Novoville
Website and App Privacy Policy
1. Who We are
1.1. Novoville Limited, a company incorporated in England and Wales with registration number 10313940 and registered address at 46 Aldgate High Street, London EC3N 1AL including its wholly owned subsidiary, Novoville Limited Greek Branch (29 Antinoros Str, 11634-Athens, Greece and Kountouriotou 21, 38333-Volos, Greece) is a leading global provider of software solutions that helps public sector organisations accelerate digital transformation and offer better digital services to citizens(hereinafter “Novoville”, “the Company”, “The Organisation”,“We”, “Our” “Us”).
1.2. We are committed to protect and respect your privacy and ensure compliance with the way We collect, process and use information including personal data.
1.3. This Privacy Policy aims to give you information on how Novoville collects and processes your personal data through your use of Our website (https://www.novoville.com/) (“Our Site”), Our app (being the environment in which Our products, services operate) (“Novoville app”) and Our services (under exception of Our service Share the Repair Module, for details on how We collect data in this Module please see section [ ], including any data you may provide through Our Site or the Novoville app, when you sign up to Our newsletter, or use, purchase or interact with one of Our products or services. It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy We may provide on specific occasions when We are collecting, or processing, personal data about you, so that you are fully aware of how and why We are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
1.4. Please read this Privacy Policy carefully and ensure that you understand it. If you do not accept and agree with this Privacy Policy, you must stop using Our Site or the Novoville app immediately.
2. Your Rights
2.1. As a data subject, you have the following rights under The Data Protection Act 2018, any legislation which succeeds that Act and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (the “UK GDPR”), as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and all other laws governing data protection whether now or in the future in force (including EU Regulation 2016/679 General Data Protection Regulation where applicable to the processing and storage and retention of EU citizen’s data) (“Privacy Legislation”), which this policy and Our use of personal data have been designed to uphold:
2.1.1. The right to be informed about Our collection and use of personal data;
2.1.2. The right of access to the personal data We hold about you;
2.1.3. The right to rectification if any personal data We hold about you is inaccurate or incomplete;
2.1.4. The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, but if you would like Us to delete it sooner, please contact Us using the details in section 17);
2.1.5. The right to restrict (i.e. prevent) the processing of your personal data;
2.1.6. The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
2.1.7. The right to object to Us using your personal data for particular purposes; and
2.1.8. Rights with respect to automated decision making and profiling.
2.2. If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 19 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office details of which can be found here https://ico.org.uk/.
2.3. For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
3. Our work as a supplier for Local Government and their affiliates
3.1. In terms this policy the words “Data Controller” and “Data Processor” shall have the meanings set out in the Privacy Legislation.
3.2. Novoville is a supplier to many local authorities, local governments and other clients (“Local Authorities”), providing software and services to enable Local Authorities to provide services to customers, businesses and individuals. For example, Novoville supplies software which enables Local Authorities to provide and facilitate volunteering opportunities and services, but it is the Local Authority who is responsible for such opportunities and services.
3.3. Whenever Novoville is providing software and services to Local Authorities, the Local Authority is the Data Controller who decides what data is being collected and processed, the purposes of that processing and the lawful basis of that processing. And the Local Authority is responsible for communicating that information to users of the software and services, and to any other persons whose data is collected and processed by the Local Authority via friends, family or other intermediaries. Therefore, if you have any questions or concerns about the collection or processing of personal data by a Local Authority (even where that makes use of Novoville’s products and services), you should contact the relevant Local Authority as indicated in their Privacy Policy. The Local Authority is also the Data Controller for the personal data of employees of the Local Authority or any others using the Novoville software on behalf of the Local Authority.
3.4. In such cases, Novoville’s role is as a Data Processor, acting on the instructions of the Local Authority.
4. Novoville as a Data Controller
4.1. When you use the Novoville app you are able to select a Local Authority. If you select a Local Authority which is not a client of Novoville, Novoville is a Data Controller for any data collected.
4.2. Novoville also acts as a Data Controller where Novoville collects and processes personal data for Our own purposes, such as improving Our products and services.
4.3. Novoville also acts as a Data Controller for certain services available through the Novoville app, such as the Shared Repairs module. The Shared Repairs module is covered under a different and dedicated set of terms and conditions and a dedicated privacy policy, available when accessing the Novoville Shared Repairs Module.
4.4. For any data and privacy related matters, queries or enquiries about Novoville collecting and processing this data, please contact Us by email at: privacy@novoville.com.
5. Type of personal data We collect
5.1. Novoville only collects data required to perform its services. We collect personal information that you submit to Us voluntarily when you register with Us, when you use the NovovilleApp, or any of Our chatbot applications either directly or via third parties such as Facebook.
5.2. The following sections explain the types of personal data We collect and process when you use different parts of Our Site, the Novoville App and Our products and services.
Novoville App (online mobile app, web-app and related web-forms)
5.3. When you register on the Novoville app on the web or mobile, you will be asked to complete a signup form which collects your name and your email address / password combination.
5.4. When you use the Novoville app you are able to select a Local Authority. If you select a Local Authority that is a client of Novoville and offers services through Novoville, Novoville will share your name, nickname (nickname is not personal information), email address and telephone number (telephone number is optional) with the Local Authority so that the Local Authority may provide services to you via the Novoville app. In this case, the Local Authority acts as Data Controller of any data, and any collection and use of data by the Local Authority will be under the Local Authority’s Privacy Policy which is available from the Local Authority. This could include data about your health and wellbeing if you are using the volunteering module (see below, Health and other sensitive data).
5.5. Some functionalities in the Novoville app collect your mobile telephone number and location information from your mobile or other location-aware device to enable a service to work, such as when you submit a problem report to your Local Authority. You have the option not to submit this data. If you don’t, some features may not work as expected, or may not be accessible at all.
5.6. If you login through a Facebook or Google account (single-sign on), We will receive some basic profile information. This does not include any information such as your interests, advertising preferences, or any data which you upload onto Facebook.
5.7. In order to enable PUSH notifications to your phone, your device ID will also be collected, but this remains masked by Apple and Google and We do not have access to it.
5.8. This information is required in order to access the services provided by your Local Authority on the Novoville app through Our mobile and web applications, or to access the services provided directly by Novoville on the Novoville app, such as the Shared Repairs Module. The information will not be re-used for an incompatible purpose to Our scope of Our services as described in the Terms and Conditions.
5.9. You are responsible for maintaining the confidentiality of your password and account.
Dashboard
5.10. Dashboard users (users of the Novoville app authorised by the Local Authority) can be onboarded by a Novoville employee or an employee of a registered Local Authority.
5.11. Dashboard users are asked for a full name, title and email. They are then provided with a user name and a password.
5.12. Dashboard users and the Local Authorities are responsible for maintaining the confidentiality of Dashboard user passwords and accounts.
Chatbot
5.13. Registration with an email and password is not required to use Our chatbot on Our Site/ the Novoville app. A Facebook account is required to access Our chatbot from within Facebook.
5.14. Where you use Our chatbot applications, We may ask you various pre-programmed questions agreed with Our clients (such as your Local Authority). These questions may relate to the services provided to you by Our client, your relationship with Our client, and other issues that may affect you. This information is for the use and benefit of Our client (and ultimately the end user, you). We will collect your answers to these questions, along with details about you that you choose to submit such as your age range, gender and disability. If you provide other information that may constitute personal data that We have not asked you for, We will promptly delete such information. Where you interact with such applications via third parties such as Facebook, We will not have any access to your account details, which will not be made available to Us by that third party.
Correspondence, feedback
5.15. We may also collect feedback, comments and questions received from you in service-related communication and activities, such as meetings, phone calls, documents, and emails.
Technical/usage information
5.16. From Our Site , We may collect IP-addresses and details of actions taken on the site. We also collect device type and unique identifiers when you use Our mobile application, We use this information for the sole purpose of providing you with the most up to date application and features.
Health and other sensitive data
5.17. Our Get Volunteering module, polls functionality and chatbot functionality could enable Local Authorities to collect and process health and other sensitive information. If a Local Authority does so, it is responsible for ensuring that such collection and processing is lawful. See the section above: “Our work as a supplier for Local Government and their affiliates”.
5.18. When the Local Authority acts as a Data Controller, Novoville does not collect or process any sensitive personal data including any special categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life or genetic data, and biometric data where processed to uniquely identify an individual.
5.19. Please note that there may be certain sensitive information you provide if you are using one of Our chatbot applications, but this information is anonymised.
Financial Data
5.20. Novoville may collect financial data in the Shared Repairs module, which is turned on on demand by Our local authority client, and which a user is under no obligation to use. The Shared Repairs module is covered under a different and dedicated set of terms and a dedicated privacy policy, available when accessing the Shared Repairs module.
6. When We collect personal data
6.1. Depending upon your use of Our Site, and the Novoville app, We may collect some or all personal and non-personal data under the following circumstances: When users of the Novoville app Novoville appuse Our services/products.
6.2. Where individuals interact with Our products and services such as Our Novoville app, dashboard and chatbot application directly or via third party platforms (such as Facebook). See above for further details of the types of data We collect and process through these methods.
6.3. When you interact with Us in person, through correspondence, by email, by phone, by social media, via Our support system or through Our website contact forms.
6.4. When We collect personal information from other legitimate sources, such as third-party data aggregators, organisation marketing partners, public sources or social networks. We only use this data if you have given your consent to them to share your personal data with others.
6.5. We may collect personal data if it is considered that We have a legitimate interest, and if this interest is not overridden by your privacy interests. Before data is collected We make sure an assessment is made, ensuring that there is an established mutual interest between you and the organisation.
6.6. We may collect personal data about employees of Our suppliers and partners during the course of Our working relationship with them.
7. Why We collect personal data
7.1. We collect and use personal data mainly to provide Novoville app services to users and clients, generally to perform direct sales, direct marketing and customer service.
8. We may use your information for the following purposes:
8.1. We may use information collected through one of Our chatbot applications in the course of providing services to Our clients. Such information will be anonymised and aggregated such that it is no longer personal data before We use it or provide it to Our clients. We may send you subsequent messages via the chatbot to update you or to let you know that a consultation has been published in connection with the information you and others have provided. The “chathead” through which We have communicated with you will remain open for around one month after We contacted you. Our lawful basis for contacting you and collecting such data is your consent. Once We have collected such data, as it will be anonymised and aggregated, no lawful basis is required for its subsequent use.
8.2. – Where We collect information provided by you, We may use it to provide you with an enhanced experience when using the Novoville app (mobile apps, web app). We use this information to closely monitor which features of the Novoville app are used most, to allow you to report a problem to your local authority, to submit a service request, to view your requests history, view any promotions We may currently be running, read important announcements or alerts, and to determine which features We need to focus on improving, including usage patterns and geographic locations to determine where We should offer or focus services, features and/or resources, to send sms, email and/or push notification for confirming that your request has been resolved. Our lawful basis for processing your data in this way is Our legitimate interest in improving and enhancing Our products and services. We use the mobile information collected so that We are able to serve you the correct app version depending on your device type and for troubleshooting. Our lawful basis for processing your data in this way is Our legitimate interest in making Our products, applications, and services available to you and ensuring that they work correctly.
8.3. – We may also use your personal information to create anonymous information records by excluding information that makes the information personally identifiable to you. Our lawful basis for processing your data in this way is Our legitimate interest in anonymising your information so that it can be aggregated and incorporated into Our records without being able to identify you.
8.4. We may send you marketing communications which you have requested. These may include information about Our products and services, events, activities, customer success stories, case studies, and promotions of Our associated partners’ products and services. This communication is subscription based and requires your consent.
–
8.5. We may send you information about the products and services that you have purchased from Us. Our lawful basis for this processing is performing Our contract with you.
–
8.6. We may perform direct sales activities in cases where legitimate and mutual interest is established.
–
8.7. We may reply to a ‘Request info’ or other web forms you have completed on Our website. Our lawful basis for this processing is Our legitimate interest in responding to your enquiry.
–
8.8. We may follow up on incoming requests (customer support, emails, chats, or phone calls). Our lawful basis for this processing is Our legitimate interest in responding to your enquiry.
–
8.9. We may provide you with access and services related to the Novoville app. Our lawful basis for this processing is performing Our contract with you.
–
8.10. We may perform contractual obligations such as order confirmation, license details, invoice, reminders, and similar. The contract may be with the organisation directly or with a Novoville partner. Our lawful basis for this processing is performing Our contract with you.
–
8.11. We may notify you about any disruptions to Our services (system messages). Our lawful basis for this processing is Our legitimate interest in managing Our services, products and platforms and keeping Our customers updated with issues.
–
8.12. We may contact you to conduct surveys about your opinion on Our products and services and in relation to Our use of Novoville app. Our lawful basis for this processing is Our legitimate interest in gathering useful feedback on Our products and services so that We may improve them.
9. Your rights to your personal data
You have the following rights with respect to your personal data:
9.1. – The right to request a copy of your personal data that the organisation holds about you.
9.2. The right to request that the organisation corrects your personal data if inaccurate or out of date.
–
9.3. The right to request that your personal data is deleted where there is no good reason for Us continuing to process it. You also have the right to ask Us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where We may have processed your information unlawfully or where We are required to erase your personal data to comply with local law. Note, however, that We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
9.4. To delete your account for any of the aforementioned reasons, email Us from your Νovoville account email address at privacy@novoville.com with the subject “Forget Me”. Add any further information you would like to convey on the body of the email (this is not necessary). When your email address is verified by Us, you will be sent a final email about the result of your decision and requested to reply YES in the email body in order to verify your decision to delete your account. Your account will then be deactivated within 72 hours and permanently deleted within 2 weeks from the deletion verification.
9.5. The right to withdraw any consent to personal data processing at any time. For example, your consent to receive e-marketing communications:
9.5.1. Novoville manages its email opt-ins on the basis that customers, potential customers and any third parties (individuals or other organisations) who request to receive promotional material from Us have provided express consent in a freely given, specific, informed, and unambiguous way, which is reinforced by a clear affirmative action. If you want to withdraw your consent to e-marketing, please make use of the link to manage your subscriptions included in Our communication, this allows users to manage their email preferences (whether for example, in relation to product information, invitations, promotions, press releases and urgent messages) and includes an ‘unsubscribe link’.
9.5.2. Novoville therefore asks all visitors to Our website to specifically opt-in to newsletters, promotions or other communications by ticking a sign up box and confirming agreement to any terms that may be applicable as well as the content of this Privacy Policy.
9.5.3. Please note that you may still receive system messages and administrative communications from Us, such as order confirmations, system messages and notifications about your account activities.
9.6. – The right to request that the organisation provides you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data Data Controller when the processing is based on consent or contract.
–
9.7. The right to request a restriction on further data processing. This enables you to ask Us to suspend the processing of your personal data in the following scenarios:
1. If you want Us to establish the data’s accuracy.
2. Where Our use of the data is unlawful but you do not want Us to erase it.
3. Where you need Us to hold the data even if We no longer require it as you need it to establish, exercise or defend legal claims.
4. You have objected to Our use of your data but We need to verify whether We have overriding legitimate grounds to use it.
9.8. The right to object to the processing of personal data, in cases where Our data processing has been based on a legitimate interest, and/or where Our processing is for direct marketing purposes.
9.9. Any request or query about your privacy rights should be sent to: privacy@novoville.com
9.10. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We could refuse to comply with your request in these circumstances.
9.11. We may need to request specific information from you to help Us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response. We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if your request is particularly complex or you have made a number of requests. In this case, We will notify you and keep you updated.
10. How We share Personal Information with other parties
10.1. In addition to the ways We share personal information with authorised Local Authorities (as per Our terms of service: https://novoville.com/terms-and-conditions), We may share your personal information with other third parties in the following manners:
10.2. – Service providers under contract with Us who help with parts of Our business operations (e.g. marketing, technology services), though We require that these service providers only use your information in connection with the services they perform for Us and not for their own benefit;
–
10.2.1. To a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in which case We will require Our Affiliates to honour this privacy statement;
–
10.2.2. To a company that merges with Us, acquires Us, or purchases Our assets, in which case such company may continue to process your personal information as set forth in this privacy statement;
–
10.2.3. Law enforcement, government officials, or other third parties when
A. We are compelled to do so by a court order or similar legal procedure
B. We need to do so to comply with the law
C. We believe in good faith that We need this information to protect or defend Our rights or property or users of Our products, platform, software or other services.
–
10.2.4. Other third parties with your consent or where We are directed to do so.
10.2.5. We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.
10.2.6. In the event that any of your data is to be transferred in such a manner, you may not be contacted in advance and informed of the changes.
10.3. Except as set forth above, We do not sell, share, rent or trade your personal information or geo-location information other than as disclosed within this privacy statement. We sometimes use data from the Novoville app, or share it with trusted third parties, for research. This data is completely anonymised and contains no identifying details such as names, email addresses or the content.
11. Third Party Applications
11.1. Facebook and Google: You may decide to register or sign in to the Novoville app through Facebook or Google login. In this case you authorise the relevant Facebook/Google authentication service to provide Us with the following personal details: name, email, age range, Facebook/Google ID, timezone.
11.2. Google maps and Mapbox: Novoville uses Google maps API and Mapbox API to perform different tasks, such as receiving location data such as the name of a road (Google), or displaying a map when requested (Mapbox). We provide only location data to Google and Mapbox according to GDPR clause 6.1.
12. The use of cookies and beacons
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies We use, please see: https://www.novoville.com/cookie-policy/
13. Third-party Service Providers working on Our behalf
13.1. We may pass your information on to Our partners, distributors, agents, subcontractors and other associated organisations with the purpose of providing services to you on Our behalf.
13.2. If required by law: We will disclose your personal information if required by law or if We, as an organisation, reasonably believe that disclosure is necessary to protect Our organisation’s rights and/or to comply with a judicial proceeding, court order or legal process. However, We will do what We can to ensure that your privacy rights continue to be protected.
14. Use of subcontractors (processors and sub-processors)
14.1. We may use subcontractors to process personal data on your behalf, (e.g. for platform management and hosting services We provide) We are responsible for making sure they commit themselves to adhere to applicable data protection legislation by entering into data processing agreements with them.
15. International Transfers
15.1. We do not currently transfer your personal data outside the European Economic Area (EEA) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein) or the United Kingdom.
15.2. If in the future We were to transfer your personal data out of the EEA or the UK, We would ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or any body governing data protection within the UK.
2. Where We use certain service providers, We may use specific contracts approved by the European Commission or any body governing data protection within the UK which give personal data the same protection it has in Europe.
3. Where We use providers based in the US, We may transfer data to them if they are part of the Privacy Shield (or any alternative scheme permitting transfers of personal data from the UK to the US) which requires them to provide similar protection to personal data shared between Europe and the US.
15.3. Please contact Us if you want further information on the specific mechanism used by Us when transferring your personal data out of the EEA or the UK.
16. Data Security
16.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on Our instructions and they are subject to a duty of confidentiality.
16.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so.
17. Data Retention
17.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation in respect to Our relationship with you.
17.2. To determine the appropriate retention period for personal data, We consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
17.3. By law We have to keep basic information about Our customers for six years after they cease being customers for tax purposes. If you are employed by one of Our customers, We may keep your personal data for the duration of Our time providing services to your employer organisation, or longer, if necessary.
17.4. In some circumstances you can ask Us to delete your data: see your legal rights below for further information.
17.5. Where We collect your data through one of Our products, platforms or via a third-party platform (such as Facebook), We will anonymise any data collected that We hold about you. Any data We receive from third parties such as Facebook is deleted around 2 months after the initial engagement (although note that We will retain anonymised, aggregated data derived from the engagement).
18. Changes to this Privacy Notice
18.1. Novoville reserves the right to amend this Privacy Policy at any time. The applicable version will always be found on Our website. We encourage you to check this Privacy Policy occasionally to ensure that you are happy with any changes.
18.2. If We make changes that significantly alter Our privacy practices, We will notify you by email or post a notice on Our websites prior to the change taking effect.
19. Your right to complain
19.1. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact Us in the first instance, by emailing: privacy@novoville.com