred outside of UK, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available here). For data transferred outside of Argentina, NOVENTIQ also implements Standard Contractual Clauses (more information about such clauses is available only in Spanish here).

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim, whether in court proceedings or in an administrative or out-of-court procedure.

What are your rights?

  • Right to withdraw consent:you can unsubscribe at any time by clicking the unsubscribe link provided in all our marketing communications, you can modify your preferences using the cookie module, or you can contact us at the relevant contact points indicated below.
  • Right to information and transparency: you have the right to be informed about how we process your personal data.
  • Right to access: you have the right to know what happens when we process any of your data and obtain a copy thereof.
  • Right to rectification: you have the right to request the rectification or completion of your data, as applicable, based on a supplementary statement.
  • Right to restrict the processing: you may request the restriction of the processing of your personal data in certain cases.
  • Right to erasure (“right to be forgotten”):you have the right to request and obtain the erasure of your personal data in certain cases.
  • Right to object:you have the right to object at any time, under certain conditions, to the processing of your personal data.
  • Right to data portability: in certain cases, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that we transfer it to another controller.
  • Right not to be subject to automated decision-making:We will not make decisions about data subjects based solely on automated processing.
  • Right to launch a complaint with the competent data protection authority. Depending on your location the contact data of the competent data protection authority might differ. You can find a comprehensive list of competent data protection authorities here.

You can exercise any of your rights regarding your personal data by sending a written notification to us using the contact details provided below.

How do we safeguard your personal data?

We use a range of security measures to protect your personal information, which based on the specific data we process and the risk that the processing activity might pose to your rights and freedoms, might be:

  • Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing.
  • Measures for user identification and authorisation.
  • Measures for the protection of data during transmission
  • Measures for the protection of data during storage.
  • Pseudonymisation and/or encryption of personal data.
  • Measures for ensuring physical security of locations at which personal data are processed.
  • Measures for ensuring events logging.
  • Measures for ensuring system configuration, including default configuration.
  • Measures for internal IT and IT security governance and management.
  • Measures for certification/assurance of processes and products.
  • Measures for ensuring data minimisation.
  • Measures for ensuring data quality.
  • Measures for ensuring limited data retention.
  • Measures for ensuring accountability.
  • Measures for early detection, management and recovery for incidents.

How can you contact us?

Subject
Email
Address

For personal information collected from individuals INSIDE Europe and MENA, written inquiries to the data protection responsible may be addressed to

Dataprotection.emea@noventiq.com

London
26-28 Hammersmith Grove, London W6 7HA, UK

For personal information collected from individuals INSIDE LATAM, written inquiries to the data protection responsible may be addressed to:

Dataprotection.LATAM@noventiq.com

Buenos Aires
Maipú 939, Ciudad Autónoma de Buenos Aires, Argentina, C1006

For personal information collected from individuals INSIDE INDIA, written inquiries to the data protection responsible may be addressed to

Dataprotection.india@noventiq.com

New Delhi (Gurugram)
Unit No -515, 5th Floor, MGF Metropolis Mall, MG Road, Gurugram (Gurgaon), 122002, India

For personal information collected from individuals INSIDE APAC, written inquiries to the data protection responsible may be addressed to:

Dataprotection.APAC@noventiq.com

Ho Chi Minh City
Viet Dragon Tower, 7th Floor, 141 Nguyen Du Street, Ben Thanh Ward, District 1, Ho Chi Minh City, Vietnam

For personal information collected from individuals INSIDE CIS, written inquiries to the data protection responsible may be addressed to

Dataprotection.CIS@noventiq.com

Kazakhstan, Almaty,
Medueskyi district, Dostyk ave., build. #210, BC “Koktem Grand”, office 72, 050051

If you have a query about how we process your data that we have not satisfactorily addressed, please report it via the contact points provided in the Speak UP Policy. 

How do we update this Notice?

We may change this Notice from time to time, and the updated version will apply and supersede any and all previous versions. Please check our website for information on the latest updates. The date at the bottom of this Privacy Notice shows when it was last updated.

15 September 2023