Privacy and Data Policy
Company: Teamther Ascent Ltd. (referred to hereafter as “Teamther.ai,” “We,” or “Our”)
Date: 6 January 2026
1. INTRODUCTION
1.1 Teamther.ai is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy explains how we process personal data as a provider of the AI-Assisted CV Screening and Rating Service (“Service”).
1.2 Our data practices comply with the European Union’s General Data Protection Regulation (GDPR), the UK GDPR, and other applicable international data protection standards. We process personal data only for legitimate, specified, and lawful purposes, and we apply appropriate technical and organizational measures (TOMs) to safeguard the information entrusted to us.
1.3 For individuals located in the United States, our data practices are intended to comply with applicable U.S. privacy laws, which may vary by state, and we provide required notices and we provide required notices and facilitate the exercise of.
2. ROLES UNDER GDPR (EU/UK Users)
As a data processing tool for your recruitment process, our roles are defined as follows:
2.1 The Client (You): Data Controller
As a client using the Service (e.g., Employer or Recruitment Agency), you are the Data Controller of the Candidate Data.
• You determine the purposes and means of the processing of candidates’ personal data.
• It is your legal responsibility to ensure the lawfulness of the processing, including obtaining the necessary legal bases and consents, and providing the required privacy notices to candidates.
• You are responsible for complying with all obligations applicable to a Data Controller under GDPR.
2.2 Teamther.ai (We): Data Processor
Teamther.ai acts as a Data Processor operating strictly on your documented instructions (defined in our General Terms and Conditions of Service and the Data Processing Addendum, DPA). We process Candidate Data solely to provide you with the CV screening and evaluation Service. We do not use Candidate Data for any independent purposes and process it only on behalf of the Data Controller. We apply the same contractual and technical safeguards for both GDPR and U.S. privacy compliance.
3. TYPES OF DATA WE PROCESS
We process two main categories of data: Candidate Data (processed as a Processor) and User/Account Data (processed as a Controller).
3.1 Candidate Data (Processing as a Processor)
This data is uploaded by the User (you) and is necessary for the operation and delivery of the Service to function.
• The job profile
• The complete content of the CVs/resumes.
• Identification and contact data (names, email addresses, phone numbers) contained within the documents.
• Information relating to work experience, education, skills, certifications, and other professional qualifications
• Any additional application metadata or information that you choose to transmit to us
• AI-generated insights derived solely from the data you upload.
3.2 User and Account Data (Processing as a Controller)
The data is collected directly from you (the client company) for contract management, billing, and Service access. It includes:
• User and Account Data for Registration: name, contact details (email, address, phone number).
• Organization Data: Company / Organization name, details (address, phone number, VAT Number).
• Billing Data: Billing address, payment information (processed by a secure third-party payment service provider and not stored directly by Teamther.ai).
• Usage Data: Connection logs, IP address, device/ browser type, pages viewed, and timestamps and related technical information used to maintain performance, security, and fraud prevention.
• Communication Data: Support requests, message / email notification, and interaction logs related to your use of the Service
4. PURPOSES AND LEGAL BASES FOR PROCESSING
4.1 For Candidate Data (Data Processor)
• Purpose: To provide the AI-assisted CV screening and scoring Service, generate the AI Score/Insights, classify and organize the data to assist your recruitment and human decision-making
• Legal Basis (GDPR): The performance of the service contract concluded with the Data Controller (you).
4.2 For User and Account Data (Data Controller)
• Purposes:
o Account management, authentication, and provision of the Service.
o Billing and subscription administration.
o Communication regarding Service updates and security.
• Legal Bases (GDPR):
o Contract Performance: Necessary for the performance of the subscription agreement with you (Article 6(1)(b)).
o Legitimate Interest: To improve our Service, prevent fraud, and maintain system security (Article 6(1)(f)).
o Legal Obligation: To comply with legal obligations regarding tax and accounting record keeping (Article 6(1)(c)).
4.3 Automated Decision-Making and AI Transparency
Teamther.ai uses artificial intelligence to assist in the screening, scoring, and classification of CVs, and the AI-generated outputs are provided solely as decision-support tools for your human-led recruitment process. Teamther.ai does not not carry out solely automated decision-making and does not make decisions that produce legal or similarly significant effects on candidates within the meaning of Article 22 GDPR, as all such decisions involve meaningful human review and discretion, and you, as the Data Controller, remain fully responsible for reviewing, interpreting, and relying on the AI outputs before taking any decision affecting a candidate. Our models analyses CVs’ content to identify skills, experience, education and relevance to the role based on parameters defined by you, using techniques such as pattern recognition and semantic analysis. Where a candidate exercises their rights in relation to automated processing or profiling under Articles 13–15 and 22 GDPR, Teamther.ai will promptly forward such requests to you, the Data Controller and Teamther.ai will act solely as a Data Processor and provide reasonable technical and organizational assistance, where required by applicable data protection law, to support your compliance with Controller obligations.
5. DATA SECURITY AND STORAGE
5.1 Security Measures
We implement appropriate Technical and Organizational Measures (TOMs) to protect data against unauthorized access, alteration, disclosure, or destruction. These measures include:
• Encryption: Encryption of data in transit (TLS/SSL) and at rest (AES-256 or equivalent).
• Access Control: Access strictly limited to registered users with a need-to-know.
• Audit and Monitoring: Regular monitoring of our systems to detect vulnerabilities and intrusions.
5.2 Location and International Transfers
• Primary Location: Candidate Data is stored primarily in secure data centers located in Netherlands
• Transfers Outside EU/EEA: Where we (or our sub-processors) transfer personal data outside the EEA/UK, we ensure appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) and, where required, additional measures.
6. DATA RETENTION PERIOD
6.1 Candidate Data
We retain Candidate Data in accordance with your instructions (the Data Controller). By default:
• Candidate Data is retained as long as your subscription is active.
• CV documents are retained for a maximum of 12 months and are automatically deleted after this period.
• If you terminate your subscription, all Candidate Data will be deleted from our production servers within a period of 30 days, unless otherwise required by law.
• Encrypted backup copies will be deleted after 12 months.
6.2 User and Account Data
We retain this data for the duration of the contractual relationship and thereafter for as long as necessary to comply with applicable legal, tax, accounting, audit, and statutory limitation obligations, after which it is securely deleted or anonymized.
7. DATA SHARING AND DISCLOSURE
We do not sell or rent your Candidate Data or User Data to third parties. We share data only in the following circumstances:
• Sub processors (Service Providers): We use trusted third-party providers for data hosting, AI, payment processing, and usage analysis, who are subject to strict contractual confidentiality and security obligations.
• Legal Obligations: If required by law or in response to valid legal proceedings (search warrants, court orders).
• Business Transactions: In the event of a merger, acquisition, or sale of all or part of our assets, provided that the data is processed in accordance with this privacy policy.
7.1 Disclosure Regarding Sub processors
• To provide the Service, Teamther.ai engages certain third-party service providers and sub processors, such as hosting, analytics, and payment providers. Where such third parties process personal data on our behalf, Teamther.ai ensures that appropriate contractual safeguards are in place, consistent with applicable data protection law. Sub processors process personal data only for the purposes of providing their services to Teamther.ai and in accordance with applicable contractual and legal requirements.
• Information about our current sub processo may be provided upon request and may be updated from time to time in accordance with applicable notice requirements.
8. YOUR RIGHTS AS A DATA SUBJECT (EU/UK Users)
In accordance with GDPR, you (as a Teamther.ai user) or your candidates have (vis-à-vis you, the Controller) the following rights concerning their personal data: a. Right of Access: To request a copy of the data held. b. Right to Rectification: To request the correction of inaccurate data. c. Right to deletion (“Right to be Forgotten”): To request the deletion of data. d. Right to Restriction of Processing: To request the limitation of the processing of their data. e. Right to Object: To object to the processing of data for certain grounds. f. Right to Data Portability Where applicable under Article 20 GDPR, you have the right to receive personal data you have provided to the relevant Data Controller in a structured, commonly used, and machine-readable format.
Procedure: If a candidate exercises a right against Teamther.ai, we will immediately forward it to the User (you) for processing, as you are the Data Controller responsible for the response.
8.1 No Selling or Sharing of Personal Information (U.S. + GDPR)
Teamther.ai does not sell or share Candidate Data or User Data within the meaning of applicable U.S. state privacy laws (including the California Consumer Privacy Act, as amended by the California Privacy Rights Act), and does not disclose such data for cross-context behavioural advertising or for any commercial purpose unrelated to the provision, maintenance, or security of the Service; for these purposes, Teamther.ai acts as a “Service Provider” or “Processor” and processes personal data solely on behalf of, and in accordance with the documented instructions of, the Client and for the business purposes described in this Privacy Policy and the Data Processing Addendum.
8.2 Data Breach Notification (GDPR/UK GDPR &+ international)
If Teamther.ai becomes aware of a personal data breach affecting Candidate Data or User Data, it will notify the Client (in its capacity as Data Controller or Business) without undue delay and provide the information reasonably available to Teamther.ai that the Client may require to comply with its obligations under Article 33 of the GDPR, the UK GDPR, and any other applicable data protection or privacy laws, including information on the nature of the breach, categories of data and data subjects concerned, likely consequences, and measures taken or proposed to address the breach and mitigate its possible adverse effects.
8.3 Children’s Privacy
The Service is intended for use by business customers in a professional context and is not directed to or intended for individuals under the age of 16; Teamther.ai does not knowingly collect or process personal data relating to children, including children under 13 for the purposes of U.S. children’s privacy laws, and if Teamther.ai becomes aware that such data has been uploaded or otherwise provided, it will take reasonable steps to delete or anonymise that data and, where appropriate, inform the Client so that it can comply with its own legal obligations.
8.4 Client Responsibilities for Uploaded Candidate Data
The Client, in its capacity as Data Controller or Business, is solely responsible for ensuring that all Candidate Data and other personal data uploaded or otherwise made available to Teamther.ai through the Service is collected, used, and disclosed lawfully, is accurate and up to date where required, and is shared with Teamther.ai in compliance with the GDPR, the UK GDPR, applicable U.S. privacy laws (including CCPA/CPRA), and any other relevant local laws, including by providing appropriate privacy notices, obtaining any necessary consents or authorisations, and honouring data subject or consumer rights; Teamther.ai has no obligation to verify the source, lawfulness, or accuracy of Candidate Data and relies on the Client’s compliance with these obligations.
8.5 Additional International Transfer Safeguards
Where the use of the Service involves the transfer of personal data from the European Economic Area or the United Kingdom to a country that is not subject to an adequacy decision or adequacy regulation, Teamther.ai will ensure that such transfers are made in compliance with applicable data protection laws by implementing appropriate safeguards, which may include the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum or equivalent instruments, together with additional technical and organisational measures where necessary (such as encryption, access controls, and data minimisation) to ensure a level of protection for the personal data that is essentially equivalent to that provided within the EU/EEA and the UK.
8.6 U.S. Consumer Privacy Rights (Service Provider Support)
For Clients and end users located in U.S. jurisdictions where comprehensive privacy laws apply (including, where applicable, the CCPA/CPRA), individuals may have rights under those laws such as the right to know what personal information is collected, used, or disclosed, the right to request deletion or correction of personal information, the right to limit the use of certain sensitive personal information, and the right not to be discriminated against for exercising those rights; as a Service Provider/Processor, Teamther.ai will, to the extent required by applicable law and the Data Processing Addendum, provide reasonable assistance to the Client in responding to verified consumer or data subject requests that relate to personal information processed through the Service.
8.7 Use of Data for AI Model Training
Teamther.ai does not use Candidate Data or User Data provided through the Service to train, improve, or develop any external machine-learning models or algorithms, except where expressly agreed in writing with the Client and subject to applicable data protection and privacy laws; by default, such data is used solely to perform the AI-assisted CV screening, scoring, and related functionality of the Service subscribed by the Client and to operate, secure, and maintain the Service, thereby avoiding any incompatible or secondary use of personal data beyond the purposes described in this Privacy and data Policy..
8.8 Limited Access by Support and Engineering Staff
Teamther.ai maintains strict internal access controls. In limited circumstances, authorized employees or subcontracted technical personnel may access personal data solely for the purpose of the Service, of diagnosing technical issues, resolving support requests, maintaining system security, or performing essential maintenance. Any such access is strictly logged, monitored, and governed by confidentiality and data protection obligations consistent with GDPR, UK GDPR, and applicable U.S. privacy laws.
8.9 Shared Security Responsibilities
While Teamther.ai implements industry-standard technical and organizational measures to protect personal data, the Client is responsible for maintaining appropriate internal security controls within its own environment, including safeguarding login credentials, restricting access to authorized personnel, and ensuring secure transmission of data to the Service. Teamther.ai is not responsible for any unauthorized access or disclosures resulting from the Client’s failure to implement adequate internal security practices.
8.10 Use of Aggregated and Anonymized Data
Teamther.ai may generate and use anonymized and/or aggregated data that no longer identifies any individual for purposes such as improving system performance, understanding usage patterns, enhancing security, and developing new features. Such data does not constitute personal data under GDPR or the UK GDPR and may be used without restriction, provided it cannot reasonably be reidentified.
8.11 Cookies and Tracking Technologies
The Service may use cookies, log files, analytics tools, and similar tracking technologies to support essential functionality, enhance performance, and ensure security. Where required by law, users located within the EU/EEA and UK will be presented with a cookie consent banner providing the ability to accept or reject non-essential cookies. Details of the types of cookies used and their purposes are available in our Cookie Notice.
8.12 Retention Exceptions
Notwithstanding the retention periods outlined above, Teamther.ai may retain certain personal data for longer where required by applicable law, to comply with regulatory requirements, to maintain adequate business records, or where necessary for the establishment, exercise, or defense of legal claims. Any retained data will be protected in accordance with this Privacy Policy.
8.13 Accuracy of Data and No Validation Duty
Teamther.ai processes Candidate Data exactly as received from the Client and does not independently verify the accuracy, completeness, or authenticity of any personal data uploaded to the Service. The Client is solely responsible for ensuring that Candidate Data is accurate and lawfully obtained.
9. CHANGES TO THE POLICY
We may update this Privacy and Data Policy from time to time. We will notify you of any material changes by email or via a notification on the Service at least thirty (30) days before the changes take effect.
10. CONTACT US
For any questions or concerns regarding this Privacy and Data Policy, please contact our Data Protection Officer (DPO): support[a]teamther.ai
Address: Teamther Ascent Ltd.
8th Floor, 8-12 Hennessy Rd, Wan Chai, Hong Kong
Registration Number: 7 9 5 3 5 4 7 8
- AI Training: Innov8Learn Empowers SMEs with IA 36002/05/2026
- Becoming A Payroll Manager In 2026: Complete Guide02/05/2026
- The New Strategic Rules Of Talent Recruitment In 202602/05/2026
- Achieving Career Change Without Leaving Your Current Job21/04/2026
- Air Force Embraces AI for Bias-Free Recruitment21/04/2026
- Legal and Organizational Aspects of Workplace SST21/04/2026
- New Agirc-Arrco Progressive Retirement Rules 202631/01/2026
- Work Certificate Equals Employment Termination16/01/2026
- CSE consultation required before company vacation closure16/01/2026
- CSE Expertise: Employer’s Duty to Share Key Data28/12/2025
