NavigentNavigent
NavigentNavigent
FunktionenPreiseÜber unsBlogKontakt / Termin buchen
AnmeldenJetzt starten

Last Updated: February 18, 2026

GDPR Compliance Statement

At Navigent (operated by Navigent.io ApS, CVR: 46285395), we are committed to protecting the personal data of our customers and their contacts in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

This page provides an overview of our GDPR compliance framework. For detailed information, please refer to our Privacy Policy, Data Processing Agreement, and Terms of Service.

1. Our Commitment

Navigent is a Danish company subject to GDPR and the Danish Data Protection Act (Databeskyttelsesloven). We have implemented comprehensive technical and organizational measures to ensure that all personal data processing carried out through our platform meets the requirements of the GDPR.

2. Data Controller vs. Data Processor

Navigent operates in two distinct capacities:

  • As Data Controller: For personal data we collect directly — such as account holder information, billing details, and usage analytics. We determine the purposes and means of this processing.
  • As Data Processor: For personal data our customers upload or process through the Service — such as lead databases, email recipient lists, and campaign data. Our customers are the Data Controllers for this data, and we process it solely on their documented instructions.

This dual-role structure is formalized through our Data Processing Agreement (DPA), which is available to all customers.

3. Lawful Bases for Processing

We process personal data only where we have a lawful basis under GDPR Article 6:

  • Contractual Necessity (Art. 6(1)(b)): To provide the Service as agreed in our Terms of Service.
  • Legitimate Interest (Art. 6(1)(f)): For analytics, fraud prevention, and service improvement, where not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, and regulatory requirements under Danish law.
  • Consent (Art. 6(1)(a)): Where applicable, for optional processing such as marketing communications.

4. Your Rights as a Data Subject

Under the GDPR, individuals whose personal data we process have the following rights:

4.1 Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is processed.

4.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data or completion of incomplete data without undue delay.

4.3 Right to Erasure — "Right to Be Forgotten" (Article 17)

You have the right to request the deletion of your personal data where:

  • The data is no longer necessary for the purpose it was collected.
  • You withdraw consent and no other lawful basis applies.
  • You object to processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
  • Deletion is required to comply with a legal obligation.

Upon receiving a valid erasure request, we will delete your personal data within 30 days and confirm the deletion in writing. Note: we may retain certain data where required by law (e.g., billing records under Danish bookkeeping regulations).

4.4 Right to Restriction of Processing (Article 18)

You may request that we restrict processing of your data while we verify its accuracy, assess a legitimate interest objection, or when processing is unlawful but you prefer restriction over erasure.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV). Where technically feasible, we will transmit the data directly to another controller at your request.

Navigent supports data export functionality within the platform, allowing you to download your lead data, campaign history, and account information at any time.

4.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interest. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

4.7 Right Regarding Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. While Navigent uses AI to assist with email generation and lead scoring, final decisions regarding outreach are made by our customers, not by automated systems.

5. How to Exercise Your Rights

To exercise any of the above rights, you may:

  • Send an email to info@navigent.io with the subject line "GDPR Request".
  • Write to us at: Navigent.io ApS, Nørre Voldgade 70, 1358 København K, Denmark.

We will verify your identity and respond to your request within 30 days. If the request is complex or we receive a large number of requests, we may extend this period by a further 60 days, notifying you of the extension within the initial 30-day period.

Note for contacts of our customers: If your personal data is processed by a Navigent customer (i.e., you are a lead or email recipient), you should direct your GDPR request to that customer, who is the Data Controller. We will assist our customers in fulfilling such requests in accordance with our Data Processing Agreement.

6. International Data Transfers

Navigent primarily stores data within the EU (Supabase EU region — Frankfurt). Where data is transferred to sub-processors outside the EU/EEA (e.g., Stripe, OpenAI), we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission.
  • Transfer Impact Assessments to evaluate the legal framework of recipient countries.
  • Supplementary technical measures including encryption and access controls.

7. Security Measures

We implement robust security measures in accordance with GDPR Article 32, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control (RBAC) with principle of least privilege.
  • Multi-factor authentication for administrative access.
  • Automated daily backups with point-in-time recovery.
  • Regular security audits and vulnerability assessments.
  • Incident response and breach notification procedures.

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  1. Notify the relevant supervisory authority (Datatilsynet) within 72 hours (GDPR Article 33).
  2. Notify affected customers without undue delay so they can fulfill their own notification obligations.
  3. Where the breach is likely to result in a high risk to individuals, communicate directly with the affected Data Subjects (GDPR Article 34).

9. Data Protection Officer

Given the current scale of operations, Navigent has not appointed a formal Data Protection Officer (DPO) under GDPR Article 37. However, all data protection inquiries are handled directly by the company leadership and can be directed to info@navigent.io.

10. Supervisory Authority

Our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
Website: www.datatilsynet.dk
Email: dt@datatilsynet.dk

You have the right to lodge a complaint with Datatilsynet or with the supervisory authority in your EU/EEA Member State of residence.

11. Contact

Navigent.io ApS
Nørre Voldgade 70
1358 København K, Denmark
CVR: 46285395
Email: info@navigent.io
Phone: +45 29843964
NavigentNavigent

Intelligente Revenue Operations
für moderne Teams.

Unternehmen

Über unsBlogKontakt

Rechtliches

DatenschutzAGBDSGVOAVVCookies

© 2026 Navigent.io ApS. Alle Rechte vorbehalten.

·

CVR: 46285395

Entwickelt in Kopenhagen 🇩🇰