top of page

Privacy Policy

SECTION 1 · APP 1

Overview

Nova Analytics respects your privacy and is committed to protecting personal and business information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

​

This policy outlines how Nova Analytics collects, uses, stores, discloses, and manages personal information. It applies to all clients, prospective clients, and individuals whose personal information is provided to us in connection with our services.

​

We are committed to handling all personal information with transparency, care, and in strict accordance with our legal obligations. If you have any questions about this policy or our privacy practices, please contact us using the details in Section 16.

​

SECTION 2 · APP 2

Anonymity & Pseudonymity

Where practicable, individuals have the option of not identifying themselves or of using a pseudonym when interacting with Nova Analytics.

​

However, given the nature of our services, identification is generally required to deliver dashboards and analytics tailored to your business. Where a client cannot be identified, Nova Analytics may be unable to provide the agreed services. This will be communicated clearly at the time of engagement.

​

SECTION 3 · APPS 3 & 4

What We Collect

Nova Analytics collects only the information necessary to deliver the agreed services. This may include:

  • Business performance data (e.g. sales figures, bookings, invoices)

  • Financial data (e.g. Xero exports, POS reports, revenue summaries)

  • Staff and customer data (e.g. rosters, appointment records)

  • Contact details (e.g. name, email address, phone number)

  • Feedback and communication history
     

3.1 Unsolicited Information

If Nova Analytics receives personal information that was not requested, we will assess whether it is necessary for the purpose of delivering our services. If it is not necessary, we will securely destroy or de-identify that information as soon as practicable, provided it is lawful to do so.

​

SECTION 4 · APP 5

How We Collect Information

Nova Analytics collects information through the following means:

  • Direct uploads from clients (e.g. Excel, CSV, or PDF files)

  • Secure access to cloud platforms where authorised (e.g. Xero, POS systems)

  • Email or consultation forms

  • Client interviews or onboarding sessions

​

All data is collected with your explicit consent, confirmed on signing of the Service Agreement.

​

4.1 Collection Notice

At or before the time of collecting your personal information, Nova Analytics will take reasonable steps to notify you of the following:

  • The purpose for which the information is being collected

  • Any third parties to whom the information may be disclosed

  • Your right to access and correct your information

  • The consequences if the information is not provided (i.e. Nova Analytics may be unable to deliver the agreed services)

​

A collection notice is provided at the time of data submission, in addition to this policy.

​

SECTION 5 · APPS 6 & 7

Why We Collect It

Nova Analytics uses your information solely for the purpose of delivering agreed services. This includes:

  • Building custom dashboards and reports tailored to your business

  • Tracking KPIs and business performance metrics

  • Providing data-driven insights and analytics

  • Delivering ongoing support and dashboard updates

​

Nova Analytics will not use your personal information for direct marketing, resale, profiling, or any purpose beyond the agreed scope of work. If we need to use your information for a secondary purpose, we will seek your explicit written consent before doing so.
 

SECTION 6 · APP 11

How We Store & Protect Your Information

Nova Analytics takes reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Your data is stored using:

  • Encrypted local drives and/or Microsoft OneDrive/SharePoint

  • Password-protected folders and files

  • Access restricted to authorised personnel only

  • Multi-factor authentication on cloud platforms where available

​

While we take all reasonable precautions, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your data.

​

6.1 Destruction of Data

When personal information is no longer required for the purpose for which it was collected, and the retention period outlined in Section 8 has elapsed, Nova Analytics will take reasonable steps to destroy or permanently de-identify that information securely.

​

SECTION 7 · APP 6

Disclosure of Information

Nova Analytics does not share, sell, or disclose your personal information to third parties except in the following circumstances:

  • Where required or authorised by law

  • Where you have provided prior written consent

  • Where it is necessary to deliver an agreed service (e.g. a subcontracted dashboard specialist working under a confidentiality agreement)
     

Where disclosure is made to a subcontractor or service provider, Nova Analytics will take reasonable contractual steps to ensure that party handles your information in accordance with the APPs.
 

SECTION 8 · APP 8

Cross-Border Disclosure

Nova Analytics uses the following third-party platforms to store and process client data, some of which may store or transmit data on servers located outside Australia:

  • Microsoft Power BI and Microsoft OneDrive/SharePoint (operated by Microsoft Corporation, United States)

  • Cloud storage providers as required for service delivery

​

By engaging our services and providing your data, you acknowledge that your information may be stored or processed overseas on these platforms.

​

Nova Analytics takes reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the APPs. Microsoft's data processing and privacy commitments are governed by their Data Processing Agreement and compliance with applicable international privacy standards, including ISO 27001 and SOC 2.
 

Nova Analytics is not responsible for the privacy practices of third-party platforms. We recommend reviewing the privacy policies of Microsoft and any other relevant platform providers to understand how your data is handled.

​

SECTION 9 · APP 9

Government Identifiers

Nova Analytics does not collect, use, or disclose government identifiers such as Tax File Numbers (TFNs), Medicare numbers, or other government-issued identifiers as part of its standard services.
 

If a government identifier is inadvertently included in data provided by a client, it will be treated as unsolicited information in accordance with Section 3.1 of this policy and securely deleted as soon as practicable.

​

SECTION 10 · APPS 10 & 13

Data Quality & Correction

Nova Analytics takes reasonable steps to ensure that the personal information it holds is accurate, up-to-date, complete, and relevant to the purposes for which it is used.

​

10.1 Requesting Correction

You may request correction of your personal information at any time by contacting us using the details in Section 16. We will respond to correction requests within 30 days.

​

Where a correction is made, we will take reasonable steps to notify any third party to whom the information was previously disclosed, if relevant and practicable.

​

10.2 Declined Correction Requests

If Nova Analytics declines a correction request, we will provide you with a written explanation of the reason for the refusal and information on how to lodge a complaint with the OAIC if you are not satisfied with our response.

​

SECTION 11 · APP 11

Data Retention

Nova Analytics retains Client Data for 90 days following project completion or cancellation for the purpose of revisions, troubleshooting, or dispute resolution. Unless otherwise requested in writing, Client Data will be securely deleted or de-identified after this period.

​

You may request deletion of your data at any time by contacting us in writing. We will action deletion requests within 30 days, subject to any legal obligations that require us to retain certain records.

​

This retention period is consistent with the Nova Analytics Terms of Service (Section 5.1).

​

SECTION 12 · APP 12

Access to Your Information

You have the right to request access to any personal information Nova Analytics holds about you. To make an access request, please contact us using the details in Section 16.

​

We will respond to access requests within 30 days. Access will be provided free of charge, except where the request requires a disproportionate effort to fulfil, in which case we will advise you of any applicable costs before proceeding.

​

12.1 Declined Access Requests

If Nova Analytics declines an access request, we will provide you with a written explanation of the reason and information on how to lodge a complaint with the OAIC.

​

12.2 Withdrawing Consent

You may withdraw consent for Nova Analytics to collect or use your personal information at any time by notifying us in writing. Please note that withdrawing consent may affect our ability to deliver agreed services. If a project is underway, withdrawal of consent will be treated as a request to terminate the Service Agreement and managed accordingly.

​

SECTION 13 · NOTIFIABLE DATA BREACHES SCHEME

Data Breach Notification

Nova Analytics takes reasonable steps to prevent data breaches. In the event of a suspected or confirmed data breach that is likely to result in serious harm to any affected individual, Nova Analytics will:

  • Notify affected individuals as soon as reasonably practicable

  • Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988

  • Take immediate steps to contain the breach and prevent further harm

​

While Nova Analytics takes all reasonable precautions, we are not liable for unauthorised access, disclosure, or loss of Client Data arising from circumstances beyond our reasonable control, including third-party platform breaches or cyber incidents.

​

SECTION 14

Third-Party Services

Some services may require integration with third-party platforms such as Microsoft Power BI, Xero, or POS systems. These platforms operate under their own privacy policies and data handling practices. Nova Analytics does not control and is not responsible for the privacy practices of third-party providers.

​

We recommend reviewing the relevant privacy policies of any third-party platforms connected to your dashboard to understand how your data is managed outside of Nova Analytics' systems.

​

SECTION 15

Complaints

If you believe your privacy has been breached or you have concerns about how Nova Analytics has handled your personal information, please contact us in writing using the details in Section 16. We will acknowledge your complaint within 5 business days and provide a substantive response within 30 days.


 

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

bottom of page