Privacy Policy

1. Introduction

Novorender respects your privacy and is committed to protecting the personal data we collect and process in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This privacy policy outlines how we handle your personal information when you use our services.

2. Data Controller and Data Processor

Novorender acts as a data processor on behalf of our customers, who are the data controllers. As a processor, we are responsible for processing personal data on behalf of the data controller and in compliance with their instructions.
Link to our data processor agreement: Data Processing Agreement

3. Personal Data We Collect

We process the following types of personal data on behalf of our customers:

Personal Identification Data: such as user ID, name, email address, Entra ID group membership.
Technical Data: such as browser type, operating system and user activity on our website or platform.
Business Information: data related to your company’s usage of our services, such as projects, documentation, and communication preferences.

This data is collected to facilitate customer support, communication, and the smooth functioning of our services.

4. Data Storage and Processing Location

Personal data is processed and stored using cloud services provided by Microsoft Azure, within the European Economic Area (EEA). Personal data will not be transferred outside of the EEA without the explicit consent of the customer or as required by law, and any such transfer will be done in compliance with applicable data protection laws.

5. Use of Sub-Processors

We engage third-party service providers (subprocessors) to help deliver our services. These include cloud service providers such as Microsoft Azure. All subprocessors are contractually bound to process your data securely and in accordance with applicable data protection laws.

6. Security Measures

Novorender implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data.
Access controls to ensure that only authorized personnel have access to personal data.

7. Data Retention

Personal data is retained as long as it is necessary for the purpose of the processing or until the termination of the main service agreement. Upon termination, personal data will be securely deleted within 90 days, except where required for legal or audit purposes.

8. Data Subject Rights

Data subjects have the right to:

Access their personal data.
Request correction or deletion of their personal data.
Restrict the processing of their personal data.
Object to the processing of their personal data.
Data portability, where applicable.

9. Breach Notification

In the event of a personal data breach, Novorender will notify the data controller without undue delay and provide sufficient information to enable the controller to meet any obligations to notify regulatory authorities and affected data subjects.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The most recent version will always be available on our website.

11. Contact Information

For any questions regarding the Novorender commit to GDPR or any other privacy processes, please contact privacy@novorender.com.