TeamJara is committed to handling personal data responsibly and in accordance with applicable data protection law. We are registered with the Information Commissioner's Office (ICO) and operate in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
In the majority of our engagements, TeamJara staff work within client systems and platforms, operating under the client's own data governance framework. In these cases, the client remains the data controller and TeamJara operates as a data processor, following the client's documented rules, access controls, and data handling standards. We do not extract, duplicate, or store client data outside of the systems in which we are provisioned to work.
TeamJara is the trading name of Skilled People Services Limited, a private limited company registered in England and Wales. We act as a data controller in respect of personal data we collect and process in connection with our own business operations, and as a data processor where we handle personal data on behalf of our clients.
In the course of providing managed business support services, TeamJara may process personal data relating to:
The categories of data processed depend on the nature of the support function and are defined within the scope of each client engagement.
TeamJara processes personal data only where a lawful basis exists under UK GDPR. Depending on the context, this may include:
We do not process personal data for purposes incompatible with the basis on which it was collected.
TeamJara staff are provisioned access to client systems only to the extent required by the agreed support function. That access is:
Client data is not held, duplicated, or stored independently by TeamJara outside of the systems in which we are provisioned to work. We do not use client data for any purpose beyond the delivery of the agreed support function.
Where TeamJara acts as a data processor on behalf of a client, we process personal data only on the documented instructions of that client and within the systems and frameworks the client operates. Our obligations as a data processor are set out in a Data Processing Agreement, which forms part of our client engagement documentation.
All staff involved in processing client data are bound by appropriate confidentiality obligations and have received data protection training. This applies equally to all members of the TeamJara delivery team, including any support capacity provided through our wider operational network.
Personal data relating to our own business operations is retained only for as long as necessary for the purpose for which it was collected, or as required by law. Retention periods are defined in our internal data retention policy. Data that is no longer required is securely deleted or destroyed
Where TeamJara operates within client systems, data retention is governed by the client's own policies. TeamJara does not independently retain client data beyond the engagement.
TeamJara maintains appropriate technical and organisational measures to protect personal data in the context of how we operate. In client engagements, the primary security environment is the client's own systems and controls. TeamJara's measures cover how we operate within and around those environments, including:
Our information security practices are aligned to ISO 27001 principles.
Individuals whose personal data we hold in connection with our own business operations have rights under UK GDPR, including the right to access, correct, restrict, or request deletion of their data. Where data is held within client systems, the relevant data controller is the client, and requests should be directed to them in the first instance.
Requests relating to data held by TeamJara directly can be made by contacting us at the address below. We will respond within the timeframes required by law.
TeamJara has a documented procedure for identifying, managing, and reporting personal data breaches. Where a breach occurs within a client system during the course of a TeamJara engagement, we will notify the client promptly so that they can fulfil their obligations as data controller.
Where a breach relates to data held by TeamJara directly and meets the threshold for notification, we will report to the ICO within 72 hours and notify affected individuals where required
TeamJara's delivery is led and managed from the UK. Where wider operational support capacity is utilised, we ensure that appropriate safeguards are in place for any transfer of personal data outside the UK, in accordance with UK GDPR requirements.
This includes the use of standard contractual clauses or other approved transfer mechanisms where applicable. Access to client systems by any non-UK based support capacity is subject to the same scoping, controls, and confidentiality obligations that apply across the TeamJara delivery team.
TeamJara uses a limited number of third-party tools and services in the delivery of its operations. Where these involve the processing of personal data, appropriate data processing agreements are in place.
Where TeamJara engages wider operational support capacity as part of service delivery, those individuals or teams are bound by the same data protection obligations as the core TeamJara team and are treated as sub-processors under our Data Processing Agreements. A list of sub-processors is available on request.
TeamJara is registered with the Information Commissioner's Office. Our registration number is available on request and can be verified on the ICO public register.
For any data protection enquiries, to exercise your rights, or to request a copy of our Data Processing Agreement, please contact us at:
TeamJara (Skilled People Services Limited)
Hentease House, 13 Hanbury Road, Bristol, England, BS8 4PN
privacy@teamjara.co.uk
This statement is reviewed periodically and updated where necessary to reflect changes in our practices or applicable law. The date of the most recent review is shown at the top of this page.
Yes. TeamJara is registered with the Information Commissioner's Office. Our registration can be verified on the ICO public register.
Data protection responsibilities are managed at a senior level within TeamJara. Any data protection queries, subject access requests, or concerns can be directed to us directly and will be handled in accordance with UK GDPR requirements.
engagement, all access to client systems is removed and any personal data held by TeamJara in connection with that engagement is handled in accordance with our data retention policy and the terms of the Data Processing Agreement.
Yes. A Data Processing Agreement forms part of our standard client engagement documentation. It can be provided ahead of engagement for due diligence purposes. Contact us to request a copy.