Latest updated: 30.11.2025
Noova Energi System AS, org. no. 918 710 558 (Noova), must process personal data in accordance with the applicable privacy regulations at all times, including the Personal Data Act of 2018, which incorporates the EU General Data Protection Regulation 2016/679 (GDPR).
When you enter into agreements with us, visit our websites, contact customer service, log in to our customer portal, or receive marketing from us, we process personal data that can be linked to you as an individual. This privacy statement describes how we process your personal data and what rights you have under the applicable privacy regulations. If you have questions about this privacy statement, you can contact us at post@noova.no
Personal data are information and assessments about an identified or identifiable natural person. This may include, for example, name, phone number, email address, or IP address. Any collection, registration, compilation, storage, disclosure, etc. of personal data is referred to as the processing of personal data.
All processing of personal data in Norway is regulated by the Personal Data Act of 2018, which incorporates the GDPR, and the Norwegian Data Protection Authority supervises compliance with the law. The party that decides the purpose of processing personal data is called the data controller. The data controller must ensure that personal data are processed in accordance with the applicable regulations.
Noova is the data controller for the processing of your personal data under this privacy statement. You can contact us at post@noova.no, P.O. Box 220, 4001 Stavanger, or by telephone at +47 51 61 01 70.
Noova aims to give you the best possible experience when using our services and interacting with us. We collect and use personal data that you provide to us, data generated through your use of our services, and data gathered when you visit our website. We also receive certain information from third parties, both public and private institutions. This includes, for example, usage pattern information from HubSpot.
We collect and process this personal data in order to enter into and fulfil an agreement with you (GDPR art. 6(1)(b)), based on your explicit consent (GDPR art. 6(1)(a)), based on our legitimate interest in giving you the best possible experience related to our website and services, and based on our legitimate interest in handling legal claims (GDPR art. 6(1)(f)), as well as to comply with our legal obligations (GDPR art. 6(1)(c)).
We generally do not process special categories of personal data, such as health information.
Below is an overview of the specific ways in which we process your personal data, which categories of data we typically process, and the legal basis for that processing.
If you contact us by emailing our customer service, filling out a contact form on our website, using our website chat solution, or calling us, you will provide information about yourself. In this context, we process the personal data you submit, such as: name, email address, phone number, company information, and any other information you choose to share with us. We process this data to fulfil an agreement with you (GDPR art. 6(1)(b)) or based on our legitimate interest in responding to your inquiries (GDPR art. 6(1)(f)).
If you subscribe to our newsletter, we collect your name, email address, phone number, and company information. We process this data based on our legitimate interest in following up with our customers by sending relevant news and information about our services (GDPR art. 6(1)(f), see also the Norwegian Marketing Act § 15(3)). You can opt out of such marketing at any time by contacting post@noova.no
If you are not an existing customer, the legal basis for sending you such emails is your explicit consent (GDPR art. 6(1)(a)). You can easily unsubscribe through the link included in our emails.
You are welcome to apply for a job with us by sending an email to hei@noova.no. In recruitment processes, we process CVs, applications, certificates, interview notes, and results from reference checks, which all contain personal data. The legal basis for processing personal data in recruitment is that the processing is necessary to take steps at your request before potentially entering into an employment contract (GDPR art. 6(1)(b)). If we conduct checks beyond contacting listed references or reviewing your submitted information, this processing is based on our legitimate interest in ensuring the correct candidate for the position (GDPR art. 6(1)(f)).
When we enter into a customer agreement with a company you represent, we will establish a Data Processing Agreement with the customer. You can view it here. We process personal data based on our legitimate interest in entering into or fulfilling an agreement with the company (GDPR art. 6(1)(f)).
We use cookies to simplify your use of our website, to provide a functional website, and to ensure the best possible user experience. Cookies are small data files that store information about how you use a website. This information is stored in your browser, meaning it is stored on your device.
We use necessary cookies based on our legitimate interest in providing you with a functional website (GDPR art. 6(1)(f)). All other cookies are used based on your consent (GDPR art. 6(1)(a)).
The use of cookies is standard functionality used by most websites. All modern browsers accept cookies by default, but they allow you to disable them. Note that the website may not function as expected if cookies are disabled.
For more information about which cookies we use and how long they are stored, see our cookie banner. Click here to read all information about our cookies.
We do not share your personal data with others unless you consent to the sharing (GDPR art. 6(1)(a)) or there is a lawful basis for doing so. Examples of such bases include the need to fulfil an agreement with you (GDPR art. 6(1)(b)), a legal obligation requiring us to disclose your personal data (GDPR art. 6(1)(c)), or a legitimate interest that justifies the sharing (GDPR art. 6(1)(f)).
We use subcontractors or service providers to collect, store, or otherwise process personal data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of the processing.
We may use providers or process personal data outside the EEA. In such cases, transfers and processing outside the EEA (third countries) will always take place in accordance with GDPR Chapter V and be subject to a lawful transfer mechanism to ensure the protection of your personal data. You may contact us if you want information about which mechanism is used.
Below are your rights regarding the processing of your personal data. Requests for access, deletion, correction, or other processing of your personal data can be made by contacting us by email or phone using the contact information in section 1. You can also update data stored about you by logging in to “My Page” in the customer portal.
We will respond as quickly as possible and no later than one month.
• Access:
You have the right to information about which personal data we have stored about you and the right to access this data.
• Correction and deletion:
The information we hold about you must be correct and up to date. If you discover an error, contact us so it can be corrected. You can also contact us if you wish to have information deleted. We will accommodate deletion requests as far as possible, but cannot delete information when we still require it.
• Restriction of processing:
You have the right to ask us to stop processing your personal data, for example if you believe the processing is unlawful and do not want us to delete the data before the matter is resolved.
• Data portability:
For information you have provided to us that is necessary to fulfil an agreement and is processed automatically (not manually), you can request that the personal data be provided to you or transferred to another provider in a structured, commonly used, machine-readable format.
• Right to object:
You have the right to object to our processing of your personal data if this can be justified by special circumstances on your side.
• Right to complain:
If you disagree with how we process your personal data, you have the right to lodge a complaint with the Norwegian Data Protection Authority. You should contact us first so we can clarify any misunderstandings.
• Processing based on consent:
If we process personal data based on your consent, you may withdraw your consent at any time. The easiest way is to use the method provided when you gave consent or by contacting us.
All processing of personal data is protected with the required technical and organizational measures. We handle information so that it is accurate, available, and managed according to the sensitivity level of the data. We use a range of security technologies and information-security procedures to protect personal data from unauthorized access, use, or disclosure. Risk assessments are conducted for all processing of personal data.
We have entered into data processing agreements with all suppliers who process personal data on our behalf, ensuring they apply the same level of security that we apply.
Access to personal data is limited to personnel or third parties who must process the data on our behalf. These parties are bound by confidentiality obligations.
Procedures are established for handling information-security breaches (privacy breaches). If a breach occurs that poses a risk to the privacy of affected individuals, we will notify the Norwegian Data Protection Authority as quickly as possible and no later than 72 hours after the breach is discovered. If the breach is likely to present a high privacy risk for the affected individuals, we will notify them as well.
We may update this privacy statement periodically to reflect changes to the website or to our policies. In the event of significant changes, we will provide specific notification for the services affected.