GDPR Compliance

How PangeaGTM supports EU data protection requirements

Last updated January 2026 7 min read

Our Commitment to GDPR

PangeaGTM is fully committed to compliance with the General Data Protection Regulation (GDPR). As a company headquartered in France, we are subject to GDPR and have implemented comprehensive measures to protect personal data and enable our customers to meet their own GDPR obligations.

GDPR Compliance Compliance

Pangea Summit SAS acts as a Data Processor for customer data and as a Data Controller for account information.

How PangeaGTM Supports GDPR Compliance

1. Lawful Basis for Processing

We support all lawful bases for processing personal data:

  • Consent: Built-in consent management for data subjects
  • Contract: Processing necessary for service delivery
  • Legitimate Interest: Documented assessment tools
  • Legal Obligation: Compliance

2. Data Subject Rights

Our platform enables you to fulfill data subject requests:

  • Right of Access: Export all personal data for any individual
  • Right to Rectification: Easy data correction tools
  • Right to Erasure: Complete data deletion with verification
  • Right to Restrict Processing: Granular processing controls
  • Right to Data Portability: Standard format export (JSON, CSV)
  • Right to Object: Processing opt-out mechanisms

3. Data Protection by Design

GDPR principles are embedded in our platform architecture:

  • Data Minimization: We only collect data necessary for service delivery
  • Purpose Limitation: Data is only used for stated purposes
  • Storage Limitation: Configurable retention policies with automatic deletion
  • Accuracy: Data validation and correction tools
  • Integrity & Confidentiality: Enterprise-grade security measures

4. Security Measures

Article 32 compliant security includes:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Pseudonymization capabilities for sensitive data
  • Access controls with role-based permissions
  • Regular security testing and vulnerability assessments
  • 24/7 security monitoring and incident response

5. Breach Notification

Our breach notification process ensures:

  • Detection within 24 hours through continuous monitoring
  • Customer notification within 72 hours of discovery
  • Detailed incident reports with affected data categories
  • Remediation action plans and prevention measures

Data Processing Agreement

We provide a comprehensive Data Processing Agreement (DPA) that includes:

  • Standard Contractual Clauses for international transfers
  • Sub-processor list and notification procedures
  • Audit rights and compliance verification
  • Data deletion and return procedures

7. EU Data Residency

For customers requiring EU data residency, we offer deployment options with data storage exclusively within the European Union. All data processing remains within EU borders.

Documentation & Resources

Contact Our DPO

For GDPR-related inquiries, contact our Data Protection Officer:
Email: dpo@pangea-summit.com

Back to Home Contact Legal