Looking after your data
Cybersecurity overview
We know how important your data is to you. At Path, protecting your data is one of our highest priorities. We have robust cybersecurity measures in place to ensure your information remains safe and secure at all times.
Access control
We strictly limit access to personal data. Only authorised members of staff who require access to perform their duties are permitted to view or handle sensitive client information.
Where necessary, we may also share relevant personal data with trusted external professional advisers, such as lawyers, insurers, compliance consultants or auditors, for purposes including obtaining legal advice, handling complaints, managing claims, meeting regulatory obligations, or protecting our legal rights.
Any such sharing is limited to the information reasonably required for the specific purpose, carried out under an appropriate lawful basis, and subject to suitable confidentiality, security and data protection safeguards. We use secure, company-approved methods when transferring personal data to external advisers and expect those advisers to handle the information in accordance with applicable data protection law and professional obligations.
Email and phishing protection
To prevent fraud, we never act on sensitive requests (e.g., transfers or account changes) based solely on email. We always verify such requests through a secondary communication channel before taking any action.
Proactive communication
We keep clients informed about digital risks and incorporate guidance on fraud prevention into our customer onboarding documentation.
Training and awareness
All of our staff must complete cybersecurity training each year. We also work with an external security provider to deliver ongoing training and simulated phishing exercises to ensure our team stays alert and informed.
Device and network security
We enforce strict security controls across all devices and networks used by our team, helping prevent unauthorised access and ensuring data integrity.
Mandatory VPN use for all staff ensures secure, encrypted access protecting sensitive data from cyber threats and maintaining data integrity regardless of location. This is essential for preventing data breaches, particularly for remote workers and for creating a consistent, secure network across our office locations.
Data storage and transmission
Your data is only stored and transmitted using secure, company-approved platforms, such as encrypted portals or secure cloud services. We do not send sensitive information via unencrypted email.
Where we need to share personal data with external professional advisers, regulators or other authorised third parties, we do so only where necessary, using secure transfer methods and with appropriate safeguards in place.
Regular updates and patching
We keep all our systems—including operating systems, applications and web browsers—up to date with the latest security patches to protect against emerging threats.
Incident response
Internal procedures are in place to respond swiftly to any suspected data breach. Our goal is to minimise risk and ensure full transparency where appropriate.
If a breach occurs affecting your personal data, we will notify you promptly, investigate and take steps to mitigate harm.
Artificial Intelligence (AI)
We comply with UK GDPR and the Data Protection Act to ensure your data rights are respected.
Registered with the Information Commissioner’s Office, reference ZA613446.
Let us know if you have any questions or concerns about our cybersecurity practices or AI policy by emailing hello@thepath.co.uk.
A COLLECTIVE CALL FOR CHANGE
Our accreditations and memberships
RISK WARNING
As always with investments, your capital is at risk. The value of your investment can go down as well as up, and you may get back less than you invest. This information should not be regarded as financial advice.







