1. Introduction
This Privacy Policy explains how DaVinci Institute Europe SRL, operating under the brand Novya (hereinafter "we," "us," or "our"), collects, uses, stores, and protects personal data when you visit or use our website leadership-lab.novya.eu (the "Website"). We are committed to protecting your privacy and ensuring the lawful processing of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Belgian data protection legislation.
This Privacy Policy applies to all visitors, users, and individuals who interact with our Website or services.
2. Data Controller Information
The data controller responsible for processing your personal data is:
DaVinci Institute Europe SRL
Operating under the brand: Novya
VAT Number: BE 0747.891.873
Registered Office: Brussels, Belgium
Principal Activity: Business and management consultancy activitiescompanyweb
Contact for Data Protection Enquiries:
Email: info@novya.eu
Website: https://www.novya.eu
3. Personal Data We Collect
We may collect and process the following categories of personal data when you visit our Website or interact with our services:
Data you provide directly:
Name and surname
Email address
Telephone number
Organisation or company name
Job title or role
Any information you provide through contact forms, registration forms, or enquiries
Communications and correspondence with us
Data that may be collected automatically:
IP address
Browser type and version
Device information
Pages visited and time spent on the Website
Referring website or source
Date and time of access
Cookie data and similar tracking technologies (see Section 8 below)
4. Purposes of Processing and Legal Bases
We process your personal data for the following purposes, relying on the legal bases set out in Article 6(1) of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Responding to your enquiries and providing information about our services | Legitimate interest (Article 6(1)(f) GDPR) |
| Processing registrations for executive coaching programmes, leadership labs, or events | Performance of a contract or steps prior to entering a contract (Article 6(1)(b) GDPR) |
| Sending newsletters or marketing communications (where you have opted in) | Consent (Article 6(1)(a) GDPR) |
| Improving and optimising our Website and services | Legitimate interest (Article 6(1)(f) GDPR) |
| Ensuring the security and integrity of our Website | Legitimate interest (Article 6(1)(f) GDPR) |
| Complying with legal obligations | Legal obligation (Article 6(1)(c) GDPR) |
Where we rely on legitimate interest as the legal basis, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
5. Data Sharing and Recipients
We do not sell your personal data to third parties. We may share your personal data with the following categories of recipients where necessary:
Service providers: Third-party providers who assist us with website hosting, email services, analytics, and IT support, acting as data processors on our behalf under appropriate contractual safeguards
Professional advisors: Legal, accounting, or consultancy professionals when required
Regulatory authorities: Where required by law or to comply with legal obligations
Partners: Where you have consented to sharing for specific programmes or events
All third-party processors are bound by contractual obligations to ensure the confidentiality and security of your personal data in accordance with GDPR requirements.
6. International Transfers
If we transfer your personal data outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as:
Standard Contractual Clauses approved by the European Commission
Transfer to countries with an adequacy decision from the European Commission
Other lawful transfer mechanisms under Article 46 GDPR
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The retention periods depend on the nature of the data and the purpose of processing:
Enquiry and contact data: Retained for 2 years after the last interaction unless a longer period is required for contractual or legal purposes
Programme/event registration data: Retained for 5 years after the completion of the programme or as required for accounting and tax purposes
Marketing data: Retained until you withdraw your consent or unsubscribe
Website analytics data: Generally retained for up to 26 months
8. Cookies and Tracking Technologies
Our Website may use cookies and similar technologies to enhance your browsing experience and analyse Website usage. Cookies are small text files stored on your device.
Types of cookies we may use:
Strictly necessary cookies: Essential for the functioning of the Website
Analytical/performance cookies: Help us understand how visitors interact with our Website
Functional cookies: Remember your preferences and settings
You can manage your cookie preferences through your browser settings or any cookie consent banner provided on our Website. For non-essential cookies, we will request your consent before placing them on your device.
9. Your Rights as a Data Subject
Under the GDPR, you have the following rights regarding your personal data:
Right to be informed – You have the right to receive clear, transparent information about how we process your personal data (Articles 13 and 14 GDPR).
Right of access – You may request a copy of the personal data we hold about you (Article 15 GDPR).
Right to rectification – You have the right to have inaccurate or incomplete personal data corrected (Article 16 GDPR).
Right to erasure ("right to be forgotten") – You may request deletion of your personal data where there is no compelling reason for its continued processing (Article 17 GDPR).
Right to restriction of processing – You can request that we limit the processing of your personal data under certain circumstances (Article 18 GDPR).
Right to data portability – You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller (Article 20 GDPR).
Right to object – You may object to processing based on legitimate interests or for direct marketing purposes (Article 21 GDPR).
Right to withdraw consent – Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal (Article 7(3) GDPR).
Right not to be subject to automated decision-making – You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects (Article 22 GDPR).
To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month of receipt, in accordance with Article 12(3)
10. Right to Lodge a Complaint
If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the relevant supervisory authority:
Belgian Data Protection Authority
(Autorité de protection des données / Gegevensbeschermingsautoriteit)
Rue de la Presse 35, 1000 Brussels
Website: www.dataprotectionauthority.be
Email: contact@apd-gba.be
You may also lodge a complaint with the supervisory authority in your country of residence or place of work within the EU.
11. Children's Privacy
Our Website and services are not directed at children under the age of 13 (the applicable age for consent in Belgium under Article 7 of the Belgian Data Protection Act). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it promptly. Parents or guardians who believe their child has provided personal data to us may contact us to request deletion.
12. Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
Secure (HTTPS) website connections
Access controls limiting data access to authorised personnel
Regular security assessments and updates
Confidentiality obligations for staff and contractors
While we take reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. The updated version will be posted on this page with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.
For significant changes, we may notify users by email or through a prominent notice on our Website.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
DaVinci Institute Europe SRL (Novya)
Email: info@novya.eu
Address: Rue de Spa 28, Brussels, Belgium
Website: https://www.novya.eu
This Privacy Policy was drafted in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable Belgian data protection legislation.