Last updated: November 17, 2025
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Navalapp platform — including our websites, applications, courses, memberships, community features, and related services (collectively, the “Services”). It applies to members, visitors, and organizations who access or interact with the Services.
Short version:
- We process personal data to provide, secure, and improve the platform.
- We do not sell personal information as that term is commonly understood. Some limited data sharing for analytics or advertising may be deemed “sale” or “sharing” under certain laws — you can opt out.
- You control optional cookies and certain uses via Cookie Settings and applicable regional rights.
Scope & Relationship to Other Terms
This Privacy Policy applies to the processing of personal information in connection with the Navalapp platform — including our websites, applications, courses, memberships, community features, and related services (collectively, the “Services”). It explains how Navalapp collects, uses, and protects personal information about members, visitors, and organizations who access or interact with the Services.
Content processed on behalf of members or organizations. Some of the materials that members or organizations upload or store on the platform — such as assignments, messages, designs, or course files — may include personal information (for example, a name, image, or metadata that identifies the creator). When this is the case, Navalapp treats that data as personal information and processes it only to provide and maintain the Services. We do not view, reuse, or sell such materials, and we delete or anonymize them when the account or contract ends, unless we are required by law to keep them longer.
Navalapp does not decide what members upload or how they use their materials. We do not use such content for marketing, analytics, or any unrelated purpose unless this has been clearly stated in the relevant course or program terms, or you have otherwise provided consent. When we use member materials for marketing or educational promotion under such terms, we remove or anonymize any personal information (such as names, faces, or identifiable details) unless you have expressly agreed to be identified. Any such use is limited to the agreed purpose and can be withdrawn by contacting us.
Public and community areas. The platform may include optional public or community features where members can choose to share information visible to others. You should avoid posting personal or confidential information in public areas. Public posts are governed by our Platform Terms and Acceptable Use Policy in addition to this Privacy Policy.
Third-party products and content. Our Services may include or link to third-party products, services, or content that operate under their own privacy policies. Navalapp is not responsible for the privacy practices of such third parties, and we encourage you to review their policies before providing personal information.
If you do not agree with this Privacy Policy, please do not access or use the Services.
Who We Are (Controller Information)
Controller:
Blueheading Oy (doing business as “Navalapp”)
Address: Svinhufvudintie 2 D 30, 00570 Helsinki, Finland
Email: privacy@navalapp.com
Supervisory Authority (EU):
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Lintulahdenkuja 4, 00530 Helsinki, Finland; tel. +358 29 566 6700; email: tietosuoja@om.fi.
If you interact with the Services on behalf of an organization, your personal information may also be subject to that organization’s privacy practices.
Organizational or Sponsored Accounts
Organizations (for example, maritime companies, training institutions, or other entities) may sponsor or manage access to the platform. Each participant typically creates an individual account and agrees to this Privacy Policy.
- Navalapp as controller: We are the controller for personal information processed within the platform (e.g., account data, participation records, communications).
- Organization as independent controller: The sponsoring organization may process personal information for its own purposes (e.g., eligibility, HR records, compliance) as an independent controller.
- Navalapp as processor (limited cases): Where an organization provides personal information to set up or assign accounts, we process that data on the organization’s documented instructions under a separate data processing agreement, where applicable.
Personal Information We Collect
Information You Provide
For example, when you create or manage an account; purchase courses, memberships, or merchandise; register for events; participate in community features; communicate with us; or complete forms, questionnaires, or support tickets. Categories may include:
- Identifiers and contact details (e.g., name, email, postal address, phone number)
- Payment and billing information
- Organization or institution details
- Verification documents where needed (e.g., eligibility for offers and/or memberships)
- Communications, feedback, and support content
- Profile information (e.g., photo, display name) and optional media (e.g., event recordings)
- Tax/billing identifiers where required (e.g., VAT number)
Information Collected Automatically
When you use the platform, we may automatically collect information such as:
- IP address, device and browser information, operating system, language
- Usage and diagnostic data (e.g., pages viewed, features used, time and date, error logs)
- Cookie identifiers and similar technologies
- Approximate location derived from IP address
Information from Other Sources
We may receive information from service providers and partners (e.g., payment processors, communications platforms, analytics/measurement providers), publicly available sources, social networks, or business partners, and combine it with information we collect directly to maintain accurate records and improve the platform.
Eligibility Verification
When you apply for eligibility-based programs, we process the information and supporting documents you provide solely to verify eligibility.
- Legal basis: Consent and/or legitimate interests, depending on jurisdiction.
- Retention: Documents are kept only as long as necessary for verification and then deleted; minimal audit records may be retained for a limited period to prevent abuse and comply with law.
- Recipients: Verification service providers where applicable.
How We Use Personal Information
- Provide and operate the platform, including account management, memberships, purchases, and support.
- Maintain, protect, and improve the platform, including diagnostics, security, and feature development.
- Personalize content, recommendations, and experiences (where permitted).
- Communicate with you (e.g., transactional messages, updates, responses to inquiries).
- Marketing with consent where required (e.g., newsletters, promotions); you can opt out at any time.
- Fraud prevention & security, and to protect the rights, property, and safety of members and the public.
- Compliance with legal, accounting, and tax obligations.
Future features and innovation. As the platform evolves, we may introduce new tools or features that involve processing personal information. Where required, we will update this Policy and/or request consent.
Legal Bases for Processing (GDPR)
We process personal information only where we have a lawful basis under applicable law, including:
- Contract: To provide and administer the platform and membership services you request.
- Legitimate interests: To maintain, protect, personalize, and improve the platform; to communicate with you; and to ensure security — balanced against your rights and expectations.
- Consent: For certain activities (e.g., marketing communications, non-essential cookies/ads personalization) where consent is required. You may withdraw consent at any time.
- Legal obligations: To comply with applicable laws (e.g., tax, accounting, reporting).
International Data Transfers
We are based in Finland and may process or store personal information in countries where we or our providers operate, including within the EEA, the United Kingdom, and the United States. Where personal information is transferred internationally, we implement appropriate safeguards as required by law (e.g., adequacy decisions, Standard Contractual Clauses, or equivalent frameworks). Copies of these safeguards are available upon request where required.
How We Secure Information
We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit and at rest where appropriate, monitoring, and staff training. We may request proof of identity before disclosing information. If a data breach occurs, we will notify affected individuals and authorities as required by law.
Data Retention
We retain personal information only as long as necessary to provide the platform, fulfill the purposes described in this Policy, and comply with legal, accounting, or reporting requirements. Retention periods vary by data type and purpose. When personal information is no longer needed, we take steps to delete or anonymize it in accordance with our retention and deletion procedures.
We retain user account data while the account is active and for at least twelve (12) months after the last login to the Services. After this period of inactivity, Navalapp may, at its discretion, permanently delete the account and related data in accordance with our Platform Terms and applicable law. Unsubscribing from marketing or newsletter communications does not by itself delete your account.
Automated Decision-Making & Profiling
We do not make decisions with legal or similarly significant effects solely by automated means. We may use limited profiling (for example, recommendations or audience segmentation) to personalize experiences. You can object to profiling for direct marketing at any time.
Children’s Personal Information
The Services are not directed to children under the age of 18. If you are under 18, you may use our Services only with the involvement and consent of a parent or guardian. If we learn that we have collected personal information from a minor without appropriate consent, we will promptly delete or anonymize such information and, where applicable, disable the related account.
Your Rights & Choices
Depending on your location, you may have rights under applicable law, which can include:
- Accessing and obtaining a copy of your personal information
- Requesting correction or deletion
- Objecting to or restricting certain processing
- Data portability (receiving certain information in a structured, commonly used, machine-readable format)
- Withdrawing consent (where processing is based on consent)
- Opting out of targeted advertising or certain “sale/sharing” of personal information (where applicable)
- Managing cookies via Cookie Settings and supported browser signals
- Non-discrimination for exercising your rights
You can view, update, or delete certain information in your account. If you cannot access specific data or wish to exercise your rights, contact us at privacy@navalapp.com. We will not discriminate against you for exercising your rights.
Regional Disclosures
(a) European Economic Area / United Kingdom
Individuals in the EEA/UK have rights under GDPR/UK GDPR, including to lodge a complaint with a supervisory authority. Our lead EU authority is listed in Who We Are.
(b) United States (e.g., California, Colorado, Connecticut, Utah, Virginia)
Residents of certain U.S. states may have rights to access, delete, correct, opt out of targeted advertising or certain sharing, and to limit the use of sensitive personal information (where applicable). We do not sell personal information in the traditional sense. Some limited data sharing for analytics/advertising may be deemed a “sale” or “sharing” under specific state laws. You can opt out via Cookie Settings or by using a supported browser signal (e.g., Global Privacy Control) where required by law.
(c) Canada & Quebec (Law 25)
We comply with applicable Canadian privacy laws. We may transfer personal information outside Canada when necessary to provide the Services and will implement appropriate safeguards. Consent is obtained in a clear and understandable manner and can be withdrawn at any time.
Other Regional Privacy Laws
Navalapp complies with applicable data-protection laws in the regions where we operate or have users, including the United Kingdom (UK GDPR and PECR), Brazil (Lei Geral de Proteção de Dados – LGPD), Canada (PIPEDA and Quebec Law 25), and South Africa (POPIA). Residents of these regions may exercise their local privacy rights — such as access, correction, deletion, or withdrawal of consent — by contacting us at privacy@navalapp.com. Requests will be handled in accordance with applicable law.
Changes to This Policy
Our platform evolves, and we may update this Privacy Policy from time to time. We will not make material changes that reduce your rights without providing notice and, where required, obtaining your consent. The “Last updated” date at the top indicates the effective date of the current version.
Contact Us
If you have questions or concerns about privacy, please contact us:
- Email: privacy@navalapp.com
- Postal address: Navalapp, Svinhufvudintie 2 D 30, 00570 Helsinki, Finland
- Supervisory authority (EU): Office of the Data Protection Ombudsman, Helsinki – tietosuoja@om.fi