NovaLureRooted in Ireland · Active in DACH, UK & international
Request Project CheckDE
Request Project Check

Legal

Privacy Policy

Detailed privacy information for personal data processed by NovaLure CLG under Irish data protection law, the GDPR and ePrivacy rules.

Request Project CheckDownload playbook
  • NovaLure CLG
  • 20 Harcourt Street, Dublin 2, D02 H364, Ireland
  • Registration number: 796735
  • Irish VAT number: IE451718HH
  • hello@novalure.eu
01NovaLure CLG
0220 Harcourt Street, Dublin 2, D02 H364, Ireland
03Registration number: 796735
04Irish VAT number: IE451718HH
05hello@novalure.eu

1. Effective date and scope

Effective date: May 2026. This Privacy Policy explains how NovaLure CLG processes personal data when you visit novalure.eu, request a playbook, submit a form, request a Project Check, book a meeting or communicate with us by email, phone or other business channels.

  • This policy applies to website visitors, prospects, clients, business partners and company contacts.
  • Where we build lead paths, CRM processes or campaigns for clients, additional project-specific privacy terms, data processing agreements or joint-controller arrangements may apply.

2. Controller

The controller is NovaLure CLG, 20 Harcourt Street, Dublin 2, D02 H364, Ireland, registration number: 796735, Irish VAT number: IE451718HH. Privacy contact: hello@novalure.eu.

  • NovaLure CLG is established in Ireland. The GDPR, the Irish Data Protection Act 2018 and Irish ePrivacy rules are particularly relevant to our processing.
  • Website: www.novalure.eu.
  • We have not appointed a Data Protection Officer at this time. Privacy requests can be sent directly to hello@novalure.eu.

3. Personal data we process

Depending on how you use the website and communicate with us, we process different categories of personal data. We collect only data that is necessary for the relevant purpose or voluntarily provided by you.

  • Contact and identification data: name, email address, phone number, company, role or position.
  • Business and project data: website, market area, target group, project type, lead problem, CRM maturity, lead volume, budget readiness, decision status and information about existing assets.
  • Form and playbook data: selected playbook, consent status, marketing consent, timestamp, language, page URL, UTM parameters and technical form-protection signals.
  • Communication data: enquiry content, emails, meeting booking information, preparation notes, follow-up and support communication.
  • Technical data: IP address, date and time, browser, device, operating system, referrer, visited pages, cookie and consent information, security data and server logs.
  • Analytics and marketing data: page views, clicks, campaign sources, conversion events and cookie identifiers only where the relevant technology is active and any required consent has been given.

4. Purposes of processing

We process personal data for clear business purposes connected with our website, lead paths and client communication.

  • Operating, securing, debugging and technically delivering the website.
  • Handling contact, playbook, meeting and Project Check requests.
  • Delivering requested content, including playbooks, confirmation emails and preparation information.
  • Preparing, performing and following up on consulting, proposals, contract negotiations and client mandates.
  • Maintaining CRM records, qualifying leads, following up, segmenting and prioritising business enquiries.
  • Measuring website performance, campaign success and funnel events where this is consent-based or otherwise legally permitted.
  • Complying with legal, tax, accounting and regulatory obligations.
  • Establishing, exercising or defending legal claims.

5. Legal bases

Processing is based on Article 6 GDPR. The applicable legal basis depends on the specific purpose.

  • Article 6(1)(b) GDPR: pre-contractual steps and contract performance where you request a proposal, Project Check, meeting, playbook or service.
  • Article 6(1)(f) GDPR: legitimate interests in B2B communication, website security, fraud and spam prevention, CRM management, internal administration, direct contact with business representatives and legal defence.
  • Article 6(1)(a) GDPR: consent for optional cookies, analytics, marketing technologies, external media, voluntary marketing communication and similar consent-based processing.
  • Article 6(1)(c) GDPR: legal obligations, including tax, accounting, company-law, regulatory and record-keeping obligations.

6. Website, hosting and security

When the website is accessed, technically necessary data is processed to deliver the site, detect attacks, analyse errors and maintain website stability.

  • The website may be delivered through Vercel and comparable infrastructure or hosting providers.
  • Neon with PostgreSQL may be used as the database provider. The intended NovaLure server location is Frankfurt am Main, Germany.
  • Server logs may contain IP address, timestamp, requested URL, referrer, user agent and technical status data.
  • The legal basis is our legitimate interest in secure, performant and reliable website operation.

7. Forms, playbooks and Project Check

When you submit a form, we process the data you provide to review your request, deliver the requested playbook, prepare a Project Check or contact you for business follow-up.

  • For playbook requests, we process name, email, company, phone number, selected playbook, language, page URL, UTM parameters, required processing consent, optional marketing consent, consent timestamp and the applicable privacy-policy version.
  • For Project Check and contact requests, we process form details about company, website, role, project or market area, lead problem, CRM, lead volume, sales bottleneck, assets, timing, budget readiness, decision status and message content.
  • Where website or form logic uses a database, relevant enquiry, consent and system data may be processed in a Neon PostgreSQL database with server location in Frankfurt, Germany.
  • For form protection, we may use a hidden field or comparable spam check.
  • Mandatory fields are required so we can meaningfully handle the request. Voluntary information helps us assess and prepare the next step.

8. Email, CRM and meeting booking

We may use professional service providers and internal systems to process enquiries, deliver playbooks, prepare meetings and manage client communication.

  • Resend may be used for transactional email such as playbook delivery, confirmations and internal notifications.
  • HubSpot may be used for forms, CRM, contact management, meeting scheduling, follow-up and marketing-consent management.
  • Microsoft 365 and Microsoft Teams may be used for email, calendar, internal collaboration, call preparation and client meetings.
  • If you use a HubSpot meeting link or embedded booking widget, HubSpot processes the booking data entered according to the applicable technical and contractual settings.

9. Cookies, consent, analytics and marketing

We use necessary technologies for website operation and optional technologies only according to your cookie-banner choices or another valid legal basis.

  • Necessary technologies support core functions, security, form delivery and storing your cookie choice in local browser storage.
  • Optional analytics and marketing technologies are activated only where any required consent has been given.
  • Depending on configuration, Google Analytics 4, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, Hotjar and HubSpot Tracking Code may be used.
  • You can change or withdraw your cookie choice at any time through the cookie button on the website. Withdrawal applies for the future.

10. Direct electronic marketing

We generally send marketing emails, newsletters or comparable electronic direct marketing only with prior consent or, where applicable, under the limited existing-customer exemption in Irish ePrivacy rules.

  • If you voluntarily request marketing emails, we record the consent, time, wording of the declaration and privacy-policy version.
  • Each marketing message should include an easy way to unsubscribe or object.
  • Service emails for a specific request, playbook delivery, meeting confirmation or contract communication are not voluntary marketing communication.

11. Recipients and service providers

We do not sell personal data. Data is shared only where necessary for the purposes described, legally required or initiated by you.

  • Possible recipients include hosting, infrastructure, email, CRM, analytics, consent, calendar, communication and security providers.
  • Depending on configuration, this may include Vercel, Neon (PostgreSQL database, server location Frankfurt), Sanity, Resend, HubSpot, Microsoft, Google, Meta, LinkedIn and Hotjar.
  • Tax advisers, legal advisers, authorities, courts or other professional bodies may also receive data where necessary or legally required.
  • Processors are engaged under data processing agreements and confidentiality terms where required.

12. International transfers

NovaLure is established in Ireland and operates in an EU context. Some technical providers or subprocessors may process personal data outside the EU or EEA.

  • For third-country transfers, we assess appropriate transfer mechanisms under Chapter V GDPR.
  • For the Neon database, the intended server location is Frankfurt am Main, Germany. Provider, support or subprocessor structures may still require contractual safeguards.
  • Possible mechanisms include European Commission adequacy decisions, Standard Contractual Clauses, supplementary safeguards or another permitted basis under Articles 44 to 49 GDPR.
  • For US providers, the EU-U.S. Data Privacy Framework status, Standard Contractual Clauses and technical safeguards may be relevant depending on the provider and service.

13. Retention

We retain personal data only for as long as necessary for the relevant purpose or where statutory retention periods, evidence needs or legal claims justify continued storage.

  • Website and security logs are generally retained only as long as needed for operation, security and error analysis.
  • Enquiries and CRM data are retained as long as needed for the business relationship, request handling, follow-up or a legitimate documentation interest.
  • Contract, invoice and accounting records are retained in line with applicable statutory retention periods.
  • Marketing consents and withdrawals are retained as long as needed to evidence consent, suppress further messages or comply with legal obligations.
  • Data is deleted or anonymised when the purpose no longer applies and there are no legal or legitimate reasons for further retention.

14. Your rights

Under the GDPR, you have the following rights where the legal requirements are met. To exercise your rights, contact hello@novalure.eu.

  • Access to personal data processed about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data where no retention obligation or overriding reason applies.
  • Restriction of processing.
  • Data portability where the legal requirements are met.
  • Objection to processing based on legitimate interests.
  • Withdrawal of consent with effect for the future, without affecting the lawfulness of processing before withdrawal.

15. Right to lodge a complaint

You may lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work or the alleged infringement. As NovaLure CLG is established in Ireland, the Irish Data Protection Commission is a competent supervisory authority.

  • Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963, Ireland.
  • Website: www.dataprotection.ie.
  • The Irish authority generally expects you to raise the matter directly with the organisation first before submitting a complaint.

16. Automated decision-making and profiling

We do not make solely automated decisions with legal or similarly significant effects within the meaning of Article 22 GDPR.

  • Form, CRM and tracking data may be used internally to assess, segment, prioritise and improve follow-up processes.
  • This internal qualification does not replace human review of an enquiry and does not automatically produce a contract, rejection or legally relevant outcome.

17. Providing data

You are generally not obliged to provide personal data. Without certain data, however, we may not be able to handle an enquiry, deliver a playbook, book a meeting, prepare a proposal or perform a contract.

  • Mandatory form fields are aligned with handling the relevant request.
  • Optional information may be omitted, but it can improve assessment and preparation.

18. Changes to this Privacy Policy

We may update this Privacy Policy where legal, technical or business requirements change. The current version is available on the website.