
Thank you for visiting our website and also for your interest in our services. Obviously, the security of your data is important to us. The Novalnet website can be used without providing any personal data. However, if a concerned person wishes to avail the special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the explicit consent of the data subject. The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Novalnet. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the collection, processing and use of the personal data by us. Furthermore, data subjects will be informed of their rights by means of this data protection declaration. Novalnet, as the agency responsible for processing, has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone or post.
Definitions
The data protection declaration of Novalnet is based on the terms used by the European guideline and regulation provider when the basic data protection regulation (DS-GVO) was issued. Our data privacy statement is tailored to read easily and understand both for the general public, our customers and also our business partners. To ensure this, we would like to explain the terms used in advance. We use the following terms, among others, in this data protection declaration:
Personal data
Personal data are all information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiable natural person is one who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Affected person
Data subject is any identified or identifiable natural person whose personal data are processed by the data controller.
Processing
Limitation of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not assigned to an identified or identifiable natural person.
Data controller or controller responsible for processing
The data controller or controller is the natural or legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by European Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with European Union law or the law of the Member States.
Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
Third party
A third party is a natural or legal person, authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the data controller or the data processor.
Consent
Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject for the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.
Name and address of the data controller
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
Novalnet
Gutenbergstraße 7
85748 Garching near Munich
Germany
Tel.: +49 (0)89 – 9230683-20
E-Mail:info@novalnet.de
Website: www.novalnet.com
Name and address of the data protection officer
The data protection officer of the controller is:
Mr. Falko Gülberg
Novalnet
Gutenbergstraße 7
85748 Garching near Munich
Germany
Tel.: +49 (0)89 – 9230683-20
E-Mail: datenschutz@novalnet.de
Website: www.novalnet.com
Any person concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
Cookies
The Novalnet website uses cookies. Cookies are text files which are stored on a computer system via an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.
The use of cookies enables Novalnet to provide users of this website with more user-friendly services that would not be possible without cookies.
By means of a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his access data each time he visits the website because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping basket in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.
The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our Internet site may be fully usable.
Collection of general data and information
The Novalnet website collects a series of general data and information each time a person or an automated system access the website. This general data and information is stored in the log files of the server. It is possible to record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the Website, (6) an Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using this general data and information Novalnet does not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated by Novalnet both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
Registration in the contract portal of Novalnet
The data subject has the option of registering in the contract portal of the data controller, providing personal data. The personal data transferred to the data controller is determined by the respective input mask used for registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the data controller and for the data subject’s own purposes. The data controller may arrange for the data to be transferred to one or more processors, who shall also use the personal data exclusively for internal use attributable to the data controller.
Furthermore, the IP address assigned by the internet service provider (ISP) to the data subject, the date and time of registration are stored during registration in the contract portal of the data controller. This data is stored against the background that this is the only way to prevent misuse of our services and, if necessary, to enable us in investigating criminal offences committed. In this respect, the storage of this data is necessary to protect the data controller. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution.
Registration of the data subject with the voluntary provision of personal data serves the data controller to offer the data subject content or services which, by their nature, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have them completely deleted from the database of the data controller.
The data controller shall at all times, upon request, inform each data subject of the personal data relating to that data subject. Furthermore, the data controller shall correct or delete personal data at the request or notice of the data subject, provided that there is no legal obligation to keep such data in safekeeping. All the employees of the data controller are available to the data subject as contact persons in this context.
Contact possibility via website
Due to legal regulations, Novalnet’s website contains information that enables rapid electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller via e-mail or a contact-form, the personal data transmitted by the data subject will be stored automatically. Such personal data voluntarily provided by a data subject to the data controller will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
Comment functionality in blog via website
Novalnet offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal on a website, usually open to the public, in which one or more people who are called bloggers or web bloggers can post articles or write down thoughts in the so-called blog posts. The blog posts can usually be commented by third parties.
If a person leaves a comment in the blog published on the website, not only the comments left by the person concerned but also details of the time of entering the comment and the user name (pseudonym) chosen by the person concerned are stored and published. Furthermore, the IP address assigned to the person concerned by the Internet service provider (ISP) is logged. This IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content by submitting a comment. The storage of this personal data is therefore in the personal interest of the data controller, so that he or she can exculpate himself or herself in the event of a violation of the law. The personal data collected will not be disclosed to third parties, unless such disclosure is required by law or serves as legal defence of the data controller.
Routine deletion and blocking of recorded personal data
The data controller shall process and store the personal data of the data subject only for the time necessary to achieve the data retention purpose or to the extent provided for by the European regulator or other legislator in laws or regulations to which the data controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
Rights of data subject
Every data subject has the right of access to Novalnet pursuant to Article 15 DS-GVO, the right to correction pursuant to Article 16 DS-GVO, the right to cancellation pursuant to Article 17 DS-GVO and the right to limitation of processing pursuant to Article 18 DS-GVO. In addition, the supervisory authority responsible for Novalnet, the Bavarian State Office for Data Protection Supervision, may be contacted. Consents may be revoked at any time vis-à-vis the contracting party concerned.
According to Art. 21 para. 1 DS-GVO, data processing may be objected to for reasons arising from the specific situation of the data subject. The objection can be made form-free and is to be addressed to Novalnet, Gutenbergstraße 7, 85748 Garching near Munich.
Data protection for applications and for application procedure
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the data controller by electronic means, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted immediately after notification of the decision of refusal, provided that no other legitimate interests of the data controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Facebook use and usage privacy policy
The data controller has integrated components of Facebook on this website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook enables social network users to create private profiles, upload photos and network via friendship requests, among other things.
Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA is the operating company of Facebook. The person responsible for the processing of personal data if a data subject lives outside the USA or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=en_EN. As part of this technical process, Facebook is informed about which specific subpage of our website is visited by the person concerned.
If the person concerned is logged on to Facebook at the same time, Facebook recognizes which specific subpage of our website the person concerned visits with each visit to our website including the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the person concerned. If the person concerned clicks one of the Facebook buttons integrated on our website, for example the “Like Me” button, or the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and stores this personal data.
Facebook receives information via the Facebook component that the person concerned has visited our website whenever the person concerned is logged on to Facebook at the same time as accessing our website; this happens regardless of whether the person concerned clicks on the Facebook component or not. If the person concerned does not want this information to be transmitted to Facebook, they can prevent it from being transmitted by logging out of their Facebook account before calling up our website.
The data policies published by Facebook, which are available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains what setting options Facebook offers to protect the privacy of the person concerned. In addition, various applications are available that make it possible to block data transmission to Facebook and such applications can be used by the person concerned to block data transmission to Facebook.
Use of Google Analytics (Universal Analytics & GA4)
We use Google Analytics, including Universal Analytics (UA) and Google Analytics 4 (GA4), services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These tools help us analyze user interactions with our website and continuously improve user experience and website performance.
Purpose of Processing
Google Analytics enables us to understand how visitors interact with our website by collecting anonymized usage data and statistics. This includes insights into page views, navigation paths, time spent on pages, user engagement, and more. The collected data is used exclusively for website optimization, performance monitoring, and audience analysis.
Data Processing and Sharing
Depending on the version (UA or GA4), the following types of data may be processed:
• IP address (anonymized)
• Browser and device information
• Operating system, screen resolution
• Referrer URL and click paths
• Session duration and user interactions (e.g., clicks, scrolls)
• Location (approximate, based on IP geolocation)
• Event and conversion data (GA4 only)
Google may process this data as our data processor under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. However, when using GA4, certain data processing may fall under joint controllership as defined in Google’s Controller-Controller Data Protection Terms.
Data may be transferred to Google LLC in the United States. These transfers are secured using Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.
Google does not use this data for advertising unless you have explicitly consented to such use.
Data Protection
We have configured Google Analytics in a privacy-conscious manner:
• IP anonymization (ga(‘set’, ‘anonymizeIp’, true))
• Automatic data retention limits (e.g., 14 months)
• No personal data stored in cookies or events
• Disabled sharing with Google products and services (unless consented)
Google implements robust technical and organizational security measures (e.g., encryption, data minimization, ISO 27001 compliance).
Data Storage
The retention period for data in Google Analytics depends on the settings we have defined:
• For UA: Data is retained for a maximum of 14 months
• For GA4: Event-level data is retained for a maximum of 14 months, with options to customize shorter periods
No personally identifiable data is stored on our servers through Google Analytics.
You can manage or withdraw your consent at any time via our cookie preferences tool.
Further details on Google’s data practices are available at: https://policies.google.com/privacy
Use of Global Site Tag (gtag.js)
We use the Global Site Tag (gtag.js), a JavaScript tagging framework provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This technology enables the integration and configuration of various Google services on our website, such as Google Analytics, Google Ads, and conversion tracking.
Purpose of Processing
The Global Site Tag (gtag.js) facilitates the centralized management of tracking functions and events on our website. It allows us to:
• Measure website traffic and user interactions
• Track conversions and evaluate ad campaign effectiveness
• Customize and optimize online advertising
• Set configuration settings for multiple Google services in one script
Depending on the services configured, the tag may activate other data-processing services (e.g., Google Analytics, Google Ads). Separate information is provided for each respective service within this Privacy Policy.
Data Processing and Sharing
By integrating gtag.js, the following data may be collected and transmitted to Google:
• IP address (shortened in the EU/EEA)
• Browser type and version
• Device type and operating system
• Referrer URL and click path
• Date and time of access
• Website usage behavior and interaction data
• Google advertising identifiers (if ads services are used)
Google processes this data on our behalf and may use it for its own purposes when permitted (e.g., if consent is given for personalized advertising). For services linked to gtag.js, such as
Google Analytics or Google Ads, Google may act as a joint controller under certain conditions.
Data may be transferred to Google LLC, based in the United States. Such transfers are protected using Standard Contractual Clauses (SCCs) under Art. 46 GDPR.
For more information, please see Google’s Privacy Policy: https://policies.google.com/privacy
Data Protection
Google applies robust technical and organizational security measures to protect user data, including:
• TLS/SSL encryption
• Anonymization of IP addresses (for analytics)
• Strict access controls and audit logs
• Certifications under ISO 27001 and other compliance standards
We also configure the tag settings to respect privacy-friendly defaults, such as disabling data sharing unless explicitly consented to.
Data Storage
Data collected through gtag.js (via linked services) is stored:
• By Google Analytics: up to 14 months (customizable)
• By Google Ads: retention depends on user interaction and account configuration
• By Novalnet: only aggregated and anonymized usage statistics
The specific duration depends on the Google service connected through the tag. Personal data will be retained only as long as necessary for the specified purposes.
You can adjust your cookie preferences at any time via our website’s cookie settings.
Use of Microsoft Clarity
We use Microsoft Clarity, a behavioral analytics tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, to better understand how visitors interact with our website.
Purpose of Processing
Clarity helps us improve the usability, accessibility, and performance of our website by collecting aggregated data about user behavior, such as:
• Mouse movements and clicks
• Scrolling behavior
• Page transitions
• Technical diagnostics (e.g., device type, screen size, browser)
This allows us to identify areas for improvement and enhance user experience.
Data Processing and Sharing
Clarity collects and transmits the following types of data:
• IP address (anonymized in the EU/EEA)
• Pages visited, clicks, scroll depth, and interactions
• Browser, device, screen resolution, OS
• Referrer URL and session duration
Clarity does not record keystrokes or capture any personal form field input (e.g., passwords, names, payment info). Sensitive content is automatically masked.
Microsoft acts as a data processor under a Data Processing Agreement (DPA). Data may be transferred to and stored in Microsoft Azure servers, some of which may be located in the USA.
Microsoft uses Standard Contractual Clauses (SCCs) to safeguard international data transfers under Art. 46 GDPR.
No data is shared with third parties for marketing or profiling.
Data Protection
Microsoft Clarity implements industry-standard security measures, including:
• Data anonymization and masking
• TLS encryption for data in transit
• ISO/IEC 27001, SOC 2, and other compliance frameworks
• Segregated environments to isolate customer data
Clarity is GDPR-compliant and designed to prevent misuse or unauthorized access to data.
Data Storage
• Clarity retains data for a maximum of 13 months
• Data is stored securely in Microsoft Azure data centers
• Session data is aggregated and does not contain personally identifiable information
Further details are available in Microsoft’s privacy documents: https://privacy.microsoft.com/en-us/privacystatement
For more information about Microsoft Clarity’s privacy practices, visit:
https://privacy.microsoft.com/
https://clarity.microsoft.com/
Use of CookieYes GDPR Consent Plugin
We use the CookieYes GDPR Consent Plugin, a service provided by CookieYes Limited, based in 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, to manage and document user consent for the use of cookies and trackers on our website.
Purpose of Processing
The CookieYes plugin helps us obtain, store, and manage consent in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. It ensures that non-essential cookies (e.g., for analytics or marketing) are only set with your prior, informed consent.
This tool enables:
• Display of a cookie consent banner
• Categorization of cookies (e.g., necessary, analytics, marketing)
• Storage of user choices (accept, reject, customize)
• Logging of consent for audit purposes
Data Processing and Sharing
When you interact with our cookie banner, the following data is processed:
• IP address (anonymized)
• Consent preferences (accepted, rejected, customized)
• Date and time of consent
• Browser and device information
• A unique, anonymized identifier linked to your consent status
This data is stored locally in your browser using HTTP cookies and also optionally on CookieYes servers, depending on plugin configuration.
CookieYes does not use this data for its own purposes, nor is the data shared with any unauthorized third parties.
Data may be processed on servers in the United Kingdom or European Economic Area (EEA). If any data is transferred internationally, it is protected using appropriate safeguards, such as Standard Contractual Clauses in accordance with Art. 46 GDPR.
Data Protection
CookieYes is committed to secure data processing. Measures include:
• Secure HTTPS connections
• IP anonymization
• Restricted access to consent logs
• Compliance with UK and EU data protection regulations
We configure the plugin to operate with minimal data and to automatically block non-essential cookies until consent is granted.
Data Storage
Consent logs are stored for up to 12 months, unless local legal obligations require longer retention. The cookie storing your preferences typically expires after 1 year, but you can delete or modify it at any time via your browser or our cookie settings tool.
You can change or withdraw your consent at any time by clicking the “Cookie Settings” link in the footer of our website.
For further information, you may also review the CookieYes privacy policy: https://www.cookieyes.com/privacy-policy/
Use of LinkedIn Insight Tag
We use the LinkedIn Insight Tag, a tracking tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. This tool allows us to evaluate the effectiveness of our LinkedIn advertising campaigns and better understand visitor interactions on our website.
Purpose of Processing
The LinkedIn Insight Tag enables us to:
• Measure conversions from LinkedIn ads (e.g., form submissions, downloads)
• Analyze campaign performance and reach
• Optimize ad targeting based on user behavior and interests
• Build retargeting audiences for future advertising
Data Processing and Sharing
When the LinkedIn Insight Tag is triggered, it collects the following information:
• IP address (truncated in the EU/EEA)
• Device and browser characteristics
• Referrer URL
• Timestamp and page views
• LinkedIn member ID (if user is logged into LinkedIn)
• Event data (e.g., page visits, conversions)
The data is encrypted and pseudonymized. LinkedIn does not share personal data with us—only aggregated, anonymous reporting.
If you are a LinkedIn member, your usage data may be linked to your profile in accordance with LinkedIn’s privacy policy. Data may also be transferred to LinkedIn Corporation, USA, under the protection of Standard Contractual Clauses pursuant to Art. 46 GDPR.
LinkedIn acts as both a data processor and, in some cases, a joint controller, particularly where user profiling or ad personalization is involved. Novalnet and LinkedIn have entered into joint controllership arrangements where required.
For details, refer to:
https://www.linkedin.com/legal/l/dpa
https://www.linkedin.com/legal/l/cookie-table
Data Protection
LinkedIn applies strong security measures to protect personal data, including:
• IP anonymization
• Secure cookie encryption and storage
• ISO/IEC 27001 certification
• Access controls and logging
We configure the Insight Tag with privacy-first settings and disable personalized advertising unless you have provided prior consent.
Data Storage
Data collected through the LinkedIn Insight Tag is stored for a maximum of 180 days. After this period, the data is automatically deleted or anonymized.
If you have a LinkedIn account, LinkedIn may retain usage data longer based on your member settings and preferences.
You can manage or withdraw your consent through our cookie settings panel or via your LinkedIn account privacy settings: https://www.linkedin.com/psettings/
For more information, please review the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Use of Zoho Services (CRM, Marketing, Analytics, and Productivity Tools)
Novalnet uses a suite of cloud-based business applications provided by Zoho Corporation to streamline our operations, manage customer interactions, support our marketing and analytics efforts, and ensure internal project delivery. These services include:
• Zoho CRM Plus
• Zoho CRM
• Zoho Social
• Zoho PageSense
• Zoho Campaigns
• Zoho Webinar
• Zoho Marketing Automation
• Zoho Forms
• Zoho Projects
• Zoho Analytics
These applications form a core part of our operational stack for sales, support, marketing, and internal collaboration.
Purpose of Processing
Each of the Zoho tools is used for the following legitimate purposes:
Zoho Service |
Purpose |
Zoho CRM / CRM Plus |
Manage contacts, leads, deals, and communication history; centralize customer service and sales interactions |
Zoho Social |
Monitor and engage with social media conversations; schedule and publish content on platforms like LinkedIn, Twitter, etc. |
Zoho PageSense |
Track website behavior using heatmaps, A/B testing, and funnel analysis to improve usability and content performance |
Zoho Campaigns |
Send newsletters, marketing communications, and service updates to subscribers and customers (based on opt-in) |
Zoho Webinar |
Manage webinar registrations, host online sessions, and track attendance |
Zoho Marketing Automation |
Automate marketing workflows, nurture leads based on interactions, and segment audiences for campaign targeting |
Zoho Forms |
Collect website data via forms (contact requests, support, job applications, event registrations, etc.) |
Zoho Projects |
Coordinate internal tasks and projects related to customer onboarding or partner management |
Zoho Analytics |
Analyze and visualize data from CRM, campaigns, and other systems to guide business decisions |
Categories of Personal Data Processed
Depending on how users interact with Novalnet via our website, the following personal data may be collected and processed in Zoho:
• Identifying information: name, email address, phone number, company name, job title
• Behavioral data: click paths, form abandonment, A/B test group allocation (via PageSense)
• Form data: messages, inquiries, resumes/CVs (in job applications), attachments
• Communication data: email engagement (opens, clicks), webinar registration and participation data
• Social data: LinkedIn or other social handles if you interact with Novalnet’s social posts
• Technical data: IP address, browser type, language, location, session duration (via PageSense, Analytics)
Data Transfers and International Processing
Zoho Corporation is headquartered in India with data centers located in:
• The European Economic Area (EEA) (e.g., Zoho EU data centers in the Netherlands and Ireland)
• The United States, India, and other regions (in rare cases, for support or maintenance)
When data is processed outside the EEA, it is protected by:
• Standard Contractual Clauses (SCCs) adopted by the European Commission
• Data Processing Addendum (DPA) executed between Novalnet and Zoho Corporation
• Access controls and encryption applied both in transit and at rest
Data Protection Measures
Zoho and Novalnet employ a wide range of safeguards to protect your data:
• TLS/SSL encryption for data in transit
• Secure user authentication and role-based access controls
• Regular backups and disaster recovery mechanisms
• ISO 27001, SOC 2 and GDPR-compliant policies (Zoho certifications)
• Internal procedures within Novalnet to ensure only authorized personnel access CRM and marketing data
For more information, Zoho’s privacy policy is available at: https://www.zoho.com/privacy.html
Data Storage and Retention
Personal data collected through Zoho services is retained only as long as necessary for the original processing purposes, including:
• Communication history (CRM and Campaigns)
• Form and campaign data (Zoho Forms, PageSense)
• Project documentation (Zoho Projects)
• Webinar attendance and event data (Zoho Webinar)
Data may be retained longer if required by legal or contractual obligations. Campaign data and analytics logs may be retained in line with our internal data lifecycle policies.
You may request deletion of your personal data from our Zoho systems at any time.
Use of Calendly
We use Calendly, a scheduling platform operated by Calendly LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA, to facilitate appointment bookings with Novalnet’s team.
Purpose of Processing
Calendly is used to enable visitors to book meetings or consultations directly through our website. This simplifies scheduling and helps us efficiently respond to inquiries or service requests.
Data Processing and Sharing
When you schedule a meeting using Calendly, the following personal data may be collected:
• Name
• Email address
• Appointment preferences (date/time)
• Optional message or inquiry content
• Technical metadata (e.g., IP address, browser version)
Calendly processes this data on our behalf under a Data Processing Agreement (DPA).
Data may be transferred to servers in the United States, where Calendly is headquartered. These transfers are safeguarded through Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.
Calendly does not use your data for its own purposes, such as advertising or profiling.
Data Protection
Calendly implements appropriate technical and organizational security measures, including:
• TLS encryption for data in transit
• Secure access controls and authentication
• Compliance with international standards (e.g., SOC 2 Type II, ISO 27001)
Calendly undergoes regular audits and assessments to ensure ongoing data protection.
Data Storage
Your personal data submitted via Calendly is:
• Stored for the duration necessary to fulfill the purpose of your meeting or follow-up communication
• Automatically deleted or anonymized after the scheduled meeting is completed, unless legal or contractual obligations require longer retention
• Log and diagnostic data (e.g., IP address, session metadata) may be stored temporarily (usually up to 30 days)
For more details, see: https://calendly.com/privacy
Use of Writesonic / Botsonic AI Assistant
To enhance our website experience and provide real-time support, Novalnet uses an AI-powered assistant provided by Writesonic Inc. (including its Botsonic platform). This service may offer conversational assistance to users for sales, product information, or general inquiries.
Purpose of Processing
We use Botsonic to:
• Provide instant responses to visitor questions
• Help users navigate our services or offerings
• Qualify leads and gather initial contact information
• Support sales and marketing automation
• Reduce manual response delays
The AI assistant interacts in real time through a chatbot interface embedded on novalnet.com.
Data Collected
Depending on how you interact with the AI chatbot, the following categories of personal data may be collected:
• Name (if provided)
• Email address (if requested or provided)
• Phone (optional)
• Chat content (questions, responses, and interaction logs)
• Technical data (browser type, IP address, device type, and session information)
• Timestamps and visited pages (for context within the session)
We advise users not to share sensitive personal information (e.g., health data, financial information, login credentials) in the chatbot.
Data Processing and Sharing
The chatbot data is processed by:
Service provider: Writesonic Inc.
2261 Market Street #4451, San Francisco, CA 94114, United States
https://writesonic.com
Writesonic may process chat data on servers located in the United States or other regions. Where data is transferred to third countries, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) under Art. 46 GDPR.
Novalnet may access chat logs to improve support quality and follow up on inquiries. However, the data is not sold or shared with third parties for advertising or profiling.
Thank you for the clarification. Based on your input, here is the updated and accurate “Data Storage” section for your privacy policy, reflecting that Novalnet does not store chat data, and only Botsonic (Writesonic) stores it, while Novalnet may access the data via Botsonic’s dashboard:
Data Storage
Novalnet does not store chatbot conversation data on its own servers or systems.
All chat interactions are stored by Writesonic Inc., the provider of the Botsonic platform, on their secure infrastructure. Novalnet may access and view these chat records via the Botsonic dashboard solely for the purpose of:
• Responding to user queries
• Following up on sales or support requests
• Improving the quality of automated interactions
Writesonic may retain chat data for a limited period, typically ranging from 30 to 90 days, in accordance with its own data retention policies. After this period, data may be anonymized or deleted.
Novalnet does not download, export, or independently process chatbot conversations outside of the Botsonic environment, unless explicitly required to fulfill your request.
Data Protection
We take reasonable measures to protect your data when using Botsonic, including:
• Secure HTTPS encryption during transmission
• Access restrictions to chat logs and CRM integrations
• No usage of chatbot data for profiling, automated decision-making, or unsolicited marketing unless explicitly permitted
Writesonic implements its own security protocols, which are described in its privacy policy: https://writesonic.com/privacy
Use of Google reCAPTCHA v2
To protect our website and online forms from abuse, spam, and automated bots, we use Google reCAPTCHA v2, a security service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of Processing
Google reCAPTCHA helps us verify whether a form submission is made by a natural person rather than an automated program. This is essential for:
• Preventing spam and fraudulent submissions
• Ensuring system security and availability
• Protecting our online services from malicious use
Data Processing and Sharing
When reCAPTCHA v2 is used, it may collect and analyze the following data from the website visitor:
• IP address
• Browser and device information (e.g., user agent, screen resolution)
• Operating system
• Mouse movements and keyboard input behavior
• Time spent on the page
• Previously set cookies from Google services
• Referrer URL
This information is automatically sent to Google and processed on its servers, which may include servers located in the United States.
Google acts as an independent data controller for reCAPTCHA and processes this data in accordance with its own privacy policies.
More information:
https://policies.google.com/privacy
https://policies.google.com/terms
Data Protection
Google employs strong technical and organizational measures to protect the data processed via reCAPTCHA. However, as reCAPTCHA is embedded in our website as a third-party service, Google may set cookies or link reCAPTCHA usage with other Google services if you are logged into a Google account.
We have no control over how Google further processes this data once it has been transmitted. You may limit tracking by logging out of Google services before visiting our website or using private/incognito browser sessions.
Great question. Regarding Google reCAPTCHA v2, here is a factually accurate and GDPR-aligned explanation of data storage and retention:
Data Retention and Storage
When you interact with Google reCAPTCHA v2 on our website, no personal data is stored on Novalnet’s servers as part of this process. However, data is collected and processed directly by Google, which may include:
• IP address
• Browser and device metadata
• User behavior data (mouse movements, clicks, etc.)
• Cookies previously set by Google services (if any)
• Referrer URL and timestamp
This data is transmitted to and processed by Google Ireland Limited and may also be stored on servers in the United States or other third countries.
Google does not publicly disclose exact retention periods for the data collected through reCAPTCHA. However, based on Google’s general policies:
• Some data (e.g., logs or analytics related to reCAPTCHA) may be retained for a limited period to improve security and combat abuse.
• Cookies such as NID, _GRECAPTCHA, and others may persist in your browser for 6 months or longer, depending on your browser settings and whether you are logged into Google services.
Google acts as an independent data controller, and the data collected through reCAPTCHA is subject to Google’s own data retention and deletion policies.
For more details, see:
• Google Privacy Policy
• Google Terms of Service
Use of Cloudflare
We use the services of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, to provide secure, high-performance content delivery and DDoS protection for our website.
Purpose of Processing
Cloudflare is a Content Delivery Network (CDN) and security service that helps us:
• Deliver content efficiently through globally distributed servers
• Secure our site from malicious traffic (e.g., DDoS attacks, bots)
• Improve website availability, reliability, and loading speed
Data Processing and Sharing
When you visit our website, Cloudflare automatically processes the following categories of data:
• IP address
• Accessed domain names and resources
• DNS query data
• System configuration information (e.g., browser type, device, OS)
• HTTP headers and performance metrics
Cloudflare acts as a data processor under a Data Processing Agreement (DPA). It processes data solely on our behalf and not for its own purposes.
Data may be routed through Cloudflare’s servers outside the European Economic Area (EEA), including the USA. In such cases, Cloudflare ensures adequate protection through Standard Contractual Clauses (SCCs) in line with Art. 46 GDPR.
Cloudflare does not use personal data for advertising or profiling.
Data Storage
Cloudflare temporarily stores certain logs for the following durations:
• Edge logs (e.g., IP address, request metadata): usually retained for no more than 7 days
• Longer retention may occur only in exceptional cases (e.g., for abuse mitigation or compliance with legal obligations)
• Cached static content (images, CSS, JS) is stored temporarily in Cloudflare’s edge servers and does not contain personal data
Cloudflare is committed to data minimization and does not store more information than necessary.
For more information, see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/
Data Protection
Cloudflare applies comprehensive security measures including:
• TLS encryption
• Bot and DDoS protection mechanisms
• Rate limiting and Web Application Firewall (WAF)
Regular third-party security audits and compliance with:
• ISO/IEC 27001
• SOC 2 Type II
• PCI DSS, where applicable
Use of WP Engine as Hosting Provider
Our website is hosted by WP Engine, Inc., headquartered at 504 Lavaca Street, Suite 1000, Austin, TX 78701, USA. WP Engine provides us with secure, high-performance managed WordPress hosting services that ensure the availability, reliability, and scalability of our website.
Purpose of Processing
WP Engine processes data on our behalf to:
• Host and deliver the content of our website
• Store user interactions and form submissions (e.g., contact forms, log data)
• Provide necessary backend infrastructure such as databases and caching
• Monitor and improve website uptime, security, and performance
Data Processing and Sharing
In the course of providing hosting services, WP Engine may process the following types of data:
• IP addresses and user agent information
• Server logs (access times, requested pages, errors)
• Form submission data (e.g., contact requests, support inquiries)
• Content management and backup data
• Cookies and session identifiers (where applicable)
WP Engine acts as a data processor on our behalf, governed by a Data Processing Agreement (DPA) in compliance with Art. 28 GDPR.
Data may be processed on servers located in the European Union (for EU-based clients), but under certain conditions, limited data transfers to the United States may occur. These are protected by Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR.
WP Engine does not access or use your data for its own purposes.
More information:
https://wpengine.com/legal/dpa/
https://wpengine.com/legal/privacy/
Data Protection
WP Engine implements advanced technical and organizational measures, including:
• End-to-end TLS/SSL encryption
• Secure server and network architecture
• Daily backups and recovery tools
• ISO/IEC 27001-certified data centers
• Access control and activity logging
These measures help ensure the protection and confidentiality of personal data hosted on their infrastructure.
Data Storage
Website data (including any personal data submitted via forms or stored via cookies) is retained only as long as necessary to fulfill the stated purposes or comply with legal retention obligations.
Log data may be stored for 30 to 90 days, depending on server configuration and security practices.
Use of Custom Plugin: “Novalnet Homepage to CRM”
We use a custom-developed plugin, “Novalnet Homepage to CRM,” to manage form submissions on our website. This plugin collects, temporarily stores, and securely transmits the data you submit via various forms on our website to our internal CRM system. The data is sent in batches at 5-minute intervals via a secure server-side process.
Purpose of Processing
The plugin is used to manage user-submitted data through the following forms:
• Contact forms
• Job application forms
• Sales/lead generation forms
• Partnership and support request forms
This data is used solely for handling your request or inquiry, including:
• Responding to contact or support queries
• Evaluating job applications
• Processing partnership interest or collaboration requests
• Following up on sales or service-related leads
Data Collected and Stored
Depending on the form type, the following categories of personal and business data may be collected:
Contact / General Inquiry Form:
• Name
• Company website URL
• Email
• Phone number
• Company turnover range
• Message content
Job Application Form:
• Name
• Email address
• Phone number
• Message
• Uploaded attachments (e.g., CV, cover letter)
• Country and City
• Desired Pay
• Linkedin Profile link
• Avaiable date
Feedback / Complaints Form:
• Name
• Email
• Phone number
• TID
• Message content
Partnership / Support / Integration Request Form:
• Name
• Company name
• Email
• Website
• Phone number
• Country
• Message content
Data Processing and Storage
• Submitted data is temporarily stored on our web server, protected by secure file permissions and database access controls.
• Data is not visible to or accessed by third parties.
• Every 5 minutes, the stored form entries are transmitted to our internal CRM system using a secure server-to-server POST request.
• Once transmitted, the entries are flagged for archival or deletion on the web server in accordance with our retention policy.
No data is used for profiling, advertising, or tracking purposes.
Data Protection Measures
We implement the following measures to ensure the security of your data:
• Secure HTTPS transmission and SSL encryption
• Server-side validation and access restrictions
• Role-based access control for CRM data
• Regular deletion of processed records from the web server
• Internal logging and access auditing
The plugin is developed and maintained in-house by Novalnet, with regular security reviews.
Data Sharing and Third Parties
The collected data is not shared with any third parties outside of Novalnet. It is processed exclusively by authorized internal personnel for the purposes listed above.
No external analytics, advertising, or third-party CRM platforms receive your data.
Data Retention
The data collected through our forms is stored on our web server and transmitted to our internal CRM system every 5 minutes. At present, this data is not automatically deleted or archived from the web server after successful transmission.
As a result, submitted form entries may remain stored on the server for an indefinite period, unless manually removed. We are in the process of reviewing our retention practices to align with data minimization and storage limitation principles under the GDPR.
Data within our internal CRM system is retained in accordance with our internal retention schedules and applicable legal obligations.
If you wish to have your submitted data deleted or reviewed, you may contact us at any time using the information provided below.
Legal Basis for Processing
Article 6.para 1 letter a DS-GVO serves our company as a legal basis for processing operations for which we obtain consent for specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the provision of another service or consideration, the processing is based on Art.6 para.1 letter.b DS-GVO. The same applies to such processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, for example to fulfil tax obligations, the processing is based on Art.6 para.1 letter.c DS-GVO. Finally, processing operations could also be based on Art 6. para.1 letter.f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are established on the legal basis if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislative authorities. In this respect, it took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47, sentence 2, DS-GVO).
Legitimate interests in processing followed by data controller or third party
If the processing of personal data is based on Art 6. para.1 letter.f DS-GVO, it is in our legitimate interest to carry out our business activities.
Period for which personal data is being stored
The criterion for the period of storing personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.
Legal or contractual regulations for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide them
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information relating to contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
Existence of automated decision making
As a responsible company, we do not use automated decision-making according to Art.22 DS-GVO to reach a decision on the establishment and implementation of a business relationship.
This data protection policy was drawn up by the data protection declaration generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the data protection officer, in cooperation with the data protection lawyers of the law firm WILDE BEUGER SOLMECKE | Rechtsanwälte.
Information on data processing according to Art.13 DS-GVO and Art.14 DS-GVO
We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of data processing depends mainly on the products ordered by you from your contractual partners or the selected payment method.
Identity of the person responsible and whom can you contact?
Responsible for data processing:
Novalnet
Gutenbergstraße 7
85748 Garching near Munich
Germany
Tel.: +49 (0)89 – 9230683-29
Fax: +49 (0)89 – 9230683-11
E-Mail: info@novalnet.de
Contact data of the data protection officer
You can contact the responsible data protection officer at:
Data Protection Officer of Novalnet
Gutenbergstraße 7
85748 Garching near Munich
or datenschutz@novalnet.de
Which data are being processed and from which sources the data is collected?
We process the personal data that we receive in the course of a business relationship between you and your contractual partner in the course of payment processing. In addition, we process data that we have legitimately received from credit agencies, debtor directories and publicly accessible sources.
Personal data includes your personal details (surname, first name, address, contact data, date of birth, nationality, etc.) and payment data (bank data, credit card data, etc.).
The data from the above data categories was transmitted to us by you or your contractual partner.
For what purposes and on what legal basis the data are being processed?
The processing of personal data (Art.4 No. 2 DS-GVO) is aimed in particular at payment processing, identity verification, fraud prevention and receivables management and is based on the provisions of the Basic Data Protection Regulation.
Your data will be processed in accordance with Art.6 para.1 letter.b DS-GVO for the provision of financial services and is necessary for the fulfilment of a contract with your contractual partner, among other things, since this also includes the payment obligation respectively payment processing.
Furthermore, the processing of your data may be necessary pursuant to Art.6 para.1 letter.c DS-GVO for the purpose of fulfilling legal obligations (Payment Services Supervision Act, Money Laundering Act, etc.) and regulatory requirements (Federal Financial Supervisory Authority) to which Novalnet as a payment institution is subject.
Furthermore, data processing pursuant to Art.6 para.1 letter.f DS-GVO is necessary to safeguard the legitimate interests of the person responsible or of a third party. Our legitimate interests exist, among other things, in connection with the claim against you, which we process for your contractual partner.
Consents may be revoked at any time vis-à-vis the contracting party concerned. This also applies to consents that were granted before the DS GVO came into force. The revocation of consent does not affect the legality of the personal data processed until revocation.
Who receives your data?
Within Novalnet, those departments or employees receive your data which they need to fulfil their contractual, legal and supervisory obligations and legitimate interests.
If there is a legal or supervisory obligation, public bodies and institutions (e.g. Federal Financial Supervisory Authority, tax authorities, law enforcement authorities, etc.) may be recipients of your personal data.
In the course of payment processing, recipients of your personal data may be other credit, payment and financial institutions or similar institutions to which we transmit data in order to process payment processing.
In the context of the collection procedure, we will transfer your data to the following categories of recipients if this is necessary to collect the claim: assignees, credit agencies, service providers, third-party debtors, residents’ registration offices, courts, bailiffs, lawyers.
Duration of data retention
We process your personal data, if necessary, for the duration of the entire business relationship between you and your contractual partner as well as in accordance with the statutory retention and documentation periods, which result from the Fiscal Code (AO), the Commercial Code (HGB), the Payment Services Supervision Act (ZAG) and the Money Laundering Act (AwG), among others.
In addition, the statutory limitation periods must also be observed for the storage period, e.g. those under the German Civil Code (BGB) (the general limitation period is 3 years and may in certain cases be up to 30 years).
What data protection rights do you have?
You have the right to information, correction, deletion or restriction of the processing of your stored data if the legal requirements according to Art.15 to 22 DS-GVO are met. Furthermore, according to Art.14 para.2 letter.c in connection with Art.21 DS-GVO, you have the right to object to the processing based on Art.6 para.1 letter.f DS-GVO. In addition, the supervisory authority responsible for Novalnet, the Bavarian State Office for Data Protection Supervision, may be contacted. Consents may be revoked at any time vis-à-vis the contracting party concerned.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Super Socializer – Social Login
We collect your public profile data only from your consent that you grant before initiating Social Login, from the social network used to login at our website. This data includes your first name, last name, email address, link to your social media profile, unique identifier, link to social profile avatar. This data is used to create your user profile at our website. You can revoke this consent at any time from your profile page at our website or by sending us an email.
Products
- Credit Card
- Instalment payments
- SEPA-Direct Debit with Payment Guarantee
- Direct Debit UK (BACS)
- Pay Cash
- Prepayment / SEPA Transfer
- Invoice
- Invoice with Guarantee
- PayPal
- Instant Bank Transfer
- giropay
- eps Transfer
- iDEAL Transfer
- Post Finance
- Multibanco
- Bancontact
- Apple Pay
- Cash on Delivery
- Przelewy24
- In-App-Payment
- Pay by Mobile Phone Bill
- One-Click Payments / Tokenization
- Fraud prevention
- Effortless Invoice Delivery
- Document management
- Receivables Management
- Membership and subscriptions
- Marketplace and affiliates
- Pay-by-link
- Debt collection