GDPR Compliance

Smart Job Quote is committed to ensuring the protection of your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Get Started Free

Free registration includes 10 credits to get you started!

GDPR Compliance

Last Updated: March 7, 2025

Table of Contents

1. Introduction to UK GDPR

The UK General Data Protection Regulation (UK GDPR) is the UK's data privacy law that governs how personal data should be handled. It is based on the EU GDPR but has been adapted for the UK context following Brexit. The UK GDPR works alongside the Data Protection Act 2018 to form the cornerstone of the UK's data protection framework.

At Smart Job Quote, we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with these regulations. This GDPR Compliance document explains how we adhere to the UK GDPR principles and outlines your rights under this legislation.

Note: This document should be read in conjunction with our Privacy Policy, which provides more detailed information about how we collect, use, and protect your personal data.

2. Key Principles of UK GDPR

The UK GDPR is based on seven key principles that guide how personal data should be processed. At Smart Job Quote, we adhere to these principles in all our data processing activities:

  • Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and in a transparent manner. We provide clear information about how we use your data in our Privacy Policy.
  • Purpose Limitation: We collect your data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
  • Data Minimization: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure that your personal data is accurate and, where necessary, kept up to date. We encourage users to inform us of any changes to their personal data.
  • Storage Limitation: We keep your personal data in a form that permits identification for no longer than is necessary for the purposes for which it is processed.
  • Integrity and Confidentiality (Security): We process your data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: We take responsibility for complying with the UK GDPR and can demonstrate this compliance through appropriate policies, procedures, and records.

3. Lawful Basis for Processing

Under the UK GDPR, we must have a valid lawful basis for processing your personal data. We rely on the following lawful bases for our processing activities:

  • Consent: We obtain your explicit consent for certain processing activities, such as sending marketing communications. You have the right to withdraw this consent at any time.
  • Contract: We process your data when it is necessary for the performance of a contract with you (e.g., when you create an account or purchase credits) or to take steps at your request before entering into a contract.
  • Legal Obligation: We process your data when necessary to comply with a legal obligation, such as tax laws or responding to a court order.
  • Legitimate Interests: We process your data when it is in our legitimate interests to do so, provided these interests are not overridden by your rights and freedoms. For example, we may process data for fraud prevention, network security, or direct marketing (subject to your right to object).

For each processing activity, we identify and document the appropriate lawful basis. More details about the specific lawful bases we rely on for different types of processing can be found in our Privacy Policy.

4. Individual Rights Under UK GDPR

The UK GDPR provides individuals with enhanced rights regarding their personal data. As a user of Smart Job Quote, you have the following rights:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal data, which we address through our Privacy Policy and this GDPR Compliance document.
  • Right of Access: You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Right to Rectification: You have the right to request that we correct any incomplete or inaccurate personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): In certain circumstances, you have the right to request that we delete your personal data. This is not an absolute right and depends on the circumstances and the lawful basis for processing.
  • Right to Restrict Processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data.
  • Right to Data Portability: For data processed based on consent or contract, you have the right to request that we provide you with your personal data in a structured, commonly used, and machine-readable format, or that we transmit it directly to another controller where technically feasible.
  • Right to Object: You have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

We will respond to all requests to exercise these rights within one month, as required by the UK GDPR. In complex cases, we may extend this period by up to two additional months, but we will inform you of any such extension within the first month.

5. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: We use encryption technologies to protect your data in transit and at rest.
  • Access Controls: We implement strict access controls to ensure that only authorized personnel can access personal data.
  • Regular Security Assessments: We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities.
  • Staff Training: Our staff receives regular training on data protection and security best practices.
  • Data Protection by Design and Default: We incorporate data protection principles into our systems and processes from the design stage and by default.
  • Data Minimization: We collect only the data that is necessary for the specific purpose and keep it only for as long as necessary.
  • Third-Party Assessments: We assess the data protection practices of third-party service providers before engaging them and include appropriate contractual clauses to ensure they comply with data protection requirements.

6. Data Breach Procedures

We have implemented procedures to detect, report, and investigate personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
  • Notify affected individuals directly if the breach is likely to result in a high risk to their rights and freedoms.
  • Document all breaches, including the facts relating to the breach, its effects, and the remedial action taken.

Our notification will include information about the nature of the breach, the categories and approximate number of individuals and records concerned, the likely consequences of the breach, and the measures taken or proposed to address the breach and mitigate its possible adverse effects.

7. International Data Transfers

The UK GDPR imposes restrictions on the transfer of personal data outside the UK. We ensure that any transfer of personal data outside the UK is subject to appropriate safeguards, such as:

  • Transfers to countries that have been deemed to provide an adequate level of protection by the UK government.
  • Transfers subject to appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the UK government.
  • Transfers based on derogations for specific situations, such as explicit consent or the performance of a contract.

We maintain a record of all international transfers and the safeguards in place for each transfer. More details about our international transfers can be found in our Privacy Policy.

8. Data Protection Officer

While we are not legally required to appoint a Data Protection Officer (DPO) under the UK GDPR, we have designated a data protection contact person who is responsible for overseeing our data protection strategy and implementation to ensure compliance with the UK GDPR.

Our data protection contact can be reached at privacy@smartjobquote.com for any data protection-related queries or concerns.

9. Children's Data

The UK GDPR provides specific protection for children's personal data. Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.

If you are a parent or guardian and you believe that your child has provided us with personal data without your consent, please contact us at privacy@smartjobquote.com.

10. How to Exercise Your Rights

You can exercise your rights under the UK GDPR by contacting us at privacy@smartjobquote.com or by writing to us at the address provided in the Contact Us section below. To help us process your request efficiently, please:

  • Clearly state which right(s) you wish to exercise.
  • Provide sufficient information to identify yourself (we may need to verify your identity to process your request).
  • Provide any additional information that may help us respond to your request more efficiently.

We will respond to your request within one month of receipt. If we need more time due to the complexity or number of requests, we will inform you of the extension within the first month.

There is generally no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we may refuse to comply with your request in these circumstances.

11. Information Commissioner's Office

The Information Commissioner's Office (ICO) is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

If you are not satisfied with our response to your request or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the ICO. You can contact the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

12. Updates to This Policy

We may update this GDPR Compliance document from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new version on our website and updating the "Last Updated" date at the top of this document.

We encourage you to review this document periodically to stay informed about how we are protecting your personal data.

13. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at: contact@smart-job-quote.co.uk