Project Gateway is committed to protecting the personal data of all users, including residents of the European Union. This page explains how we comply with the EU General Data Protection Regulation (GDPR) and how it intersects with our obligations under the Philippine Data Privacy Act of 2012 (Republic Act 10173).
The General Data Protection Regulation (GDPR) is a regulation of the European Union that governs the collection, storage, processing, and transfer of personal data belonging to individuals in the EU and European Economic Area (EEA). Although Project Gateway is based in the Philippines, the GDPR applies to us whenever we process the personal data of EU residents, regardless of where our business is located.
Our primary data protection obligations are governed by Republic Act 10173 (Data Privacy Act of 2012) of the Philippines. Where the GDPR applies to our users, we apply its standards alongside Philippine law, taking the stricter standard in each case.
Project Gateway processes personal data in accordance with the following principles, required under both the GDPR and RA 10173:
Under the GDPR, we rely on the following legal bases when processing personal data of EU residents:
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.
We implement the technical and organizational security measures required under Article 32 of the GDPR, including:
If you are a resident of the EU or EEA, the GDPR grants you the following rights in relation to your personal data:
Request a copy of the personal data we hold about you (Art. 15).
Request correction of inaccurate or incomplete data (Art. 16).
Request deletion of your personal data where there is no compelling reason for its continued processing (Art. 17).
Request that we limit how we process your data in certain circumstances (Art. 18).
Receive your data in a structured, machine-readable format and transfer it to another controller (Art. 20).
Object to processing based on legitimate interests or for direct marketing purposes (Art. 21).
To exercise any of these rights, submit a request to info@projectgateway.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority in the EU.
Project Gateway operates from the Philippines, which means that processing your personal data involves a transfer of data outside the EU/EEA. Where such transfers occur, we rely on one or more of the following safeguards as required by Chapter V of the GDPR:
In the event of a personal data breach that poses a risk to the rights and freedoms of EU residents, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in high risk, we will also notify affected individuals without undue delay as required by Article 34.
Where we act as a data processor on behalf of a controller (for example, when a dental clinic uses our platform to manage patient recall data), we are prepared to enter into a Data Processing Agreement (DPA) that satisfies the requirements of Article 28 of the GDPR. To request a DPA, contact info@projectgateway.com.
Our ongoing GDPR compliance program includes:
For GDPR-related inquiries, data subject rights requests, or to request a Data Processing Agreement, contact:
Project Gateway
Email: info@projectgateway.com
Website: projectgateway.ph
EU residents may also lodge a complaint with their local supervisory authority. A directory of EU data protection authorities is available at edpb.europa.eu.