Privacy Policy

Last updated: 1st January 2026

At novahelm GmbH, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Data Controller

The data controller responsible for your personal data is:

Data Collection

We may collect and process the following types of personal data when you visit our website or use our services. The data we collect includes information you provide directly to us and information collected automatically through your use of our services.

Information You Provide

• Contact information (name, email address, phone number)
• Company information and job title
• Messages and communications you send to us
• Information provided in forms or surveys
• Service preferences and requirements

Information Collected Automatically

• IP address and browser information
• Device type and operating system
• Pages visited and time spent on our website
• Referral sources and search terms
• Cookies and similar tracking technologies

How We Use Your Information

We process your personal data for various purposes based on different legal bases. Here's how we use your data and the legal basis for each use:

Service Provision (Contract Performance)

• Provide IT services and technical support
• Process and respond to your enquiries
• Manage client relationships and project delivery
• Process payments and maintain billing records

Legitimate Business Interests

• Improve our website and services
• Conduct market research and analysis
• Prevent fraud and ensure security
• Develop new products and services

Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Maintain records as required by law

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With trusted service providers who assist in operating our business
• When required by law or legal process
• To protect our rights, property, or safety
• With your explicit consent
• In connection with a business transfer or merger

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our data retention periods are based on business needs and legal requirements:

• Contact enquiries: 3 years from last contact
• Client data: 7 years after contract termination
• Website analytics: 26 months
• Marketing data: Until consent is withdrawn
• Legal records: As required by applicable law

Your Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have several rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses
• Binding Corporate Rules
• Your explicit consent

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection
• Incident response procedures

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws. In Germany, you can contact: