This Privacy Policy explains how Nova Group Sp. z o.o. processes personal data through https://novelle.wedding and related Novelle services.
Controller: Nova Group Sp. z o.o., Tax ID / VAT ID PL7011215529, KRS 0001117840, REGON 529224431, registered address Żurawia 6/12 Lok. 745, 00-503 Warszawa, Poland.
Privacy contact: privacy@novelle.wedding.
1. Scope
This Privacy Policy applies to visitors, customers, account users, couples submitting wedding planning requests, suppliers, partner applicants, and other users who interact with Novelle.
2. Personal data we process
Depending on how you use the website, we may process:
- identity data, such as name and surname;
- contact data, such as email address and communication history;
- wedding planning data, such as preferred date, date flexibility, location, guest count, budget range, style preferences, supplier categories, must-have requirements, and notes submitted by you;
- supplier and partner data, such as business name, contact person, services offered, location, portfolio links, availability context, pricing context, lead status, and partner communications;
- account data, such as login identifiers, authentication events, account status, and saved preferences;
- order and billing data, such as purchased service, invoice details, transaction references, payment status, tax information, and refund status;
- technical data, such as IP address, device identifiers, browser type, operating system, approximate location derived from technical data, logs, and security events;
- analytics and marketing data, such as consent choices, page views, referral source, campaign data, conversion events, and interaction events;
- customer support data, such as messages, attachments, complaint history, and service-resolution records.
We do not intentionally request special categories of personal data through ordinary website forms. If you voluntarily submit sensitive information, we process it only where necessary for the purpose of handling your request, protecting rights, complying with law, or another lawful basis under GDPR.
3. Purposes and legal bases
We process personal data for the following purposes:
| Purpose | Examples | Legal basis |
|---|---|---|
| Providing services | handling wedding briefs, plan directions, supplier-fit analysis, supplier introductions, account access | performance of contract or steps before entering into a contract |
| Customer support | responding to questions, complaints, service issues, and operational requests | performance of contract, legitimate interests, legal obligations |
| Supplier and partner operations | supplier onboarding, partner applications, lead routing, introduction tracking, partner communications | contract, steps before contract, legitimate interests |
| Payments and billing | payment processing, invoicing, tax records, refunds, dispute handling, fraud prevention | contract, legal obligations, legitimate interests |
| Website security | abuse prevention, log monitoring, fraud detection, system protection | legitimate interests, legal obligations |
| Analytics | understanding website usage, improving product flows, measuring conversions where allowed | consent where required; legitimate interests where allowed for privacy-friendly analytics |
| Marketing and remarketing | measuring ad campaigns, showing relevant ads, conversion tracking, email marketing where allowed | consent or legitimate interests depending on the activity and applicable law |
| Legal compliance | tax, accounting, consumer, data protection, payment, and dispute obligations | legal obligations |
| Rights protection | enforcing terms, preventing misuse, handling disputes, preserving evidence | legitimate interests, legal claims |
4. Payments
Payments may be processed by payment providers such as Stripe or Worldline. Payment providers process payment data, authentication data, fraud-prevention signals, transaction identifiers, and related payment information according to their own legal and security obligations.
Novelle does not store full card details. Card data and payment authentication are handled by the relevant payment provider.
5. Analytics, ads, and consent tools
The website may use privacy, analytics, advertising, account, and product-analysis tools, including Cookiebot CMP, Google Consent Mode v2, Google Analytics 4, Google Ads conversion tracking and remarketing, Plausible Analytics, PostHog, Clerk, Stripe, and Worldline.
Non-essential analytics and marketing technologies are used according to your consent choices where consent is required. You can manage or withdraw cookie consent by reopening the cookie settings widget available on the website.
6. Data sharing and processors
We may share personal data with:
- hosting, infrastructure, database, monitoring, and security providers;
- payment processors and payment-service providers;
- authentication and account providers;
- email, customer support, and communication providers;
- analytics, consent, advertising, and conversion-measurement providers;
- professional advisers, accountants, auditors, and legal representatives;
- suppliers or partners where necessary to provide supplier introductions or handle partner services;
- public authorities, courts, payment networks, banks, or regulators where required by law or necessary to protect rights.
We limit sharing to what is reasonably necessary for the relevant purpose.
7. International transfers
Some providers may process data outside Poland or the European Economic Area. Where required, transfers are based on appropriate safeguards such as adequacy decisions, standard contractual clauses, technical and organizational protections, or another lawful transfer mechanism under GDPR.
8. Retention periods
We keep personal data only for as long as necessary for the relevant purpose, including legal, tax, accounting, security, and dispute requirements.
Typical retention periods include:
| Data category | Typical retention |
|---|---|
| Account data | for the account lifetime and a reasonable period after closure |
| Wedding planning requests | for the service period and then for a period needed for support, quality, legal, and dispute records |
| Supplier and partner data | for the partner relationship and a reasonable period after termination |
| Billing and tax records | for the period required by accounting and tax law |
| Support and complaints | for the time needed to resolve the matter and preserve evidence |
| Consent records | for the period needed to prove consent choices and manage compliance |
| Security logs | for a limited security and abuse-prevention period unless longer retention is needed for an incident |
| Marketing data | until consent is withdrawn, objection is made, or the campaign purpose expires |
9. Your GDPR rights
Subject to GDPR conditions and limitations, you may have the right to:
- access your personal data;
- correct inaccurate data;
- request deletion;
- restrict processing;
- object to processing based on legitimate interests;
- withdraw consent at any time where processing is based on consent;
- receive data portability where applicable;
- not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
To exercise your rights, contact privacy@novelle.wedding. We may need to verify your identity before acting on the request.
10. Complaint to supervisory authority
You may lodge a complaint with the Polish supervisory authority for data protection matters:
President of the Personal Data Protection Office
Urząd Ochrony Danych Osobowych
ul. Stanisława Moniuszki 1A
00-014 Warszawa, Poland
Website: https://uodo.gov.pl
11. Children
Novelle is intended for adults and business users. We do not knowingly provide services to children. If you believe that a child has submitted personal data through the website, contact privacy@novelle.wedding.
12. Automated processing and AI-assisted features
Novelle may use automated tools or AI-assisted workflows to structure requests, identify missing information, classify supplier-fit signals, improve support, or assist operators. Human review may be used before supplier introductions or customer-facing planning directions where the service requires it.
We do not use automated processing to make legal, financial, medical, or similarly significant decisions about users.
13. Security
We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, and alteration. Security measures include access controls, payment-provider tokenization, encrypted transmission where supported, monitoring, and restricted operational access.
14. Contact
Privacy contact: privacy@novelle.wedding
Support contact: support@novelle.wedding
Website: https://novelle.wedding
Controller: Nova Group Sp. z o.o., Żurawia 6/12 Lok. 745, 00-503 Warszawa, Poland