Home → Resources → Privacy Policy
NOVARIC® Privacy Policy
How we collect, use, protect and respect your personal information
| Enacted: September 1, 2017 | Revised: March 11, 2022 | January 2, 2025 | March 22, 2026 | Owner: Legal Team, NOVARIC® Ltd. |
| Controller: NOVARIC® Ltd. (C 63881, Malta) & NOVARIC® Sh.A. (Albania) | Status: Active | |
1. Background and Commitment
NOVARIC® Ltd. (hereinafter referred to as “NOVARIC®”) handles various categories of information, including technical information, candidate and client data, and information provided through our digital platforms and services. With this in mind, NOVARIC® has established and continuously improves a comprehensive information management and data protection system in order to respect the value of all personal information entrusted to us.
In accordance with this commitment, NOVARIC® has established clear rules and a governance framework for personal information protection, communicated them to all board members and employees, and made this Privacy Policy readily accessible to the public. Furthermore, NOVARIC® will strive to protect personal information appropriately based on this policy and to make continual improvements to its data protection practices.
2. Our Personal Information Protection Principles
The following principles guide how NOVARIC® collects, uses, stores, and protects all personal information. These principles are binding across all NOVARIC® entities and activities.
Lawfulness, Fairness and Transparency
We process personal data only on a valid lawful basis. We are transparent about how and why we use your data, and we act fairly in all our data processing activities. When NOVARIC® requires a person to provide personal information, we clearly state the purpose beforehand and obtain consent where required.
Purpose Limitation
We collect personal information only for specific, explicit, and legitimate purposes and do not use it for purposes incompatible with those originally stated. NOVARIC® will not use personal information for purposes other than the original intent and will implement appropriate measures to ensure this.
Data Minimisation
We collect only the personal data that is necessary for the stated purpose. We do not collect excessive or irrelevant information. Our data collection practices are proportionate to our legitimate business needs.
Accuracy
We take reasonable steps to ensure that personal data is accurate, complete, and kept up to date. Inaccurate data is corrected or deleted without delay upon notification or identification.
Storage Limitation
We retain personal data only for as long as necessary for the stated purpose or as required by applicable law. After the retention period expires, data is securely deleted, anonymised, or disposed of in accordance with our data disposal procedures.
Integrity and Confidentiality
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures are regularly reviewed and updated.
Accountability
NOVARIC® takes full responsibility for complying with these principles and can demonstrate compliance at all times. We maintain internal policies, procedures, training records, and processing registers to support this accountability.
3. Scope of Application
This Privacy Policy establishes the handling of all personal information by NOVARIC® in its company activities. It applies to:
- Recruitment, talent acquisition, and employment placement services
- Vocational training and NOVARIC® Academy programmes
- HR consulting, relocation, and outsourcing services
- Interactions via the novaric.co website and all NOVARIC® digital platforms
- Communications via email, telephone, social media, and NOVARIC® Nexus AI systems
- Business relationships with clients, partners, suppliers, and public authorities
This policy applies to NOVARIC® Ltd. (Malta, C 63881) and NOVARIC® Sh.A. (Albania), and to all employees, contractors, and third-party processors acting on their behalf.
4. Personal Information We Collect
Depending on your interaction with NOVARIC®, we may collect and process the following categories of personal information. In all cases, collection is limited to what is necessary and proportionate to the purpose.
Identification and Contact Data
- Full name, nationality, and date of birth
- Email address, telephone number, and postal address
- Passport or identity document number (where required for visa or work permit processing)
Professional and Qualification Data
- CV, employment history, qualifications, and certifications
- Educational background, academic records, and transcripts
- Skills, language proficiency, professional licences, and references
Website and Digital Interaction Data
- IP address, browser type, and device information
- Pages visited, time spent on site, and referral sources
- Cookie and tracking data — see Cookie Policy
Business Contact Data
- Name, job title, company name, business email, and telephone
- Correspondence and communication records with clients and partners
Special Category Data (processed only where strictly necessary)
In limited circumstances and only where required by law or with your explicit consent, we may process:
- Health or disability information relevant to specific employment requirements
- Criminal record information where required by applicable law or employer
5. How We Use Personal Information
NOVARIC® processes personal information only for legitimate, specified purposes. The following table sets out the primary purposes and their lawful bases under GDPR:
| Purpose | Lawful Basis | GDPR Art. |
|---|---|---|
| Providing recruitment, training, and HR services | Contract / Legitimate interests | 6(1)(b)(f) |
| Matching candidates with employment opportunities | Consent / Legitimate interests | 6(1)(a)(f) |
| Processing visa and work permit applications | Legal obligation / Contract | 6(1)(b)(c) |
| Communicating about vacancies, services, and updates | Consent / Legitimate interests | 6(1)(a)(f) |
| Operating and improving our website | Legitimate interests / Consent | 6(1)(a)(f) |
| Complying with legal and regulatory obligations | Legal obligation | 6(1)(c) |
| Preventing fraud and ensuring data security | Legitimate interests | 6(1)(f) |
6. Provision to Third Parties
NOVARIC® will not provide personal information to a third party without first obtaining prior consent from the person concerned, except in the following circumstances:
- Prospective employers and clients — only with your explicit prior written consent for candidate profiles
- NOVARIC® group entities — NOVARIC® Ltd. (Malta) and NOVARIC® Sh.A. (Albania) acting as joint or separate controllers
- Immigration and public authorities — where required by applicable law for visa, work permit, or regulatory processing
- Technology and IT service providers — acting as data processors under written data processing agreements (GDPR Art. 28)
- NOVARIC® Nexus AI system — for candidate matching and communication, governed by the NOVARIC® Nexus AI Governance Framework
- Professional advisors — lawyers, auditors, and accountants under binding confidentiality obligations
- Regulatory and supervisory authorities — when legally required
7. International Transfers
Where NOVARIC® transfers personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR Chapter V. These include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, and other approved transfer mechanisms.
Transfers to Albania benefit from Albania’s EU adequacy status. All international transfers are documented, regularly reviewed, and subject to the same data protection standards that apply within the EEA.
8. Security Measures
To ensure the correctness and safety of personal information, NOVARIC® implements various technical and organisational measures. These include:
- Encrypted data transmission and at-rest storage
- Role-based access controls and multi-factor authentication
- Regular security audits, vulnerability assessments, and penetration testing
- Staff training on data protection and information security obligations
- Incident detection, classification, response, and notification procedures
- Secure disposal and anonymisation of personal data no longer required
When any problems regarding safety measures are identified, NOVARIC® takes immediate corrective action, notifies affected individuals, and reports to supervisory authorities as required by law — typically within 72 hours of becoming aware of a breach.
9. Cookies and Web Beacons
NOVARIC® uses cookies and similar tracking technologies on our website to improve user experience, analyse website traffic, and support our services. Cookie types include:
- Strictly necessary cookies — essential for the website to function correctly
- Analytics cookies — to understand how visitors use our site and improve performance
- Marketing cookies — to personalise content and communications (deployed only with your consent)
When a person contacts NOVARIC® by telephone, the conversation may be recorded to aid accurate replies and for quality assurance purposes. You will be informed at the beginning of any recorded call.
For full details on cookies and how to manage your preferences, see our Cookie Policy.
10. Your Rights Regarding Personal Information
Under GDPR, you have the following rights in relation to your personal data held by NOVARIC®. To exercise any of these rights, please submit your request using the contact details in Section 11:
| Right | Description | GDPR Article |
|---|---|---|
| Access | Request a copy of the personal data we hold about you, including how it is used and who it is shared with | Art. 15 |
| Rectification | Ask us to correct inaccurate or incomplete data without undue delay | Art. 16 |
| Erasure | Request deletion of your data where there is no lawful basis to retain it. Note: legal obligations may require retention of certain records | Art. 17 |
| Restriction | Ask us to limit how we use your data while a dispute or query is being resolved | Art. 18 |
| Portability | Receive your data in a structured, machine-readable format (e.g. JSON/CSV) to transfer to another provider | Art. 20 |
| Object | Object to processing based on legitimate interests, including profiling for candidate matching | Art. 21 |
| Withdraw Consent | Withdraw consent at any time where processing is consent-based. Withdrawal does not affect prior lawful processing | Art. 7(3) |
| Complaint | Lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta at idpc.org.mt, or with the IDP in Albania at idp.al | Art. 77 |
We will respond to all valid requests within 30 days. In complex cases, we may extend this by a further two months and will inform you of the extension and reason.
11. Contact Information
For all enquiries, disclosures, requests, or complaints related to this Privacy Policy or the handling of your personal data, please contact us using the following details:
| Data Protection & Privacy | legal.department@novaric.co |
| Postal Address | NOVARIC® Ltd., Level 4, Angelica Court, Giuseppe Cali Street, Ta’ Xbiex XBX 1425, Malta |
| Telephone | +356 2711 2206 |
| General Enquiries | contact@novaric.co | Contact Form |
| Supervisory Authority (Malta) | IDPC — Information and Data Protection Commissioner | idpc.org.mt |
| Supervisory Authority (Albania) | IDP — Information and Data Protection Commissioner | idp.al |
12. AI and Automated Processing
NOVARIC® uses AI-assisted tools, including NOVARIC® Nexus, to support certain business operations including candidate communications and administrative processing. Consequently, some of your personal data may be processed by automated systems. However, no automated decision with a legal or similarly significant effect on you is made without human review and validation.
13. Updates to This Policy
We review and update this Privacy Policy periodically to reflect changes in our practices, legal obligations, or applicable law. Material updates will be communicated via our website. The current version is always available at novaric.co/privacy-policy/.
Version History
| Date | Change |
|---|---|
| September 1, 2017 | Initial enactment — NOVARIC® Ltd. Personal Information Protection Policy |
| March 11, 2022 | First revision — updated for expanded services and GDPR alignment |
| January 2, 2025 | Second revision — updated contact information and retention provisions |
| March 22, 2026 | Current version — full GDPR-grade restructure, AI processing governance, EU directive compliance matrix, Privacy Hub integration, rights table, supervisory authority contacts |
Related NOVARIC® Documents
| Document | Reference |
|---|---|
| NOVARIC® Privacy Hub | Hub |
| Candidate & Job Applicant Privacy Notice | NOVARIC-POL-PRI-002 |
| Cookie Policy | — |
| NOVARIC® Nexus AI Governance | N-DOC-10010-032026 |
| GDPR & Data Protection Notice | NOVARIC-POL-GD-001 |
| Governance Hub | N-HUB-GOV |
Published under NOVARIC® Resources | NOVARIC® Privacy Hub
Enacted: September 1, 2017 | Current Revision: March 22, 2026 | Legal Team, NOVARIC® Ltd.
NOVARIC® — The Future Starts At The Endgame.™ | C 63881 — Malta | VAT: MT 2170 7305 | EU Trademark: 018313401
