1. Introduction
At Novana Oy (“Novana”, “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with our website, business inquiries, and marketing communications.
We comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable Finnish data protection laws.
2. Who We Are
Company: Novana Oy
Address: c/o AAtsto Castren&Snellman Oy, PL 233, 00131 Helsinki, Finland
Email: johanna.lamminen@elisanet.fi
3. What Personal Data We Collect
We collect only the necessary personal data for our business purposes described in section 4 of this privacy policy. This may include:
3.1 Information You Provide to Us
- Website Contact Forms: Name, email address, phone number, company name (if applicable), and your message.
- Business Inquiries: Information exchanged via email, calls, or meetings. These may include your contact details, company name, your role and interests.
- Marketing Communications (if opted-in): Name, email, and preferences related to receiving updates from Novana.
3.2 Automatically Collected Data (Cookies & Analytics)
As of now, Novana does not use cookies or tracking technologies on its website. However, when you visit our website, we may collect:
- IP address, browser type, operating system, and general website interaction data (e.g., pages visited), for the purpose of ensuring security and optimizing website functionality.
If Novana decides to implement cookies or analytics tools in the future, this Privacy Policy will be updated accordingly, and users will be provided with appropriate notice and control options.
4. Why We Collect Your Data (Legal Basis)
| Purpose | Legal Basis (GDPR) |
|---|---|
| Responding to inquiries and to managing customer or prospect relations | Legitimate interest to offer and market our services |
| Sending marketing emails (only if opted in) | Consent, which you may at any time withdraw by unsubscribing the marketing email in accordance with the instructions below section 10 |
| Website analytics & improvements | Legitimate interest to secure and optimize our website and to market our services |
| Compliance with legal obligations (e.g., security, fraud prevention) | Legitimate interest to ensure the safety operations of the website and to respond legal claims |
5. How Long We Keep Your Data
We only retain personal data as long as necessary for the intended purpose:
- Contact form inquiries: Up to 12 months after the last communication.
- Marketing data: Until you withdraw your consent (unsubscribe). or for a maximum of 24 months from your last interaction with Novana, whichever occurs first. If you remain inactive for 24 months (e.g., no engagement with emails or website visits), your data will be securely deleted or anonymized.
- Website analytics data: Automatically anonymized after a 24 months.
After these retention periods, we securely delete or anonymize the data.
6. Who We Share Your Data With
We do not sell or rent personal data. However, we may share data with:
- Service providers (e.g., website hosting, email marketing tools) who help us operate our website and communications.
- Legal authorities if required to comply with the law.
Where your personal data is shared with third parties or with data processors (service providers), we, as the controller, will ensure that this is done in accordance with the GDPR and that, for example, the necessary processing agreements are in place with the processors..
7. International Data Transfers
We store data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses).
8. Your Rights Under GDPR
Under GDPR, you have the right to:
| Right | Description |
|---|---|
| Right to Access (Art. 15) | You have the right to receive confirmation from us on whether or not we are processing personal data that concerns you. We must provide you with a copy of the personal data being processed. As a rule, the exercise of rights is free of charge. |
| Right to Rectification (Art. 16) | You have the right to demand the rectification of inaccurate personal data concerning you and to have incomplete personal data completed. |
| Right to Erasure (Art. 17) | You have the right to have the us erase data concerning you. For example, when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. Right to erasure may be exercised when personal data is processed based on consent or legitimate interest. |
| Right to Restriction of Processing (Art. 18) | In certain cases, specified in Article 18 of the GDPR, you can request us to restrict the processing of personal data concerning you. The right to restriction exists for example, when the data subject contests the accuracy of the personal data. In such cases, the processing will be restricted for a period enabling the controller to verify the accuracy of the personal data. |
| Right to Data Portability (Art. 20) | You have the right to receive the personal data that you have provided to a us in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. Right to Data Portaility may be exercised when the processing is based on consent. |
| Right to Object (Art. 21) | In certain situations, you have the right to object to the processing of your personal data, i.e., to request we do not process it at all. If the data is processed for the performance of a task carried out for the purposes of the compelling legitimate interests pursued by us or a third party, you have the right to object to the processing on grounds relating to your particular situation. In such cases, the processing must be stopped unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
If the personal data is processed for direct marketing based on legitimate interest, you have the right to object at any time to the processing without any specific grounds, after which the data may no longer be processed for purposes of direct marketing (this includes profiling related to direct marketing). |
| Right to Withdraw Consent | If personal data is processed based on consent, you have the right to withdraw consent by informing us. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent. |
To exercise your rights, contact us at johanna.lamminen@elisanet.fi
If you believe your data is misused, you can lodge a complaint with the competent supervisory authority. The contact details of the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto) are:
Website: https://tietosuoja.fi/en/home
Email: tietosuoja@om.fi
Phone: +358 29 566 6700
9. Data Security
We implement industry-standard security measures to protect data from unauthorized access, loss, or misuse, including:
- Secure servers & encryption
- Limited access to personal data
- Regular security updates
10. Cookies & Website Analytics
Currently, Novana does not use cookies or tracking technologies on its website.
Should this change in the future, we will:
- Update this Privacy Policy to reflect any new use of cookies.
- Provide clear information on the types of cookies used and their purpose.
- Ensure users have the ability to manage cookie preferences before they are activated via a cookie banner.
If Novana implements non-essential cookies, such as analytics or marketing cookies, we will obtain user consent before processing any personal data related to website analytics.
Managing Cookie Preferences
If cookies are introduced, you will be able to:
- Accept, reject, or customize your cookie preferences via our cookie banner.
- Change your preferences at any time using the cookie settings link on our website.
- Manage cookies through your browser settings (for guidance, visit https://www.aboutcookies.org).
If you have any questions regarding data collection on our website, please contact us at johanna.lamminen@elisanet.fi
11. Updates to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be published on our website.
12. Contact Us
For questions or data requests, contact:
Novana Oy –
/o AAtsto Castren&Snellman Oy,
PL 233, 00131 Helsinki, Finland