Career Risk Report — Home
ENES
Career Risk ReportBack to home

Privacy Notice

Last updated: June 2026

1. Who we are

CC, trading as Career Risk Report, is the data controller for your personal data. We are responsible for deciding how your personal information is collected, used and protected when you use our website and services.

2. What personal data we collect

We collect the following categories of personal data:

  • Identity and contact data: name, email address, and any information you provide during account registration.
  • Professional profile data: role, responsibilities, industry, skills, career history and geographic location submitted through the assessment questionnaire.
  • Transaction data: purchase history, payment confirmation details, and billing email address.
  • Usage and technical data: IP address, browser type and version, device identifiers, pages visited, time spent on pages, and referral source.
  • Support data: messages, feedback, or inquiries submitted to our support channels.

3. How we use your data

We use your personal data for the following purposes:

  • To create and manage your account and provide the career risk assessment service.
  • To generate and deliver your personalised strategic intelligence report.
  • To process payments and maintain records of transactions.
  • To detect and prevent fraud, abuse, and security incidents.
  • To improve our product, analyse usage patterns, and develop new features.
  • To respond to your inquiries and provide customer support.
  • To send service-related communications (not marketing) such as report delivery and access expiry reminders.

4. Legal basis for processing

We process your personal data on the following legal bases:

  • Contract performance: processing necessary to deliver the assessment and report you have purchased.
  • Legitimate interests: fraud prevention, service improvement, network security, and enforcing our terms.
  • Consent: where you have explicitly opted in to receive marketing communications.
  • Legal obligation: compliance with applicable tax, accounting, and regulatory requirements.

5. Who we share data with

We do not sell your personal data. We share it only with the following categories of recipients:

  • Paddle.com Market Ltd. — our payment processor and Merchant of Record for payment processing, tax calculation and remittance, fraud prevention, dispute handling and invoicing. Paddle acts as an independent data controller for the payment data it collects.
  • Service providers / subprocessors — hosting, analytics, error reporting, and customer support tooling providers who process data on our behalf under contractual confidentiality and security obligations.
  • Professional advisers — legal, accounting, and insurance advisers where necessary to protect our interests or comply with legal obligations.
  • Authorities — regulators, courts, or law enforcement agencies where required by law or to protect our legal rights.

6. International data transfers

We are based in the United Kingdom and Switzerland, and some of our service providers operate in the United States and the European Economic Area. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions recognised under UK and EU law.

7. Data retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, tax, and accounting requirements. Assessment data and reports are retained for the duration of your access window (30 days from purchase) plus a reasonable period to handle support queries and disputes. Account and transaction records are retained for at least six years to comply with tax and accounting obligations. When data is no longer needed, it is securely deleted or anonymised.

8. Your rights

Under applicable data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of your personal data in certain circumstances.
  • Restrict or object to processing of your data.
  • Request portability of your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority, such as the UK Information Commissioner’s Office (ICO) or your local data protection authority.

We aim to respond to all requests within one month. To exercise your rights, contact us at privacy@careerriskreport.com.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), access controls, pseudonymisation where practicable, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Cookies and similar technologies

We use essential cookies and similar technologies to operate our website, maintain security, and understand aggregate usage. Analytics cookies are used only with your consent. You can manage your cookie preferences through your browser settings.

11. Changes to this notice

We may update this Privacy Notice from time to time. The latest version will always be available on this page with the updated date. Material changes will be communicated to registered users via email.

12. Contact us

If you have any questions about this Privacy Notice or how we handle your data, please contact us at privacy@careerriskreport.com.