Legal
Privacy Policy
Last updated: 2026-04-02
This policy explains how Smartpath handles personal data collected through this website, our commercial communications, and the operation of the product.
It is written to cover GDPR transparency requirements for our marketing site. For data processed inside the product on behalf of a hotel customer, the applicable contract and DPA may add more specific terms.
1. Controller and processing roles
Smartpath is a product operated by Navatech. For personal data collected through this marketing website, demo requests, commercial communications, website-related support, cookie preference management, and site security, Navatech acts as the data controller.
When Smartpath processes guest messages, tickets, catalogs, or operational data on behalf of a hotel, riad, or hospitality group, that customer generally acts as the controller and Smartpath acts as the processor following the customer's documented instructions.
2. Personal data we collect
- Professional identity and contact data, such as name, work email, property name, and the message you submit when contacting us.
- Correspondence data, such as demo requests, email exchanges, support responses, and commercial follow-up notes.
- Technical and security data, such as truncated IP data where available, access logs, device type, browser details, and events needed to protect the site.
- Consent preferences and aggregated analytics data when you enable Google Analytics.
3. Purposes and lawful bases
- Replying to requests, arranging demonstrations, and preparing a commercial relationship: pre-contractual steps or legitimate interests.
- Providing support, maintaining the site, detecting abuse, and protecting security: legitimate interests.
- Meeting legal, regulatory, and accounting obligations: legal obligation.
- Measuring site usage with Google Analytics: consent, which you may withdraw at any time.
4. Recipients of data
We limit access to people and providers who need it. This can include internal teams, hosting providers, communication and support tools, professional advisers, and competent authorities when the law requires it.
Google Analytics is only enabled after your explicit consent. We do not currently deploy advertising cookies on this site.
5. International transfers
Some providers may process data outside the European Economic Area, the United Kingdom, or Switzerland. Where that happens, we rely on appropriate safeguards such as Standard Contractual Clauses or another recognized mechanism where required by applicable law.
6. Retention periods
- Commercial requests and contact forms: generally up to 24 months after the last meaningful contact, unless a contractual relationship follows.
- Website support or pre-sales messages: generally up to 24 months after closure.
- Technical and security logs: generally up to 12 months, unless a longer period is required for investigation or law.
- Cookie consent preferences: up to 6 months or until you update your choice.
- Data processed inside the product for a hotel customer: according to that customer's instructions and the applicable contract.
7. Your rights
Subject to the conditions set by the GDPR, you may request access, rectification, erasure, restriction, portability, or object to certain processing.
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. You may also lodge a complaint with the competent supervisory authority.
If your data is being processed inside Smartpath by a hotel customer, please contact that hotel first because it generally remains the controller for that data.
8. Automated decision-making
We do not use this marketing site to make automated decisions that produce legal effects or similarly significant effects about you. Product automations are executed within the scope of the hotel customer's instructions and contract.
Privacy contact
If you have questions about privacy, cookies, or exercising your rights, contact us at:
support@smartpath.com