Legal

Data Processing Agreement

Last updated: February 2026

1. Definitions

  • "Controller" refers to you, the user, who determines the purposes and means of processing personal data through your use of the Service.
  • "Processor" refers to WhatToDoIfAITakesMyJob.com, which processes personal data on behalf of the Controller.
  • "Data Subject" refers to any identified or identifiable natural person whose personal data is processed.
  • "Personal Data" means any information relating to an identified or identifiable natural person.

2. Scope and Purpose

This agreement governs the processing of personal data that occurs when you use our job risk analysis and career transition tools. Data processing activities include:

  • Processing job title inputs to generate risk assessments.
  • Storing email addresses for newsletter delivery and report delivery.
  • Processing payment data through third-party payment processors.
  • Aggregating anonymized usage data for service improvement.

3. Data Subject Rights

We support the exercise of data subject rights as required by applicable law, including:

  • Right of access to personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing.

Requests can be submitted to privacy@whattodoifaitakesmyjob.com and will be addressed within 30 days.

4. Sub-Processors

We may engage the following categories of sub-processors to assist in delivering the Service:

  • Cloud infrastructure providers (hosting and data storage)
  • Payment processors (transaction handling)
  • Email service providers (communication delivery)
  • Analytics providers (anonymized usage tracking)

All sub-processors are bound by data processing agreements that provide protections no less stringent than those described here.

5. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls limiting data access to authorized personnel.
  • Regular security assessments and monitoring.
  • Incident response procedures for potential data breaches.

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, we will notify the affected parties and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law.

7. International Data Transfers

If personal data is transferred outside of your jurisdiction, we ensure that appropriate safeguards are in place, including standard contractual clauses or other mechanisms recognized by applicable data protection authorities.

8. Term and Termination

This agreement remains in effect for as long as we process personal data on your behalf. Upon termination, we will delete or return all personal data within 30 days, unless retention is required by law.

9. Contact

For questions about data processing, contact our data protection team at privacy@whattodoifaitakesmyjob.com.