General Data Protection Regulation (GDPR) Privacy Notice
Last Updated: September 15, 2025
Norvexalumeo ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy rights. This GDPR Privacy Notice explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller Information
Norvexalumeo is the data controller responsible for your personal data. If you have any questions about this notice or our data practices, please contact us at:
Email: help@norvexalumeo.com
Website: norvexalumeo.com
2. Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Information You Provide Directly
Account Information: Name, email address, username, password, and profile details
Contact Information: Email address, phone number, mailing address
Payment Information: Billing address, payment method details (processed by third-party payment processors)
Communication Data: Information contained in correspondence, support requests, and feedback
User Content: Any content, files, or data you upload or create using our services
2.2 Information Collected Automatically
Technical Data: IP address, browser type, operating system, device information
Usage Data: Pages visited, features used, time spent, navigation patterns
Analytics Data: Performance metrics, error reports, system diagnostics
Cookie Data: Information collected through cookies and similar technologies
3. Legal Basis for Processing
We process your personal data under the following legal bases:
| Legal Basis | Purpose |
|---|---|
| Contract Performance | To provide services you have requested, process transactions, and manage your account |
| Legitimate Interests | To improve our services, prevent fraud, ensure security, and conduct business operations |
| Legal Obligation | To comply with applicable laws, regulations, and legal processes |
| Consent | For marketing communications and optional features where you have provided explicit consent |
4. How We Use Your Personal Data
We use your personal data for the following purposes:
Service Delivery: To provide, maintain, and improve our services and features
Account Management: To create and manage your account, authenticate access, and process requests
Communication: To send service notifications, updates, security alerts, and support messages
Customer Support: To respond to inquiries, resolve issues, and provide assistance
Payment Processing: To process transactions, manage billing, and prevent payment fraud
Analytics and Improvement: To analyze usage patterns, optimize performance, and develop new features
Security: To detect, prevent, and address security threats, fraud, and unauthorized activities
Marketing: To send promotional communications where you have consented (with opt-out available)
Legal Compliance: To comply with legal obligations and respond to lawful requests
5. Data Sharing and Disclosure
We may share your personal data with the following categories of recipients:
5.1 Service Providers
We engage third-party service providers who process data on our behalf for:
Cloud hosting and infrastructure services
Payment processing and transaction management
Customer support and communication tools
Analytics and performance monitoring
Marketing and email delivery services
Security and fraud prevention systems
All service providers are contractually bound to protect your data and use it only for specified purposes.
5.2 Business Transfers
If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.
5.3 Legal Requirements
We may disclose your data when required by law, legal process, or governmental request, or to protect our rights, property, safety, or that of our users.
5.4 With Your Consent
We may share your data with other parties when you have provided explicit consent for such sharing.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
Standard contractual clauses approved by regulatory authorities
Adequacy decisions recognizing equivalent data protection
Binding corporate rules for intra-group transfers
Certification schemes demonstrating adequate protection
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this notice, unless a longer retention period is required or permitted by law.
Retention periods vary based on:
Active Accounts: Data retained while your account remains active
Business Records: Financial and transaction data retained per legal requirements (typically 7 years)
Marketing Data: Retained until you withdraw consent or unsubscribe
Legal Obligations: Data retained to comply with applicable laws and regulations
Backup Systems: Data in backups deleted according to standard deletion cycles (typically 90 days)
After the retention period expires, we securely delete or anonymize your personal data.
8. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
8.1 Right of Access
You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.
8.2 Right to Rectification
You have the right to request correction of inaccurate personal data and completion of incomplete data.
8.3 Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data when:
The data is no longer necessary for the purposes it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
Deletion is required to comply with a legal obligation
8.4 Right to Restriction of Processing
You have the right to request restriction of processing when:
You contest the accuracy of the data
Processing is unlawful but you prefer restriction over deletion
We no longer need the data but you need it for legal claims
You have objected to processing pending verification of legitimate grounds
8.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
8.6 Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
8.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe our processing violates the GDPR.
9. Exercising Your Rights
To exercise any of your rights, please contact us at help@norvexalumeo.com with the subject line "GDPR Request."
When submitting a request, please include:
Your full name and email address associated with your account
The specific right you wish to exercise
Sufficient detail to identify the data concerned
Proof of identity if required for security purposes
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will notify you of the extension.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and store information. You can control cookies through your browser settings and opt-out of certain tracking. For detailed information, please review our Cookie Policy.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security assessments and monitoring
Employee training on data protection
Incident response and breach notification procedures
Regular backups and disaster recovery planning
While we take reasonable precautions, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.
13. Automated Decision-Making and Profiling
We may use automated decision-making and profiling in limited circumstances, such as fraud detection and personalization. You have the right to:
Obtain human intervention in the decision-making process
Express your point of view regarding the decision
Contest the decision
We will provide specific information about automated processing when it produces legal or similarly significant effects.
14. Third-Party Links
Our services may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy notices before providing any personal data.
15. Changes to This Notice
We may update this GDPR Privacy Notice periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:
Posting the updated notice on our website
Updating the "Last Updated" date
Sending email notification for significant changes
Obtaining consent where required by law
Your continued use of our services after changes become effective constitutes acceptance of the revised notice.
16. Contact Information
If you have questions, concerns, or requests regarding this GDPR Privacy Notice or our data practices, please contact us:
Email: help@norvexalumeo.com
Website: norvexalumeo.com
We are committed to resolving complaints and disputes regarding your personal data in accordance with GDPR principles.
17. Additional Information for Specific Processing Activities
17.1 Marketing Communications
We process your data for marketing purposes only with your consent. You may opt out at any time by:
Clicking unsubscribe links in marketing emails
Adjusting preferences in your account settings
Contacting us directly at help@norvexalumeo.com
17.2 Account Deletion
You may request deletion of your account at any time. Upon deletion:
Your account will be deactivated immediately
Personal data will be deleted within 30 days
Some data may be retained for legal or legitimate business purposes
Backup copies will be deleted according to standard deletion cycles
17.3 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.
This GDPR Privacy Notice is effective as of the last updated date and applies to all personal data processing activities conducted by Norvexalumeo.