Back to Home

GDPR Compliance

Last updated: February 1, 2026

Pathos Panel is working toward compliance with the General Data Protection Regulation (GDPR). This page outlines the steps we are taking to meet our obligations under the regulation and how we aim to protect the rights of data subjects within the European Economic Area (EEA).

Privacy Contact

Reach us at info@ethosmr.com

Data Residency

Options available on request

DPA Available

Data Processing Agreements available on request

Subject Access Requests

We aim to respond promptly

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: Panelists provide explicit consent during registration to participate in research activities
  • Contractual Necessity: Processing required to fulfill our service agreements with research companies
  • Legitimate Interest: Fraud prevention, platform security, and service improvement
  • Legal Obligation: Compliance with applicable laws and regulations

Data Subject Rights

Under GDPR, individuals have the following rights:

  • Right of Access — Request a copy of all personal data we hold about you
  • Right to Rectification — Correct inaccurate or incomplete data
  • Right to Erasure — Request deletion of your personal data (“right to be forgotten”)
  • Right to Restrict Processing — Limit how we process your data
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to data processing based on legitimate interests
  • Right Not to Be Subject to Automated Decisions — Challenge decisions made solely by automated means

To exercise any of these rights, email info@ethosmr.com.

International Data Transfers

When personal data is transferred outside the EEA, we intend to put appropriate safeguards in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, and to verify that receiving entities maintain adequate data protection standards.

Data Breach Notification

In the event of a personal data breach, we aim to notify the relevant supervisory authority within 72 hours where required and to inform affected data subjects without undue delay when the breach poses a high risk to their rights.

Sub-Processors

We use the following sub-processors to provide our services:

ProviderPurposeLocation
SupabaseAuthentication & DatabaseUSA (SCCs)
VercelApplication HostingUSA (SCCs)
ResendTransactional EmailUSA (SCCs)

Contact

For GDPR inquiries, contact us at info@ethosmr.com.