Privacy Policy
Nova Globen AB
Organisation number: 559481-6935
VAT number: SE559481693501
Address: Mössebergsvägen 20, LGH 1002, 167 43 Bromma, Sweden
Email: info@nova-globen.se
Website: https://nova-globen.se/
This Privacy Policy explains how Nova Globen AB processes personal data when you visit our website, contact us, request a quote, apply for our Web Presence service, become a customer, or communicate with us.
Nova Globen AB is the data controller for the personal data described in this Privacy Policy, unless we state otherwise or act as a data processor under a separate Data Processing Agreement.
1. What personal data we process
1.1 Contact and inquiry data
When you contact us or submit a form, we may process:
- Name.
- Email address.
- Phone number, if provided.
- Company or project name.
- Message content.
- Preferred contact language.
- Technical metadata needed to receive, secure, and respond to the inquiry.
1.2 Web Presence application data
If you apply for the Web Presence service, we may process:
- Name and contact details.
- Customer type, such as individual, sole trader, company, or other.
- Business or project name.
- Country, city, and location information relevant to the requested website.
- Business registration, tax, or VAT details where applicable.
- Business or project description, industry, target audience, products, services, and visual preferences.
- Domain preference, existing domain information, and DNS or domain status.
- Website language preferences, content notes, logo and photo readiness, and example websites.
- Confirmation that you have accepted or acknowledged the relevant terms, privacy information, and domain-cost information.
Please do not submit sensitive personal data — such as health data, political opinions, religious beliefs, union membership, criminal-offence data, or identity documents — unless we specifically ask for them and there is a clear reason.
1.3 Customer, project, and billing data
If you become a customer, we may process:
- Contact details.
- Contract and order details.
- Project requirements and delivery communication.
- Website content and assets you provide.
- Domain registration and DNS information.
- Subscription status, payment references, invoices, and accounting records.
- Support, update, cancellation, and complaint records.
1.4 Website and security data
When you use our website, we may process limited technical data such as:
- IP address.
- Browser and device information.
- Date and time of request.
- Pages requested.
- Security and anti-spam signals.
- Logs needed to protect the website and investigate abuse.
2. Why we process personal data and our lawful bases
We process personal data only when we have a lawful basis under GDPR.
| Purpose | Lawful basis |
|---|---|
| Responding to messages and inquiries | Legitimate interest or steps before entering into a contract |
| Reviewing a Web Presence application and preparing a quote | Steps before entering into a contract |
| Providing services to customers | Contract |
| Handling payment, invoicing, VAT, bookkeeping, and tax obligations | Legal obligation and contract |
| Registering, configuring, or supporting domains and DNS | Contract |
| Sending service messages about an active request or subscription | Contract or legitimate interest |
| Securing the website, preventing spam, and detecting abuse | Legitimate interest |
| Improving our services and internal processes | Legitimate interest |
| Sending optional marketing messages | Consent, where required |
| Complying with legal claims, disputes, or authority requests | Legal obligation or legitimate interest |
Where we rely on legitimate interest, our interest is to operate, secure, improve, and communicate about our services in a way that does not override your rights and freedoms.
You may withdraw consent at any time where processing is based on consent. Withdrawing consent does not affect processing that took place before withdrawal or processing based on another lawful basis.
3. Payments
Payments, payment authorisations, subscriptions, and payment links may be handled by Revolut Business or another payment provider we clearly identify before payment.
Nova Globen AB does not collect or store full card numbers on its own website. Payment card details are handled by the payment provider. We may receive payment-related information such as payment status, transaction reference, customer name, email address, amount, currency, invoice information, and subscription status.
4. Domains and DNS
If you request domain support, we may process domain-related information, including:
- Requested domain names.
- Existing domain names.
- DNS verification status.
- Registrant and contact information required for domain registration, where applicable.
- Technical DNS records needed to connect the website.
Cloudflare or another registrar or DNS provider may process domain and DNS data according to their own terms and privacy information.
5. AI-assisted development
Nova Globen AB may use AI-assisted development tools to help draft website code, implementation instructions, design structure, or copy based on the information you provide.
When using AI-assisted tools, we aim to minimise personal data. We do not intentionally submit payment card details, identity documents, or sensitive personal data to AI tools. You should not provide sensitive personal data in the intake form or project materials unless specifically requested.
If your project requires confidential treatment beyond this standard workflow, please tell us before submitting detailed materials.
6. Processors and service providers
We use trusted service providers to operate our website and services. Depending on the service you request, these may include:
| Provider or category | Purpose |
|---|---|
| Microsoft Azure / Microsoft Ireland Operations Ltd | Hosting, Azure Static Web Apps, Azure Functions, Azure Communication Services, infrastructure, security |
| Revolut Business | Payment authorisation, subscriptions, payment links, payment records |
| Cloudflare | Domain registration, DNS, bot protection and Turnstile, domain availability checks |
| GitHub | Source code repositories and deployment workflows |
| AI tooling providers | AI-assisted code, content, and implementation drafting where used |
| File transfer or storage providers | Receiving logos, photos, and project files after a request is accepted |
| Email and communication providers | Sending and receiving service-related communication |
| Accounting or administrative tools | Bookkeeping, invoicing, tax, and administration |
We only share personal data when necessary for the purposes described in this Privacy Policy, when required by law, or when you have asked us to do so.
7. International transfers
Some providers may process personal data outside Sweden or the EU/EEA. Where personal data is transferred outside the EU/EEA, we aim to rely on appropriate safeguards, such as EU Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.
8. Retention
We keep personal data only as long as necessary for the purpose for which it was collected, unless a longer retention period is required by law.
| Data type | Typical retention |
|---|---|
| General inquiries that do not become customer relationships | Up to 90 days after the last communication, unless further follow-up is needed |
| Web Presence applications that are not accepted | Up to 90 days after the decision or last communication |
| Customer and project records | During the customer relationship and normally up to 24 months after it ends for support, dispute, and administration purposes |
| Website source files and assets managed by Nova Globen | During the subscription and normally up to 60 days after cancellation unless transfer, deletion, or legal retention applies |
| Payment, invoice, VAT, and accounting records | As long as required by Swedish accounting and tax law, normally 7 years after the end of the relevant financial year |
| Domain registration and DNS records | As long as needed to manage, renew, transfer, or document the domain relationship |
| Security logs | Normally up to 12 months, unless needed longer for security investigation or legal reasons |
We may retain limited information longer if necessary to establish, exercise, or defend legal claims.
9. Cookies, Turnstile, and similar technologies
Our website may use strictly necessary cookies or similar technologies to operate securely and prevent abuse.
If we use Cloudflare Turnstile or a similar anti-spam tool on forms, the tool may process technical information about your browser, device, and interaction with the form to determine whether the request is legitimate.
If we add analytics or non-essential cookies in the future, we will update this Privacy Policy and provide any required cookie notice or consent option.
10. Your rights
Depending on the situation and applicable law, you may have the right to:
- Request access to your personal data.
- Request correction of inaccurate data.
- Request deletion of your data.
- Request restriction of processing.
- Object to processing based on legitimate interest.
- Receive certain data in a structured, commonly used, machine-readable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority.
To exercise your rights, contact us at info@nova-globen.se.
We may need to verify your identity before responding to a request. Some data cannot be deleted immediately if we must keep it for legal, accounting, tax, security, or dispute-resolution reasons.
11. When Nova Globen acts as processor
For some business customers, Nova Globen AB may process personal data on behalf of the customer — for example when hosting or supporting a website that collects or displays personal data controlled by that customer.
In those cases, the customer is normally the data controller and Nova Globen AB is the data processor. A Data Processing Agreement may be required and can be provided where applicable.
12. UK residents
If you are located in the United Kingdom, this Privacy Policy applies to you under UK GDPR and the Data Protection Act 2018. The standards described in this policy apply equally to UK residents.
UK residents may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
13. Residents outside the EU/EEA and the UK
If you are located outside the EU/EEA and the United Kingdom, your local data protection and privacy laws may apply in addition to or instead of this policy. We aim to apply the same standards of care to all personal data we process, regardless of where you are located.
Nova Globen AB does not make specific compliance claims for laws such as the CCPA (California), LGPD (Brazil), PIPEDA (Canada), or the Australian Privacy Act until it has customers in those jurisdictions and has obtained local legal advice.
14. Contact and complaints
For privacy questions or requests, contact:
Nova Globen AB
Mössebergsvägen 20, LGH 1002
167 43 Bromma, Sweden
Email: info@nova-globen.se
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another competent data protection authority in your country of residence.
15. Changes to this Privacy Policy
We may update this Privacy Policy when our services, providers, legal obligations, or processing activities change. The latest version will be published on nova-globen.se with the review date shown at the top.