This Privacy Policy applies to all Personal Data we collect about You using the Website and Services. This Privacy Policy provides information about, inter alia, the type of Personal Data we process, for what purpose we process these data and on what legal ground the processing is based. We therefore advise You to carefully read this Privacy Policy before using our Website(s) and/or Services.

Terms starting with a capital that are not defined in this Privacy Policy, are already defined in the Terms and also apply to this Privacy Policy.


The Website and the Services are offered by us, Navy Light Limited a company incorporated under the laws of the United Kingdom. Since we determine the purpose and means of the processing of Personal Data, we qualify as a controller under the General Data Protection Regulation (hereinafter: “GDPR”).

Navy Light Limited

Office 4 B5b Smallmead House

Surrey, United Kingdom, RH6 9LW


We collect information You intentionally provide us with, as well as some technical information from Your mobile device or web browser.

The overview below describes the purposes for processing the Personal Data collected in accordance with this paragraph as well as the legal ground on which this processing is based.


Creating an account

User name

Necessary for the performance of the Agreement

You need to provide a User name to create an account. You need an account to use the Services  

Age verification

Date of birth

Email address

Legal obligation

Legitimate interest

Legislation in certain countries prohibits minors to use the Services.

We have a legitimate interest to process the date of birth, since we deem our Services unsuitable for minors and try to prevent them from using the Services by requiring the date of birth.

Applying for verified membership

email address

Necessary for the performance of the Agreement

As a verified member, You have access to the full Services including Services offered against a fee. We must be able to contact You.

Contacting You

i) Service-related notifications  

ii) Promotional notifications

iii) Responding to questions, complaints, reports, requests

i) email address


User name

ii) email address

usage data

iii) name;

email address;

content of the email we received

i) Necessary for the performance of the Agreement

ii) Legitimate interest

iii) Legitimate interest;

i) these notifications pertain to either messages that directly relate to Your use of the Services or messages with important information regarding the Website/Services, such as planned maintenance.

ii) We are legally permitted to send commercial messages about our own, similar services to our customers and therefore have a legitimate interest to process the personal data necessary to send those messages.

iii) We must use Your email address and the content of the email You sent, in order to reply to Your questions, remarks, complaints or filed reports;

Improving the Services/Chatbot  

by analyzing data

i) Personal Data used to create the aggregated User statistics

(see paragraph 2)

ii) Personal Data from the reports filed as meant in articles 2.6 and 4.4 of the Terms, used for analysis

iii) Personal Data collected during the monitoring of the Chatbot and/or interventions as meant in article 4.2 of the Terms

i) Legitimate interest

ii) Legitimate interest

iii) Legitimate interest

i) See paragraph 2 of this Privacy Policy  

ii) see article 4.3. of the Terms

iii) see article 4.3. of the Terms



Personal Data that You share with the Chatbot

Legitimate interest

A software tool continuously monitors the Chatbot looking for specific situation that we designated as unacceptable.   If it detects such a situation, it notifies the team of specialized operators. If necessary. They can quickly intervene and terminate the unacceptable situation.   The Personal Data processed in relation to the monitoring and human oversight intervention, will not be used for other purposes, with the exception that these data may be analyzed in order to improve to Servicces and Chatbot.

Compliance with a   legal obligation

Personal Data that we must provide under specific legislation

Legal obligation  

Regulatory authorities, governmental organizations or a judge may request or demand to provisions of certain Personal Data. In the event we receive such a demand or request, we will inform thereof unless applicable law prohibits this.   We will always do our own research in order to determine if we are indeed legally held to provide the data.

Protecting our rights and interests  

It cannot be determined in advance which personal data will be processed for this purpose. A number of possible situations are listed below.

i) Personal Data necessary to defend ourselves against claims or to substantiate claims of our own.

ii) Personal Data that must be provided to a third party in the context of a legal opinion or advice and/or an audit.

iii) Personal Data that must be provided in relation to a merger and/or acquisition  

i), ii) en iii) Legitimate interest

i) We have a legitimate interest to process Your Personal Data if necessary to protect our rights and interest (with regard to the Servicces) and defend ourself against claims from You, other Users or third parties.


We furthermore have a legitimate interest to transfer Personal Data to a third party i) for legal advice or ii) in relation to an audit.

We also have a legitimate interest to transfer Personal Data to a third party, if this is necessary in relation to a merger or acquisition.


To provide the Services to You, we must process Personal Data.

First, You must choose a username to create an account. We also ask You for Your date of birth as we do not want to offer our Services to minors.

If You want to use the full Services, Your account must be verified. For this we need Your email address. Once the verification process has been successfully completed, You can also purchase tokens that allow You to pay for certain parts of the Services. The purchase of the tokens is handled by a payment provider in a secure environment. We therefore do not process any bank or other financial Personal Data. To ensure that You can pay with the purchased tokens, we keep track of how many tokens You have. The Services offer You the possibility to chat with our Chatbot. The Chatbot stores and analyses the messages You sent to determine the best possible response.

We need all the personal data listed above in order to provide the Services to You.

Please note that we use these Personal Data only for the purposes listed above with a few exceptions such as analytical research or to comply with a legal obligation. In any case, we do not use it for commercial purposes. An overview of all types of Personal Data we collect and other purposes for which they are used, is listed below.


To ensure we can keep providing the Services and to give You the best user experience possible, we have implemented a number of measures. First of all, we have implemented a software tool that monitors all messages sent to and by the Chabot. If it detects a possible unacceptable situation, a team of specialized operators is notified. This team can intervene in real time in chats and stop them if an unacceptable situation occurs, for example if offensive messages are sent. The team only looks at messages when they receive a notification. It needs to process the content of those messages, which may contain Personal Data, to determine if an intervention is needed.

We subsequently use the information about an unacceptable situation, which may contain Personal Data, to teach the Chatbot to recognize such situations and prevent them in the future.


We collect certain information from and about the computers, phones, and other web-connected devices that You use to access the Website and use the Services. We unify this information across different devices You use.

We combine Your Device Data with that of other Users and then analyze it to understand how the Website and/or Service are used (see also paragraph 4). Based on these insights, we can improve the Website, Services and Chatbot. The results of our analysis are aggregated User statistics that are anonymous and no longer qualify as Personal Data. We may share these aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.


The Website uses only analytics cookies. The data collected by these analytics cookies, will only be used for analytical purposes, i.e. to create anonymous aggregated User statistics that we may use to improve the Website, Services and/or Chatbot as described in paragraph 5 below.


We continuously evaluate the Website and the Services, and thus also the Chatbot. Based on these evaluations we can improve, expand and/or amend the Website, the Services and/or the Chatbot, if necessary, to maintain the high quality of the Services we provide, and to make sure the Website, Services and Chatbot remain as user friendly as possible. It also allows us to keep our security up-to-date and Your Personal Data safe.

To create these aggregated User statistics we process Personal Data, including but not limited to device information as meant in Paragraph 3 above. Personal Data collected by monitoring the Chatbot, Personal Data from reports as meant in articles The aggregated User statistics that are the result of this processing no longer contain Personal Data and are therefore anonymous.

To the extent that the datasets we use to generate aggregated user statistics do contain Personal Data, they are only processed for a limited duration, namely, only to generate the aggregated User statistics.


Keeping Personal Data and our Website and Services safe is important to us. We have therefore taken appropriate technical and organizational measures to protect Your Personal Data from loss or any other form of unlawful processing. These measures inter alia include: measures to keep our software up-to-date by installing updates, upgrades and patches,, limiting access to Personal Data by only allowing such access on a need-to-know basis, using strong passwords that are regularly changed, performing stress- and penetration tests on a regular basis.

We have implemented these, and other, measures in various policies that we review regularly to ensure our measures remain state of the art.

We have secure certificates from VeriSign and McAfee that show the Website and services are approved, fully tested, and certified by these two expert security companies. This means that You are safe from any viruses, identity theft, spyware, fraudulent credit card activity, spam, and internet scams.


We do not retain Personal Data longer than necessary for the realization of the purposes for which the Personal Data are collected.

If You are a User, we will delete or anonymize Personal Data 1,5 years after You delete Your account or stopped using the Services. We will delete or anonymize Personal Data of Visitors ultimately one (1) year after the date of collection.

Deviations from the above-mentioned retention periods are possible if applicable legislation requires us to retain (parts of the) Personal Data longer and/or (parts of) the Personal Data remain necessary for evaluation purposes and/or (parts of) the Personal Data are necessary to protect our rights and interests (including but not limited to litigation).


We will not sell Your Personal Data to third parties for direct marketing purposes without Your prior consent.

However, in other circumstances we may need to transfer (parts of) Your Personal Data to third parties, including but not limited to the following circumstances:

With regard to the first three circumstances, we have a legitimate interest to engage third parties. The transfer of Personal Data in the fourth circumstance is based on a legal obligation.


We may update and/or revise our Privacy Policy from time to time and post the updates and/or revised Privacy Policy on the Website. We advise You to regularly check the Website for the latest version of the Privacy Policy.

In the event updates and/or revisions of the Privacy Policy qualify as material changes as meant in article 16.3 of the Terms, we will inform You of them a reasonable time before they take effect by sending You an email or by posting a notice on the Website.


In addition to rights set out in this Privacy Policy, if You are located in the European Union, You have several rights under the GDPR. This paragraph 10 describes the process we have implemented in this regard.

If You wish to exercise any of the rights You may have with regard to the processing of Your Personal Data, please send a substantiated request by email to: We try to respond to requests within a reasonable period of time, and normally within one (1) month. However, it is possible that we need additional time. If that is the case, we will inform You thereof before the end of the aforementioned one (1) month period. The additional time will not exceed two (2) months.

We can only comply with a request if we are sure that the Personal Data to which Your request pertains are really about You. If we have doubts regarding Your identity we are legally obligated to verify it. In that case we will request You to send us information enabling us to identify You (if You send us a copy of Your passport or identification card, please make the BSN number on Your ID illegible).

Below You will find a list of rights You have under the GDPR with regard to the processing of Your Personal Data. Please be advised that we can only comply with a request to exercise these rights if all applicable conditions as stipulated in the GDPR are met. If, in our opinion, the applicable conditions are not met, we will reject Your request and inform You of this decision in accordance with the aforementioned timelines.


  1. Right of access;
  2. Means Your right to receive from us and made available to You, a copy of the Personal Data we process about You.
  3. Right to rectification;
  4. Right to be forgotten (right to erasure);
  5. Means Your right to require us to permanently delete or anonymize (certain) Personal Data about You.
  6. Right to restriction of processing;
  7. Right to data portability;
  8. Right to object.


If You contact us by sending an email to, we store Your contact details and the content of Your email(s) which may include Personal Data such as Your name and telephone number. We process this Personal Data i) to reply to Your requests, questions or and ii) to send You information regarding the Website and Services.

We have a legitimate interest, as defined in article 6.1 (f) GDPR, to process Personal Data for this purpose, because it enables us to offer You an efficient customer service and to keep You informed regarding our Website and Services. Relevant in this regard is the fact that processing Personal Data for the above-mentioned purposes is primarily for Your benefit and has little to no impact on Your privacy.


We use Your email address to send You the notifications as stipulated in article 7 of the Terms. We can use Your name and/or gender in these notifications to address You correctly and make the notifications slightly more personal.

We have a legitimate interest to use Your email address to send You the notifications, because it enables us to stay in touch with You and to keep You informed of our Website and/or the Services. In making the notifications a bit more personal by including Your name and/or gender we try to give You a better customer experience.

The latest version of the Privacy Policy is dated September 26, 2023.