← Back to Home

GDPR Compliance

Last Updated: March 30, 2025

1. Introduction

This GDPR Compliance statement explains how Pathway ("we," "our," or "us") complies with the European Union's General Data Protection Regulation (GDPR). We are committed to protecting the personal data of all our users, including those in the European Economic Area (EEA).

2. Data Controller

For the purposes of the GDPR, Pathway is the data controller of your personal information. This means we determine the purposes and means of processing your personal data.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contractual Necessity: Processing is necessary for the performance of our contract with you to provide our services.
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services and ensuring security.
  • Consent: Where required, we obtain your explicit consent for specific processing activities.
  • Legal Obligation: Processing is necessary to comply with our legal obligations.

4. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  • Right to Not Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing.

5. How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us atprivacy@pathway.travel. We will respond to your request within 30 days. We may ask for additional information to verify your identity before fulfilling your request.

6. Data Transfers

We may transfer your personal data to countries outside the EEA. When we do, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance statement. If you have any questions about this statement or how we handle your personal data, please contact our DPO at:
dpo@pathway.travel

9. Complaints

If you are not satisfied with our response to your concern, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside.