Privacy policy

Thank you for visiting Novalo ("novalo.se"). This Privacy Policy explains how we collect, process, and protect personal data when you use our website, including when you register interest in AWS learning sessions, contact us, or book services. We process personal data in accordance with the General Data Protection Regulation (GDPR).

Depending on how you use our website, we may collect the following categories of personal data:

• Contact and registration details:

  • Email address
  • Name, when provided
  • Areas of interest selected in contact forms
  • Company and free-text details you submit in forms
  • Learning goals and build context you share (for example what you are trying to build or learn)

• Booking details:

  • Requested date and selected time slot for consultations
  • Booking reference and related scheduling metadata

• Event registration details:

  • Event identifier (for example, bedrock-agent) and source page
  • Registration timestamp and related processing metadata
  • Registration status information used to manage event participation

• Technical data:

  • Basic request metadata such as timestamps, IP address, and user-agent details in operational logs

We may use the information you provide for the following purposes:

• Event operations:

  • To process and store event registrations
  • To send registration confirmations and event updates, including workshop and account setup updates
  • To coordinate practical workshop delivery, including sandbox setup instructions

• Service delivery and communication:

  • To respond to your inquiries, feedback, or requests
  • To provide information about requested services and meetings
  • To schedule and confirm consultation bookings
  • To share relevant upcoming sessions, certification paths, and practical next steps based on your submitted interest

• Security and service improvement:

  • To maintain service reliability, prevent abuse, and troubleshoot incidents
  • To improve our website and user experience

We rely on the following legal bases for processing your data under GDPR:

• Consent, when you voluntarily submit forms such as event registration and contact requests.
• Contract or pre-contractual steps, when processing is required to provide requested services.
• Legitimate interests, such as operating, securing, and improving our website and services.
• Legal obligation, where we must retain or disclose data under applicable law.

We do not sell or share your personal information with third parties for their marketing purposes. However, we may share your information in the following situations:

• Service providers and infrastructure partners: We use trusted providers (for example cloud hosting, storage, and email delivery services) to operate our website and communications.
• Legal compliance: We may disclose information when required by law, legal process, or governmental request.
• Third-party sites: If you follow links to external services (for example LinkedIn), their privacy policies apply to their processing.

We apply reasonable technical and organizational safeguards to protect personal data from unauthorized access, alteration, or disclosure. This includes access control, secure transport, and least-privilege access where appropriate.

Under GDPR, you have the following rights regarding your personal data:

• Access: You can request access to the personal data we hold about you.
• Rectification: You can request corrections to inaccurate or incomplete data.
• Erasure: You can request the deletion of your data under certain circumstances.
• Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
• Objection: You can object to the processing of your data based on legitimate interests or direct marketing.
• Withdrawal of Consent: If processing is based on your consent, you can withdraw your consent at any time.
• Complaint: You may lodge a complaint with your local supervisory authority.

We retain personal data for as long as necessary to fulfill the purposes described in this policy, including event administration, requested service delivery, and legal or operational requirements. When data is no longer needed, we delete or anonymize it where feasible. You may request deletion, subject to legal obligations.