Privacy Policy

1. Introduction

Technova LLC ("Technova," "we," "us," or "our") is a global digital systems engineering organization headquartered in the United States with operational offices across Asia and Europe. We are committed to protecting and respecting your privacy in accordance with applicable international data protection laws.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal data when you visit our websites, use our services, or otherwise interact with Technova. It applies to all individuals worldwide who engage with our platforms, regardless of location.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our services.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller is:

Technova operates globally with offices and engineering centers in:

• Vietnam — Ho Chi Minh City (Southeast Asia Headquarters)
• Germany — Berlin (European Operations Node)
• Thailand — Chiang Mai (Engineering Lab)
• United States — Albuquerque, NM (Registered Office)

Where we process data through our European office, our Berlin entity acts as a representative under Article 27 of the GDPR for data subjects in the European Economic Area (EEA).

3. Information We Collect

3.1 Information You Provide Directly

• Contact information: name, email address, phone number, company name, job title, and mailing address when you inquire about our services, request a consultation, or submit a contact form.
• Account data: login credentials and profile information if you create an account on any of our client platforms or portals.
• Communications: records and content of correspondence when you contact us via email, phone, or other channels.
• Contractual data: billing information, payment details, purchase history, and project specifications when you engage our services.
• Employment data: resume, CV, work history, and related information if you apply for a position with Technova.

3.2 Information Collected Automatically

• Device and browser data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Usage data: pages visited, time spent on pages, click patterns, referring URLs, and navigation paths.
• Cookies and similar technologies: session cookies, persistent cookies, web beacons, and pixel tags. See Section 9 (Cookies) below for details.
• Log data: server logs recording access times, error logs, and request metadata.

3.3 Information from Third Parties

• Business partners and referral sources who introduce potential clients.
• Publicly available sources such as company registries and professional networking platforms.
• Analytics and advertising partners who provide aggregated usage data.

4. How We Use Your Information

We process your personal data for the following purposes:

• Service delivery: to provide, maintain, and improve our digital systems engineering services, including project management, system architecture, and ongoing support.
• Communication: to respond to your inquiries, provide technical support, send service-related notifications, and deliver project updates.
• Business operations: to process transactions, manage invoicing, maintain accounting records, and administer contracts.
• Analytics and improvement: to analyze website traffic, understand user behavior, optimize user experience, and improve our services and infrastructure.
• Marketing: to send promotional communications about our services, events, and industry insights, where you have consented or where permitted by applicable law. You can opt out at any time.
• Security: to detect, prevent, and address fraud, unauthorized access, and other security threats to our systems and services.
• Legal compliance: to comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Recruitment: to evaluate job applications and manage our hiring processes.

5. Legal Basis for Processing

Depending on your jurisdiction, we process personal data on one or more of the following legal bases:

• Contractual necessity: processing is necessary to perform a contract with you or to take pre-contractual steps at your request.
• Legitimate interests: processing is necessary for our legitimate business interests (e.g., improving services, ensuring security, direct marketing to existing clients), provided these are not overridden by your rights.
• Consent: where you have given clear consent for us to process your personal data for a specific purpose. You may withdraw consent at any time.
• Legal obligation: processing is necessary for compliance with a legal obligation to which we are subject.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of recipients:

• Technova group entities: our offices in Vietnam, Germany, Thailand, and the United States may access your data as necessary for internal administration, project delivery, and coordinated service operations.
• Service providers: trusted third-party vendors who assist us with hosting, cloud infrastructure (e.g., AWS, Google Cloud), analytics, payment processing, email delivery, and customer support — bound by contractual data processing agreements.
• Professional advisors: lawyers, auditors, accountants, and insurers who provide professional services to Technova.
• Legal and regulatory authorities: when required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity.

7. International Data Transfers

As a global organization, your personal data may be transferred to and processed in countries other than your country of residence, including the United States, Vietnam, Germany, and Thailand. These countries may have different data protection standards than your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards to ensure an adequate level of protection, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
• Data processing agreements with our affiliates and service providers that incorporate equivalent protections.
• Compliance with applicable cross-border data transfer mechanisms recognized under local law.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the nature of the data and the purpose of processing:

• Client project data: retained for the duration of the engagement plus 5 years following project completion for warranty, support, and legal purposes.
• Financial records: retained for a minimum of 7 years in accordance with tax and accounting regulations.
• Marketing data: retained until you opt out or withdraw consent, after which it is deleted within 30 days.
• Website analytics data: retained in anonymized or aggregated form for up to 26 months.
• Job applicant data: retained for up to 12 months after the application process concludes, unless you consent to longer retention.

When data is no longer required, it is securely deleted or irreversibly anonymized.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user engagement. The types of cookies we use include:

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect website functionality.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

10.1 Rights Under the GDPR (EEA/UK)

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data where there is no compelling reason for continued processing.
• Restriction: request restriction of processing in certain circumstances.
• Data portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: withdraw previously given consent at any time.
• Lodge a complaint: file a complaint with your local Data Protection Authority.

10.2 Rights Under Thailand's PDPA

If you are located in Thailand, you have similar rights under the Personal Data Protection Act B.E. 2562 (2019), including the right to access, rectification, erasure, restriction, data portability, objection, and the right to lodge a complaint with the Personal Data Protection Committee (PDPC).

10.3 Rights Under Vietnamese Law

If you are located in Vietnam, your personal data is protected under the Law on Cybersecurity and Decree No. 13/2023/ND-CP on Personal Data Protection. You have the right to be informed about data processing, to consent, to access your data, to request correction or deletion, and to withdraw consent.

10.4 Rights Under U.S. State Laws

Residents of certain U.S. states (including California under the CCPA/CPRA, Virginia, Colorado, Connecticut, and others) may have additional rights, including the right to know what personal information is collected, the right to delete, the right to opt out of the sale or sharing of personal data, and the right to non-discrimination for exercising these rights.

10.5 Exercising Your Rights

To exercise any of these rights, please contact us at info@technova.llc. We will respond to your request within 30 days (or the timeframe required by applicable law). We may need to verify your identity before processing your request.

11. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Access controls and role-based permissions across all internal systems.
• Regular security audits, penetration testing, and vulnerability assessments.
• Employee training on data protection and information security best practices.
• Incident response procedures to detect and address data breaches promptly.

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement of our safeguards.

12. Third-Party Links

Our website may contain links to third-party websites, services, or platforms that are not operated by Technova. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

13. Children's Privacy

Our services are not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where required by law, through direct notification (e.g., email). We encourage you to review this page periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact our European office in Berlin, Germany, or lodge a complaint with the relevant supervisory authority in your jurisdiction.