NaviSpare

Privacy Policy

Last updated: April 2026

1. Introduction

NaviSpare B.V. ("NaviSpare", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use the NaviSpare platform, in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection law.

2. Data Controller

NaviSpare B.V. is the data controller responsible for your personal data. If you have any questions about how we handle your data, please contact us via the Support page.

3. Data We Collect

3.1 Account Data

When you register on NaviSpare, we collect:

  • Email address (used for authentication via one-time password)
  • Full name and company name
  • Country of operation
  • User role (Buyer or Supplier)

3.2 Supplier Profile Data

Suppliers additionally provide:

  • Website URL and phone number
  • Company description
  • VAT / tax registration number
  • Specialisations (engine manufacturers and part categories)
  • Subscription payment data (processed by Stripe — we do not store card details)

3.3 Platform Activity Data

  • RFQ content (part details, vessel information, delivery requirements)
  • Bid submissions and pricing data
  • Messages exchanged between Buyers and Suppliers via the platform chat
  • Ratings and reviews submitted
  • File attachments uploaded to RFQs or bids

3.4 Technical Data

  • IP address and browser type (collected by our hosting infrastructure)
  • Session data and authentication tokens
  • Usage logs and error reports

4. How We Use Your Data

We use your data for the following purposes:

  • Platform operation: To provide, maintain, and improve the NaviSpare platform and its features.
  • Authentication: To verify your identity and manage your account securely.
  • Matching: To match Buyer RFQs with relevant Supplier specialisations.
  • Communication: To facilitate messaging between Buyers and Suppliers.
  • Billing: To process Supplier subscription payments via Stripe.
  • Trust & Safety: To enforce our Terms & Conditions and prevent fraud or abuse.
  • Legal compliance: To comply with applicable laws and regulations.

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract performance: Processing necessary to provide you with the platform services you have requested.
  • Legitimate interests: Processing necessary for fraud prevention, platform security, and improving our services.
  • Legal obligation: Processing required to comply with applicable laws.
  • Consent: Where we rely on consent (e.g. marketing communications), you may withdraw your consent at any time.

6. Data Sharing

We share your data only in the following circumstances:

  • Between Buyers and Suppliers: When a Supplier submits a bid on your RFQ, limited profile information (company name, country, ratings) is shared with the Buyer. Chat messages are visible to both parties in the conversation.
  • Supabase: Our database and authentication infrastructure provider, acting as a data processor on our behalf.
  • Stripe: Our payment processor for Supplier subscriptions. Stripe's own privacy policy applies to payment data.
  • Legal authorities: Where required by law, court order, or regulatory obligation.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

7. Data Retention

  • Account data is retained for the duration of your account and for up to 3 years following account deletion, for legal and audit purposes.
  • RFQ and bid data is retained for 5 years for business record purposes.
  • Chat messages are retained for 2 years.
  • Payment records are retained for 7 years in accordance with Dutch tax law.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate data.
  • Right to erasure: You may request deletion of your data, subject to legal retention obligations.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability: You may request your data in a structured, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us via the Support page. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted data storage, secure authentication, and access controls. However, no system is completely secure, and we cannot guarantee absolute security.

10. International Transfers

Our infrastructure providers (Supabase, Stripe) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Cookies

NaviSpare uses essential session cookies required for authentication and platform functionality. We do not use tracking or advertising cookies. No cookie consent banner is required for strictly necessary cookies under GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the platform. The date of the latest update is shown at the top of this page.

13. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with us, via the Support page.