Privacy Policy

Last updated: 20. December 2025

1. Scope and voluntary rights

NsperaNova (hereinafter: "NN") is established in the United Kingdom. For individuals located in the United Kingdom, the collection and processing of personal data is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Users within the European Economic Area (EEA) are protected under the EU General Data Protection Regulation (GDPR), as incorporated into the EEA Agreement. To ensure a consistent level of privacy and data security for all individuals, NN applies GDPR-equivalent standards worldwide. For individuals located outside the UK and EEA, NN voluntarily applies GDPR-level protections where reasonable and not disproportionate. This voluntary commitment does not create legal rights under the GDPR and does not affect any mandatory rights granted by local laws.

Within the scope of this Privacy Policy, the definitions contained in Article 4 of the EU GDPR apply.

2. Data controller and contact details

The entity responsible for determining the purposes and means of the processing of your personal data is:

NsperaNova Ltd.
167–169 Great Portland Street
W1W 5PF London
England

Email: privacy@nsperanova.com

3. Personal data we collect, purpose
and legal basis for processing

a) Visiting the website https://www.nsperanova.com

When you visit our website, our server automatically records access logs to ensure the stability, security and proper functioning of the website. The following data may be processed:

· the file or page accessed,
· date and time of access,
· IP address,
· volume of data transferred,
· referrer URL (previously visited page),
· information about the browser and operating system used.

The processing of this data is technically necessary and takes place on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, particularly to ensure system security and to optimise our online offering. No personal identification of visitors takes place unless legally required (e.g. by law-enforcement authorities).

b) Contact and communication

Using the contact form

If you use our contact form, you will be required to enter your name and email address as well as a subject and message. Depending on the content, this may contain additional personal data. The legal basis for this processing is your consent pursuant to Art. 6(1)(a) GDPR.

Email communication

If you contact us by email, personal data contained in the email will be processed for the purpose of responding to your enquiry. The legal basis for this is Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (legitimate interests in processing and responding to enquiries). Please do not include special categories of personal data according to Art. 9 GDPR (such as data revealing racial or ethnic origin, political or religious beliefs, trade-union membership, biometric or genetic data for identification, health data or data concerning sex life or sexual orientation). If you nevertheless choose to provide such information voluntarily, we will process it only for the purpose of responding to your enquiry.

c) Cookies

Our website may use cookies to ensure functionality, security, or to analyse usage. If and when cookies are set, detailed information—including cookie purpose, type, storage duration, and consent options—will be provided.

You can adjust your browser settings to block or delete cookies. However, disabling all cookies may impair website functionality.

Further general information about cookies is available at: https://www.allaboutcookies.org/

d) Provision of hosting services

If you use our hosting services, we process the data necessary to provide webspace, domain services and related technical infrastructure. This includes, in particular:

· server configuration data,
· usage data,
· technical log files generated by our systems.

The hosting infrastructure is operated exclusively in data centres located within the European Union / EEA. No data is transferred to countries outside this area. We have concluded data processing agreements with all infrastructure providers in accordance with Art. 28 GDPR. Additional details will be available in the privacy policy on the website of this specific project.

The legal basis for this processing is Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interests in secure and reliable hosting services).

e) Surveys and questionnaires

We may occasionally conduct surveys or questionnaires to improve our services or to obtain user feedback (e.g. regarding user experience and preferences, desired product features etc.). Participation is always voluntary.

Depending on the survey, the following categories of data may be processed:

· contact details (e.g. name, email address),
· demographic information (e.g. age, gender),
· usage preferences (e.g. preferred visual patterns),
· any other information you voluntarily provide.

Surveys may be conducted anonymously or with optional identification. Anonymous surveys do not store identifiable information.

If a survey involves special categories of personal data under Art. 9 GDPR (e.g. data revealing racial or ethnic origin, political opinions or health data), such information will only be processed if you voluntarily provide it and give explicit consent. The legal basis for processing is your consent pursuant to Art. 6(1)(a) GDPR (and Art. 9(2)(a) GDPR for special categories). You may withdraw your consent at any time.

4. Duration of the storage of personal data

The storage duration depends on the legal basis, purpose of processing and applicable statutory retention periods.

· Access logs according to 3.a) are deleted automatically after 30 days.
· Data processed on the basis of consent (Art. 6(1)(a) GDPR) is stored until you withdraw consent.
· Data necessary for contractual or statutory retention obligations (e.g. tax or commercial law) is stored until the retention period expires.
· Data processed on the basis of legitimate interests (Art. 6(1)(f) GDPR) is stored until you exercise your right to object, unless overriding legitimate grounds exist or the data is required for legal claims.
· For data processed for direct marketing, storage continues until objection under Art. 21(2) GDPR.

5. Disclosure of data to third parties

Your personal data will only be shared with third parties in the following cases:

· you have given explicit consent (Art. 6(1)(a) GDPR);
· disclosure is necessary to establish, exercise or defend legal claims (Art. 6(1)(f) GDPR);
· there is a legal obligation to disclose data (Art. 6(1)(c) GDPR);
· disclosure is necessary for contractual purposes (Art. 6(1)(b) GDPR).

6. Data security

Data transmission on this website is encrypted via TLS (Transport Layer Security, "https://"), visible through the lock symbol in your browser’s address bar. We implement appropriate technical and organisational measures to protect your data from unauthorised access (e.g. secure server configuration, encryption, access control, anti-malware tools).

Data submitted through our contact form is transmitted to us by email via TLS. Data stored on our servers is encrypted. Infrastructure providers have no access to decryption keys and therefore cannot view decrypted content.

7. Rights of data subjects

You have the following rights under the GDPR:

· Right to withdraw consent (Art. 7(3) GDPR)
· Right of access (Art. 15 GDPR)
· Right to rectification (Art. 16 GDPR)
· Right to erasure ("right to be forgotten") (Art. 17 GDPR)
· Right to restriction of processing (Art. 18 GDPR)
· Right to data portability (Art. 20 GDPR)
· Right to object to processing based on legitimate interests or direct marketing (Art. 21 GDPR)
· Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

8. Objections and complaints

This section provides additional practical guidance on how to exercise your rights and where to direct complaints. If you believe that the processing of your personal data infringes data protection law or want to object to processing based on legitimate interests or direct marketing, please contact us directly under privacy@nsperanova.com. You also have the right to lodge a complaint with a supervisory authority.

For individuals located in the United Kingdom:
The competent authority is the:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email: icocasework@ico.org.uk
Tel: +44 303 123 1113

For individuals located in the European Economic Area (EEA):
You may lodge a complaint with the data protection authority of your place of residence, place of work, or the place of the alleged infringement. A list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en .

For individuals located outside the UK and EEA:
Please contact us directly with any privacy concerns at privacy@nsperanova.com. Local data protection laws may provide additional rights.