Data Protection (GDPR)

In accordance with Regulation (EU) 2016/679 (GDPR)

Last updated: August 25, 2025

📋 GDPR Information Notice

We inform you that the controller of your personal data is Nova AI. We process data in accordance with GDPR for service delivery and communication purposes.

1. Data Controller

Nova AI

Email address: admin@nova-ai.pl
Website: nova-ai.pl
GDPR contact: admin@nova-ai.pl (subject: "GDPR")

2. Purpose and Legal Basis for Processing

Processing purpose	Legal basis (Art. 6 GDPR)	Retention period
AI system demo implementation	Legitimate interest (lit. f)	1 year
Responding to inquiries	Legitimate interest (lit. f)	3 years
Direct marketing	Consent (lit. a)	Until consent withdrawal
Paid services provision	Contract performance (lit. b)	Contract duration + 6 years
Accounting and archiving	Legal obligation (lit. c)	5 years (tax law)

3. Categories of Processed Data

📋 Identification data:

Name and surname
Company name
Email address
Phone number

💻 Technical data:

IP address
Browser type
Operating system
Visit time

4. Your Rights as Data Subject

📖 Right of access (Art. 15 GDPR)

You can obtain information about whether and what personal data we process and receive a copy of such data.

✏️ Right to rectification (Art. 16 GDPR)

You can request rectification of inaccurate or completion of incomplete personal data.

🗑️ Right to erasure - "right to be forgotten" (Art. 17 GDPR)

In specific cases, you can request deletion of your personal data.

⏸️ Right to restriction of processing (Art. 18 GDPR)

You can request restriction of processing in specific situations.

📤 Right to data portability (Art. 20 GDPR)

You can receive your data in a structured, commonly used format.

🚫 Right to object (Art. 21 GDPR)

You can object to data processing based on legitimate interest.

❌ Right to withdraw consent (Art. 7 GDPR)

You can withdraw consent at any time (does not affect the lawfulness of processing before withdrawal).

5. How to Exercise Your Rights

📧 GDPR Contact

Email: admin@nova-ai.pl

Message subject: "GDPR - [request type]"

Required information:

Name and surname
Email address the request concerns
Type of request (access, rectification, deletion, etc.)
Additional information facilitating identification

Processing time: Up to 1 month (may be extended by 2 months in justified cases)

6. Data Recipients

We may share your data with the following categories of recipients:

IT subcontractors: Hosting, backup, analytics systems
Payment systems: PayU, Stripe, PayPal (only necessary data)
Analytics services: Google Analytics (anonymized data)
State authorities: Only based on legal provisions
Legal/accounting advisors: Within the scope of provided services

7. Data Transfer to Third Countries

Some data may be transferred to countries outside the EU/EEA:

USA: Google Analytics, Facebook (based on adequacy decisions or standard contractual clauses)
Safeguards: We apply appropriate safeguards in accordance with GDPR
Control: You can request information about safeguards

8. Automated Decision Making

We inform that:

We do not use automated decision making
We do not use profiling within the meaning of Art. 22 GDPR
All important decisions are made by humans

9. Data Security

We apply technical and organizational measures:

🔧 Technical measures:

SSL/TLS encryption
Secure servers
Firewalls and IDS systems
Regular updates
Backup and recovery

👥 Organizational measures:

Limited data access
Staff training
Security policies
Access monitoring
Subcontractor agreements

10. Data Breaches

In case of data security breach:

We report to the supervisory authority within 72 hours
We notify data subjects (if high risk exists)
We take corrective measures
We document all breaches

11. Right to Lodge a Complaint

⚖️ Personal Data Protection Office

Address: ul. Stawki 2, 00-193 Warsaw
Email: kancelaria@uodo.gov.pl
Phone: +48 22 860 70 86
Website: uodo.gov.pl

❓ Have questions about GDPR?

🚀 Quick Actions

📖 Data access request 🗑️ Data deletion request ❌ Consent withdrawal

🛡️ Data Protection (GDPR)