Privacy and Data Policy
Company: Teamther Ascent Ltd. (referred to hereafter as “Teamther.ai,” “We,” or “Our”)
Data Protection Contact: Support @ teamther.ai
Registered Address: 8th Floor, 8-12 Hennessy Rd, Wan Chai, Hong Kong
Date: 1rst January 2026
Introduction
Teamther.ai is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy explains how we process personal data as a provider of the AI-Assisted CV Screening and Rating Service.
This policy is designed to comply with the European Union’s General Data Protection Regulation (GDPR), as well as other international data protection standards.
1. Roles under GDPR (EU/UK Users)
As a data processing tool for your recruitment process, our roles are defined as follows:
1.1 The Client (You): Data Controller
As a client using the Service (Employer or Recruitment Agency), you are the Data Controller of the Candidate Data.
- You determine the purposes and means of the processing of candidates’ personal data.
- It is your legal responsibility to ensure the lawfulness of the processing, including obtaining the necessary legal bases and consents, and providing the required privacy notices to candidates.
1.2 Teamther.ai (We): Data Processor
Teamther.ai acts as a Data Processor operating strictly on your documented instructions (defined in our General Terms of Service and the Data Processing Addendum, DPA). We process Candidate Data solely to provide you with the CV screening and evaluation Service.
2. Types of Data We Process
We process two main categories of data: Candidate Data (processed as a Processor) and User/Account Data (processed as a Controller).
2.1 Candidate Data (Processing as a Processor)
This data is uploaded by the User (you) and is necessary for the Service to function.
- The complete content of the CVs.
- Identification and contact data (names, email addresses, phone numbers) contained within the documents.
- Information on professional experience, education, skills, and certifications.
- All other application metadata and information that you transmit to us.
2.2 User and Account Data (Processing as a Controller)
This data is collected directly from you (the client company) for contract management, billing, and Service access. It includes:
- Registration Data: Company name, main contact details (name, professional email address, professional phone number).
- Billing Data: Billing address, payment information (processed by a secure third-party payment service provider and not stored directly by Teamther.ai).
- Usage Data: Connection logs, IP address, browser type, pages viewed, and timestamps. This data is used to improve the performance and security of the Service.
3. Purposes and Legal Bases for Processing
3.1 For Candidate Data (Data Processor)
- Purpose: To provide the CV screening Service, generate the AI Score/Insights, and organize the data for recruitment.
- Legal Basis (GDPR): The performance of the service contract concluded with the Data Controller (you).
3.2 For User and Account Data (Data Controller)
- Purposes:
- Account management, authentication, and provision of the Service.
- Billing and subscription administration.
- Communication regarding Service updates and security.
- Legal Bases (GDPR):
- Contract Performance: Necessary for the performance of the subscription agreement with you (Article 6(1)(b)).
- Legitimate Interest: To improve our Service, prevent fraud, and maintain system security (Article 6(1)(f)).
- Legal Obligation: To comply with legal obligations regarding tax and accounting record keeping (Article 6(1)(c)).
4. Data Security and Storage
4.1 Security Measures
We implement appropriate technical and organizational measures (TOMs) to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent).
- Access Control: Access strictly limited to employees and subcontractors with a need-to-know.
- Audit and Monitoring: Regular monitoring of our systems to detect vulnerabilities and intrusions.
4.2 Location and International Transfers
- Primary Location: Candidate Data is stored primarily in secure data centers located in [Specify Location, e.g., the EU/EEA].
- Transfers Outside EU/EEA: If processing requires the transfer of personal data outside the European Economic Area (EEA), we ensure that this transfer is secure and lawful by using approved transfer mechanisms (e.g., the European Commission’s Standard Contractual Clauses – SCCs).
5. Data Retention Period
5.1 Candidate Data
We retain Candidate Data in accordance with your instructions (the Data Controller). By default:
- Candidate Data is retained as long as your subscription is active.
- CV documents are retained for a maximum of 120 days and are automatically deleted after this period.
- If you terminate your subscription, all Candidate Data will be deleted from our production servers within a period of [Specify period, e.g., 30 days], unless otherwise required by law.
- Encrypted backup copies will be deleted after [Specify period, e.g., 180 days].
5.2 User and Account Data
We retain this data for as long as necessary for the management of the contractual relationship and to comply with legal obligations, particularly tax and accounting requirements.
6. Data Sharing and Disclosure
We do not sell or rent your Candidate Data or User Data to third parties. We share data only in the following circumstances:
- Subprocessors (Service Providers): We use trusted third-party providers for data hosting, payment processing, and usage analysis, who are subject to strict contractual confidentiality and security obligations.
- Legal Obligations: If required by law or in response to valid legal proceedings (search warrants, court orders).
- Business Transactions: In the event of a merger, acquisition, or sale of all or part of our assets, provided that the data is processed in accordance with this privacy policy.
7. Your Rights as a Data Subject (EU/UK Users)
In accordance with GDPR, you (as a Teamther.ai user) or your candidates have (vis-à-vis you, the Controller) the following rights concerning their personal data: a. Right of Access: To request a copy of the data held. b. Right to Rectification: To request the correction of inaccurate data. c. Right to Erasure (“Right to be Forgotten”): To request the deletion of data. d. Right to Restriction of Processing: To request the limitation of the processing of their data. e. Right to Object: To object to the processing of data for certain grounds. f. Right to Data Portability: To receive the data in a structured, commonly used format.
Procedure: If a candidate exercises a right against Teamther.ai, we will immediately forward it to the User (you) for processing, as you are the Data Controller responsible for the response.
8. Changes to the Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or via a notification on the Service at least thirty (30) days before the changes take effect.
9. Contact Us
For any questions or concerns regarding this Privacy Policy, please contact our Data Protection Officer (DPO) at: Teamther.ai Email: [DPO/Data Protection Officer Email or Support Email] Address: [Company Registered Address]
Latest News
- CSE Expertise: Employer’s Duty to Share Key Data28/12/2025
- Alcohol At Work: Know Your Legal Responsibilities26/12/2025
- New Minimum Wage in France Announced for January 202626/12/2025
- How to Declare Overtime and Extra Hours in DSN23/12/2025
- Prisma Media Plans 240 Job Cuts Before Christmas20/12/2025
- Mastering the 2026 RGDU Payroll Reduction Reform19/12/2025
