GDPR Compliance

Last Updated: January 2024

Our GDPR Commitment

Nova Apply is committed to compliance with the General Data Protection Regulation (GDPR) and protecting the rights of individuals in the European Economic Area (EEA) regarding their personal data.

Legal Basis for Processing

We process personal data based on: consent for marketing communications, contractual necessity for booking fulfillment, legal obligations for record-keeping, and legitimate interests for service improvement.

Your Rights Under GDPR

You have the right to access your data, rectify inaccurate information, erase your data (right to be forgotten), restrict processing, data portability, and object to processing. You may also withdraw consent at any time.

Data Protection Measures

We implement technical and organizational measures including encryption, access controls, regular security assessments, staff training, and data minimization principles to protect your personal information.

International Data Transfers

If we transfer data outside the EEA, we ensure adequate protections through standard contractual clauses, adequacy decisions, or other approved mechanisms under GDPR.

Data Retention

We retain personal data only as long as necessary for the purposes collected or as required by law. Booking data is retained for 7 years for legal compliance; marketing data until consent is withdrawn.

Right to Be Forgotten

You may request deletion of your personal data. We will comply unless legal obligations require retention. Contact [email protected] to exercise this right.

Data Portability

You have the right to receive your personal data in a structured, machine-readable format and transmit it to another controller.

Automated Decision Making

We do not use automated decision-making or profiling that produces legal or significant effects without human intervention.

How to Exercise Your Rights

To exercise any GDPR rights, email [email protected] with your request. We will respond within 30 days and may request verification of your identity.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

Data Request Form

Use our contact form to submit requests for data access, correction, deletion, portability, or objection to processing.