Who are we?

We are Noventiq Azerbaijan, a company incorporated under the laws of the Republic of Azerbaijan, with its registered office at Nasimi district, 60 Bulubul ave., 3rd floor, Baku, Azerbaijan (hereinafter referred to as "Noventiq"), acting as owner of personal data.

What does this Privacy Notice cover?

This Privacy Notice applies to our public Noventiq-branded website and other online  services and will be available at: https://noventiq.az/. Some Noventiq websites, apps, or online services may collect and use personal information about you in a different way, so they will be subject to a different Noventiq Privacy Notice. We recommend that you review the applicable Privacy Notice available on those websites, apps, or online services. Our sites contain links to other sites that are not owned by Noventiq, and we have no control over the content or privacy practices of those sites.

Our websites and offerings are intended for people in their business or professional opportunities. They are not intended for children under the age of 16. We do not knowingly solicit information online from children under the age of 16 or sell it online.

For more information on Noventiq’s approach towards privacy and data protection please consult the group’s Data Protection Policy here.

Please note that for the purposes of this Privacy Notice, personal information means data or a set of data that can identify an individual, such as name, address, telephone number, and email address. See below what types of data we collect for a specific purpose.

What personal data do we collect and how do we intend to use it?

Personal data collected for marketing purposes (contacting you by e-mail or telephone to offer services, news, or register for events)

• Type of data: name, e-mail, phone number.
• Purpose: To promote us or our services and products.
• Legal basis: consent. You can unsubscribe at any time by clicking on the unsubscribe link available on all of our marketing platforms or by contacting us at the relevant contacts provided below.
• Data retention period: We will retain the data for as long as necessary to provide you with the information you have subscribed to.
• Source of data:  The data is provided by you directly through the subscription to our newsletter.
• Requirement to provide data and consequences of non-submission: fields are required for subscription, failure to provide such data will result in the inability to register for receiving the newsletter.

Data collected through webforms for event registration

• Type of personal data: business contact information, which may include name, e-mail, phone number, Company, job title, industry.
• Purpose: To register you for a specific event and provide you with the right information to participate in the event.
• Legal basis: consent.
• Retention period: We will store the data for as long as it is necessary to achieve the intended purpose.
• Data source: The data is provided by you directly by filling out a web form.
• Data Requirement and Consequences of Failure to Provide:  Some fields in our web forms are marked as mandatory for submitting such forms; failure to provide such data will result in the inability to submit the form and register for the event.

Data collected and when you contact us directly by email, phone or post:

• Type of data: Depending on the content and method of communication, this includes business contact information, the content of your message.
• Purpose: To provide you with the information you request and to answer your questions.
• Legal basis: consent.
• Retention period: We will store the data for as long as it is necessary to achieve the intended purpose.
• Source of Data:  Data is provided by you directly, through interactions with our company and websites, and from publicly available business information sources.
• Requirement for data and consequences of failure to provide: failure to provide such data will result in the impossibility of obtaining the necessary information.

Data collected through cookies and similar technologies (For more information, please refer  to the Cookie Policy) – When you visit our website, you will be provided with a customizable cookie consent tool to make such choices, which may be applicable:

• Type of data: IP address and related information, such as location and ISP, browser and content type, version and settings, content viewed, and activity.
• Purpose: To maintain our websites, to provide general statistics and to measure the effectiveness of our websites and marketing techniques, marketing.
• Legal basis: consent.
• Retention Period: For details on the expiration of cookies/similar technologies, please see our Cookie Policy.
• Data source: Data is obtained automatically when you use the website and from external parties such as Google Analytics.
• Data Requirement and Consequences of Failure to Provide: You are not required to provide any data yourself.

Data collected for KYC purposes

• Categories of data subjects: Beneficial owners, key controllers, directors and related parties purchasing goods and/or services from the controller;
• Type of data: full name, nationality, date of birth, method of managing the controllers' client;
• Objective: To know the customer's due diligence;
• Legal basis: consent;
• Retention Time: We will retain data for as long as necessary to fulfill the intended purpose, unless an ongoing legal claim, legal requirement, or applicable regulation, including but not limited to the applicable statute of limitations, justifies an additional retention period.
• Data source: We collect information from publicly available sources. These sources are in the public domain and reasonably available or available to us, such as public websites, regulatory websites, open government databases, exchanges, and public registries.

Data Collected for the Conclusion and Performance of Contracts for the Sale of Goods or Services

• Categories of data subjects:  representatives and employees of companies that purchase goods and/or services from the controller. Individuals who purchase goods and/or services from the controller.
• Type of  data: full name, email address, shipping address, phone number. Additionally for companies: company name, VAT number. The following data may be processed during order fulfillment: browsing history, payment method data, payment transaction IDs, payment methods and terms, IP address;
• Purpose: conclusion  and performance of contracts for the purchase and sale of goods or services;
• Legal basis: performance of a contract;
• Retention period: We will retain the data until the termination of the contract plus the applicable statute of limitations. Full name, address, identifiers of payment transaction information will be kept in accordance with applicable financial and accounting laws;
• Source  of data: the data is sent directly by you;
• Requirement for the provision of data and consequences of non-provision: All information requested is necessary for the conclusion and performance of the contract. Failure to provide such data will result in the impossibility of concluding and performing the said contract;
• Additional purpose: The data will be used for statistical purposes in order to better understand our customers and ensure the high quality of services and products.

Data collected for customer support

• Categories of data subjects:  employees of companies who require support, purchasing goods and/or services from the controller. Individuals purchasing goods and/or services from the controller;
• Type of data:  full name, email address, phone number, communication record, company name;
• Purpose:  To support customers on current contracts;
• Legal basis: consent;
• Retention period: We will retain the data until the termination of the contract plus until the end of the applicable limitation period. Call recordings will be retained for a maximum period of one year if an existing contract, legal action or legal requirement, or applicable rule - other than the statute of limitations - justifies further processing;
• Requirement to provide data and consequences of failure  to provide: All requested data is required by the customer support team. Failure to provide such data will result in a denial of the provision of said support;
• Additional purpose: The data will be used for statistical purposes in order to better understand our customers and ensure the high quality of services and products.

With whom we share your data?

We disclose your information to Noventiq employees from relevant teams, companies that process data on our behalf (hosting providers, mail system providers, service providers; tax and legal service providers, subcontractors performing customer service and logistics tasks, statistical, advertising and analytics service providers, payment service providers, independent third parties, when necessary (auditors, lawyers, inspection authorities) or based on your choices and actions (for example, when you ask us to send you a shipment or letter using a third-party supplier). Where necessary, your personal data may be transferred outside Azerbaijan if any of our subsidiaries, service providers or strategic partners ("overseas entities”) who are involved in Noventiq’s business are located in countries outside Azerbaijan. By providing your personal data to us and/or continuing access on this website, you declare that you have read and understood this Privacy Notice and you consent to us transferring your personal data outside Azerbaijan in these instances.

We may disclose your personal data if such disclosure is necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data if such disclosure is necessary to establish, exercise or defend a legal claim, whether in court proceedings or in an administrative or extrajudicial proceeding.

What are your rights?

• Right to withdraw your consent: You can unsubscribe at any time by clicking on the unsubscribe link available in all of our marketing communications, change your preferences in the cookie consent tool, or contact us at the relevant contacts provided below.
• Right to information and transparency: You have the right to be informed about how we process your personal data.
• Right of access – you have the right to know if any of your data we process and, in most cases, to receive a copy of it.
• Right to rectification. You have the right to request that we correct or supplement your data, as the case may be, on the basis of a supplementary request.
• Right to restriction of processing – you can ask us to restrict the processing of your personal data in certain cases.
• Right to erasure ("right to be forgotten") – In some cases, you have the right to request and receive deletion of your personal data.
• Right to data portability – in some cases, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request that we transfer it to another controller.
• Right to object to processing/Right to object to processing for direct marketing purposes: We will not make decisions about data subjects solely on the basis of automated processing.
• Right to lodge a complaint with the competent data protection authority – Ministry of Digital Development and Transport of the Republic of Azerbaijan: 77 Zarifa Aliyeva Street, Baku, e-mail: office@mincom.gov.az, tel.: +994 (012) 598-58-58.

You may exercise any of your rights in relation to your personal data by giving us written notice using the contact details provided below.

How do we safeguard your personal data?

We use a number of security measures to protect your personal information, which, based on the specific data we process and the risk that the processing activity may pose to your rights and freedoms, may be:

• Measures to ensure the continued confidentiality, integrity, availability and resiliency of processing systems and services;
• Measures to ensure that access to and access to personal data can be restored in a timely manner in the event of a physical or technical incident;
• Processes for regular testing, analysis and evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing;
• User identification and authorization measures;
• Measures to protect data in transit. Measures to protect data at rest;
• Pseudonymization and/or encryption of personal data;
• Measures to ensure the physical security of the places where personal data is processed;
• Measures to ensure system configuration, including default configuration;
• Measures for internal governance and management of IT and IT security;
• Certification/quality assurance measures for processes and products;
• Measures to ensure data minimization;
• Data quality assurance measures;
• Measures to ensure limited data retention;
• Accountability measures;
• Measures for early detection, management and elimination of incidents.

If you have an unresolved privacy or data use issue that we have not resolved satisfactorily, please report it through the contact details provided in the Speak UP Policy.

How can you contact us?

How do we keep this Privacy Notice updated?

We may update this Privacy Notice from time to time. If we make material changes, we will take steps to notify you of the change.

The date at the bottom of this Privacy Notice shows when it was last updated.

November 21^st, 2023