GDPR Compliance

Effective Date: March 21, 2026

This page explains how Pro Nova Technologies Inc. ("we," "us," or "our") complies with the General Data Protection Regulation (GDPR) and outlines your rights regarding your personal data when you use our website at https://pronovatech.com and our PNT Remote Monitoring & Management Services ("PNT-RMMS") desktop client.

1

Data Controller Information

For the purposes of GDPR, the data controller is:

Company Name: Pro Nova Technologies Inc.
Website: https://pronovatech.com
Email: support@pronovatech.com
2

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

Consent

When you explicitly agree to the processing (e.g., marketing emails, cookies)

Contract

When processing is necessary to fulfill a contract with you (e.g., software purchase, RMMS subscription, device licensing)

Legal Obligation

When processing is required to comply with legal requirements (e.g., tax records)

Legitimate Interests

When processing serves our legitimate business interests (e.g., fraud prevention, analytics, security monitoring, remote device management)

3

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request limitation on how we use your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision-Making

Right not to be subject to decisions based solely on automated processing.

Right to Withdraw Consent

Withdraw consent at any time for processing based on consent.

4

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Email Us

Send a request to support@pronovatech.com with "GDPR Request" in the subject line.

Account Settings

Log into your account and visit the Personal Data section to download or delete your data.

Response Timeline

We will respond to your request within 30 days. In complex cases, this may be extended by an additional 60 days, and we will notify you of the extension.

We may need to verify your identity before processing your request to protect your personal data from unauthorized access.
5

Data We Collect

We collect the following categories of personal data:

Identity Data

Email address, username, account preferences, company membership and role

Transaction Data

Purchase history, subscription details, billing interval, payment method (processed securely by Stripe)

Technical Data

IP address (stored as salted hash), browser type, device information, operating system

Usage Data

Pages visited, session duration, features used (collected via privacy-preserving built-in analytics, not third-party trackers)

Communication Data

Support tickets, email correspondence, auto-translated content for multi-language support

RMMS Device Data

Hostname, OS, CPU, RAM, disk, network adapters, agent version, device health metrics, connection status, device identification tokens

Remote Session Data

Session metadata (times, duration, administrator identity), audit logs of remote actions, session recordings (if enabled), file transfer records

Diagnostic Data

Application warning/error logs from PNT-RMMS client, submitted automatically for troubleshooting (no personal data included)

6

International Data Transfers

As a company that may process data outside the EEA, we ensure that any international transfers of personal data comply with GDPR requirements through:

  • Adequacy Decisions: Transferring data only to countries with adequate data protection laws.
  • Standard Contractual Clauses (SCCs): Using EU-approved contract terms with data recipients.
  • Data Processing Agreements: Binding agreements with third-party processors.
7

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

7 years Financial and transaction records (legal requirement)
3 years Support tickets and communications
90 days Raw website analytics, API/webhook logs, RMMS diagnostic logs, and client audit trails
Active subscription RMMS device registration data and device health metrics
Per retention settings Session recordings (configurable by organization, subject to auto-cleanup policies)
Until deletion Account data (deleted upon account closure request)
8

Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • TLS encryption for all data in transit between browsers, RMMS clients, and our servers
  • AES-256-GCM end-to-end encryption for remote viewing sessions (with ECDH key exchange)
  • AES-256 encryption at rest for sensitive settings stored in our database
  • SHA-512 cryptographic hashing for passwords, IP addresses, and data integrity verification
  • TPM-based device attestation for hardware-backed device identity (when available)
  • Email-based multi-factor authentication (MFA) for administrator and RMMS subscriber accounts
  • Rate limiting, account lockout, and anti-bot protections against abuse
  • Regular security assessments, code audits, and automated vulnerability scanning
  • Role-based access controls and permission hierarchies
  • Comprehensive audit logging for all remote access activities
9

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Document all breaches, including facts, effects, and remedial actions taken.
10

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection supervisory authority.

We encourage you to contact us first at support@pronovatech.com so we can address your concerns directly.

Finding Your Supervisory Authority

A list of EU data protection authorities can be found at: European Data Protection Board

11

Contact Us

For any GDPR-related inquiries or to exercise your rights, please contact us:

Pro Nova Technologies Inc.
https://pronovatech.com
support@pronovatech.com