Who we are: NovaRock Technology ("we", "us", "our") is a technology company registered under the NovaRock Group, headquartered at Kurukshetra, Haryana, India – 136118. We are the data controller for personal information collected via this website and our services. Our data contact is tech@novarock.co.in.
Introduction
This Privacy Policy governs the collection, use, storage, and disclosure of personal information by NovaRock Technology. It applies to all visitors to our website, enquiry submitters, newsletter subscribers, and clients who engage our services.
By accessing our website or submitting your information via any form, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of our services and contact us to discuss your concerns.
This policy is drafted in compliance with the Information Technology Act, 2000 (India), the IT (Amendment) Act, 2008, the Digital Personal Data Protection Act, 2023 (DPDPA), and the General Data Protection Regulation (GDPR) where applicable to EU/EEA data subjects.
Data We Collect
We collect only the data necessary for the purposes outlined in this policy. The table below describes the categories of personal data we may collect.
| Category | Examples | How Collected |
|---|---|---|
| Identity Data | First name, last name, job title, company name | Contact form, email correspondence, client onboarding |
| Contact Data | Email address, phone number, postal address | Contact form, direct email, WhatsApp enquiry |
| Technical Data | IP address, browser type, OS, referring URL, pages visited | Google Analytics, server logs, cookies |
| Usage Data | Time on site, pages viewed, click patterns, session duration | Google Analytics (anonymised) |
| Communications Data | Content of messages sent via contact forms or email | Direct submission |
| Financial Data | Invoice records, payment references (no card data stored) | Accounting system — existing clients only |
We do not intentionally collect sensitive personal data (health, biometric, racial or ethnic origin, political opinions, religious beliefs, financial account credentials). Please do not include such data in any form submission or correspondence.
How We Use Your Data
We use personal data strictly for the purposes for which it was collected. The following table maps each purpose to the data used and the lawful basis relied upon.
Primary Purposes
- Responding to enquiries and providing requested information about our services
- Preparing, negotiating, and fulfilling client contracts for technology services
- Sending service-related communications (project updates, invoices, support messages)
- Processing payments and maintaining financial records as required by Indian law
- Improving our website, services, and user experience through anonymised analytics
- Complying with applicable laws, regulations, and lawful orders from authorities
Marketing
We may send you relevant updates about our services, industry insights, or company news if you have explicitly opted in. You may unsubscribe at any time using the link in any such email or by contacting us directly. We do not send unsolicited marketing messages.
Legal Basis for Processing
Under GDPR and applicable Indian data protection law, we rely on the following legal bases for processing personal data:
- Consent: Where you have provided explicit consent — for example, by ticking the consent checkbox on our contact form or subscribing to communications.
- Contractual necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering a contract.
- Legitimate interests: Where processing is necessary for our legitimate business interests (such as website analytics, fraud prevention, and improving our services), provided these interests are not overridden by your rights.
- Legal obligation: Where we are required to process data to comply with applicable law, such as tax records or responding to lawful authority requests.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data with any third party. We may share limited data with the following categories of service providers, strictly on a need-to-know basis and subject to appropriate contractual safeguards:
- Google LLC — Google Analytics (anonymised website usage data). Google's privacy policy applies.
- Email service provider — for delivering transactional emails and responses to your enquiries.
- Accounting software — for processing invoices for contracted clients only.
- Legal and regulatory authorities — where required by applicable law, court order, or regulatory requirement.
We never sell your data to advertisers, data brokers, or any commercial third party. All third-party processors are bound by data processing agreements and are only permitted to process your data for the specific purpose for which it was shared.
Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to operate correctly and to understand how visitors use the site. You will be presented with a cookie consent banner on your first visit and may accept or reject non-essential cookies at any time.
Types of Cookies We Use
| Category | Purpose | Duration | Can be rejected? |
|---|---|---|---|
| Strictly Necessary | Session management, security, CSRF protection | Session | No — required for basic function |
| Analytics | Google Analytics — anonymised usage data | Up to 2 years | Yes — via consent banner |
| Preference | Remembering cookie consent choice | 1 year | No — stores your own preference |
To manage or delete cookies, you may use your browser's built-in settings. Note that disabling strictly necessary cookies may impair core website functionality. For more detail on your rights regarding cookies, see our GDPR Compliance page.
Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:
- Enquiry / contact form data: 24 months from date of last contact, unless converted to a client engagement.
- Client contract and project data: 7 years from the end of the contractual relationship (as required by Indian accounting and tax law).
- Financial records and invoices: 8 years (as required under the Income Tax Act, 1961).
- Website analytics data: Up to 26 months (Google Analytics default retention), stored in anonymised form.
- Marketing opt-in data: Until you unsubscribe or withdraw consent, plus 12 months for legal record-keeping.
Once data is no longer required, it is securely deleted or irreversibly anonymised in accordance with our internal data destruction procedures.
Your Rights
Depending on your jurisdiction, you have specific rights regarding your personal data. We are committed to honouring these rights promptly and without charge, unless requests are manifestly unfounded or excessive.
Right of Access
Request a copy of the personal data we hold about you and information on how we use it.
Right to Rectification
Request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data where there is no compelling reason for its continued processing.
Right to Portability
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes at any time.
Right to Restrict Processing
Request that we temporarily halt processing of your data while a dispute is being resolved.
To exercise any of these rights, contact us at tech@novarock.co.in. We will respond within 30 days. You also have the right to lodge a complaint with your relevant data protection authority — in India, this is the Data Protection Board; in the EU/EEA, your local supervisory authority.
International Data Transfers
Our primary operations are based in India. Where we use third-party processors located outside India — most notably Google LLC (United States) for analytics — we ensure that appropriate safeguards are in place, including standard contractual clauses approved by the relevant supervisory authorities.
For EU/EEA data subjects, all transfers outside the EEA are conducted under appropriate transfer mechanisms as required by Chapter V of the GDPR. We do not transfer personal data to countries without an adequate level of data protection unless the mechanisms above are in place.
Security Measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, but are not limited to:
- HTTPS encryption for all data transmitted to and from our website
- Access controls limiting internal data access to authorised personnel only
- Regular security reviews of our systems and third-party processors
- Secure password policies and multi-factor authentication for internal systems
- Procedures for detecting, reporting, and investigating suspected personal data breaches
While we take all reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of data transmitted over the internet. If you believe your data has been compromised, please contact us immediately.
Children's Privacy
Our website and services are directed at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at tech@novarock.co.in and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, applicable law, or regulatory guidance. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify affected individuals by email.
We encourage you to review this page periodically. Continued use of our website or services following notification of a material change constitutes acceptance of the updated policy.
Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us through any of the following channels:
- Email: tech@novarock.co.in
- Phone: +91 94683 65162
- Post: NovaRock Technology, NovaRock Group HQ, Kurukshetra, Haryana – 136118, India
- Response time: We aim to acknowledge all data-related requests within 5 working days and provide a full response within 30 days.