novacoreintlgovern

Menu
Contact Us

Quick Navigation

Introduction

Information We Collect

How We Use Your Information

Legal Basis for Processing Personal Information

How We Share Your Information

International Data Transfers

Data Retention

Data Security

Cookies and Tracking Technologies

Third-Party Websites and Links

Your Privacy Rights

Children's Privacy

Changes to This Privacy Policy

Additional Information for Specific Jurisdictions

Automated Decision-Making and Profiling

Do Not Track Signals

Business Transfers and Corporate Changes

Data Minimization and Purpose Limitation

Security Incident Response

Consent Management

Your California Privacy Rights (Shine the Light Law)

Accessibility

Privacy by Design

Data Protection Impact Assessments

Employee and Contractor Privacy

Governance and Oversight

Vendor and Third-Party Management

Research and Analytics

Marketing Communications Preferences

Cross-Border Data Flows

Record Keeping and Documentation

Complaints and Dispute Resolution

Language and Interpretation

Definitions

Effective Date and Version Control

Acknowledgment and Acceptance

Additional Resources

Contact Us

  • Privacy Policy

NovaCore Governance Privacy Policy

NovaCore Governance is committed to protecting privacy and handling personal information with care, transparency, and respect. This page explains how personal information may be collected, used, stored, shared, and protected when you use NovaCore’s website, submit an enquiry, access resources, or engage with our services.

Effective Date: January 10th, 2026

Last Updated: March 26th, 2026

Introduction

NovaCore International Governance Ltd (“NovaCore,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal information with care and respect.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you:
  • Visit our website (http://www.novacoregovernance.com/)
  • Submit inquiries or contact us
  • Engage our governance services
  • Interact with our communications or resources
Our Commitment: We process personal information in accordance with applicable data protection laws, including the Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021, the EU General Data Protection Regulation (GDPR) where applicable, and other relevant privacy laws.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We collect personal information in several ways:

1.1 Information You Provide Directly

When you interact with NovaCore, you may voluntarily provide:

Contact Information:

  • Full name
  • Email address
  • Phone number
  • Job title
  • Company/organization name
  • Business address

Inquiry and Communication Information:

  • Subject and details of your inquiry
  • Correspondence with NovaCore (emails, messages, meeting notes)
  • Feedback, questions, or requests
  • Information provided during consultations or engagements

Engagement Information (for clients):

  • Corporate structure details
  • Governance documentation requirements
  • Board composition and director information
  • Shareholder and ownership information
  • Financial and operational information relevant to governance services
  • Compliance and regulatory information

Event and Meeting Information:

  • Registration details for webinars, workshops, or events
  • Attendance records
  • Meeting notes and action items

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

Device and Browser Information:

  • IP address
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • Screen resolution
  • Language preferences

Usage Information:

  • Pages visited and content viewed
  • Time and date of visits
  • Time spent on pages
  • Referring website or source
  • Links clicked
  • Download activity (resources, templates, articles)
  • Search queries on our website

Cookies and Tracking Technologies:

  • Session cookies (temporary)
  • Persistent cookies (stored on your device)
  • Analytics cookies (Google Analytics, etc.)
  • Functional cookies (preferences, settings)
For more information, see Section 8: Cookies and Tracking Technologies

1.3 Information from Third-Party Sources

We may receive information about you from:
  • Professional networks: LinkedIn, business directories
  • Referral sources: Existing clients, business partners, professional advisors
  • Public sources: Company registries, regulatory filings, publicly available business information
  • Service providers: Email marketing platforms, CRM systems, analytics providers

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 To Provide Services and Respond to Inquiries

  • Respond to your questions, requests, and inquiries
  • Assess whether we can assist with your governance needs
  • Provide governance design, implementation, and operational services
  • Deliver board support, governance registers, and reporting
  • Maintain governance documentation and evidence systems
  • Communicate about service delivery, project updates, and deliverables

2.2 To Improve Our Website and Services

  • Analyze website usage and user behavior
  • Improve website functionality, navigation, and content
  • Develop new services and resources
  • Test and optimize website performance
  • Conduct research and analysis to enhance service offerings

2.3 To Communicate with You

  • Send responses to your inquiries
  • Provide updates on governance insights, articles, and resources
  • Send newsletters and thought leadership content (with your consent)
  • Notify you of events, webinars, or workshops
  • Request feedback on our services
  • Send service-related announcements

2.4 To Comply with Legal Obligations

  • Fulfill regulatory and compliance requirements
  • Respond to legal requests, court orders, or government inquiries
  • Enforce our Terms of Use and other agreements
  • Protect our legal rights and interests
  • Prevent fraud, security breaches, or illegal activity
  • Maintain records as required by law

2.5 For Business Operations

  • Manage client relationships and engagements
  • Maintain accurate records and documentation
  • Process payments and invoicing (for clients)
  • Conduct due diligence and conflict checks
  • Manage vendor and service provider relationships
  • Protect the security and integrity of our systems

2.6 For Marketing and Business Development (with consent)

  • Send information about NovaCore services and offerings
  • Share governance insights, articles, and best practices
  • Invite you to events, webinars, or workshops
  • Conduct market research and surveys
  • Build and maintain professional relationships
You can opt out of marketing communications at any time (see Section 10: Your Privacy Rights).
Under applicable data protection laws (including GDPR and ADGM Data Protection Regulations), we process your personal information based on the following legal grounds:

3.1 Consent

You have given explicit, informed consent for us to process your personal information for specific purposes, such as:
  • Subscribing to newsletters or communications
  • Downloading resources or templates
  • Registering for events or webinars
  • Receiving marketing communications
You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

3.2 Contractual Necessity

Processing is necessary to:
  • Perform our services under a signed engagement agreement
  • Take steps at your request before entering into a contract
  • Fulfill our contractual obligations to you

3.3 Legitimate Interests

We process personal information based on our legitimate business interests, such as:
  • Operating and improving our website
  • Responding to inquiries and providing information
  • Conducting business development and marketing (to existing contacts)
  • Protecting our legal rights and preventing fraud
  • Maintaining security and preventing unauthorized access
  • Analyzing website usage and improving user experience
We balance our legitimate interests against your privacy rights and will not process your information if your rights override our interests.

3.4 Legal Obligation

Processing is necessary to comply with:
  • Legal and regulatory requirements
  • Court orders or government requests
  • Tax, accounting, and financial reporting obligations
  • Anti-money laundering and sanctions compliance
  • Recordkeeping and retention requirements

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
We may share your personal information in the following circumstances:

4.1 Service Providers and Business Partners

We engage trusted third-party service providers to support our operations, including:

Technology and Infrastructure:

  • Website hosting providers
  • Cloud storage and data management services
  • Email and communication platforms
  • Customer relationship management (CRM) systems
  • Analytics and performance monitoring tools

Professional Services:

  • Legal counsel and advisors
  • Accounting and audit firms
  • IT security and cybersecurity providers
  • Payment processors (for client invoicing)

Marketing and Communications:

  • Email marketing platforms (with your consent)
  • Event management platforms
  • Survey and feedback tools

All service providers are contractually bound to:

  • Process personal information only on our instructions
  • Maintain confidentiality and security
  • Comply with applicable data protection laws
  • Delete or return data when services end

4.2 Legal and Regulatory Authorities

We may disclose personal information to:
  • Law enforcement agencies
  • Regulatory bodies and government authorities
  • Courts and tribunals
  • Tax authorities
  • Financial intelligence units

When required by law or when necessary to:

  • Comply with legal obligations or court orders
  • Respond to lawful requests for information
  • Protect our legal rights or defend against claims
  • Prevent fraud, illegal activity, or security threats
  • Enforce our Terms of Use or other agreements

4.3 Business Transfers

If NovaCore is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy:
  • Your personal information may be transferred to the acquiring entity
  • We will notify you before your information is transferred
  • The acquiring entity will be bound by this Privacy Policy (or provide notice of changes)

4.4 With Your Consent

We may share your information with third parties when you have given explicit consent, such as:
  • Referrals to professional advisors (legal, accounting, regulatory)
  • Introductions to business partners or collaborators
  • Testimonials or case studies (with anonymization where appropriate)

4.5 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you:
  • For research, analysis, or reporting purposes
  • To demonstrate trends or insights
  • With business partners or industry organizations

5. International Data Transfers

NovaCore operates from the Abu Dhabi Global Market (ADGM) and may transfer personal information to countries outside the UAE, including:
  • European Union member states
  • United Kingdom
  • United States
  • Other jurisdictions where our service providers operate

Data Protection Safeguards:

When transferring personal information internationally, we ensure appropriate safeguards are in place:

For transfers to countries with adequate data protection:

  • ADGM recognizes certain jurisdictions (including the EU/EEA) as providing adequate protection
  • No additional safeguards required for transfers to these countries

For transfers to other countries:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or ADGM
  • Binding Corporate Rules (where applicable)
  • Explicit consent from you
  • Necessity for contract performance or legal claims
Your Rights: You may request information about international transfers and obtain copies of relevant safeguards by contacting us (see Section 13: Contact Information).

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

Inquiry and Contact Information:

  • Non-clients: Retained for 3 years from last contact, then deleted (unless you consent to longer retention for marketing purposes)
  • Marketing contacts: Retained until you withdraw consent or unsubscribe

Client Information:

  • Active engagements: Retained for the duration of the engagement plus 7 years (or longer if required by law)
  • Governance records: Retained according to legal, regulatory, and professional standards (typically 7- 10 years)
  • Financial records: Retained for 7 years from end of engagement (tax and accounting requirements)

Website Usage Data:

  • Analytics data: Aggregated and anonymized after 26 months
  • Cookies: Retained according to cookie settings (see Section 8)
  • Log files: Retained for 12 months for security purposes

Legal and Compliance Records:

  • Retained as required by applicable laws, regulations, or legal proceedings
  • May be retained longer if necessary for legal claims or disputes

6.2 Deletion and Anonymization

When retention periods expire:
  • Personal information is securely deleted or anonymized
  • Anonymized data may be retained indefinitely for research and analysis
  • You may request earlier deletion (see Section 10: Your Privacy Rights)

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, alteration, or disclosure.

7.1 Security Measures

Technical Safeguards:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Secure hosting infrastructure with regular security updates
  • Firewalls and intrusion detection systems
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Secure backup and disaster recovery procedures

Organizational Safeguards:

  • Confidentiality obligations for all employees and contractors
  • Role-based access controls (principle of least privilege)
  • Security awareness training for staff
  • Incident response and breach notification procedures
  • Regular review and update of security policies
  • Due diligence on service providers' security practices

Physical Safeguards:

  • Secure office premises with access controls
  • Secure storage of physical documents
  • Secure disposal of sensitive materials (shredding, secure deletion)

7.2 Your Responsibility

You are responsible for:
  • Keeping your login credentials (if applicable) confidential
  • Using strong, unique passwords
  • Not sharing sensitive information through unsecured channels
  • Reporting any suspected security breaches to us immediately

7.3 Limitation

No system is 100% secure. While we implement robust security measures, we cannot guarantee absolute security. You provide information at your own risk.

If we become aware of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our services.

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, recognize you on return visits, and analyze how you use the site.

8.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary):

  • Required for website functionality
  • Enable navigation and access to secure areas
  • Remember your cookie preferences
  • Cannot be disabled without affecting website functionality

Performance and Analytics Cookies:

  • Collect information about how you use our website
  • Track pages visited, time spent, and navigation patterns
  • Help us improve website performance and user experience
  • Examples: Google Analytics, website performance monitoring

Functional Cookies:

  • Remember your preferences and settings
  • Enable personalized features
  • Improve your user experience
  • Examples: language preferences, display settings

Marketing and Advertising Cookies (with consent):

  • Track your browsing activity across websites
  • Deliver targeted advertising based on your interests
  • Measure effectiveness of marketing campaigns
  • Examples: LinkedIn Insight Tag, Google Ads (if used)

8.3 Third-Party Cookies

We may use third-party services that set cookies on our website:
  • Google Analytics: Website usage analytics
  • LinkedIn: Professional networking and marketing (if applicable)
  • Email marketing platforms: Tracking email opens and clicks (with consent)
Third-party cookies are governed by the respective third parties’ privacy policies.

8.4 Cookie Duration

Session Cookies:

  • Temporary cookies deleted when you close your browser
  • Used for essential website functions

Persistent Cookies:

  • Remain on your device for a set period (up to 2 years)
  • Used for analytics, preferences, and marketing

8.5 Managing Cookies

You have control over cookies:

Browser Settings:

  • Most browsers allow you to block or delete cookies
  • You can set your browser to notify you when cookies are set
  • Consult your browser's help section for instructions

Cookie Consent Tool:

  • Our website provides a cookie consent banner on first visit
  • You can manage your cookie preferences at any time
  • Link to cookie settings in website footer

Opt-Out Tools:

Note: Disabling certain cookies may affect website functionality and your user experience.
Our website may contain links to third-party websites, resources, or services that are not operated by NovaCore.

We are not responsible for:

  • The privacy practices of third-party websites
  • The content, accuracy, or security of third-party sites
  • How third parties collect, use, or protect your information

Your responsibility:

  • Review the privacy policies of any third-party websites you visit
  • Exercise caution when providing personal information to third parties
  • Understand that third-party sites are not covered by this Privacy Policy
Links do not imply endorsement: The presence of links on our website does not constitute endorsement, approval, or recommendation of third-party sites or services.

10. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

10.1 Right of Access

You have the right to:
  • Request confirmation of whether we process your personal information
  • Obtain a copy of your personal information
  • Receive information about how we use and share your data
How to exercise: Submit a request to [privacy.manage@novacoregovernance.com] with “Data Access Request” in the subject line.

10.2 Right to Rectification

You have the right to:
  • Request correction of inaccurate or incomplete personal information
  • Update outdated information we hold about you
  • Supplement incomplete data with additional information

How to exercise: Contact us at privacy.manage@novacoregovernance.com with “Data Correction Request” in the subject line and specify the information requiring correction

10.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information when:
  • The information is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • Your information was unlawfully processed
  • Deletion is required to comply with a legal obligation
Limitations: We may retain information when necessary to:
  • Comply with legal or regulatory obligations
  • Establish, exercise, or defend legal claims
  • Fulfill contractual obligations
  • Maintain governance records for audit and evidence purposes

How to exercise: Submit a request to privacy.manage@novacoregovernance.com with “Data Deletion Request” in the subject line.

10.4 Right to Restriction of Processing

You have the right to request that we limit how we use your personal information when:
  • You contest the accuracy of the information (while we verify accuracy)
  • Processing is unlawful, but you prefer restriction over deletion
  • We no longer need the information, but you need it for legal claims
  • You have objected to processing (while we verify whether our legitimate grounds override yours)
Effect of restriction: We will store the information but not use it further (except with your consent, for legal claims, or to protect others’ rights).

How to exercise: Contact us at  privacy.manage@novacoregovernance.com with “Restriction Request” in the subject line.

10.5 Right to Data Portability

You have the right to:
  • Receive your personal information in a structured, commonly used, machine-readable format
  • Transmit your information to another service provider (where technically feasible)

Applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

How to exercise: Submit a request to  privacy.manage@novacoregovernance.com  with “Data Portability Request” in the subject line.

10.6 Right to Object

You have the right to object to processing of your personal information when:
  • Processing is based on legitimate interests (including profiling)
  • Processing is for direct marketing purposes
  • Processing is for research or statistical purposes
Direct Marketing: You can object to marketing communications at any time by:
  • Clicking "unsubscribe" in any marketing email
  • Contacting us at privacy.manage@novacoregovernance.com
  • Updating your communication preferences
Other Processing: We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

How to exercise: Contact us at  privacy.manage@novacoregovernance.com with “Objection to Processing” in the subject line.

10.7 Right to Withdraw Consent

When processing is based on your consent, you have the right to:
  • Withdraw consent at any time
  • Withdraw consent as easily as it was given

Effect of withdrawal:

  • We will stop processing your information for that purpose
  • Withdrawal does not affect the lawfulness of processing before withdrawal
  • We may continue processing on other legal grounds (contract, legal obligation, legitimate interests)

How to exercise:

  • Click "unsubscribe" in marketing emails
  • Contact us at privacy.manage@novacoregovernance.com with "Withdraw Consent" in the subject line
  • Update preferences through your account settings (if applicable)

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights.
ADGM (Abu Dhabi Global Market): Office of Data Protection Abu Dhabi Global Market
Email: dataprotection@adgm.com
Website: www.adgm.com
European Union (if GDPR applies): Contact your local data protection authority: https://edpb.europa.eu/about-edpb/board/members_en
United Kingdom (if UK GDPR applies): Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113

10.9 Exercising Your Rights

To exercise any of these rights:

1. Submit a written request to privacy.manage@novacoregovernance.com

2. Include the following information:

  • Your full name and contact details
  • Description of your request and the right you wish to exercise
  • Proof of identity (to prevent unauthorized disclosure)
  • Specific information or records you're requesting (if applicable)

Our Response:

  • We will respond to your request within 30 days (or as required by applicable law)
  • We may extend this period by an additional 60 days for complex requests (we will notify you)
  • We will verify your identity before processing requests
  • We will provide information free of charge (unless requests are manifestly unfounded or excessive)
Verification: To protect your privacy, we may ask for additional information to verify your identity before responding to requests.

11. Children's Privacy

NovaCore’s services are intended for businesses and professionals. Our website and services are not directed at children under the age of 18 (or the age of majority in your jurisdiction).
We do not knowingly collect personal information from children.
If you are a parent or guardian and believe we have collected information from a child:
  • Contact us immediately at privacy.manage@novacoregovernance.com
  • We will investigate and delete the information promptly
  • We will take steps to prevent future collection
Age Verification: By using our website or services, you represent that you are at least 18 years old or the age of majority in your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or services
  • Changes in applicable laws or regulations
  • Technological developments
  • Business or operational changes

How We Notify You:

Material Changes:

  • We will notify you by email (if we have your email address)
  • We will post a prominent notice on our website
  • We will update the "Last Updated" date at the top of this policy
  • We may request your renewed consent where required by law

Non-Material Changes:

  • We will update the "Last Updated" date
  • Changes will be effective immediately upon posting
  • Your continued use of our website constitutes acceptance

Your Responsibility:

  • Review this Privacy Policy periodically
  • Check the "Last Updated" date for recent changes
  • Contact us if you have questions about changes
Previous Versions: We maintain archived versions of previous privacy policies. Contact us at privacy.manage@novacoregovernance.com to request a copy.

13. Additional Information for Specific Jurisdictions

Depending on your location, additional privacy rights or disclosures may apply:
Data Protection Officer : legal.manage@novacoreintlgovern.com

13.1 European Union and European Economic Area (EEA)

Legal Basis for Processing: See Section 3 for detailed legal bases.
Data Controller: NovaCore International Governance Ltd is the data controller responsible for your personal information.
EU Representative: legal.manage@novacoreintlgovern.com
Your Rights: See Section 10 for comprehensive rights under GDPR.
Data Transfers: See Section 5 for information about transfers outside the EU/EEA.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

13.2 United Kingdom

If you are located in the UK, the UK GDPR and Data Protection Act 2018 apply.
Data Controller: NovaCore International Governance Ltd
UK Representative: legal.manage@novacoreintlgovern.com
Your Rights: See Section 10 for comprehensive rights under UK GDPR.
Supervisory Authority: Information Commissioner’s Office (ICO)
Website: www.ico.org.uk

13.3 United States (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide additional rights:
Right to Know: You have the right to request disclosure of:
  • Categories of personal information collected
  • Categories of sources from which information was collected
  • Business or commercial purpose for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information collected
Right to Delete: You have the right to request deletion of personal information (subject to exceptions).
Right to Opt-Out of Sale: We do not sell personal information as defined by CCPA.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We will verify the agent’s authority.

How to Exercise Rights: Contact us at  privacy.manage@novacoregovernance.com  with “CCPA Request” in the subject line.

Verification: We will verify your identity using information you previously provided to us.
Response Time: We will respond within 45 days (extendable by an additional 45 days for complex requests)

13.4 United Arab Emirates and ADGM

NovaCore operates from the Abu Dhabi Global Market (ADGM), which has its own data protection framework.
Applicable Law: ADGM Data Protection Regulations 2021 (based on GDPR principles)
Supervisory Authority: ADGM Office of Data Protection
Email: dataprotection@adgm.com
Website: www.adgm.com
Your Rights: See Section 10 for rights under ADGM Data Protection Regulations.
Cross-Border Transfers: ADGM recognizes certain jurisdictions as providing adequate data protection, including the EU/EEA.

13.5 Other Jurisdictions

If you are located in other jurisdictions with specific data protection laws (Australia, Canada, Singapore, etc.), we will comply with applicable local requirements.

Contact us at privacy.manage@novacoregovernance.com for jurisdiction-specific information.

14. Automated Decision-Making and Profiling

NovaCore does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.

What This Means:

  • We do not use algorithms to make decisions about you without human involvement
  • We do not use automated systems for profiling that affects your rights
  • Any decisions affecting you are made by qualified professionals
Analytics and Website Usage: We use analytics tools to understand website usage patterns, but this does not constitute profiling that affects your rights.
If our practices change, we will update this Privacy Policy and notify you as required by law.

15. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal that requests websites not to track your browsing activity
Current Position: There is no industry consensus on how to respond to DNT signals. Our website does not currently respond to DNT signals.

Your Options:

  • Manage cookies through your browser settings (see Section 8.5)
  • Use cookie consent tools on our website
  • Opt out of analytics tracking (see Section 8.5)

16. Business Transfers and Corporate Changes

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets:

Your Information May Be Transferred:

  • Personal information may be among the assets transferred
  • The acquiring entity will assume rights and obligations under this Privacy Policy
  • Your information will remain subject to this Privacy Policy (or you will be notified of changes)

We Will Notify You:

  • By email (if we have your email address)
  • By prominent notice on our website
  • At least 30 days before the transfer (where required by law)

Your Rights:

  • You may exercise your rights (including deletion) before the transfer
  • You may object to the transfer (where permitted by law)
  • You will have the same rights under the acquiring entity's privacy policy

17. Data Minimization and Purpose Limitation

We are committed to data protection principles:

Data Minimization:

  • We collect only the personal information necessary for specified purposes
  • We do not collect excessive or irrelevant information
  • We regularly review and delete unnecessary data

Purpose Limitation:

  • We use personal information only for the purposes disclosed in this Privacy Policy
  • We will not use your information for incompatible purposes without your consent
  • We obtain fresh consent when using information for new purposes

Storage Limitation:

  • We retain information only as long as necessary (see Section 6)
  • We implement retention schedules and deletion procedures
  • We anonymize data when identifiable information is no longer needed

Accuracy:

  • We take reasonable steps to ensure information is accurate and up-to-date
  • You can request correction of inaccurate information (see Section 10.2)
  • We update information when you notify us of changes

18. Security Incident Response

In the unlikely event of a data breach or security incident:

Our Response:

  • We will investigate the incident promptly
  • We will assess the risk to your rights and freedoms
  • We will take immediate steps to contain and remediate the breach
  • We will document the incident and our response

Notification:

To You:

  • We will notify you without undue delay if the breach poses a high risk to your rights
  • Notification will include:
  • Nature of the breach
  • Categories and approximate number of individuals affected
  • Likely consequences
  • Measures taken or proposed to address the breach
  • Contact point for further information

To Authorities:

  • We will notify relevant supervisory authorities within 72 hours (where required by law)
  • We will cooperate fully with investigations

Your Actions:

  • Follow any recommendations we provide
  • Monitor your accounts for suspicious activity
  • Change passwords if advised
  • Contact us with questions or concerns
When we process your personal information based on consent:

How We Obtain Consent:

  • Clear, specific, and unambiguous consent requests
  • Separate consent for different processing purposes
  • Affirmative action required (no pre-ticked boxes)
  • Plain language explanations of what you're consenting to

What You Consent To:

  • Specific purposes (e.g., marketing communications, newsletter subscription)
  • Types of information to be collected and used
  • How long consent will remain valid
  • Your right to withdraw consent at any time

Records of Consent:

  • We maintain records of when and how you gave consent
  • We document what you consented to
  • We can provide evidence of consent upon request

Withdrawing Consent:

  • As easy to withdraw as it was to give
  • No negative consequences for withdrawal
  • Clear instructions provided in every communication
  • Immediate effect (we stop processing for that purpose)

Renewal of Consent:

  • We may request renewed consent periodically
  • We will seek fresh consent if purposes change materially
  • We will not assume ongoing consent indefinitely

20. Your California Privacy Rights (Shine the Light Law)

If you are a California resident, California Civil Code Section 1798.83 permits you to request information about disclosure of personal information to third parties for direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes without your consent.

If you have questions, contact us at privacy.manage@novacoregovernance.com with “California Shine the Light Request” in the subject line.

21. Accessibility

We are committed to making this Privacy Policy accessible to all individuals, including those with disabilities.

Accessibility Features:

  • Clear, plain language throughout
  • Logical structure with numbered sections and headings
  • Screen reader compatible formatting
  • High contrast text for readability
  • Accessible PDF version available upon request
  • Alternative formats available (large print, audio) upon request

If You Need Assistance:

If you have difficulty accessing or understanding this Privacy Policy due to a disability:
  • Contact us at privacy.manage@novacoregovernance.com with "Accessibility Request" in the subject line
  • We will provide the policy in an alternative format
  • We will answer questions about the policy in accessible ways
  • We will work with you to ensure you understand your privacy rights
Commitment: We continuously work to improve accessibility and welcome feedback on how we can better serve individuals with disabilities.

22. Privacy by Design

NovaCore incorporates privacy protection into all aspects of our operations:

Privacy by Design Principles:

Proactive, Not Reactive:

  • We anticipate and prevent privacy risks before they occur
  • We embed privacy protections from the outset
  • We conduct privacy impact assessments for new projects

Privacy as Default:

  • Maximum privacy settings are applied automatically
  • You don't need to take action to protect your privacy
  • Personal information is automatically protected

Privacy Embedded into Design:

  • Privacy is integral to system design and business practices
  • Privacy is not an add-on or afterthought
  • Technical and organizational measures work together

Full Functionality:

  • Privacy protection doesn't compromise functionality
  • We achieve both privacy and business objectives
  • No false trade-offs between privacy and usability

End-to-End Security:

  • Protection throughout the entire data lifecycle
  • Secure collection, use, storage, and deletion
  • Continuous monitoring and improvement

Visibility and Transparency:

  • Clear communication about our practices
  • Accessible privacy information
  • Open verification of our privacy commitments

User-Centric:

  • Your interests are paramount
  • Strong privacy defaults
  • Easy-to-use privacy controls

23. Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to:

Identify Risks:

  • Assess potential impact on your privacy
  • Identify risks to your rights and freedoms
  • Evaluate likelihood and severity of risks

Implement Safeguards:

  • Design appropriate technical and organizational measures
  • Minimize data collection and retention
  • Enhance security and access controls

Document and Review:

  • Maintain DPIA records
  • Review assessments regularly
  • Update safeguards as needed

Consult When Required:

  • Consult with supervisory authorities for high-risk processing
  • Seek input from data protection officers
  • Engage stakeholders in the assessment process

24. Employee and Contractor Privacy

This Privacy Policy primarily addresses information about clients, website visitors, and business contacts.

Employee and Contractor Information:

If you are a NovaCore employee or contractor:
  • Your personal information is governed by separate employment/contractor privacy notices
  • You have received or will receive specific information about how we process your data
  • Contact Human Resources or privacy.manage@novacoregovernance.com for information about employee/contractor privacy

Employee Training:

  • All NovaCore personnel receive privacy and data protection training
  • Staff understand their obligations under this Privacy Policy
  • Regular refresher training ensures ongoing compliance

25. Governance and Oversight

Privacy Governance Structure:

Data Protection Officer (DPO):

Responsibilities:

  • Monitor compliance with this Privacy Policy and applicable laws
  • Advise on data protection obligations
  • Conduct privacy training and awareness programs
  • Serve as contact point for supervisory authorities
  • Handle data subject requests and complaints

Privacy Committee:

  • Reviews privacy practices and policies
  • Assesses emerging privacy risks
  • Approves significant changes to data processing
  • Oversees privacy incident response

Regular Audits:

  • Internal privacy audits conducted annually
  • Third-party assessments when appropriate
  • Continuous monitoring of compliance
  • Remediation of identified issues

26. Vendor and Third-Party Management

We carefully select and manage service providers who process personal information on our behalf:

Due Diligence:

  • Assessment of vendor privacy and security practices
  • Review of vendor certifications and compliance
  • Evaluation of data protection capabilities

Contractual Requirements:

  • Data processing agreements with all vendors
  • Contractual obligations to protect personal information
  • Requirements to process data only on our instructions
  • Audit rights and compliance verification

Ongoing Monitoring:

  • Regular vendor performance reviews
  • Security and privacy compliance checks
  • Incident reporting requirements
  • Right to terminate for non-compliance

Sub-Processors:

  • Vendors must obtain our approval before engaging sub-processors
  • Same privacy and security standards apply to sub-processors
  • We maintain a list of approved sub-processors

27. Research and Analytics

We may use personal information for research, analysis, and statistical purposes:

Purposes:

  • Understand governance trends and challenges
  • Improve our services and offerings
  • Develop thought leadership and insights
  • Contribute to industry knowledge

Safeguards:

  • Aggregation and anonymization where possible
  • De-identification of personal information
  • Access controls limiting who can view identifiable data
  • Ethical review of research activities

Publication:

  • Research findings are published in aggregated, anonymized form
  • No individual identification in published materials
  • Client information used only with explicit consent
  • Case studies anonymized unless consent obtained

Your Rights:

  • You may object to processing for research purposes (see Section 10.6)
  • You may request exclusion from research activities
  • Your rights under Section 10 apply to research data

28. Marketing Communications Preferences

What We Send:

With your consent, we may send:
  • Newsletters with governance insights and articles
  • Invitations to webinars, workshops, or events
  • Updates about NovaCore services and offerings
  • Thought leadership content and resources
  • Industry news and regulatory updates

How We Obtain Consent:

  • Explicit opt-in when you subscribe or register
  • Separate consent for different types of communications
  • Clear description of what you'll receive and how often

Frequency:

  • Newsletters: Monthly (approximately)
  • Event invitations: As events are scheduled
  • Service updates: Occasional, as relevant
  • We will not overwhelm you with excessive communications

Managing Preferences:

Unsubscribe:

  • Click "unsubscribe" at the bottom of any marketing email
  • Instant removal from mailing list
  • Confirmation of unsubscribe sent

Update Preferences:

  • Select specific types of communications you wish to receive
  • Adjust frequency preferences
  • Update contact information

Contact Us:

  • Email privacy.manage@novacoregovernance.com with "Marketing Preferences" in subject line
  • We will process your request within 5 business days
Note: Unsubscribing from marketing does not affect:
  • Service-related communications (if you're a client)
  • Responses to your inquiries
  • Legal or regulatory notices
  • Transaction confirmations

29. Cross-Border Data Flows

NovaCore operates internationally and may transfer personal information across borders:

Transfers from ADGM:

  • ADGM recognizes certain jurisdictions as providing adequate protection
  • Transfers to adequate jurisdictions require no additional safeguards
  • Transfers to other countries require appropriate safeguards (see Section 5)

Transfers to ADGM:

  • If you are outside ADGM and provide information to us, it will be transferred to ADGM
  • ADGM provides strong data protection under ADGM Data Protection Regulations 2021
  • Your information will be protected according to this Privacy Policy

Legal Mechanisms:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (where applicable)
  • Adequacy decisions by relevant authorities
  • Explicit consent when appropriate

Your Rights:

  • Request information about transfers (see Section 10.1)
  • Object to transfers in certain circumstances
  • Request copies of transfer safeguards

30. Record Keeping and Documentation

We maintain comprehensive records of our data processing activities:

Records of Processing Activities:

  • Categories of personal information processed
  • Purposes of processing
  • Categories of data subjects
  • Categories of recipients
  • International transfers and safeguards
  • Retention periods
  • Security measures

Consent Records:

  • When and how consent was obtained
  • What was consented to
  • Evidence of consent
  • Withdrawal of consent

Data Subject Requests:

  • Requests received and responses provided
  • Verification procedures followed
  • Timelines and outcomes

Data Breaches:

  • Incident details and impact assessment
  • Notifications sent
  • Remedial actions taken
  • Lessons learned and improvements

Availability:

  • Records available to supervisory authorities upon request
  • You may request information about processing of your data (see Section 10.1)

31. Complaints and Dispute Resolution

If you have concerns about our privacy practices:

Step 1: Contact Us Directly

  • Email privacy.manage@novacoregovernance.com with "Privacy Complaint" in subject line
  • Provide details of your concern
  • We will acknowledge receipt within 2 business days
  • We will investigate and respond within 30 days

Step 2: Escalation Within NovaCore

  • If not satisfied with initial response, request escalation
  • Senior management will review your complaint
  • We will provide a final response within 15 days of escalation

Step 3: Supervisory Authority

  • You have the right to lodge a complaint with relevant supervisory authorities (see Section 10.8)
  • You can do this at any time, even before contacting us
  • We will cooperate fully with supervisory authority investigations

Step 4: Legal Remedies

  • You may have the right to judicial remedies under applicable law
  • Consult legal counsel for advice on your options

Alternative Dispute Resolution:

  • We are willing to engage in alternative dispute resolution
  • We may refer disputes to mediation or arbitration by mutual agreement

32. Language and Interpretation

Primary Language: This Privacy Policy is written in English. English is the governing language for interpretation.
Translations: We may provide translations in other languages for convenience. If there is any conflict between the English version and a translation, the English version prevails.
Legal Effect: This Privacy Policy, together with our Terms of Use, constitutes the complete agreement regarding privacy practices.
Severability: If any provision is found invalid or unenforceable, the remaining provisions continue in full effect.

33. Definitions

To help you understand this Privacy Policy, here are definitions of key terms:
Personal Information/Personal Data: Information that identifies or can be used to identify an individual, including name, email, phone number, IP address, and other identifiers.
Processing: Any operation performed on personal information, including collection, storage, use, disclosure, transfer, and deletion.
Data Controller: The entity that determines the purposes and means of processing personal information. NovaCore is the data controller for information we collect.
Data Processor: An entity that processes personal information on behalf of a data controller (e.g., our service providers)
Data Subject: The individual to whom personal information relates (you).
Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing of personal information.

Supervisory Authority: A government body responsible for enforcing data protection laws (e.g., ADGM Office of Data Protection, ICO, data protection authorities).

ADGM: Abu Dhabi Global Market, a financial free zone in Abu Dhabi, UAE, with its own regulatory framework.
GDPR: General Data Protection Regulation (EU) 2016/679, the European Union’s data protection law.
CCPA: California Consumer Privacy Act, California’s data protection law.
Cookies: Small text files stored on your device by websites you visit.
Anonymization: Process of removing or altering information so that individuals cannot be identified.
Pseudonymization: Process of replacing identifiers with pseudonyms, allowing data to be linked back to individuals with additional information.

34. Effective Date and Version Control

Current Version: 1.0 Effective
Date: January 10th, 2026
Last Updated: March 26th, 2026
Next Scheduled Review: March 26th, 2027

Version History:

  • Version 1.0 - January 10th, 2026 - Initial publication
Review Schedule: We review this Privacy Policy at least annually and update as necessary to reflect:
  • Changes in our practices
  • Changes in applicable laws
  • Technological developments
  • Feedback from stakeholders
Archived Versions: Previous versions are maintained for record-keeping. Contact privacy.manage@novacoreintlgovern.com to request archived versions.

35. Acknowledgment and Acceptance

By using our website, submitting inquiries, or engaging our services, you acknowledge that:
  • You have read and understood this Privacy Policy
  • You understand how we collect, use, and protect your personal information
  • You consent to the practices described in this Privacy Policy
  • You understand your rights and how to exercise them
  • You agree to the terms outlined in this Privacy Policy
If you do not agree with this Privacy Policy, please do not use our website or provide us with personal information.

36. Additional Resources

Related Documents:

  • Terms of Use:
  • Cookie Policy:
  • Legal Disclaimer:
  • Client Services Agreement: [provided during engagement]

External Resources:

Privacy Tools:

37. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our privacy practices:
NovaCore International Governance Ltd
Privacy Inquiries:
Email: privacy.manage@novacoregovernance.com
Subject Line: Privacy Inquiry
General Contact:
Email: enquiries.manage@novacoreintlgovern.com
Phone: +971 (0)4 879 0700
Postal Address: NovaCore International Governance Ltd, Abu Dhabi Global Market (ADGM), Al Maryah Island Abu Dhabi, United Arab Emirates
Office Hours: Sunday to Thursday, 9:00 AM to 5:00 PM GST
Response Time: We will respond to privacy inquiries within 2 business days and substantive requests within 30 days (or as required by applicable law).

This Privacy Policy was last updated on March 26th, 2026.