Your Privacy Matters

Privacy Policy

Last updated: 5 February 2026

Study Path ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services. We comply with the General Data Protection Regulation (GDPR) and Dutch data protection laws (AVG).

1Data Controller

CompanyStudy Path VOF
AddressKratonkade 710, 3024EX Rotterdam, Netherlands
KvK99598884
Email[email protected]
Phone+31 6 12 93 73 24

For any privacy-related questions or to exercise your rights, contact us at [email protected].

2What Data We Collect

We collect the following categories of personal data:

2.1 Data you provide directly

  • Account data: name, email address, password (encrypted)
  • Profile data: nationality, education background, target programs
  • Application documents: diplomas, transcripts, motivation letters, CVs
  • Communication: messages, support requests, feedback
  • Payment data: billing address, payment method (processed by Stripe)

2.2 Data collected automatically

  • Technical data: IP address, browser type, device information
  • Usage data: pages visited, features used, time spent
  • Cookies: see our Cookie Policy

2.3 Data from third parties

  • Google Sign-In: name, email, profile picture (if you use Google login)

3Why We Process Your Data (Legal Basis)

PurposeLegal Basis (GDPR Art. 6)
Provide our services (application support, document review)Contract performance (Art. 6(1)(b))
Create and manage your accountContract performance (Art. 6(1)(b))
Process paymentsContract performance (Art. 6(1)(b))
Send service-related communicationsContract performance (Art. 6(1)(b))
Respond to support requestsLegitimate interest (Art. 6(1)(f))
Improve our website and servicesLegitimate interest (Art. 6(1)(f))
Analytics (anonymized)Legitimate interest (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a))
Legal compliance (tax, fraud prevention)Legal obligation (Art. 6(1)(c))

4Who We Share Data With

We do not sell your personal data. We share data only with:

Service Providers (Processors)

  • Supabase Inc. — Database hosting, authentication (USA, EU data region)
  • Stripe Inc. — Payment processing (USA, PCI-DSS compliant)
  • DataFast — Website analytics (EU)
  • Google LLC — Authentication via Google Sign-In (USA)
  • Hetzner Online GmbH — Website hosting (Germany, EU)

With Your Consent

If you ask us to communicate with universities or authorities on your behalf, we share relevant information with them as needed.

Legal Requirements

We may disclose data if required by law, court order, or to protect our legal rights.

5International Transfers

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. We ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the EU
  • Binding Corporate Rules

You can request a copy of applicable safeguards by contacting us.

6Data Retention

Data TypeRetention Period
Account dataUntil account deletion + 12 months
Application documents12 months after service completion
Payment records7 years (Dutch tax law requirement)
Communication history3 years
Analytics data26 months (anonymized)
Marketing consent recordsUntil consent withdrawn + 3 years

After the retention period, data is securely deleted or anonymized.

7Your Rights (GDPR)

Under GDPR, you have the following rights:

Right of Access:Request a copy of your personal data
Right to Rectification:Correct inaccurate or incomplete data
Right to Erasure:"Right to be forgotten" — request deletion
Right to Restriction:Limit how we use your data
Right to Data Portability:Receive your data in a machine-readable format
Right to Object:Object to processing based on legitimate interest
Right to Withdraw Consent:Withdraw consent at any time (for consent-based processing)

To exercise your rights, email us at [email protected]. We respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens

8Data Security

We implement appropriate security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

While we take reasonable precautions, no system is 100% secure. Please use strong passwords and keep your login credentials safe.

9Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.

10Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will notify you via email or website notification.

11Contact Us

For any privacy-related questions, requests, or concerns:

Email: [email protected]

Address: Study Path, Kratonkade 710, 3024EX Rotterdam, Netherlands

Phone: +31 6 12 93 73 24

View Terms & Conditions