GDPR & Data Subject Rights

CAREERSBAR LTD processes personal data in line with the UK GDPR and the Data Protection Act 2018. This page is a plain-English summary of your rights and how to exercise them; the full detail lives in our Privacy Policy.

Data Protection Officer: The Director, CAREERSBAR LTD (Data Protection Officer). Contact: privacy@careersbar.com.

Right of access — request a copy of the personal data we hold about you. Use the self-service data export in Dashboard → Settings, or email us.

Right to rectification — correct inaccurate data. Most account fields are editable in your profile; email us for anything else.

Right to erasure — delete your account from Dashboard → Settings. We anonymise your personal data promptly, cancel any active subscription, and retain only records we are legally required to keep (e.g. invoices for 6 years).

Right to restriction and objection — ask us to pause or stop processing based on legitimate interests.

Right to data portability — your export is delivered in machine-readable JSON.

Right to withdraw consent — unsubscribe from marketing in any email or in settings; change cookie choices via the footer link.

Rights related to automated decision-making — we do not make legally significant decisions about you by purely automated means.

Self-service: data export and account deletion are available in Dashboard → Settings and are fulfilled automatically.

Email: send requests to privacy@careersbar.com. We verify identity, respond within one calendar month, and never charge for a first request.

If you are unhappy with our response you can complain to the Information Commissioner's Office at ico.org.uk or 0303 123 1113.

Contract — account, subscription, billing, support.

Legitimate interests — security, fraud prevention, product analytics.

Consent — marketing email, non-essential cookies, AI features where flagged.

Legal obligation — tax and accounting records, responses to lawful requests.

Active accounts: retained while the account exists.

Deleted accounts: anonymised promptly; invoices kept 6 years (HMRC); security audit logs up to 12 months.

Data export files: deleted 7 days after generation.

Consent records: kept as evidence of compliance for as long as legally useful.

We use a short list of subprocessors (see /subprocessors). Transfers outside the UK rely on adequacy regulations or standard contractual clauses with the UK addendum. Organisation customers can sign our DPA at /dpa.