Select which cookies you accept

 Privacy Policy for Recruitment using Teamtailor  

Version: 2.1 

The recruitment service (“Service”) is powered by Teamtailor on behalf of Epical Sweden Ab / Epical Finland Oy (“Controller”, “we”, “us”, “Epical”). This Privacy Policy explains how we collect, process, and protect personal data during recruitment. We are committed to maintaining the highest standards of data protection in compliance with the General Data Protection Regulation (GDPR) and applicable national laws.   

1. Controller Information  

Epical acts as the data controller for personal data processed in connection with recruitment.  

Contact details:  

Email: privacy@epicalgroup.com  

2. Collection of Personal Data  

We collect personal data when you:  

• Apply for a position via the Service or other channels.  

• Connect with our recruitment team through the Service.  

• Provide identifiable data in chat or other communication related to recruitment.  

• Are sourced from public platforms (e.g., LinkedIn) or via referrals.  

Types of data collected:  

• Information in your application: Name, contact details, CV, education, work history, LinkedIn profile, and other information relevant to recruitment.  

• Data from third-party sources (public profiles, recommendations, referrals).  

• Data we create in cooperation with you. This may for example include notes from interviews, or material from assessments and tests.   

• Information from a potential background check. This typically includes your contact details, credit history and criminal records history.   

3. Purpose and Legal Basis  

We process personal data to manage and facilitate recruitment.  

Legal bases:  

• Legitimate interest: The processing of data is permitted when necessary for the legitimate interest pursued by the controller. Such legitimate interest may be to simplify and improve recruitment processes.  

• Consent: For sourcing from third-party source (such as LinkedIn) or retaining data for future opportunities.  

• Examples of situations where processing is based on consent:   

• In connection with making an application through the Service or otherwise, you either personally or using a third-party source (such as LinkedIn) add personal data;  

• You use the Service to connect with us, and you either personally or using a third-party source (such as Linkedin) add personal data;  

• You provide identifiable data of relevance to the application procedure in the chat function of the website that uses the Service.  

• Contractual necessity: When processing is required as pre-contractual steps for the purpose of entering an employment contract.  

4. Use of AI in Recruitment (Teamtailor Co-pilot)  

To improve efficiency and quality in our recruitment process, we use Teamtailor’s Co-pilot, an AI-powered feature provided by Teamtailor and based on OpenAI technology. Co-pilot assists our recruiters with tasks such as drafting messages, summarizing resumes, and generating interview insights.  

What does this mean for your data?  

• Co-pilot may process certain candidate data (e.g., resume text, application details, interview transcripts) to provide these features.  

• All processing is done in accordance with GDPR and under strict contractual agreements between Epical, Teamtailor, and OpenAI.  

• Data is processed only within the EU/EEA.  

• OpenAI acts as a sub-processor and does not use your data for training its models or for any other purpose beyond providing the Co-pilot service.  

• We have implemented Zero Data Retention for most features, meaning input/output data is not stored by OpenAI beyond what is necessary to deliver the service.  

Your rights remain unchanged: You can request access, correction, deletion, or object to processing at any time by contacting us at privacy@epicalgroup.com.  

5. Automated Decision-Making  

We do not use AI or other automated systems to make recruitment decisions. 

All decisions in our recruitment processes are made by humans. AI-based tools may be used solely as decision-support, for example to help summarize information, identify relevant experience, or support our recruiters in their assessments. These tools never make decisions on their own and do not determine whether a candidate progresses or is selected. 

If this changes, we will inform you about the logic involved and its consequences.  

6. Data Retention  

Personal data will be retained for up to 18 months after the last interaction unless you withdraw consent earlier. This period is based on our legitimate interest in managing ongoing and future recruitment needs. For future recruitment purposes, data may be stored longer with your explicit consent.  

7. Transfers and Storage  

Personal data is stored within the EU/EEA.  

8. Your Rights  

You have the following rights under the GDPR:  

• Access: Obtain a copy of your personal data processed by us.  

• To be informed: You have the right to be informed about how we process your personal data. We provide this information through this privacy policy, and by answering any questions you may have.  

• Rectification: You have the right to correct inaccurate personal data about you or to complete incomplete data.  

• Erasure (“Right to be Forgotten”): In some cases, you have the right to have us delete personal data about you. Example cases of this are when the data is no longer necessary for the purposes it was collected; you withdraw your consent on which the processing was based; or you exercise your right to object and there is no overriding reason for the processing. 

• Restriction: Limit processing under certain conditions. This may be applicable if the accuracy of the personal data is contested.  

• Data Portability: If the data is provided by you and the processing of data is based on consent or a contract, you have the right to receive this data in a machine-readable format, and, if desired, transmit the data to another controller, when technically feasible. 

• Object: Oppose processing based on legitimate interest or for direct marketing. If the data is processed for the performance of a task carried out for reasons of public interest, in the exercise of official authority or for the purposes of the compelling legitimate interests pursued by the controller or a third party, the data subject has the right to object to the processing on grounds relating to his or her particular situation. In such cases, the processing must be stopped unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing is necessary for the establishment, exercise or defense of legal claims.  

• Withdraw Consent: At any time, without affecting prior lawful processing.  

• Complaint: Lodge a complaint with the supervisory authority (e.g., IMY – Swedish Authority for Privacy Protection or the Data Protection Ombudsman in Finland).  

To exercise your rights, contact privacy@epicalgroup.com.  

9. Security  

We implement appropriate technical and organizational measures to protect personal data. However, internet transfers carry inherent risks. Users must keep login credentials secure.  

10. Children’s Data  

We do not knowingly collect personal data from individuals under 16 years of age.  

11. Third-Party Processors  

We may share data with trusted service providers (e.g., TeamTailor, hosting providers) under strict contractual obligations ensuring GDPR compliance. 

12. Cookies  

The Service uses cookies to improve functionality and user experience. For details, see our Cookie Policy.  

13. Changes to This Policy  

We may update this Privacy Policy. The latest version will always be available via the Service. Significant changes will be communicated via email or through the Service.  

Contact:  

Email: privacy@epicalgroup.com