Privacy Policy

We, Limited Liability Company “Nova Poshta Global”, Identification Code 38130410 (hereinafter “Company”, “we”, “us”, “our”), understanding that you take your rights seriously and care about the protection of personal data, have developed and published this Privacy Policy, which explains what personal data we collect, how and for what purpose we process it, where we store it, to whom we transfer it, what security measures we take, and what rights data subjects have.

This Privacy Policy (hereinafter “Policy”) applies to visitors of our websites https://nova.global/ and https://novaposhtaglobal.ua/ (hereinafter collectively “Website”), users of the Global Seller service (hereinafter “Service”), whose personal data is collected and processed by us as a data controller, specifically for the following categories of individuals:

1. Potential clients – individuals who are interested in the Service and contact the Company by phone, mobile messengers, email, letters, or through social networks (e.g., Facebook, Instagram, LinkedIn).
2. Website visitors – individuals who show interest in the Company and/or the Service by visiting the Website.
3. Registered users – natural persons who have successfully registered an account in the business cabinet(hereinafter “Account”), including through a Google account (google.com).
4. Clients – natural persons who have reached the age of 18, or legal entities that order international express delivery services, including users of our Service.

Other definitions and abbreviations used in this Policy are interpreted in accordance with the meanings provided in the Law of Ukraine “On Personal Data Protection” dated June 1, 2010, No. 2297-VI (hereinafter “Law”) and the public Terms of Service posted on the Website.

By using the Website, Account, or Service, contacting the Company, participating in our various promotional activities, or when you provide separate consent for the processing of personal data, you accept the terms of this Policy. If you disagree with the processing of personal data under this Policy, do not provide us with your data or request the deletion of all your data.

Please note that our Privacy Policy may be updated periodically, including if required by applicable law. Whenever possible, if we have your email address, we will inform you of relevant changes. At the same time, we suggest that you periodically review this Policy to check for any updates and their details. Your continued use of the Website and/or Service after changes to the Policy are made will signify your acknowledgment of such changes.

We collect and process only the information about you that is necessary, including to respond to your request, enable you to use the functionality of the Website, use our Service, participate in our promotional activities, and also that which you provide to us voluntarily, in particular, based on consent, by the provisions of the Law and the terms of this Policy.

2.1. Information we receive when you use our Website

When you use the Website, we may collect the following personal data, depending on your choices (using cookies and similar technologies):

• information about your device, including model, operating system version, and mobile network information;
• Internet Protocol (IP) address;
• your browser version and settings;
• information about how you use the Website (e.g., date and duration of your visit, web pages viewed, etc.).

We use cookies and similar technologies to operate the Website and provide you with Website functionalities. In doing so, specific personal data may be collected during your visit to the Website. Please refer to our Cookie Policy to learn more about these technologies and the data collection they enable. You also have the option to use our cookie settings tool to change your choices and consents.

2.2. Information we receive from your request

When you fill out a feedback request form, for example, with a question about cooperation (the “Cooperation” button), we ask you to provide: (a) for natural persons – last name and first name, email address, phone number; (b) for legal entities – last name and first name, position (in the company/organization), email address, phone number. We need this data to provide you with a response and the information you requested.

We may contact you through various communication channels, including email, phone calls, SMS, WhatsApp, and Telegram messages.

Once we begin communicating with you, we may receive and process additional information about you, including personal data. In particular, we may record and store our communications with you (recording telephone conversations or email correspondence).

2.3. Information we receive when you register an Account

When you register an Account on the Website, particularly for using the Service, we collect and subsequently process the following personal data:

• email address;
• first and last name.

At the first stage of registration, we only ask for an email address, which we use to check if an Account has already been registered. If you are a new user, we will send a special code to the email address you provided to continue the Account registration process.

If registration (login) on the site is done through a Google account, you verify and/or fill in your first and last name in Latin letters.

2.4. Information we receive when providing you with the Service

Subsequently, if you use the Account and/or the Service, in addition to the data you provided during Account registration, we may collect and process the following personal data:

• middle name;
• date of birth;
• phone number;
• country of residence;
• gender;
• postal address (delivery/dispatch of shipment);
• transaction history (about shipments).

In some instances, as stipulated by the Terms of Service, the Company may request that you provide scanned copies of documents related to the shipment, including, but not limited to, those confirming the shipment’s value and other documents required by the customs authorities of the sender’s or recipient’s country. These documents may contain personal data of the sender and/or recipient of the shipment.

You may also provide the Company with specific personal data when communicating with our customer care team, particularly when you contact us with questions or concerns. We typically record communications and correspondence with you.

Please note that we may conduct customer satisfaction surveys regarding our Service. These surveys are conducted through the Website or using other communication channels, such as email, phone calls, Viber, or WhatsApp messages.

2.5. Information we receive during your participation in promotional (promo) campaigns

Your participation in our promotional (promo) campaigns involves the collection and further processing of personal data under the terms defined in the respective official rules of the campaign.

Such personal data may include, but is not limited to:

• account login (email address used to register the social media account);
• first and last name;
• passport data or data from a document replacing it;
• tax identification number (RNTRC);
• contact details (phone number, email);
• bank account details, opened in Ukraine, for receiving monetary incentives.

Some promotional (promo) campaigns may include a condition for you to consent to the Company’s use of the contact data received for advertising (marketing) purposes, without violating the applicable legislation of Ukraine.

2.6. Processing of information received from third parties or third-party websites

The Company may receive personal data from third parties and subsequently process it.

For example, this may occur when someone, through their Account or otherwise, places an order for a shipment in your interest, i.e., when you are the intended recipient, or when someone uses your personal data to place an order.

We may also collect specific data about you from a third-party platform (website) if you provide a corresponding link to your profile on such a platform (website) during registration (login) to the Account, in particular, using a Google account.

In addition, if you visit the Company’s pages on social networks (Facebook, LinkedIn, X, TikTok, Instagram, etc.) and interact with us in any way, such as writing comments, using “Like” marks, etc., the operator (owner) of the respective social media platform publishes this information. We have access to it, including information about your profile on such a social network.

From time to time, the Company may conduct various marketing activities and offer participation in online contests, which we host, in particular, on our social media pages. To participate in a competition, we suggest subscribing to our marketing newsletter or registering a personal Account on the Website. Alternatively, we may separately request the following data: name, link to social media profile, email address, and phone number.

If you communicate with us through social networks, the processing of your personal data is governed by the respective social network’s privacy policy.

2.7. Processing of children’s personal data

Please note that our Website and Service are not intended for individuals under the age of 18. An individual who has not yet reached the age of 18 is not eligible to become our client. Accordingly, we do not knowingly collect or process information about children.

If you become aware of instances where the Company processes children’s personal data, particularly if we receive data from children without their parents’ or other legal guardians’ consent, please inform us. We will be able to take steps to delete this information.

2.8. Processing of special categories of data

The Company does not collect or process any personal data that poses a particular risk to the rights and freedoms of data subjects, in particular, data on racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, criminal convictions, as well as data concerning health, sex life, biometric or genetic data.

The Company processes personal data in accordance with applicable law. We process personal data for the following purposes on the following legal bases (data may be processed on several legal bases):

• to personalize the experience of Website Visitors using cookies and similar technologies, and to offer you relevant information on the Website (legitimate interest, consent of the data subject);
• to enable the registration of an Account on the Website and, accordingly, to provide access to our Service (conclusion and/or performance of a contract or taking steps prior to entering into a contract);
• to offer services that you request from us or that we believe may interest you in the future (consent of the data subject, taking steps prior to entering into a contract, legitimate interest);
• to provide technical support to a Registered User (performance of a contract, legitimate interest);
• to ensure logging and monitoring of operations with personal data, including maintaining an action log for access, modification, and deletion of data of a Registered User or Client, in order to detect and prevent potential security breaches (performance of a contract, legitimate interest);
• to notify the Client regarding an order/shipment made, as well as changes related to the Service (performance of a contract, legitimate interest);
• to comply with our other obligations under the Terms of Service (performance of a contract, legitimate interest);
• to conduct internal analytical research, development, testing, and improvement of the features and functions of our Service and other Company services (legitimate interest);
• to establish and maintain communication with a Registered User or Client, including for providing consultations, technical or other support regarding the Service and other Company services (conclusion and/or performance of a contract, legitimate interest);
• to process (review) requests, appeals, or complaints, provide a response, and further react to them (consent of the data subject, legitimate interest);
• to improve the quality of the Service and other Company services for Potential Clients and Clients (legitimate interest, consent of the data subject);
• to meet internal and external audit requirements, including information security measures and regular risk assessments of personal data processing (performance of a contract, legitimate interest);
• to protect against any malicious actions (such as fraud, etc.), detect and/or investigate a crime, in connection with other security considerations of the Company (fulfillment of a data controller’s legal obligation, legitimate interest);
• to obtain your feedback about our Service or Website or to enable you to participate in our survey (legitimate interest of the Company, consent of the data subject);
• to determine participants/winners of promotional (promo) campaigns and for them to receive incentives provided by the terms of such a campaign (performance of a contract, legitimate interest);
• to send you, as a Client, our special offers or news about Company services (legitimate interest of the Company);
• for marketing purposes (consent of the data subject);
• to respond to requests and other legal requirements of regulatory and law enforcement authorities (fulfillment of a data controller’s legal obligation);
• to ensure other legitimate interests of the Company, for example, to prepare a claim or respond to a received claim (legitimate interest, fulfillment of a data controller’s legal obligation);
• to comply with legal requirements applicable to the Company (fulfillment of a data controller’s legal obligation).

If we rely on legitimate interests as a legal basis for processing your personal data, we balance these interests against your interests, legal rights, and freedoms in accordance with personal data protection laws and best industry practices.

The Company may provide you with marketing information in several ways, including by email, phone, text messages (including via Viber or WhatsApp), and online while you use the Website, including through your Account.

The Company, together with external providers, also uses third-party cookies and other identifiers, such as Google Analytics and Facebook Pixel, to collect specific data about your interaction with our Website and to provide you with more targeted information.

It is essential for us to respect your marketing preferences and comply with the current requirements of personal data protection legislation. We send you marketing materials either with your consent or if we have a legitimate interest in providing you with direct marketing (if you are our Client).

Direct marketing will not include information that contradicts your interests. For example, from time to time, we may remind you about our Service and its benefits if you have already shown interest in the Service and placed orders, and therefore, have become a client. This is because such information may be of interest to you based on your past interests.

You can opt out of marketing, including direct marketing, even if you previously gave us your consent. Specifically, you can find an “unsubscribe” link in every marketing email we send, or you have the right to contact our Head of Data Protection by sending an email to [email protected].

At the same time, even if you opt out of receiving marketing, we may still send you service or transactional messages, or essential information about an order you have placed, related to the Service or our other services. This is necessary, among other things, to perform the contract concluded with you.

The Company applies physical, administrative, and technical measures to protect personal data in accordance with applicable law requirements and considers best practices in the field of data protection. We regularly review our security measures to ensure they remain practical and up-to-date.

Primarily, we use standard malware scanning. Our antivirus product is one of the best on the market and is constantly updated.

The Company adheres to the principle of data minimization. We provide our employees with access only on a need-to-know basis (those who need access to relevant data to perform their functional duties). We conduct regular training for our employees on the processing and protection of personal data.

For access to systems containing personal data, the Company uses two-factor authentication to provide an additional layer of security and prevent unauthorized access.

When transferring personal data outside the Company, we use modern encryption methods and password protection to prevent unauthorized access or compromise of information during its transmission.

The Company regularly tests its security procedures, including creating and restoring data backups, to ensure the proper protection and availability of personal data in the event of technical problems or information security incidents.

We employ all reasonable procedures and security measures to prevent unauthorized access, loss, disclosure, or alteration of the personal data we receive.

Your data, processed by us, is stored or used in secure information technology systems owned or managed by the Company, as well as in cloud services located in the European Union and the United States.

We store personal data only as long as necessary to achieve the purposes for which it was collected, including fulfilling any legal, accounting, or tax reporting requirements, as well as ensuring the performance of contracts we enter into to provide the Service.

When determining the appropriate retention period for personal data, we also consider, in addition to the purposes of processing, the nature and category of the data, the potential risk of harm from unauthorized use or disclosure of the data, and the relevant requirements of applicable law.

As a rule, we store basic information about our Registered Users and Clients for three (3) years after they cease to use their personal account on the Website or to be Clients (for tax and legal purposes).

If the legislation of your country of residence contains statutes of limitation that define the period during which you can file a claim or lawsuit against us, and therefore we need relevant evidence of legal relations with you, we may process your personal data for such a defined period.

Over time, we may minimize the data we process or even anonymize it (for research or statistical purposes) so that it is no longer associated with you. If data becomes anonymous, we may use it indefinitely, as it no longer contains personal data.

We may transfer personal data to data processors (a natural or legal person to whom the Company, as a data controller, or the law grants the right to process such data on behalf of the controller) and/or third parties (any person, except for the data subject, controller or processor of personal data, and the Ukrainian Parliament Commissioner for Human Rights, to whom the controller transfers personal data), including foreign entities involved in relations related to personal data:

• NOVA Group companies: for the purpose of providing the Service or our other services, as well as for preparing analytical and statistical information, to comply with the requirements of consolidated audit reporting standards, we need to share your data with NOVA Group companies that operate on our behalf or in our interests and require access to your personal data to perform their part of the work, for example, to issue an order at a branch, process invoices, provide customer support services, etc.
• Warehouse and customs brokerage service providers: to provide you with the Service or other services, in particular to deliver a shipment, we may engage third-party providers who carry out warehouse processing of goods and others who provide the Company with services for customs clearance of goods (shipments).
• Payment systems: when you order and pay for the Service or our other services, you independently provide personal data to the relevant payment systems through which payment is made, however, in the course of work, we may exchange specific personal data with these payment systems, for example, to detect fraud and verify payments made.
• External consultants, providers of professional services for the Company: we may provide access to your personal data to service providers and/or consultants who provide professional assistance to the Company and require access to such data to perform their work, for example, technical support and maintenance of the Website, invoice processing, accounting, auditing, and legal services.
• Software providers/suppliers for the Company: in our work, including providing you with the Service, we use software from external vendors (suppliers) that may have access to personal data, such as a CRM system for customer support services, etc.
• State, local, and other regulatory, administrative, law enforcement authorities: we may disclose your personal data to such third parties if (1) we receive a lawful demand, decision, request, or other type of document (e.g., a search warrant) and believe that the disclosure (transfer) of personal data is reasonably necessary to comply with legal requirements, (2) it is necessary to protect the interests of the Company or the security of the Website, (3) to protect the interests of Clients or Registered Users from harm or illegal activities.
• Other types of third parties: we may disclose your data (1) to respond to emergencies which, in our good faith belief, require us to disclose information to help prevent the death or serious injury of any person, or (2) we have received your request to share data with a specific third party.

We may transfer your personal data to third countries or territories whose privacy laws may differ from the corresponding laws of your country of residence. Some recipients of personal data may be located in Ukraine, and some in countries of the European Economic Area and the USA (depending on the country from which or to which the shipment will be delivered). Please note that the Company transfers your personal data outside of Ukraine only when necessary and for the purposes outlined in this Policy, provided that adequate protection is in place for your rights and freedoms as a data subject. In such cases, we ensure compliance with the provisions of Art. 29 of the Law.

In addition, we will require all data recipients to ensure an adequate level of protection and security for personal data.

Please be assured that we never sell your data to third parties.

In the event of a merger, reorganization, or similar corporate event, or the sale of the Company or part of its assets, the information we have collected, including personal data, may be transferred to another company (subject to the terms of the merger or acquisition). Undoubtedly, all such data transfers will be carried out in accordance with applicable law and our obligations, as stated in this Policy.

On the Website, you may find links to websites and services of other companies or organizations, such as Facebook, LinkedIn, X, TikTok, Instagram, etc. We do not control these websites. Each such third party is solely responsible for complying with the laws, rules, and regulations applicable to its business. These websites and services may have their privacy policies. We encourage you to review the relevant policy posted on such a third-party website.

We guarantee the realization of your rights to personal data protection and other rights provided for by Art. 8 of the Law. In particular, as a data subject, you have the following rights:

1. to know about the sources of collection, the location of your personal data, the purpose of their processing, the area or place of residence (stay) of the data controller or processor, or to give appropriate instructions to authorized persons to obtain this information, except in cases established by law;
2. to receive information about the conditions for granting access to personal data, in particular, information about third parties to whom personal data is transferred;
3. to access your personal data;
4. to receive, no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, a response as to whether your personal data is being processed, as well as to receive the content of such personal data;
5. to present a reasoned demand to the data controller objecting to the processing of your personal data;
6. to present a reasoned demand for the modification or destruction of your personal data by any data controller and processor if this data is processed unlawfully or is unreliable;
7. to protect your personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as protection from providing information that is unreliable or discredits the honor, dignity, and business reputation of a natural person;
8. to lodge complaints about the processing of your personal data with the Ukrainian Parliament Commissioner for Human Rights or to a court;
9. to apply legal remedies in case of violation of personal data protection legislation;
10. to make reservations regarding the limitation of the right to process your personal data when giving consent;
11. to withdraw consent to the processing of personal data;
12. to know the mechanism of automated personal data processing;
13. to be protected from an automated decision that has legal consequences for you.

Account holders can access, correct, or delete the personal data they have provided. By doing so, you are responsible for the accuracy of the personal data you provide to us, including through your Account on the Website.

We inform you that Article 15 of the Law states that personal data is subject to deletion or destruction in the following cases:

• expiration of the data storage period determined by the consent of the data subject to the processing of this data or by law;
• termination of legal relations between the data subject and the controller or processor, unless otherwise provided by law;
• issuance of a relevant order by the Commissioner or officials of the Commissioner’s Secretariat designated by him;
• entry into legal force of a court decision on the deletion or destruction of personal data.

Please note that when you contact us to exercise your rights as a data subject, you must undergo an identification process and submit your specific requirements so that we can process the request in a timely and accurate manner and provide a response on legal grounds. If we cannot identify you from the received messages or have reasonable suspicions about your identity, we may request that you provide proof of identity. Only in this way can we avoid disclosing your data to a person who might impersonate you, i.e., the identification process is carried out in your interest.

Any additional information collected for verification purposes will only be used to confirm identity.

We process requests as quickly as possible, but please remember that providing a complete and lawful response is a complex process that can take up to a month or even longer. We will notify you if we need more time to prepare a response.

If you reside in one of the countries of the European Economic Area (EEA), additional conditions set out below in this Section 10 apply to the processing of your personal data. For EEA residents, these provisions take precedence over any conflicting terms of this Privacy Policy.

We may transfer your personal data outside the EEA, in particular to Ukraine and the USA, which do not provide the same level of data protection as EEA countries. In such cases, we take all necessary measures to protect your data, including using Standard Contractual Clauses (SCCs). Also, due to the global nature of our operations, we may transfer your data to other companies within the NOVA group of companies to achieve the purposes described in this Policy. For more detailed information about data transfers, please refer to Section 7 of this Policy.

Under GDPR and other applicable EU data protection laws, you have the right: (i) to information (to know exactly what personal data of yours is processed, for what purpose, who has access to it, how long it is stored, etc.); (ii) to access your personal data; (iii) to rectification if your personal data is inaccurate or incomplete; (iv) to object to its processing for particular purposes; (v) to withdraw your consent to data processing (when processing is based on consent) or to demand the deletion of all your personal data; (vi) to restriction of processing of your personal data in some instances, for example, if you contest the accuracy of the data; (vii) to data portability; (viii) not to be subject to decisions based solely on automated processing, including profiling.

The exercise of these rights may be subject to certain limitations as provided by the GDPR. For example, the right to erasure may be limited if processing is necessary for the Company to comply with a legal obligation or to fulfill a public interest.

To exercise your rights, please get in touch with us using the contact details provided in Section 11 below. We may ask you to confirm your identity and/or provide other information that will help us fulfill the relevant request.

You also have the right to complain to a data protection authority.

If you have any questions regarding the processing of your personal data or have comments about this Policy, or if you wish to exercise your right in accordance with applicable personal data protection legislation, you can send us a relevant request.

We have appointed Stanislav Kovalenko, Head of Privacy, as the contact person for any questions regarding the protection and processing of personal data. You can contact him by sending an email to [email protected] or by writing to the postal address of LLC “NP GLOBAL”: Ukraine, 03026, Kyiv, Stolychne Shose, 103 (for Stanislav Kovalenko).