Comprehensive Privacy and Policy for Global and United Kingdom Operations
PathwayPal ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy and Policy document outlines our practices concerning the collection, use, and sharing of your data when you interact with our career guidance platform and services. It is designed to be compliant with global privacy standards and specifically adheres to the requirements of the United Kingdom's Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
We believe in transparency and providing you with control over your personal information. This policy details how we handle your data when you use our career assessment tools, explore career options, and interact with our platform. It covers the types of data we collect, how we use it, your rights regarding your data, and the security measures we implement to protect it.
Introduction and What We Collect
1. Our Commitment to Your Privacy
PathwayPal respects your privacy and is dedicated to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) or otherwise provide personal data to us, and tell you about your privacy rights and how the law protects you.
This policy is designed to be global in scope, with specific provisions to ensure compliance with the stringent data protection laws of the United Kingdom.
2. The Data We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: Includes first name, last name, username and age.
- Contact Data: Includes email address.
- Assessment Data: Includes your responses to career assessment quizzes, skills, interests, and educational background.
- Career Preferences: Includes your career interests, preferred work environments, and professional goals.
- Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting, device information, and other technology on the devices you use to access our platform.
- Profile Data: Includes your username and password, assessment results, saved career paths, and feedback.
- Usage Data: Includes information about how you interact with our platform, including pages visited, features used, and time spent on the platform.
- Communication Data: Includes your preferences for receiving communications from us and your interaction with our support team.
We also collect, analyze, and share Aggregated Data such as statistical or demographic data about career trends and user behavior. This data is anonymized and cannot be used to identify any individual user. We use this information to improve our services, develop new features, and provide better career guidance to all our users.
3.1 Contact Form
On our website, we provide contact forms that you can use to get in touch with us electronically. When you use these forms, we collect and process the following information:
- Your email address (required to respond to your inquiry)
- Your IP address (for security and fraud prevention)
- The time and date of your request
- Any additional information you choose to provide in your message
This information is processed based on our legitimate interest in responding to your inquiries and preventing misuse of our contact forms (Article 6(1)(f) GDPR). In some cases, we may ask for additional information such as your name, phone number, or organization. In these cases, we will request your explicit consent before processing such additional data (Article 6(1)(a) GDPR).
Alternatively, you may contact us directly via email at aamirmunshi988@gmail.com.
3.2 Testimonials
We may display personal testimonials from satisfied users on our website. With your explicit consent, we may post your testimonial along with your name and other information you choose to provide. The legal basis for this processing is your consent (Article 6(1)(a) GDPR).
If you would like to update or remove your testimonial, please contact us at aamirmunshi988@gmail.com. We will process your request promptly upon verification of your identity.
4. How Your Personal Data is Collected
4.1 Server Log Files
When you access our website, we automatically collect certain information through our server log files. This includes:
- Your IP (Internet Protocol) address
- Browser type and version
- Internet service provider (ISP)
- Referring/exit pages
- Operating system
- Date/time stamp of access
- Clickstream data
- Number of visits
- Websites that referred you to our site
- Websites accessed through our platform
This information is essential for the provision and security of our website (Article 6(1)(f) GDPR). The data is processed in an aggregated, anonymous form and is not linked to specific individuals. Log file data is automatically deleted after 30 days, unless a longer retention period is required by law or for security purposes.
4.2 Other Collection Methods
In addition to server logs, we collect data through the following methods:
- Direct interactions: You may provide us with your Identity, Contact, and other personal data by filling in forms or corresponding with us through our website, email, or other communication channels.
- Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
- Third parties or publicly available sources: We will receive personal data about you
from various third parties and public sources as set out below:
- Technical Data from analytics providers such as Google.
- Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.
- Identity and Contact Data from data brokers or aggregators.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
How We Use Your Data and Your Rights
4. How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Purposes for which we will use your personal data:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
| Purpose/Activity | Type of Data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer | (a) Identity (b) Contact | Performance of a contract with you |
| To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us | (a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
5. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
Detailed Explanation of Your Rights
1.1 In this section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
1.2 Your principal rights under data protection law are: (a) the right to access; (b) the right to rectification; (c) the right to erasure; (d) the right to restrict processing; (e) the right to object to processing; (f) the right to data portability; (g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.
1.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee and will be supplied within 30 days.
1.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed and all requests will be rectified within 30 days.
1.5 In some circumstances you have the right to the erasure of your personal data without undue delay and this will be completed within 30 days. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
1.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
1.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
1.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
1.9 To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
1.10 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
1.11 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
1.12 You may exercise any of your rights in relation to your personal data by written notice to us.
If you wish to exercise any of the rights set out above, please contact us.
Specifically for individuals in the United Kingdom:
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Before contacting the ICO, we would appreciate the opportunity to address your concerns. Please contact our support team through the Contact Us page with any questions or concerns about your data privacy.
Data Security, International Transfers, and Contact Information
6. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
8. International Transfers
We may share your personal data within our group of companies which may involve transferring your data outside the United Kingdom and the European Economic Area (EEA).
Whenever we transfer your personal data out of the UK and the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
9. Changes to this Privacy Policy
We keep our privacy policy under regular review. This version was last updated on June 30, 2025. It is important that the personal data we hold about you is accurate and current. You can update your personal information at any time through your account settings.
10. Contact Us
If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:
- Email address: aamirmunshi988@gmail.com
- Contact Form: Visit our Contact Page