Start free trial

GDPR & Data Protection

Your rights under UK GDPR, the lawful bases we rely on, and how to put them to use.

Last updated 1 June 2026 6 min read

Overview

Job Manager is built and run in the UK, and we take data protection seriously. This page explains how we meet the UK GDPR and the Data Protection Act 2018, and how you (and the people whose details you store) can exercise your rights.

The short version: your customer records are processed on your instructions, kept in the UK, and you can access, export or delete personal data whenever you need to.

Controller or processor?

For your account details (your name, email, billing) we're the data controller. For the customer data you put into Job Manager, you're the controller and we're your processor — we only handle it to provide the service, on your instructions.

Your rights

Under UK GDPR you have the following rights. Most are self-serve in the app; for anything else, email us and we'll act within one month.

RightWhat it meansHow to use it
AccessGet a copy of your dataExport from the app, or ask us
RectificationCorrect anything wrongEdit in the app, or ask us
ErasureHave personal data deletedDelete in the app, or ask us
PortabilityTake your data elsewhereExport to CSV
Restrict / ObjectLimit or object to processingEmail us

Lawful bases

We only process personal data where we have a lawful basis to do so:

  • Contract — running your account, jobs and billing.
  • Legitimate interest — keeping the service secure, reliable and improving.
  • Consent — optional marketing emails, which you can opt out of at any time.

Where your data lives

All customer data is stored within the United Kingdom. We don't transfer it outside the UK or EEA, and if that ever changed we'd put the proper safeguards in place and tell you first.

Sub-processors

We use a small, carefully chosen set of sub-processors to run the service — UK hosting, a PCI-compliant payment processor, and email delivery. Each is bound by a data-processing agreement, and we'll give notice before adding or changing one.

Data Processing Agreement

If your business needs a signed Data Processing Agreement (DPA) covering the Article 28 terms, we're happy to provide one — just ask. Many of our customers don't need a separate document, as these terms already set out how we handle data.

Breach notification

If a personal data breach ever occurs that's likely to put people at risk, we'll notify the Information Commissioner's Office within 72 hours where required, and tell affected customers without undue delay.

Contact us

To make a data request or ask a question, email support@ssaw.uk. You can also complain to the Information Commissioner's Office, though we'd like the chance to help first.