NOVARAGrading

Privacy Policy

Last updated: January 2025

Privacy at a Glance

Secure Storage

Your data is encrypted and stored securely in Australia

Transparent Use

We only use your data for stated purposes

Your Control

Request access, correction, or deletion anytime

Data Portability

Export your data in standard formats

1. About This Policy

Novara Pty Ltd ABN [XX XXX XXX XXX] ("Novara", "we", "us", or "our") is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, hold, use, and disclose your personal information, and how you can access and correct that information or make a complaint.

2. Information We Collect

We collect personal information that is reasonably necessary for our functions and activities. The types of information we collect include:

2.1 Information You Provide

  • Identity Information: Name, email address, phone number, postal address
  • Account Information: Username, password (encrypted), account preferences
  • Payment Information: Credit card details (processed securely via third-party payment processors), billing address
  • Submission Information: Details about items you submit for grading, including photos, descriptions, and condition information
  • Communication Records: Emails, support tickets, and other correspondence with us

2.2 Information Collected Automatically

  • Device Information: IP address, browser type and version, operating system
  • Usage Data: Pages visited, time spent on pages, links clicked, features used
  • Location Data: General geographic location based on IP address (not precise location)
  • Cookies and Similar Technologies: See Section 8 for details

2.3 Information from Third Parties

  • Authentication Providers: If you sign in via third-party services (e.g., Google, Apple), we receive basic profile information
  • Payment Processors: Transaction confirmation and fraud prevention data

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing Services: Processing grading requests, issuing certificates, managing your account
  • Communication: Sending service updates, responding to inquiries, providing support
  • Payment Processing: Processing payments and issuing refunds
  • Service Improvement: Analyzing usage patterns to improve our platform and services
  • Security: Detecting and preventing fraud, unauthorized access, and other security issues
  • Legal Compliance: Complying with legal obligations and responding to lawful requests
  • Marketing: Sending promotional materials (only with your consent, and you can opt out anytime)

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Third parties who help us operate our business (payment processors, cloud hosting, email services). These providers are contractually bound to protect your information.
  • Partners: For trading card grading, we work with PSA. Relevant item information is shared to facilitate grading.
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With Your Consent: For any other purpose with your explicit consent

4.1 Certificate Verification

When a certificate is verified publicly, the following information is displayed: certificate number, item type, brand, model, grade, and grading date. Your personal information (name, contact details) is NOT displayed in public verification.

5. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorized access, modification, or disclosure. Our security measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing
  • Regular security assessments and updates
  • Access controls limiting who can access your data
  • Staff training on privacy and security

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specifically:

  • Account Information: Retained while your account is active, plus 7 years after closure for legal compliance
  • Certificate Records: Retained indefinitely to support ongoing verification
  • Transaction Records: Retained for 7 years as required by Australian tax law
  • Marketing Preferences: Retained until you update them or close your account

7. Your Rights

Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to:

Access Your Data

Request a copy of the personal information we hold about you

Correct Your Data

Request correction of inaccurate or incomplete information

Delete Your Data

Request deletion of your personal information (subject to legal retention requirements)

Data Portability

Receive your data in a structured, commonly used format

Opt Out of Marketing

Unsubscribe from marketing communications at any time

Make a Complaint

Lodge a complaint if you believe we've breached your privacy

To exercise any of these rights, please contact us using the details in Section 11. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Types of cookies we use:

  • Essential Cookies: Required for the website to function (e.g., session management, security)
  • Functional Cookies: Remember your preferences (e.g., language, theme)
  • Analytics Cookies: Help us understand how visitors use our site (anonymized data)

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

9. International Data Transfers

Your information is primarily stored in Australia. However, some of our service providers may process data in other countries. When we transfer data internationally, we ensure appropriate safeguards are in place, including contractual protections that comply with Australian privacy requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. We encourage you to review this policy periodically. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or wish to make a complaint, please contact our Privacy Officer:

Email: [email protected]

Phone: +61 2 XXXX XXXX (Mon-Fri 9am-5pm AEST)

Address: [Business Address], Australia

We will acknowledge your complaint within 2 business days and aim to resolve it within 30 days.

12. External Complaints

If you are not satisfied with our response to your complaint, you can contact the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Email: [email protected]