In this Privacy Policy, the words “our,” “us,” “we,” and “NovaSync” refer to NovaSync LLC, an Utah limited liability company and our affiliate entities. “NovaSync” refers to NovaSync’s website and Governance, Risk and Compliance (GRC) Software Platform and the modules available.
This Privacy Policy provides information on how NovaSync collects, protects, uses, and removes your data.
Overview
NovaSync collects and uses information for the following purposes:
- Contact information, in order to deliver requested marketing content and market its services;
- Login information and usage information regarding NovaSync, in order to validate NovaSync licenses and optimize its performance.
NovaSync does not use information for any purpose not described herein. If we process data for additional purposes in the future, such purposes shall be consistent with the purposes for which the data was originally collected. Otherwise, we will notify you of new purposes for processing and provide you the opportunity to opt out.
In addition, NovaSync does not sell or disclose your data to third parties for marketing purposes. All third parties to whom disclosures may be made are disclosed in the section of this Policy titled “HOW WE SHARE DATA.”
Types of Data Processed
The information we collect from you depends on the nature of your relationship with us, as well as whether we are a controller or processor. The information we collect may include Contact Information, Login Information, Usage Information, or Business-related Information as detailed below. Collectively, these types of information may be referred to as “Personal Data” herein.
Controller
Contact Information
For the purposes of this Privacy Policy, “Contact Information” is information allowing NovaSync to contact you. This information may be requested in order to download one of our whitepapers or you may provide it in order to inquire regarding our services. In these cases, our lawful basis for processing your personal data is your consent.
Your contact information is also collected when you use NovaSync based on our legitimate interest of personalizing the services and providing accurate logging capabilities.
Login Information
Login information includes your username and password used to access NovaSync. Our legitimate interest in processing this data is to provide the NovaSync platform to our customers
Usage Information
Usage information is collected from various monitoring and analytics tools to fulfil our legitimate
interest of understanding your usage of the NovaSync platform. (See “Analytics and Tracking” below.)
Websites or Events:
We will use the information we collect via our Websites:
- To administer our Website, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- To improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
- For trend monitoring, marketing and advertising;
- For purposes made clear to you at the time you submit your information – for example, to fulfill your request for a demo, to provide you with access to one of our webinar’s or whitepaper’s or to provide you with information you have requested about our Services; andAs part of our efforts to keep our Website secure.
- Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g. when you request a demo).
Services
We may use the information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including to:
- Set up a user account,
- Provide, operate and maintain the Services;
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage our customers’ use of the Services, respond to inquires and comments and provide customer service and support;
- Send customers technical alerts, updates, security notifications, and administrative communicationsInvestigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and
- For any other purposes about which we notify customers and users.
We use your Personal Information in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities). You can exercise your rights regarding your personal information by contacting us.
Processor
Business-related Information
For the purposes of this Privacy Policy, “Business-related Information” is any information uploaded to NovaSync by an authorized user. NovaSync clients act as the controller for such data. NovaSync protects all data as described in the section “HOW WE KEEP YOUR INFORMATION SECURE.” However, it is the responsibility of authorized users to apply data masking procedures to the extent possible and to limit the data provided to only that which is requested. Users may lock a request containing Business-related Information in order to limit access to only those with a need to know.
You are not required to share the Personal Data that we request.
However, if you choose not to share such information, we will generally be unable to provide the NovaSync platform to you or interact with you regarding our services.
NovaSync will never collect more of your Personal Data than is necessary for the intended purpose of processing that information. If you feel any data collected is not necessary for the intended purpose, please notify our Chief Privacy Officer.
Please see the YOUR PRIVACY RIGHTS section below to learn more about how you can control the information NovaSync processes about you.
How We Share Data
Any data you provide may be shared with our affiliates in order to fulfil the purposes described herein. NovaSync will not disclose your data to third parties for direct marketing purposes.
Sharing with third party service providers.
NovaSync engages with the following subprocessors to process Personal Data. NovaSync has reviewed subprocessor security policies and appropriate certifications to ensure that the subprocessor protects Personal Data in accordance with NovaSync’s security standards.
| Subprocessor | Service | Data Location |
|---|---|---|
| Microsoft Azure | Cloud Infrastructure | United States |
| Microsoft O365 | Electronic Communication | United States |
| Hubspot | Marketing content | United States |
| Google Analytics | Website Analytics | United States |
Analytics and Tracking:
On some of our Websites, we also may utilize Google Analytics, a web analysis service provided by Google, to better understand your use of the Website and Services. Google Analytics collects information such as how often users visit the Websites, what pages they visit and what other sites they used prior to visiting. Google uses the data collected to track and examine the use of the Websites, to prepare reports on its activities and share them with other Google services. Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network.
Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.
Google offers an opt-out mechanism for the web available here
We use FullStory on the NovaSync platform. If you wish to prevent all websites using the FullStory Services to be able to record activity, you can opt-out of the FullStory Services. Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out. That means if you clear your browser cookies, you will have to opt-out again.
Engaging in corporate transactions.
Circumstances may arise where we may buy or sell assets or businesses as part of a sale, merger or change in control of NovaSync. In such transactions, we may disclose or transfer your information, in accordance with this Privacy Policy, to prospective or actual purchasers or receive your information from sellers. Any entity which buys us or part of our business will have the right to continue to use the information we have collected and stored, but only in the manner set out in this Privacy Policy.
Complying with law / protecting legal rights.
We may be required to disclose your information to comply with applicable laws (including laws outside of your country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection.
How We Keep Your Information Safe
The security of your personal information is important to us. We have implemented technical, organizational and administrative security measures to protect your information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction.
NovaSync has developed a comprehensive Information Security Policy to define security requirements for all personal information and preserve the confidentiality, integrity, and availability of personal information. The Information Security Policy, and all associated policies and procedures, are reviewed at least annually.
Technical measures to protect information include data encryption, access controls, and vulnerability management.
NovaSync defines security and privacy obligations for third party service providers, which providers must adhere to. A list of service providers is located above.
Storage and Retention of your Information
We will retain your Personal Data for as long as it is necessary to fulfil the purpose for which it was collected. We may also retain cached or archived copies of information provided to us. All data is encrypted in transit and encrypted at rest.
Your Privacy Rights
NovaSync provides the ability for you to exercise certain rights with respect to your personal data. Please be aware that, if you do not allow us to collect your information from you, we will generally be unable to provide the NovaSync platform to you or interact with you regarding our services.
Your choices. In accordance with applicable law, you may be entitled to exercise your rights and choices as follows:
- Access and Rectification. You may access and correct information in your NovaSync profile through the Settings module. In addition, you may review your NovaSync usage log through the same module. If other information about you is incorrect, or you would like to access your data, you may respond to the person contacting you to request correction. Your access will be limited to Contact Information held by NovaSync.
- Opt Out and Erasure. You may opt out of marketing solicitations at any time, as well as request erasure of your personal data provided to us. Please note that data collected for NovaSync’s legitimate interests is not permitted to be erased.
- Right to Object. You may object to processing of your personal data in cases where NovaSync relies on its legitimate interests to process your data. NovaSync has documented its legitimate interests and will provide them to you if you exercise this right.
- Data Portability. You are entitled to request copies of Personal Data that you have provided to us in a structured, commonly used and machine-readable format and/or request that this information be transmitted to another service provider (where technically feasible).
Privacy Relating to Minors
As a company focused on serving the needs of businesses, NovaSync does not promote or market its services to minors and we do not knowingly collect information from minors as defined by applicable law. If we discover we have received any Personal Data from a person under the age of 13 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible.
If you believe we have any information from or about anyone under the age of 13, please contact us.
Updates and How to Contact Us
From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or to reflect any changes in how we process information. Any changes to this Privacy Policy will be effective when we post the revised Privacy Policy on this website. The “Last Updated” section at the top of this Privacy Policy states when this Privacy Policy was last revised and serves as notice of the update. Your use of NovaSync provided following these changes means you accept the revised Privacy Policy.
Contact Us
If you believe your Personal Data has been used in a way that is not consistent with this Privacy Policy or your specified preferences, or if you have further questions related to this Privacy Policy, we encourage you to please contact our Privacy Team at the address below or by emailing: privacy@NovaSync.com
Written inquiries may be addressed to our Data Privacy Officer at:
Chief Privacy Officer
NovaSync
250 W Center St Suite 111
Provo, UT 84601