← InvoicePathLegal

GDPR & Data Processing

How InvoicePath supports your obligations under the EU/UK GDPR, and the data processing terms we make available to customers.

Last updated: 25 May 2026

Our role

For the personal data contained in the invoices and records you process through InvoicePath, you are the data controller and InvoicePath (Panoptic IT Solutions) acts as your data processor. We process that data only on your documented instructions, which include your use of the service.

Data Processing Agreement (DPA)

We offer a Data Processing Agreement covering the GDPR Article 28 requirements: subject matter and duration, nature and purpose of processing, types of personal data and categories of data subjects, and the obligations and rights of the controller. Request a copy at privacy@invoicepath.com.

What we commit to

  • Process personal data only on your instructions and for providing the service.
  • Ensure people authorised to process data are bound by confidentiality.
  • Apply appropriate technical and organisational security measures (see Security).
  • Use sub-processors only under equivalent obligations, with a list available on request.
  • Assist you with data-subject requests and with security, breach-notification and impact-assessment duties.
  • Delete or return personal data at the end of the service, subject to legal retention.

Sub-processors

We use a limited set of sub-processors (e.g. cloud hosting, AI extraction, email delivery) to deliver the service. A current list, including their location and purpose, is available on request. We give notice of material changes so you can object where appropriate.

International transfers

Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses. Tell us if you have specific data-residency requirements.

Data-subject rights

We help you respond to requests from individuals to access, correct, delete, restrict or port their data. Where individuals contact us directly, we refer them to you as the controller unless otherwise agreed.

Contact & complaints

Data-protection enquiries: privacy@invoicepath.com. EU/EEA individuals also have the right to lodge a complaint with their local supervisory authority (in Ireland, the Data Protection Commission).