Linkedin Instagram Whatsapp Telegram
+7 (771) 507 25 45
Get in Touch

Effective date: December 19, 2025

Privacy Policy

Homepage

This Privacy Policy explains how NOVABOLT LLP (TОО «NOVABOLT») (“NOVABOLT”, “we”, “our”, “us”) collects, uses, discloses, and protects personal data in the course of operating our website, handling RFQs and contracts, providing services, and managing supplier and candidate relations.

We are committed to processing personal data lawfully, fairly, and transparently in line with applicable laws, including the Law of the Republic of Kazakhstan on Personal Data and Their Protection and (where relevant to the data subject or processing context) the EU/UK GDPR and other regional requirements.

Who we are & How to contact us

NOVABOLT LLP (TОО «NOVABOLT»)

Kazakhstan (HQ): Office 412, 4th Floor, “Yuzhny” Business Center, 15B Timiryazev St., Almaty 050013, Kazakhstan

Email (privacy & RFQ): mro@novabolt.kz

Phone (KZ): +7 (771) 507 25 45

Regional presence for operations and logistics (not necessarily separate controllers):

If you have questions about this Policy or wish to exercise your privacy rights, contact mro@novabolt.kz with the subject “Privacy”.

Scope

This Policy applies to:

  • Visitors to our website and digital assets.
  • Prospective and current customers/clients (including their employees/representatives).
  • Suppliers and business partners (including their employees/representatives).
  • Job applicants and professional contacts.

It covers personal data processed online (e.g., web forms, cookies) and offline (e.g., contracts, emails, site visits).

Personal data we collect

Data you provide directly

  • Identification & contact data: name, job title, company, email, phone, country/region.
  • Business & RFQ data: specifications (PDF/DWG/XLSX/DOCX), BOMs, drawings, project details, standards/requirements, delivery windows, budgets.
  • Contract & billing data: registered company information, tax IDs, invoicing details, payment references (we typically use bank transfers; we do not store card details).
  • Recruitment data (if you apply): CV/resume, cover letter, references, portfolio, interview notes.
  • Communications: emails, messages, meeting notes, feedback, testimonials.

Data collected automatically

  • Device & usage data: IP address, device/browser type, operating system, language, referring URLs, pages viewed, time stamps, approximate geolocation.
  • Cookies & similar technologies: session cookies, preference cookies, analytics (see Cookies below).

Data from third parties

  • Your employer/organization (when you act as their representative).
  • Public sources (company registries, professional platforms, trade fairs).
  • Vendors/partners (for delivery status, compliance checks).
  • Background/verification services (where legally allowed and applicable to role).

We do not intentionally collect special category data (e.g., health, biometrics) via the website. If such data becomes relevant (e.g., site access/HSE for visitors), we process it only with a lawful basis and appropriate safeguards.

Purposes & legal bases for processing

We process personal data for the following purposes and legal bases (examples; actual basis depends on the situation and jurisdiction):

  1. Handling RFQs, proposals, and contracts (performance of a contract or pre-contractual steps; legitimate interests).
  2. Providing services & after-sales support (performance of a contract; legitimate interests).
  3. Compliance & audit (legal obligation; legitimate interests), including export control, sanctions screening (if applicable).
  4. Supplier & vendor management (performance of a contract; legitimate interests).
  5. Customer communication & B2B marketing (legitimate interests; consent where required).
  6. Recruitment & talent management (consent; legitimate interests; pre-contractual steps).
  7. Website operation, security, and analytics (legitimate interests; consent for non-essential cookies as required).
  8. Protecting rights, safety, and property; preventing fraud and misuse (legitimate interests; legal obligation).

Where the law requires consent, we will request it clearly and allow withdrawal at any time (withdrawal does not affect prior lawful processing).

Cookies & analytics

We use cookies to operate the site, remember preferences, and understand usage patterns.

Categories we may use:

  • Strictly necessary: enable core functions (form submissions, security).
  • Functional: remember preferences (language, region).
  • Analytics: aggregated metrics on page views and navigation (e.g., Google Analytics or similar).
  • Performance/diagnostics: improve loading speed and reliability.

Where required, we present a cookie banner/manager to obtain consent for non-essential cookies. You can also manage cookies through your browser settings. For more detail, see our Cookie Policy.

How we share personal data

We do not sell personal data. We may share data with:

  • Affiliates and regional representatives (KZ/EU/UAE/USA) to service your request and fulfill contracts.
  • Service providers/processors (IT hosting, email, forms, analytics, document management, logistics) under contracts that limit their use to our instructions and require appropriate security.
  • Vendors/OEMs/distributors to source items, verify availability, arrange warranties, and coordinate technical support.
  • Professional advisers & auditors (legal, accounting, compliance).
  • Public authorities where required by law or to protect rights, safety, and property.
  • Corporate transactions (merger, acquisition) — subject to confidentiality and only as necessary.

We require recipients to keep data confidential and secure, and to use it only for the intended purpose.

International data transfers

Because we operate across Kazakhstan, the EU, the UAE, and the USA, data may be transferred to countries with different data protection laws. We implement appropriate transfer safeguards, such as:

  • Standard Contractual Clauses (where GDPR applies),
  • Contractual and organizational measures (confidentiality, access controls, encryption in transit/at rest where applicable), and
  • Localized storage where required by law (e.g., storing a copy of certain records in Kazakhstan when applicable).

We only transfer data necessary for the specified purpose and limit access to authorized personnel.

Cross-Border Transfers

As a Kazakhstan-based company, we primarily process data within the Republic of Kazakhstan. However, if personal data is transferred outside Kazakhstan (e.g., to international partners in the oil and gas industry), we ensure:

  • The recipient country provides an adequate level of protection, as determined by the authorized body (Ministry of Digital Development, Innovations and Aerospace Industry).
  • Appropriate safeguards are in place, such as contractual clauses, your explicit consent, or other mechanisms under the Personal Data Law.
  • Transfers are necessary for contract performance or legal compliance.

Data localization requirements may apply for certain state-related data, in line with Kazakh legislation.

Data retention

We keep personal data only as long as needed for the purposes described or as required by law, contracts, or audit needs. Retention criteria include:

  • Duration of the contractual relationship and warranty/support periods.
  • Legal obligations (tax, accounting, regulatory).
  • Limitation periods for potential claims.
  • Your consent withdrawal or erasure request (subject to legal allowances).

When data is no longer needed, we aim to delete or anonymize it securely.

Security

We apply technical and organizational measures to protect personal data, including (as appropriate):

  • Role-based access control, need-to-know access, and authentication.
  • Encryption in transit, secure configurations, and network segmentation for OT/IT where relevant.
  • Regular updates/patching, vulnerability management, and log monitoring.
  • Supplier security commitments in data processing agreements.
  • Workforce awareness and training.

No method of transmission or storage is 100% secure; we continuously improve our safeguards.

Your rights

Depending on your jurisdiction and the legal basis, you may have some or all of the following rights:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data in certain circumstances (right to be forgotten).
  • Restrict or object to processing (e.g., direct marketing).
  • Portability of data you provided in a structured, commonly used format.
  • Withdraw consent at any time where processing is based on consent.
  • Complain to a competent supervisory authority in your jurisdiction.

We will respond within legally required time frames. We may request additional information to verify your identity and clarify the scope.

How to exercise your rights: email mro@novabolt.kz with the subject “Data Subject Request”, describe your request and the context (customer, supplier, candidate, etc.).

Children’s privacy

Our services and website are not directed to children, and we do not knowingly collect personal data from individuals under the age required by applicable law. If you believe a child provided personal data to us, contact mro@novabolt.kz so we can take appropriate action.

B2B marketing & preferences

We may send B2B communications about solutions relevant to your role or industry. You can opt out at any time using the unsubscribe link or by emailing mro@novabolt.kz. Opting out will not affect essential operational messages (e.g., order updates).

Third-party links

Our website may contain links to third-party sites or platforms. We are not responsible for their privacy practices. Review their policies before submitting data.

Changes to this Policy

We may update this Policy to reflect changes in laws, technology, or our operations. We will post the updated Policy with a new effective date and, when required, request renewed consent for material changes.

Regional notes

  • Kazakhstan: We process personal data in line with the Law on Personal Data and Their Protection. Where local storage or other specific requirements apply, we implement them for data of Kazakhstan subjects.
  • EU/UK: When the GDPR/UK GDPR applies, we rely on recognized lawful bases, observe data subject rights, and use SCCs or other approved mechanisms for international transfers.
  • Other regions: We follow applicable local law and apply consistent security and accountability standards.

For region-specific questions, contact mro@novabolt.kz.

Contact

Primary contact for privacy matters


NOVABOLT LLP (TОО «NOVABOLT»)


Office 412, 4th Floor, “Yuzhny” Business Center, 15B Timiryazev St., Almaty 050013, Kazakhstan


Email: mro@novabolt.kz

Phone: +7 (771) 507 25 45

If you are located in the EU/UK/USA/UAE and prefer to contact a regional representative first, use the emails listed in Section 1. We will coordinate a response and, if needed, involve our Kazakhstan HQ for controller-level decisions.