This is our Privacy Notice which explains how we obtain, use and keep your personal data safe in relation to the Navigator Global site.

We are Navigator Global Limited, the data controller. You can contact our Data Protection Officer (DPO) at 2 Triton Square, Regent's Place, London, United Kingdom, NW1 3AN or via email: support@navigator.global if you have any questions.
 

This is our data protection statement which explains how we obtain, use and keep your personal data safe through our website and services related to the Navigator Global platform (together the “Navigator Global Service”).
 

Your personal data is data which by itself, or with other data available to us, can be used to identify you.
 

We're committed to keeping your personal data safe in accordance with applicable data protection laws. To protect your personal data, we have adopted appropriate legal, organisational, and technical measures to prevent its alteration, loss, improper processing, or unauthorised access.
 

We reserve the right to update or amend this data protection statement from time to time. We will post the updated version to our website. The statement was last updated on the 10^th of October, 2025. Historic versions can be obtained by contacting us.

The types of personal data we collect and use

When you use the Navigator Global Service we’ll collect and use your personal data for some or all of the reasons set out in this data protection statement.

We process different categories of personal data depending on your relationship with us and the services you use. We will only process the personal data where we have a legal basis to do so.

The personal data we use in relation to the Navigator Global Service includes:

• Full name and personal details including contact information (e.g. business address, business email address, telephone numbers);
• Contact details and information about your business (e.g. job titles);
• Records of services you have obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address); and
• Personal data about other service users. You must have their authority to provide their personal data to us.

We do not process sensitive personal data.

Our website uses cookies and similar technologies. For more information about we use cookies, please refer to our Cookie Policy.

We also operate accounts with LinkedIn, Instagram, Facebook, YouTube, WhatsApp and Spotify relating to the Navigator Global service. These platforms may use cookies and similar technologies to collect information about service users and other individuals who interact with our accounts. Further information about the platforms’ privacy practices can be found in their respective privacy policies.

We do not collect sensitive personal data (such as health data, ethnicity, political opinions, etc.). If it is necessary for us to process such data, we will inform you, and we will obtain your explicit consent to the processing or otherwise process the data to the limited extent permitted by law.

Providing your personal data

We may obtain personal data directly from you, from other individuals on your behalf (such as administrators for your organisation who set up a user account in your name), or from our use of cookies or the technology you use to access the Navigator Global Service.

The personal data you provide may be:

• Mandatory data: In order to use the Navigator Global Service, it is essential that you provide us with certain personal data – for example, your name, email address and details relating to your organisation. Without this information, we will not be able to process your request or provide you with the required services.
• Optional data: In some cases, you may choose to provide additional data that is not strictly necessary, but which helps us to personalise your experience or improve our services. This data will be clearly identified as optional at the time of its collection.

Security

We take reasonable steps to secure personal data we hold using appropriate technical, physical, and organisational measures that protect against unauthorised use, access, alteration, disclosure, destruction, and loss.

Monitoring of communications

We may monitor and record your communications with us and your communications using the Navigator Global Service, such as calls, emails, text messages, social media messages and other communications. We may do this for different purposes:

(i) regulatory compliance: to ensure adherence to applicable laws and regulations;

(ii) crime prevention and detection: to identify and prevent illegal, fraudulent, or unauthorised activities;

(iii) security: to protect the integrity of our communication systems and prevent unauthorised access;

(iv) quality control: to verify the quality of our interactions and enhance staff training;

(v) communications logging: to maintain a record of communications for resolving disputes, addressing complaints, or conducting audits; or

(vi) inappropriate content verification: to detect and manage content that may be considered obscene, offensive, or inappropriate.

If you have any questions about how we monitor and record communications, or if you wish to exercise your data protection rights, please contact us.
 

Using your personal data: the legal basis and purposes

In relation to the Navigator Global Service, we’ll process personal data:

1. As necessary for our own legitimate interests or those of other persons and organisations, including:

a) To onboard your organisation to the service, manage and perform our contract with your organisation, and keep our records updated;

b) For good governance, accounting, and managing and auditing our business operations;

c) To monitor emails, calls, other communications, and activities for this service;

d) For market research, analysis and developing statistics; 

e) To send you marketing communications (unless the law requires us to obtain your consent); and

f) To assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to the service where we are permitted to do so pursuant to the terms of the relevant contract or as a matter of law.

2. As necessary to comply with a legal obligation, including:

a) For compliance with legal and regulatory requirements and related disclosures;

b) For establishment and defence of legal rights;

c) For activities relating to the prevention, detection and investigation of crime;

d) To monitor emails, calls, other communications, and activities in the service; and

e) To address requests from you in the exercise of rights under data protection laws.

3. Based on your consent, including:

a) When you request us to disclose your personal data to other people or organisations, such as a person or company handling a claim on your behalf, or otherwise agree to disclosures; and

b) To send you marketing communications where we’ve asked for your consent to do so.

We may collect and share with social media platforms information about service users for analytics and reporting purposes. As required by law, we will obtain the individual’s consent to that processing.

You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t provide the service to you.

The legal basis for monitoring communications depends on the specific purpose. In some cases, monitoring is necessary to comply with applicable laws or regulations. In other cases, monitoring is justified by our legitimate interests, such as improving service quality or protecting the security of our operations. In specific situations, such as call recording for training purposes, we may request your explicit consent.

Sharing of your personal data

Subject to applicable data protection law, we may share your personal data with:
 

• Third party service providers who support the service;
• Members of the Banco Santander group of companies and directors, employees, officers, agents or professional advisors of such members;
• Sub-contractors and other persons who help us or our affiliates provide accounts, products and services;
• Our third-party partners, for their own purposes, such as sending marketing and advertising content to you (unless the law requires us to obtain your consent);
• Companies and other persons providing services to us;
• Our legal and other professional advisors, including our auditors;
• Courts, to comply with legal requirements, and for the administration of justice;
• Other persons where necessary in an emergency or to otherwise protect your or other individuals’ vital interests;
• Other persons where necessary to protect the security or integrity of our business operations;
• Other persons connected to you with the service e.g. your account administrator;
• Other persons when we restructure or sell any of our business or assets or have a merger or re-organisation (including persons and prospective persons to whom we may assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to the service) (unless the law requires us to obtain your consent);
• Market research organisations who help to improve our products or services (unless the law requires us to obtain your consent); and,
• Anyone else, to the extent that we have your consent, or as required by law.

International transfers

Your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. Details of the safeguards we apply can be obtained from our Data Protection Officer or by contacting us via email: support@navigator.global.

Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data which can’t be used to identify you. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.

Automated decision making and processing

We may automatically process personal data using software algorithms to enhance your experience of the Navigator Global service, generate insights and support our marketing strategies. These automated processes are designed to complement, not replace, human interaction and decision-making and we do not use these technologies to take solely automated decisions.

If you are to be subjected to automated decision-making that will have a legal or significantly similar effect on you, we will make it clear at the time so that you have the right to contest the decision, to express your point of view, and to require a human review of the decision as provided for by applicable law.

Your marketing preferences and related searches

We’ll use your business address, phone numbers, and email address to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting us.

You confirm that you have been asked about your marketing preferences as part of this application, and if you wish to change these options you can do so at any time.

Criteria used to determine retention periods

We will retain your personal data only for as long as necessary to fulfil the purposes for which they were collected. After this period, the data will be securely deleted or, where necessary, securely archived.
 

The following criteria are used to determine data retention periods for personal data we collect:

• Retention in case of queries. We’ll retain personal data as long as necessary to deal with your queries;
• Retention in case of claims. We’ll retain personal data for as long as you might legally bring claims against us; and
• Retention in accordance with legal and regulatory requirements. We’ll retain personal data after the service has come to an end based on our legal and regulatory requirements.
• Retention in case of marketing communications. We will process personal data until you withdraw your consent or otherwise opt out of such communications.

Rights under applicable data protection law

Your data protection rights are as follows (noting that these rights don’t apply in all circumstances):

• The right to be informed about our processing of your personal data;
• The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
• The right to object to processing of your personal data;
• The right to restrict processing of your personal data;
• The right to have your personal data erased (the “right to be forgotten”);
• The right to request access to personal data and information about how we process it;
• The right to move, copy or transfer your personal data (“data portability”);
• Rights in relation to automated decision making including profiling;
• The right to revoke consent you have given to us; and
• The right to complain to us.

You have the right to lodge a complaint with a data protection authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk).
 

We encourage you to contact us before making a complaint to any authority, so that we can try to resolve any problems or concerns you may have.

For more details on all the above, including Banco Santander group members, you can contact our DPO.