NOVESTOM Privacy Policy
This Privacy Policy is designed to help you understand how we collect, use, store and protect your personal information when you use our products, services, official websites and related systems. NOVESTOM ( NOVESTOM (SHENZHEN) TECHNOLOGY CO.,LTD.) specializes in the R&D, sales and service of body worn camera, law enforcement data docking stations, data management software, tactical helmet cameras and body camera accessories. We are committed to strictly complying with global personal data protection regulations including the Personal Information Protection Law of China, UK GDPR, CCPA/CPRA and PIPEDA, while adhering to the principles of legality, fairness, minimal necessity and transparency in all data processing activities.
1. How We Collect and Use Your Personal Information
We only collect personal information that is strictly necessary for the specific purposes stated in this policy, and will not process your data in ways incompatible with these purposes. We distinguish between mandatory personal information required to deliver core functions and optional information for enhanced service experiences:
1.1 Core Product and Service Functions
Device Activation and Authentication: To complete the initialization of our body worn cameras, tactical helmet cameras and data docking stations, we collect mandatory information including device serial number, user organization information, and basic account credentials (username, encrypted password). This data is essential to verify device ownership and prevent unauthorized access. Without this information, you will not be able to activate the normal operation of our hardware products.
Law Enforcement Data Management: When you use our supporting data management software, we collect mandatory information including recorded video/audio metadata (recording time, location stamp, device ID), user operation logs, and case tagging information. This data is used to ensure the integrity, traceability and legal admissibility of audio-visual evidence collected by our devices.
After-sales and Technical Support: To provide warranty services, firmware updates and technical troubleshooting, we collect mandatory information including contact person name, organization contact details, product purchase records, and device fault diagnosis logs. This information helps us respond to your service requests efficiently and deliver targeted optimization for our products.
1.2 Optional Enhanced Functions
If you voluntarily enable additional value-added features, we will collect the following information separately after obtaining your explicit consent:
Cloud Synchronization Service: With your authorization, we will upload encrypted audio-visual files to our certified cloud servers for multi-terminal backup and remote access.
Customized Data Analysis: With your separate consent, we may process anonymized usage data to generate product performance reports for your organization, helping you optimize equipment deployment and usage workflows.
Sensitive Personal Information Reminder: Our products may process audio recordings, video footage, precise location information and biometric verification data (if you enable face recognition unlock functions). These are classified as sensitive personal information. We will only process such data after obtaining your separate explicit consent, strictly in accordance with applicable legal requirements, and implement additional encryption protection measures.
2. Device Permissions We Request
Our hardware products and supporting software apply for the following system permissions, with clear explanations of their usage purposes:
Camera and Audio Recording Permission: Used exclusively to capture video and audio evidence through our body camera and tactical helmet camera. If you deny this permission, the core recording function of the device will not work properly.Location Permission: Used to stamp geographic coordinates for recorded files, ensuring the authenticity of evidence collection scenarios. You may disable this permission at any time, which will only remove location tags from your recorded files without affecting other core functions.
Storage Permission: Used to save recorded media files and system configuration data locally on the device or connected management terminals. Denying this permission will prevent normal storage of your recorded data.
Network Communication Permission: Used for firmware update transmission, cloud data synchronization (if enabled) and remote technical support. You may disconnect the network connection of the device at any time for offline usage scenarios.
You can withdraw your authorization for non-core permissions at any time through the device settings page or management software control panel.
3. Use of Cookies and Similar Technologies
On our official website https://www.novestom.com, we use Cookies and similar tracking technologies for the following purposes:
Essential Cookies: These are necessary to maintain the normal operation of our website, helping you complete product inquiry, after-sales ticket submission and account login operations. You cannot disable these cookies if you need to access core functions of our website.
Performance Cookies: We use these to collect anonymous website access statistics, helping us optimize page loading speed and user navigation experience.
Security Cookies: These are used to verify user identity and prevent malicious attacks and unauthorized access to our system.
You can manage or delete Cookies through your browser settings. However, disabling certain Cookies may affect your usage experience of some non-core functions on our official website.
4. Information Sharing, Transfer and Public Disclosure
We strictly abide by the principle of confidentiality, and will never share, transfer or publicly disclose your personal information without your explicit consent, except in the following circumstances:
Authorized Service Providers: We may share necessary information with our qualified logistics partners, after-sales service contractors and cloud service providers. All third parties are required to sign strict data protection agreements with us, and they are only allowed to process your information in accordance with our explicit instructions and no other purposes.
Legal Compliance Requirements: If we are required to disclose information by mandatory legal procedures, judicial orders or competent regulatory authorities, we may disclose your personal information as required, while ensuring that we take all reasonable measures to verify the legality of the disclosure request.
Corporate Merger or Restructuring: In the event of a merger, acquisition or asset reorganization, we will require the new entity holding your personal information to continue to be bound by this Privacy Policy. If there is any change to the processing of your personal information that violates this policy, we will notify you in advance and obtain new consent.
We will never sell your personal information to any third parties for commercial marketing purposes.
5. Data Storage and Protection
5.1 Storage Location
Your personal information is primarily stored in servers located in mainland China that meet national level-3 security protection standards. If you are a user located in the UK, EU or other regions outside China, we will store your regional user data in local certified data centers that comply with UK GDPR and corresponding local regulatory requirements. If any cross-border data transmission is required, we will strictly follow legal procedures, conduct security assessments, and sign standard data protection contracts to ensure the security of your data.
5.2 Storage Period
We only retain your personal information for the period necessary to fulfill the purposes stated in this policy:
Device activation and account information: Retain for the full lifecycle of your product, plus 3 years after you permanently deactivate the device and delete your account.
Law enforcement recorded data: Retain in accordance with the mandatory data retention period requirements applicable to your industry and jurisdiction.
After-sales service logs: Retain for 5 years after the completion of the service process.
Anonymous usage statistics: Retain no more than 10 years, and will be permanently deleted after the period expires.
After the storage period expires, we will permanently delete or anonymize your personal information in a way that cannot be restored to identifiable individuals.
5.3 Security Protection Measures
We have implemented a multi-layered technical and organizational security system to protect your personal information:
All sensitive personal information including audio, video and biometric data is encrypted using an AES-256 algorithm during transmission and storage.
We have established a strict internal data access control system, and only authorized personnel with corresponding job responsibilities can access the data, with full operation logs recorded.
Our products and management systems have passed ISO 27001 information security management system certification, and we conduct regular security penetration testing and vulnerability assessments.
In the event of a personal information security incident, we will immediately start the emergency response plan, notify you in accordance with the requirements of regulatory authorities, and take effective measures to control the risk.
5.4 Google API
Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
6. Your Rights
In accordance with applicable personal data protection laws, you enjoy the following rights regarding your personal information:
Right to Access: You have the right to inquire and obtain a copy of all your personal information that we hold.
Right to Correction: If you find that the personal information, we hold about you is inaccurate, you have the right to request us to correct and update it.
Right to Deletion: You have the right to request us to delete your personal information under legal circumstances, including when the purpose of data processing has been achieved, or you withdraw your consent.
Right to Withdraw Consent: You can withdraw your authorization for processing personal information at any time. The withdrawal of consent will not affect the legality of our data processing activities carried out based on your consent before the withdrawal.
Right to Account Cancellation: You have the right to permanently cancel your NOVESTOM account at any time through the settings page of our management software. After cancellation, we will delete all your personal information in accordance with legal requirements, except for the information we are legally obligated to retain.
Right to Data Portability: You have the right to request us to transmit your personal information to a third party you designate, in a commonly used machine-readable format.
To exercise the above rights, you can submit a request through the contact channels listed in Section 9. We will respond to your request within 15 working days after verifying your identity. If your request is complex, the response time can be extended by a maximum of 15 working days, and we will notify you of the extension in time.
For users located in the EU/UK, you also have the right to lodge a complaint with the local data protection supervisory authority if you are not satisfied with our processing of your personal information.
7. Minors Protection
Our products and services are mainly oriented to professional users in law enforcement, fire protection, industrial and other fields, and we do not intentionally provide services to minors under the age of 14. If we accidentally collect personal information of minors without the prior consent of their guardians, we will delete the relevant information immediately. If you find that we have collected personal information of minors improperly, please contact us through the channels in Section 9, and we will handle it as soon as possible.
8. Updates to This Privacy Policy
We may update this Privacy Policy from time to time according to changes in our business operations and the requirements of relevant laws and regulations. When there are major changes to this policy (including expansion of the scope of data processing, changes in the purpose of processing, etc.), we will notify you through pop-up notifications on our official website, in-app announcements or email. The updated policy will take effect on the date specified in the policy, and your continued use of our products and services after the effective date will be deemed as your recognition and acceptance of the updated Privacy Policy.
9. Contact Us
If you have any questions, comments or suggestions about this Privacy Policy, or need to exercise your rights related to personal information protection, you can contact us through the following channels:
Postal Address: 5F, Duhe Industrial Park, No. 6255 Longgang Avenue, Longgang, Shenzhen China 518117
Email: info@novestom.com
Website: www.novestom.com
We have appointed a Personal Information Protection Officer to be responsible for handling your related inquiries and requests. We will respond to your communication within 15 working days after receiving it. If you are not satisfied with our reply, and your location is within the jurisdiction that requires regulatory reporting, you also have the right to lodge a complaint to the local personal data protection supervisory authority.