Privacy Policy

NVA Digital, a division of NVA d.o.o., Dunajska cesta 156, 1000 Ljubljana, Slovenia, acts as the data controller for personal information collected through our website and general inquiries. For active engagements, the data controller relationship is defined in your specific contract or MSA.

For general website usage and inquiries, we collect contact details, correspondence records, analytics derived from consented cookies, and contractual documentation. For active projects, data collection and processing are governed by your executed contract, which may include additional data types, sources, and handling procedures specific to your engagement.

• Contact information (name, email, company) from inquiry forms
• Analytics data from consented tracking cookies
• Correspondence records and communication history
• Contractual and project documentation (as per executed agreements)

We process general inquiry data to respond to inquiries, deliver contracted services, comply with legal obligations, and maintain security. For active engagements, data usage is explicitly defined in your contract, including any project-specific processing activities, third-party sharing, and data handling procedures. Your contract supersedes general policy terms.

• Responding to project inquiries and business communications
• Delivering contracted services as specified in agreements
• Compliance with legal and regulatory obligations
• Security monitoring and incident prevention

General inquiry information is retained only for the duration necessary to fulfil services or statutory requirements. For active engagements, retention periods, deletion schedules, and archival procedures are specified in your executed contract. Contract terms regarding data retention take precedence over this general policy.

• General inquiries: Retained until purpose fulfilment or legal requirement expiry
• Active projects: Retention defined in executed contract or MSA
• Legal holds: Extended retention as required by law or litigation
• Archive and deletion: Procedures specified in project agreements

Under GDPR and applicable law, you have rights to access, correction, deletion, portability, and restriction of processing. For active engagements, exercise of these rights and request procedures are defined in your contract. Email privacy@nva.si for general inquiries, or refer to your contract for project-specific procedures.

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ('right to be forgotten')
• Right to data portability
• Right to object to processing
• Right to restrict processing

We implement enterprise-grade security including private repositories, encrypted communication channels, and access logging. For active engagements, specific security measures, certifications, compliance requirements, and audit procedures are detailed in your executed contract. Contractual security provisions override general policy statements.

• End-to-end encryption for all communications
• Private, restricted-access repositories for project materials
• Access logging and audit trails
• Regular security assessments and updates
• ISO 27001 aligned practices and GDPR compliance