Privacy policy for Teamtailor's employer branding and recruitment
Date of publication: 12-11-2024
We at Teamtailor manage our employer branding and recruitment process through our career site (the “Career Site”), and by using a related applicant tracking system.
In this privacy policy, we explain how we process your personal data if:
- You visit our Career Site (you being a “Visitor”)
- You connect with us via our Career Site, to create a profile with us and receive information about current or future vacancies with us (you being a “Connecting Candidate”)
- You apply for a position with us, via our Career Site or a third party service (you being an ”Applying Candidate”)
- We collect information about you from other parties, sites and services, since we believe your profile is of interest for our current or future vacancies (you being a “Sourced Candidate”)
- We receive information about you from our employees or partners, since they believe your profile is of interest for our current or future vacancies (you being a “Referred Candidate”)
- We receive information about you from a Candidate, who lists you as their reference (you being a “Reference”).
This privacy policy also describes what rights you have when we process your personal data, and how you can exercise these rights.
When we use the term “Candidate” in this privacy policy, we are referring to each of Connecting Candidates; Applying Candidates; Sourced Candidates; and Referred Candidates, unless it’s stated otherwise.
When we use the terms “Teamtailor”, “we” or “us” in this privacy policy, we are referring to Teamtailor AB, Östgötagatan 16, 11621 Stockholm, Sweden, registered with the Swedish Companies Registration Office under company number 556936-6668.
1. About processing of personal data
Personal data is all information that can be directly or indirectly linked to a living, physical person. Examples of personal data are: name, e-mail address, telephone number and IP address. Processing of personal data is any automated use of personal data - such as collecting, creating, analyzing, sharing, and deleting personal data.
There are laws and regulations on how companies may process personal data, so-called data protection laws. Different data protection laws apply to different types of use of personal data, and in different parts of the world. An example of a data protection law that is relevant for our use of your personal data, as described in this privacy policy, is the EU Data Protection Regulation (2016/679, “GDPR”).
Most obligations under the GDPR apply to the so-called data controller. A data controller is the entity that decides for which purposes personal data will be processed, and how the processing will be executed. The data controller can use a so-called data processor. A data processor is an entity that is only allowed to process personal data as instructed by the data controller, and may not use the personal data for its own purposes.
We are the data controller when we process your personal data as described in this Privacy policy.
As described in section 4 and 5 below, we sometimes search for and assess candidates of interest for current and future open positions with other entities in the Teamtailor group. In these cases, we are joint data controllers with the entity who you will ultimately be hired by. For more information about this, see sections 4 and 5 below.
2. What personal data do we process?
All individuals
- Device information - If you visit our Career Site, we will collect information about your device, such as IP address, browser type and version, session behaviour, traffic source, screen resolution, preferred language, geographic location, operating system and device settings/usage.
- Technical and statistical data - If you visit our Career Site, we will collect technical and statistical data about your use of the site, such as information about which URLs you visit, and your activity on the site.
- Communications data - We will collect and store your communication with us, including the information you provided in the communication. This may include the content of emails, video recordings, messages on social media, the information you add to your account with us, surveys, etc.
- Contact details - Such as your name, email address, telephone number and physical address.
Candidates
- Data from interviews, tests, assessments and other information from the recruitment process - Such as notes from interviews with you, assessments and tests made, salary requirements.
- Information in your application - Such as your CV, cover letter, work samples, references, letters of recommendation and education.
- Information in your public profile - Meaning the information we collect about you from public sources related to your professional experience, such as LinkedIn or the website of your current employer.
- Information provided by References - Meaning the information we receive from our employees or partners who refer you to us, or by the persons you have listed as your References.
- Information in a background check - This normally includes your contact details, your credit history and criminal records history.
3. Where do we receive your personal data from?
All individuals
- From the Career Site. If you visit our Career Site, we collect technical and statistical information about how you use the Career Site, and information from your device.
- Directly from you. Most of the information we process about you, we receive directly from you, for example when you apply for a position with us or connect with us. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to process your application or provide you the information you request to get from us.
References
- From the person for whom you are a Reference. If a Candidate lists you as their Reference, we will collect your contact details from the candidate to be able to contact you.
Candidates
- From public sources. We may collect personal data about you from public sources, such as LinkedIn or the website of your current employer.
- From our references. We may receive information about you from our employees or partners (such as recruitment service providers), when they believe your profile is of interest for our current or future vacancies.
- From your References. If you provide us with References, we may collect information about you from them.
- Data we create ourselves or in cooperation with you. Information about your application and profile is usually created by us, or by us in cooperation with you, during the recruitment process. This may for example include notes from interviews with you, assessments and tests made.
4. What do we use your personal data for, and on what legal basis?
Protect and enforce our rights and interests, and the interests of others, for example in connection with legal claims.
Affected individuals: The individual(s) affected by the legal issue - this may include persons from all categories of individuals listed above.
Categories of personal data used: All the categories of personal data listed above can be used for this purpose.
Legal basis: The legal basis depends on the specific context, but will normally be either that the processing is necessary for compliance with a legal obligation to which we are subject; or a balancing of interests, based on legitimate interests pursued by us or by a third party.
Share your personal data with other recipients, for the purposes mentioned in Section 5 below.
Affected individuals: Varies depending on the purpose of the sharing, see Section 5 below.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Legal basis: When sharing your personal data with our service providers and with our group companies: A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates. When sharing your personal data with companies providing cookies: See the headline just below. When sharing your personal data with authorities, other public actors or otherwise to parties involved in legal proceedings: See the headline just above.
Collect information about your use of the Career Site, using cookies and other tracking technologies, as described in our Cookie Policy.
Affected individuals: Visitors.
Categories of personal data used: Device information.
Legal basis: For necessary cookies, a balancing of interests, based on our legitimate interest in being able to provide our Career Site to those visiting it. For cookies used for all other purposes: Your consent.
Maintain, develop, test, and otherwise ensure the security of the Career Site.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical data.
Legal basis: A balancing of interests, based on our legitimate interest in being able to provide a safe, secure and compliant Career Site.
Analyse how the Career Site and its content is being used and is performing, to get statistics and to improve operational performance.
Affected individuals: Visitors.
Categories of personal data used: Device information; Technical and statistical data.
Legal basis: A balancing of interests, based on our legitimate interest in being able to develop and improve our Career Site.
Provide you with general updates about vacancies with us or with other entities in the Teamtailor group.
Affected individuals: Connecting Candidates.
Categories of personal data used: Contact details; Communications data.
Legal basis: A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates.
Review profiles and applications sent to us. This also includes communicating with you about your application and profile.
Affected individuals: Connecting Candidates; Applying Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Legal basis: A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates.
Collect and evaluate your professional profile on our own initiative. This also includes communicating with you regarding your profile.
Affected individuals: Sourced Candidates; Referred Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Legal basis: A balancing of interests, based on our legitimate interest in finding the best possible candidate for open positions with us.
Consider you for, and contact you about future vacancies with us or with other entities in the Teamtailor group.
Affected individuals: Candidates who have given us their consent to this processing.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose.
Legal basis: Your consent.
Record and transcribe the interview(s) with you.
Affected individuals: Candidates.
Categories of personal data used: Communications data.
Legal basis: Your consent.
Ask you to complete the test(s) relevant for the position you are considered for, and evaluate the results of the tests.
Affected individuals: Candidates.
Categories of personal data used: Data from interviews, tests, assessments and other information from the recruitment process.
Legal basis:A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates.
Perform a so-called background check, when you are offered a position for which a background check is necessary.
Affected individuals: Candidates who have been offered a position which requires a background check. The exact content and circumstances of the background check differs depending on the location and position. We will inform you about the content and circumstances before we conduct the background check.
Categories of personal data used: Information in a background check.
Legal basis: A balancing of interests, based on our legitimate interest in protecting Teamtailor’s assets and information.
Contact you to ask for your participation in surveys
Affected individuals: Candidates.
Categories of personal data used: All the categories of personal data listed above may be used for this purpose, except for Information in a background check.
Legal basis: A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates.
Contact a Reference to ask the Reference to provide information about a Candidate, and evaluate the information the Reference provides.
Affected individuals: References, Candidates.
Categories of personal data used: For References: Contact details; Communications data. For Candidates: Information provided by References.
Legal basis: A balancing of interests, based on our legitimate interest in creating an effective, smooth and thorough recruitment process for Teamtailor and for our Candidates.
5. Whom do we share your personal data with?
Our service providers. We share your personal data with our suppliers who provide services and functionality in our employer branding- and recruitment process. This includes:
- The suppliers used to provide our Career Site and applicant tracking system. These suppliers act as our data processors when processing your personal data.
- The partner used to conduct background checks, when required in the recruitment process. This partner is called To Find Out AB, and they act as a data controller when processing your personal data.
- The partner used to conduct tests, when required in the recruitment process. This partner is called Alva Labs AB, and they act as a data controller when processing your personal data.
Our group companies. We share your personal data with our group companies, when they provide us services and functionality to our employer branding- and recruitment process, such as access to particular systems and software.
We also share your personal data with other companies in the Teamtailor group when another group company is hiring for the position that you have applied for, or are otherwise of interest for. In these cases, Teamtailor AB and the other group company are joint data controllers for the processing of your personal data.
Companies providing cookies on the Career Site. If you consent to it, cookies are set by other companies than us, who will use the data collected by these cookies in accordance with their own privacy policy. You can find information about which cookies this applies to in our Cookie Policy.
To authorities and other public actors - when we are ordered to do so. We will share your personal data with authorities and other public actors when we have a legal obligation to do so.
To parties involved in legal proceedings. If needed to protect or defend our rights, we share your personal data with public authorities or with other parties involved in a potential or existing legal proceeding. This can for example be in case of discrimination claims.
Mergers and acquisitions etc. In connection with a potential merger, sale of company assets, financing, or acquisition of all or part of our business to another company, we may share your personal data to other parties involved in the process.
6. When do we transfer your personal data outside of the EU/EEA, and how do we protect it then?
We always strive to process your personal data within the EU/EEA area.
However, some of our service providers process your personal data outside of the EU/EEA. We also use suppliers whose parent company, or whose subcontractor’s parent company, is based outside the EU/EEA. In these cases, we have taken into account the risk that the personal data may be disclosed to countries outside the EU/EEA, for example because of an authority request.
In cases where another recipient of your personal data (as described in Section 5 above) is based outside the EU/EEA, this will also mean that your personal data is transferred outside the EU/EEA.
When we, or one of our suppliers, transfer your personal data outside the EU/EEA, we will ensure that a safeguard recognized by the GDPR is used to enable the transfer. We use the following safeguards:
- A decision by the EU Commission that the country outside of the EU/EEA to which your personal data is transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR. In particular, we rely on the EU Commission’s adequacy decision for the US via the so-called EU-US Data Privacy Framework, and the adequacy decision for the UK.
- Entering into the EU Commission’s standard clauses with the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the GDPR still applies, and that your rights are still protected.
When your personal data is transferred outside the EU/EEA, we also implement appropriate technical and organizational safeguards, to protect the personal data in case of a disclosure. Exactly which protective measures we implement depends on what is technically feasible, and sufficiently effective, for the particular transfer.
If you want more information about the cases in which your personal data is transferred outside the EU/EEA you can contact us using the contact details in Section 10 and 11 below.
7. For how long do we keep your personal data?
All individuals
If we process your personal data for the purpose of being able to protect and enforce our rights, we will keep your personal data until the relevant legal issue has been fully and finally resolved.
Visitors
We keep your personal data for one (1) year for security purposes. The retention periods for cookies are set out in our Cookie Policy. We keep your personal data to analyse the performance of the Career Site for as long as we keep personal data about you for other purposes.
Candidates
If you are a Connecting Candidate or Applying Candidate we keep your personal data for twenty four (24) months after the point in time that you connected with us, respectively applied for a position with us. After this time period, we will ask you again whether you give us your permission to keep it for another twenty four (24) months. If you don’t give us permission to keep your data, we will delete it after ninety (90) days.
If you are a Sourced Candidate or Referred Candidate, we will send you an email that asks for permission to keep your data shortly after we have collected it. If you don’t give us permission to keep your data, we will delete it after ninety (90) days. If you give us permission to keep your data, we will keep it for twenty four (24) months. After this time period, we will ask you again whether you give us your permission to keep it for another twenty four (24) months. If you don’t give us permission to keep your data, we will delete it after ninety (90) days.
However, we delete the personal data of all Candidates who have not taken any action (e.g. contacted us, logged in to their profile etc.), and with whom we have not taken any action (e.g. contacted the Candidate, considered the Candidate for a job), for three (3) years since the latest action/activity.
If you are hired, we will keep your personal data during your employment, for other purposes than those stated above, which you will be informed of once you have started your employment with us.
References
We keep your personal data for as long as we keep the personal data of the Candidate for whom you acted as a Reference.
8. AI Services
When processing personal data for some of the purposes mentioned in Section 4 above, we use services that utilise artificial intelligence (AI) (“AI Services”), as follows:
Reviewing profiles and applications sent to us. This also includes communicating with you about your application and profile.
When processing personal data for this purpose, we use AI Services to:
- Generate a summary of applications that we receive.
- Create drafts of messages to Candidates, e.g. when a Candidate is not selected for a position.
- Summarize video meetings held with Candidates, based on the transcript from the video meeting - when there is such a transcript.
- Auto-complete particular pre-set interview questions based on the transcript from the video meeting - when there is such a transcript.
Record and transcribe the interview(s) with you.
When processing personal data for this purpose, we use AI Services to:
- Transcribe the recording of our interview with a Candidate.
Consider you for, and contact you about, future vacancies with us or with other entities in the Teamtailor group.
When processing personal data for this purpose, we use AI Services to:
- Assess which Candidates in our existing pool of Candidates could be suitable for a particular position.
The service providers that we use for these AI Services act as our data processors. This means that they are not allowed to use your personal data for any purposes of their own, e.g. to train their AI models.
We use AI Services to support our own (human) decision making, but we don’t rely only on AI Services in making decisions that are important for a Candidate’s progress in the application process - see Section 9 below.
9. Profiling and automated decision making
When we take some actions with Candidates’ personal data, we use automated processing of personal data to evaluate how suitable a Candidate is for a particular position. These actions are:
- Using an AI Service to assess which Candidates in our existing pool of Candidates could be suitable for a particular position.
- Using automatic triggers to move a Candidate forward in the hiring process based on particular, pre-set conditions, such as the Candidate’s location, resume content or answers to questions.
This involves so-called profiling under the GDPR.
However, we do not rely only on automated decisions in making decisions that are important for a Candidate’s progress in the application process, for example whether to interview a particular Candidate. All such important decisions involve assessment (also) by one of our representatives, i.e. a human.
If you want information about whether we have performed any profiling of your personal data, and if so information about that profiling, you can request this information from us - see “Right to access your personal data” in Section 10 below.
If we have performed profiling of your personal data you can object to this profiling - see “Right to object against our processing of your personal data” in Section 10 below.
10. What rights do you have, and how can you exercise them?
In this section, you will find information about the rights you have when we process your personal data. As described below, some of the rights only come into play when we process your personal data under a particular legal basis.
If you want to exercise any of the rights listed here, we suggest that you:
- Visit the Data & Privacy page on our Career Site, where we offer features to let you exercise your rights;
- Log in to your account with us, where you can use the settings in the account to exercise your rights; or
- Contact us directly at joao.batista@teamtailor.com.
Right to be informed
You have the right to be informed about how we process your personal data. You also have the right to be informed if we plan to process your personal data for any purpose other than that for which it was originally collected.
We provide you with such information through this privacy policy, through updates on our Career Site (see also Section 12 below), and by answering any questions you may have for us.
Right to access your personal data.
You have the right to know if we process personal data about you, and to receive a copy of the data we process about you. In connection with receiving the copy of your data, you will also receive information about how we process your personal data.
Right to access and to request a transfer of your personal data to another recipient (“data portability”).
You can request a copy of the personal data relating to you that we process for the performance of a contract with you, or based on your consent, in a structured, commonly used, machine-readable format. This will allow you to use this data somewhere else, for example to transfer it to another recipient. If technically feasible, you also have the right to request that we transfer your data directly to another recipient.
Right to have your personal data deleted (“right to be forgotten”).
In some cases, you have the right to have us delete personal data about you. This is for example the case if it’s no longer necessary for us to process the data for the purpose for which we collected it; if you withdraw your consent; if you have objected to the processing and there are no legitimate, overriding justifications for the processing. (For the separate right to object, see below.)
Right to object against our processing of your personal data.
You have the right to object to processing of your personal data which is based on our legitimate interest, by referencing your personal circumstances.
Right to restrict processing.
If you believe that the personal data we process about you is inaccurate, that our processing is unlawful, or that we don’t need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. If you object to our processing, as described just above, you can also request us to restrict processing of that personal data while we make our assessment of your request.
When our processing of your personal data is restricted, we will (with the exception of storage) only process the data with your consent or for the establishment, exercise or defence of legal claims, to protect the rights of another natural or legal person, or for reasons relating to an important public interest.
Right to rectification.
You have the right to request that we rectify inaccurate information, and that we complete information about you that you consider incomplete.
Right to withdraw your consent.
When we process your personal data based on your consent, you have the right to withdraw that consent at any time. If you do so, we will stop processing your data for the purposes you’ve withdrawn your consent for. However, it doesn’t affect the lawfulness of processing that was based on your consent before it was withdrawn.
Right to raise a complaint.
If you have complaints about our processing of your personal data, you can raise a complaint with the data protection authority in Sweden. You can find their contact details here.
You can also lodge a complaint with your national data protection authority, which you can find listed here if you are based in the EU. If you are based in the UK, you can lodge a complaint with the Information Commissioner’s Office, here.
11. Where can you turn with comments or questions?
If you want to get in touch with us to exercise your rights, or if you have any questions, comments or concerns about how we handle your personal data, you can reach us by sending an email to joao.batista@teamtailor.com.
Teamtailor also has a Data Protection Officer (DPO) who monitors our compliance with the GDPR. Teamtailor’s DPO can be reached by email to dpo@teamtailor.com.
12. Updates to this Privacy policy
We update this privacy policy when necessary - for example, because we start processing your personal data in a new way, because we want to make the information even clearer to you, or if it’s necessary to do so in order to comply with applicable data protection laws.
We encourage you to regularly check this page for any changes. You can always check the top of this page to see when this privacy policy was last updated.