UnovaMedia

Legal

Privacy Policy

Last updated: 18 April 2026

Unova Media ("we", "us", or "our") is a B2B marketing agency specialising in Facebook advertising for kitchen and bathroom remodelers. We are committed to protecting your personal data and being transparent about how we collect, use, and protect it. This Privacy Policy applies to all personal data processed through our website (unovamedia.com) and our business activities.

Section 1

Introduction

We act as the data controller for personal data collected through our website and our own outbound marketing activities. Where we process data on behalf of clients, we act as a data processor under separate data processing agreements.

Section 2

Who We Are

For all data protection enquiries, including data subject rights requests, please contact us at the email above.

Section 3

What Personal Data We Collect

3.1 — Website visitors

  • IP address and approximate location (via analytics)
  • Browser type, device type, and operating system
  • Pages visited, time spent, and referral source
  • Cookies and similar tracking technologies (see Section 8)
  • Data stored in your browser's local storage for functionality purposes

3.2 — Contact form and enquiries

  • Full name
  • Email address
  • Phone number (if provided)
  • Company name and any other information you choose to share

3.3 — Booking a call (Cal.com)

If you book a discovery call or meeting through our Cal.com scheduling widget, Cal.com will collect your name, email address, and any other details required to confirm the booking. Please refer to Cal.com's own privacy policy for details of how they handle this data.

3.4 — Payment information

We use Stripe to process payments. We do not store your payment card details on our systems. Stripe processes and stores payment data securely in accordance with PCI DSS standards. Please refer to Stripe's privacy policy for further details.

3.5 — Facebook advertising (on behalf of clients)

As part of our advertising services, we manage Facebook and Instagram advertising campaigns on behalf of our clients. In this context, we may process data collected through the Meta advertising platform, including ad performance data, audience insights, and conversion tracking data. This data is processed on behalf of our clients and subject to Meta's own data policies. We do not independently control or retain end-user data collected through our clients' ad campaigns.

3.6 — Outbound prospecting (our own marketing)

As part of our own agency marketing activities, we process publicly available professional contact information (name, business email address, job title, company name, and LinkedIn profile) for the purpose of sending targeted cold email outreach to business professionals. This processing is based on legitimate interests (see Section 5). All prospect data is sourced from reputable B2B data providers and public professional sources.

Section 4

How We Use Your Personal Data

  • To respond to enquiries and communicate with potential and existing clients
  • To schedule and manage discovery calls and meetings
  • To process payments and manage client contracts
  • To manage and optimise Facebook advertising campaigns on behalf of our clients
  • To send targeted B2B outreach emails to business professionals as part of our own agency marketing
  • To analyse website traffic and improve our website performance
  • To comply with our legal and regulatory obligations
  • To protect our legitimate business interests

Section 5

Legal Bases for Processing (GDPR Article 6)

Contract (Art. 6(1)(b))

Processing necessary to enter into or perform a contract with you, such as processing payment information and delivering services.

Legitimate Interests (Art. 6(1)(f))

We rely on legitimate interests for B2B cold email outreach to business professionals, for website analytics, and for general business development activities. We have conducted a Legitimate Interests Assessment (LIA) and determined these interests are not overridden by your rights. You may object to this processing at any time (see Section 9).

Legal Obligation (Art. 6(1)(c))

Where we are required to process data to comply with applicable laws.

Consent (Art. 6(1)(a))

For non-essential cookies and tracking technologies, we obtain your consent via our cookie banner.

For our cold email outreach, we rely on legitimate interests under GDPR and, where applicable, comply with the requirements of the Dutch Telecommunications Act (Telecommunicatiewet) and the ePrivacy Directive, which permit direct marketing to business contacts without prior consent where a genuine legitimate interest exists and an opt-out mechanism is provided.

Section 6

How Long We Keep Your Data

  • Contact enquiries: Up to 2 years from last contact, unless an ongoing business relationship exists.
  • Client data: For the duration of the engagement and up to 7 years thereafter for legal and tax purposes.
  • Payment records: 7 years in accordance with Dutch tax and accounting law.
  • Prospecting data: Deleted or suppressed within 30 days of a valid opt-out request.
  • Website analytics: Aggregated analytics data is retained for up to 26 months (Google Analytics default).
  • Cal.com booking data: Managed by Cal.com in accordance with their retention policy.
  • Facebook advertising data: Managed within the Meta platform and subject to Meta's data retention policies. We do not independently retain end-user ad data beyond the duration of a client engagement.

Section 7

Third-Party Services and Data Processors

We share personal data with the following third-party services only to the extent necessary to deliver our services:

Google Analytics

Website analytics. Data may be transferred to and processed in the United States under Google's standard contractual clauses. You can opt out via your cookie settings or the Google Analytics Opt-out Browser Add-on.

Notion

We use Notion as a CRM and internal workspace. Data stored in Notion is subject to Notion's privacy policy and data processing terms.

Stripe

Payment processing. Stripe is PCI DSS Level 1 certified and processes payments securely. Data is subject to Stripe's privacy policy.

Cal.com

Meeting scheduling. Data submitted via booking forms is processed by Cal.com under their own privacy policy.

Meta

We use Meta's advertising platform to run campaigns on behalf of our clients. Ad performance data, audience data, and conversion tracking data are processed within Meta's platform and subject to Meta's data policy.

All third-party processors are bound by data processing agreements and/or standard contractual clauses where required. We do not sell your personal data to any third party.

Section 8

Cookies and Tracking Technologies

Our website uses cookies and similar technologies. These may include:

  • Essential cookies: Required for the website to function correctly. These do not require your consent.
  • Analytics cookies: Used to understand how visitors use our website (e.g., Google Analytics). These require your consent.
  • Local storage: Our website may store small amounts of data in your browser's local storage for performance or preference purposes.

You can manage your cookie preferences through our cookie banner when you first visit the site, or by adjusting your browser settings. Withdrawing consent for non-essential cookies will not affect the lawfulness of any prior processing.

Section 9

Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure: You can ask us to delete your personal data where there is no overriding legal basis for continued processing.
Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
Right to data portability: You can request your data in a structured, machine-readable format.
Right to object: You can object at any time to processing based on legitimate interests, including direct marketing and cold outreach. We will honour all opt-out requests promptly.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at info@unovamedia.com. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Section 10

California Residents — CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

  • Right to know what personal information we collect, use, disclose, or sell.
  • Right to delete your personal information, subject to certain exceptions.
  • Right to opt out of the sale or sharing of personal information. We do not sell personal data.
  • Right to non-discrimination for exercising your privacy rights.
  • Right to correct inaccurate personal information.

To submit a CCPA request, please contact us at info@unovamedia.com. We will respond within 45 days as required by law.

Section 11

International Data Transfers

Some of our third-party processors (including Google and Meta) are based in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission. You may request a copy of these safeguards by contacting us.

Section 12

Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include access controls, encrypted communications (HTTPS), and restricted access to personal data on a need-to-know basis.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

Section 13

Children's Privacy

Our website and services are directed at business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Section 14

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on our website with a revised "Last updated" date. For material changes, we will take reasonable steps to notify you directly where we hold your contact details.

Section 15

Contact Us

Unova Media

For any questions, requests, or concerns regarding this Privacy Policy or our data practices:

info@unovamedia.com

This Privacy Policy covers GDPR (EU 2016/679), ePrivacy Directive, Dutch Telecommunicatiewet, and CCPA/CPRA requirements.