Privacy Policy
Company Details:
Nova Health Lda
NIPC: 518 699 145
Email: info@novahealth.pro
Website: www.novahealth.pro
Portugal
1. Introduction
Nova Health Lda operates www.novahealth.pro. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal data when you visit our website or engage our services. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR, UK GDPR, and similar privacy frameworks globally.
2. Data We Collect
2.1 Information You Provide Directly
Website contact and inquiry forms may collect name, email address, phone number, company, job title, role, message content, preferred contact method, and availability. Service engagements may collect name, email, address, company details, billing information, educational background, professional experience, qualifications, payment confirmations, project briefs, organizational data, consultation information, feedback, and testimonials. Training product purchases may collect account registration details, billing and shipping address, learning progress, course completion data, assessments, and quiz responses. Communications may include email correspondence, meeting notes, call recordings with consent, support inquiries, webinar participation, and event participation.
2.2 Information Collected Automatically
We may collect website usage data such as pages visited, time spent, clicks, navigation patterns, referral source, and user flow. We may collect device and technical data including IP address, browser type and version, operating system, device identifiers, screen resolution, language settings, and access timestamps. Cookies and tracking technologies may include session cookies, analytics cookies, marketing cookies where consent is given, tracking pixels, and web beacons.
2.3 Data from Third Parties
We may receive transaction confirmations from payment processors, delivery and engagement data from email service providers, inquiry and lead data from CRM systems, aggregated analytics from Google Analytics and similar platforms, and public information from LinkedIn, company websites, professional directories, or other public sources where relevant for business development.
3. Legal Basis for Processing
We process personal data based on contractual necessity, consent, legitimate interests, legal compliance, and protection of vital interests. These grounds cover service delivery, training products, marketing consent, cookies, business development, analytics, fraud prevention, tax obligations, financial obligations, regulatory obligations, and emergency protection.
4. How We Use Your Data
We use personal data for service delivery, lead management, business development, communication, proposals, invoices, service updates, confirmations, support responses, marketing and outreach with consent, analytics and insights, training and compliance, personalization, financial management, legal compliance, fraud prevention, enforcing terms, and protecting rights.
5. Data Sharing and Disclosure
We may share personal data with trusted processors including payment processors such as banks, PayPal, and Stripe; email and communication services; CRM and lead management systems; cloud hosting and storage providers; analytics providers such as Google Analytics; accountants, legal advisors, and consultants. Processors are bound by data processing agreements, confidentiality, and security requirements.
For consulting projects, confidential engagement data is protected by confidentiality agreements and NDAs, limited disclosure to project team members with a need to know, and secure handling protocols. We may disclose personal data when required by law, court order, government request, terms enforcement, fraud or security protection, or protection of rights, property, or safety. If Nova Health Lda is acquired, merged, or undergoes asset sale, personal data may transfer as part of that transaction. We do not sell personal data to third parties for marketing purposes without explicit consent.
6. Cookies and Tracking Technologies
We use essential cookies for functionality, authentication, security, and session management; analytics cookies for usage patterns and behavior; preference cookies for settings, language, and customization; and marketing cookies for conversions, campaign effectiveness, and retargeting where consent is given.
When you first visit the website, we display a cookie consent banner. You can accept all cookies, accept only essential cookies, customize preferences, and view cookie details. Third-party providers such as Google Analytics, Stripe, PayPal, and marketing platforms may place their own cookies governed by their privacy policies. Most browsers allow you to block, delete, or manage cookies, though disabling essential cookies may affect website functionality.
7. Your Rights
Under GDPR and similar privacy laws, you may have the right of access, rectification, erasure, restriction of processing, data portability, objection, withdrawal of consent, and rights related to automated decision-making and profiling.
To exercise these rights, contact info@novahealth.pro with the subject "Data Subject Request" and specify the right requested. Include your name, email address, request details, and any relevant account or transaction information. We will respond within 30 days, extendable to 60 days for complex requests, and may request identity verification.
8. Data Retention
Inactive inquiries are retained for 3 years unless deletion is requested sooner. Opted-out users are removed from marketing lists but retained for 1 year for compliance and fraud prevention. Contact form data is retained for 2 years for lead management and follow-up unless deletion is requested.
Active engagement data is retained throughout service delivery and up to 3 years after completion. Project deliverables and communications are retained for 3 to 5 years. Confidential engagement data is retained according to the confidentiality agreement, typically 3 years post-engagement. Invoices and payment records are retained for 7 years to comply with Portuguese tax law. Billing information is retained for the contractual relationship plus 7 years.
Course enrollment and completion data is retained for the subscription duration plus 1 year. Learning progress and assessments are retained for 2 years after completion. Account data is anonymized within 30 days after deletion unless legally required to retain. Google Analytics data follows Google's default retention policy, marketing cookies may be retained for up to 24 months, and session cookies are deleted when you log out or close your browser. Legal holds may extend retention.
9. International Data Transfers
Nova Health Lda operates globally and serves international clients. Personal data may be transferred to, processed in, and stored in countries outside the EU or EEA, and may be accessed by team members or service providers in multiple jurisdictions. Where transfers occur outside the EEA without equivalent protection, we use safeguards such as Standard Contractual Clauses, adequacy decisions, and explicit consent where required. For information about transfer mechanisms, contact info@novahealth.pro.
10. Security
We implement technical and organizational measures including HTTPS and TLS encryption in transit, AES-256 encryption for sensitive data at rest, authentication, multi-factor authentication where appropriate, role-based access, audit logs, data minimization, regular security assessments, staff training, and incident response procedures.
No system is completely secure. You are responsible for maintaining the confidentiality of login credentials. In the event of a confirmed personal data breach, we will investigate, assess impact, notify affected individuals and relevant authorities within 72 hours where required, provide breach information and mitigation steps, and offer support where appropriate.
11. Third-Party Links and Services
The website may contain links to third-party websites, applications, and services such as LinkedIn and Stripe. We are not responsible for their privacy practices and encourage you to review their privacy policies.
12. Children's Privacy
The website and services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it and terminate access. Parents or guardians should contact info@novahealth.pro if they believe a child has provided data.
13. California Privacy Rights
California residents may have rights under CCPA and CPRA, including the right to know, delete, correct, opt out of sale or sharing for cross-context behavioral advertising, limit use of sensitive personal data, and non-discrimination. To exercise these rights, contact info@novahealth.pro with "CCPA Request" in the subject line. Requests will be processed within 45 days.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in practices, technology, law, or other factors. Material changes will be notified via email or posted on the website with an effective date notice. Continued use after changes constitutes acceptance.
15. Contact Us
For questions, rights requests, or privacy concerns, contact Nova Health Lda at info@novahealth.pro. Website: www.novahealth.pro. NIPC: 518 699 145. Portugal.
Data protection authorities include Portugal CNPD at www.cnpd.pt, the EU Data Protection Board at https://edpb.ec.europa.eu, and your member state's authority if you are in the EU or EEA. You may lodge a complaint with your local data protection authority without penalty.
© Nova Health Lda. All rights reserved.