GDPR commitment
Novumetrics B.V. acts as a data processor for organizations that capture measurements. We adhere to GDPR, ISO/IEC 27001 aligned controls, and privacy-by-design principles in every subsystem.
- All processing occurs within EU-based cloud regions or on-device edge processors.
- We sign Data Processing Agreements (DPAs) and maintain updated technical and organizational measures.
- Data subjects can request export or deletion through their controller; we respond to controller requests within 5 business days.
Retention policy
Measurement data remains on the Novumetrics unit for a maximum of 30 days before automatic deletion. Exported datasets inherit your local retention rules.
- Raw sensor data
- Discarded immediately after processed metrics are generated.
- Derived measurements
- Stored for 30 days on-device; optional encrypted sync to your EHR or data lake.
- Audit logs
- Retained for 18 months to support compliance reviews.
Data categories we process
| Category | Purpose | Legal basis |
|---|---|---|
| Measurement metrics | Height, arm span, and sitting height to track growth. | Legitimate interest / consent (schools) |
| Session IDs | Link measurements for export without storing personal identifiers. | Legitimate interest |
| Operator accounts | Role-based access and audit activity logs. | Contractual necessity |
Data protection contact
For privacy requests, impact assessments, or security disclosures, contact our Data Protection Officer.
Novumetrics DPO
privacy@novumetrics.nl
Stationsplein 45, 3013 AK Rotterdam, NL
Need a signed DPA? Email us or visit the deployment docs for templates.