Narvuk Logo NARVUK

GDPR Compliance

At Narvuk, we are committed to complying with the European Union’s General Data Protection Regulation (GDPR), which is designed to protect the privacy and personal data of individuals within the European Economic Area (EEA). This section outlines how we collect, store, and use personal data, as well as your rights under the GDPR.

What Is the GDPR?

The GDPR is a regulation in EU law that governs data protection and privacy for individuals within the EEA. It grants individuals more control over their personal data and imposes strict guidelines on organizations like Narvuk that collect and process such data. Under the GDPR, "personal data" refers to any information relating to an identifiable individual, such as your name, email address, IP address, and more.

Lawful Bases for Processing Personal Data

Narvuk processes your personal data based on one or more of the following lawful grounds under the GDPR:

  • Consent: We may process your data if you have given us clear and explicit consent for specific purposes (e.g., signing up for newsletters).
  • Contractual Necessity: Processing your personal data may be necessary to perform a contract with you or to take steps at your request before entering into a contract (e.g., providing services you’ve requested).
  • Legal Obligation: We may need to process your data to comply with legal obligations (e.g., tax reporting requirements).
  • Legitimate Interests: We may process your data for our legitimate interests, provided that such processing does not override your rights and freedoms (e.g., improving our website functionality).

Your Rights Under the GDPR

Under the GDPR, you have several rights regarding the personal data we hold about you. These rights include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
  • Right to Rectification: If your personal data is incorrect or incomplete, you have the right to request corrections or updates.
  • Right to Erasure (Right to Be Forgotten): You may request that we delete your personal data, provided that we do not need it for legitimate legal or contractual purposes.
  • Right to Restrict Processing: You can request that we limit the processing of your data in certain circumstances (e.g., if you contest the accuracy of your data).
  • Right to Data Portability: You can request that we provide your personal data in a structured, commonly used, and machine-readable format so that it can be transferred to another data controller.
  • Right to Object: You have the right to object to the processing of your personal data in certain cases, such as for direct marketing purposes.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.

How to Exercise Your GDPR Rights

If you wish to exercise any of your GDPR rights, please contact us using the details below. We will respond to your request within one month, as required by law. In some cases, we may extend this period by an additional two months if the request is complex or numerous. We will notify you of any extension within the original one-month period.

  • Email: privacy@narvuk.com

Data Transfers Outside the EEA

Narvuk may transfer your personal data to countries outside the EEA, including the United States. We will ensure that any such transfers are made in accordance with applicable data protection laws, including the use of approved mechanisms such as standard contractual clauses or binding corporate rules, to safeguard your personal data.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After this period, your data will be securely deleted or anonymized.

Automated Decision-Making

Narvuk does not engage in automated decision-making, including profiling, that has a legal or significant impact on you without your explicit consent or unless required by law.

Data Security

We are committed to ensuring the security of your personal data. We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, destruction, or alteration. These measures include encryption, secure servers, and access controls.

Third-Party Data Processors

We may engage third-party service providers to process personal data on our behalf (e.g., payment processors, cloud service providers). All such processors are bound by data protection agreements that comply with the GDPR and ensure that your personal data is handled securely and in accordance with our instructions.

Your Right to Lodge a Complaint

If you believe that Narvuk has not complied with the GDPR or that your personal data has not been handled appropriately, you have the right to lodge a complaint with your local data protection authority in the EEA. You may also contact us directly to address any concerns you may have.

Last Updated: 03 March 2025