Vincit Teamtailor Privacy Policy
Date of publication: 08-12-2025
Hi! 👋
In this privacy policy statement, you can find more information about how we handle your data in our recruitment system (and how long we keep it), as well as how we use AI tools in our recruitment – including how these may relate to your personal data.
This privacy notice explains how we process your personal data when you visit our career site, apply for open positions, contact us, or otherwise participate in our recruitment process. The notice has been updated specifically to reflect the use of artificial intelligence (AI) in recruitment and to address the implications of the new EU Artificial Intelligence Act (Regulation (EU) 2024/1689). We ensure that the processing of your personal data is transparent, appropriate, and in line with applicable law.
In this notice, the term “candidate” covers all individuals who provide us with their details in the recruitment process: visitors connecting with us, applicants to open roles, candidates we source from public channels, people referred to us, and persons listed as references by a candidate.
Controller and contact address
Vincit Oyj
Ratinankuja 1, 33100 Tampere
Telephone: +03 217 3762
Contact in register-related matters: careers@vincit.fi
1. General information about personal data processing
Personal data means any information relating to an identified or identifiable natural person. Processing includes any automated use of personal data, such as collecting, storing, analysing, sharing and deleting data. In our recruitment process we act as the data controller, which means we decide the purposes and methods of the processing. We may use processors to handle your data, but they will always act under our instructions.
2. Use of artificial intelligence in recruitment
AI enables many automated functions to support the recruitment process. We employ AI solutions in two ways:
2.1 Teamtailor Co‑pilot features
We use the Co‑pilot feature provided by our recruitment system Teamailor. Co‑pilot is a collection of functions that assist recruiters with everyday tasks. Some functions process candidate data; others work without personal data. Co‑pilot is powered by OpenAI’s GPT models, but Teamtailor acts as the provider and is responsible for handling the data.
The following TeamTailor Co‑pilot functions may be used in our recruitment process:
- Drafting answers to interview kit questions: creating summaries and responses based on transcribed video interviews. All AI-generated summaries are always reviewed and approved by our recruiters before they are accepted or used in the recruitment process.
- Drafting job advertisements and role descriptions: helping write clearer and more inclusive job ads.
- Drafting candidate reject messages: supporting courteous and equal communication.
- Summarising résumés: turning a candidate’s CV into a concise summary to support the decision-making process. However, AI never makes decisions on its own — our recruiters and hiring managers always personally review and analyse each candidate’s application and CV.
- Suggesting candidates: proposing suitable individuals from previous applicants or those who have given a permission to store their details. We also do this manually, so AI is only one of the tools we use to search for and identify potential candidates in our talent pool – human recruiters always review and decide whom to contact.
- Suggesting interview kit questions and lists of skills or traits: assisting recruiters in building relevant questions and evaluation criteria.
- Translating questions: translating interview questions into different languages.
- Analysing video meetings (“Meeting insights”): providing a transcript and analysis of interview videos if the candidate has consented to recording. Any AI-generated insights or analyses are always reviewed and verified by our recruiters before they are accepted or used in the recruitment process.
- Automatic candidate screening: comparing applications against defined criteria and generating an initial score. The AI system only provides a suggestion — every application is always reviewed and assessed by our recruiters before any decisions are made.
Vincit follows responsible AI principles. The company commits to minimising bias, preventing harmful or misleading content, and ensuring that clear instructions are provided so customers understand how the system works. Teamtailor does not use customer data for its own purposes or to train AI models, except in limited cases such as beta tests or feedback‑driven development. Human oversight is always possible: AI‑generated results are never used for final decisions without recruiter review.
Co‑pilot and security
All communication between Co‑pilot and OpenAI is encrypted using TLS 1.2 and the data is encrypted at rest using AES‑256. TeamTailor uses OpenAI’s Enterprise API, so OpenAI acts as a sub‑processor and does not use your data for its own purposes; its security programme is independently audited to the SOC 2 standard.
In general, API inputs and outputs are not retained (a “Zero Data Retention” approach), and logs are kept only for 30 days to monitor abuse. An exception is the “Suggest existing candidates” function, which requires temporary retention of data; these data are deleted once the suggestions have been made.
The GPT models used in Co‑pilot are pre‑trained; we do not train the models ourselves but send prompts to OpenAI’s API. OpenAI has signed the EU Commission’s General‑Purpose AI Code of Practice, which promotes safety, transparency and respect for copyright.
2.2 External AI tools to improve communications
Outside the core recruitment process we may use external AI tools to enhance employer communications. These tasks include proofreading and improving the clarity, tone and inclusivity of job advertisements, candidate messages and LinkedIn posts. When using such tools, we do not send any personal data or identifiable information to them. Instead, we rely on anonymised or sample text solely to enhance communication quality. This ensures that no personal data is processed outside the applicant tracking system without a legal basis.
2.3 AI use in pre-assignments
In some recruitment processes, we may use AI tools to support the creation, review, or evaluation of pre-assignments or technical tasks. This may include, for example, verifying the clarity, relevance, or fairness of a task, or helping assess task submissions in a consistent and unbiased way.
If we use AI for such purposes, we will always inform you separately and clearly in advance, case by case, whenever pre-assignments are sent or reviewed with the support of AI. The evaluation of your task is never left to AI alone – final assessments are always carried out by our human recruiters and technical experts.
2.4 EU AI Act and obligations
The EU AI Act defines four risk levels for AI systems and sets specific obligations for providers and users. AI systems used for recruitment are generally classified as high‑risk because they can affect a person’s access to employment. Exceptions include systems designed for narrow procedural tasks or to improve the result of an already completed human activity.
Teamtailor acts as the provider of the Co‑pilot service and is responsible for meeting the obligations applicable to high‑risk systems. This includes documenting the system, providing instructions, establishing risk and quality management and performing conformity assessment and post‑market monitoring. Certain functions may be subject to transparency requirements, such as marking AI‑generated content. Some features are outside the scope of the AI Act or only attract minimal obligations.
As a TeamTailor’s customer we, Vincit, are a “deployer” of AI. This means we must inform candidates about the use of AI features, ensure human oversight and ensure our recruiters are trained and authorised to intervene. We provide clear information during the recruitment process about how AI features are used and ensure that final decisions are always made by a human. We also train our staff on responsible AI use.
3. What personal data do we process?
The data we process depends on your role in the recruitment process. In general we collect and process the following:
All individuals
- Device and technical information: IP address, browser type and version, session behaviour, pages visited, screen resolution, language preference, geographic location, operating system and device settings.
- Statistical data: information about how our career site and its content are used.
- Communications data: communication with us (e‑mails, chat messages, social media messages, information you add to your account, survey responses). Transcripts and analyses of interviews are produced only if you have consented to recording.
- Contact details: your name, e‑mail address, phone number and physical address.
Candidates
- Application documents: CV, cover letter, work samples, references, letters of recommendation and education details
- Assessments and interviews: notes, test results, interview scores and salary expectations.
- Public profiles: such as your LinkedIn profile or information on your current employer’s website.
- Referrals and recommendations: information we receive from employees, partners or named references.
- Data generated by Co‑pilot functions: depending on the function, this may include the application ID, CV text, interview transcripts, criteria from the job ad, answers you provide, message history, ratings and feedback. Some functions do not process any personal data.
References
We process the contact details and communications data of references only when needed, for example if we contact them to request a reference to help assess a candidate’s suitability.
4. From where do we obtain your personal data?
We collect personal data from the following sources:
- Career site and application forms: when you visit or apply, we collect device and usage data and the information you provide in the application.
- Directly from you: when you fill in forms, upload your CV and cover letter, participate in interviews or communicate with us.
- Public sources: We may collect information from LinkedIn if we believe your profile is relevant. If any such information (for example, your LinkedIn profile link) is added to Teamtailor, you will always be notified and asked for permission.
- Referrers and internal recommendations: employees or partners may recommend you for open roles; we receive information from them.
- Co‑pilot functions: in some cases AI functions create new data (e.g. résumé summaries or screening scores). These data are created by us and the AI system together and are stored as part of your application.
5. For what purposes do we process your personal data?
We process personal data for the following purposes:
- Maintaining and securing the career site: ensuring functionality, performance and security and improving the user experience.
- Collecting weekly statistical information: understanding how visitors use the site and improving the content.
- Applicant communications and notifications: sending information about open and future positions and responding to queries. We use AI tools to improve the tone, clarity and inclusivity of messages but do not share personal data with external AI services.
- Reviewing applications and profiles: assessing applications, comparing information against role‑specific criteria and keeping you informed. Co‑pilot functions may assist in drafting job descriptions and messages and producing résumé summaries and scores.
- Sourcing and recommending candidates: we may proactively search for potential candidates from public sources or recruitment partners. Co‑pilot can suggest previous applicants again if they have given a “future jobs” permission.
- Decision support: AI‑based screening provides preliminary recommendations, but final recruitment decisions are always made by a human.
- Recording and analysing interviews: a video interview can be recorded only with the candidate’s consent. The recording may be transcribed and analysed by a Co‑pilot function to produce a summary and suggestions for follow‑up questions.
- Surveys and research: we may ask you to participate in surveys to improve recruitment or the employer experience.
- Protecting our rights: using data to prepare, assert or defend legal claims.
6. To whom do we disclose your personal data?
We disclose your data to the following:
- Our service providers: Vincit uses the Teamtailor recruitment system and its Co‑pilot features internally. Teamtailor uses OpenAI as a sub‑processor to provide GPT‑based functionality. OpenAI acts as Teamtailor’s sub‑processor and does not use your data for its own purposes such as training AI models. All transfers are encrypted and governed by agreements.
- Our group companies: we share data within the Vincit group only when necessary to provide the services or systems.
- Cookies and analytics providers: third‑party cookies on our career site process device information. These are described in our cookie policy.
- Authorities: we share data when we have a legal obligation to do so.
- Legal proceedings: we may disclose data in connection with legal proceedings to protect or defend our rights.
- Corporate transactions: in a potential merger, financing or sale, data may be transferred to parties involved.
For external AI tools (proofreading posts and messages) we do not share personal data with the service provider; only anonymised text is sent.
7. On what legal basis do we process your data?
Our processing must be based on a lawful ground under the GDPR. The main legal basis for our use is consent: You can withdraw your consent at any time, and we will stop processing the data in question.
Risk management for AI systems
High‑risk AI systems (such as automatic screening) require special assessment. We do not use AI as the sole decision maker; human involvement is always ensured and we review AI recommendations before deciding. If in future we adopt an AI system requiring conformity assessment under the EU AI Act, we will ensure compliance before deployment.
8. Transfers outside the EU/EEA
We process the data within the EU/EEA. We default to the EU region (Ireland), so OpenAI processes data in Europe. Data is not used by OpenAI or Teamtailor for their own purposes and is not mixed with other customers’ data.
9. Data retention periods
As a general rule, candidate-related data is retained in our recruitment system for two (2) years, unless you ask us to delete it earlier. Before the end of this two-year period, you will receive an e-mail asking whether we may keep your information for another two years. If you give consent, we will retain your data for the additional period; if you decline or do not respond, your data will be automatically deleted from our system within a defined and communicated timeframe.
If your profile was added to our recruitment system by someone else (for example, if you were referred by an employee or sourced by a recruiter from a public profile such as LinkedIn), we will always contact you to ask for permission to keep your information. If you give consent, your data will be stored for up to two years; if you do not consent or do not respond, your data will be automatically removed after a short grace period.
Retention periods in specific cases:
- Visitors: device and usage data are stored for one (1) year for security and statistical purposes. Cookie retention is described in our cookie policy.
- Connecting candidates: data is kept as long as you remain in contact and wish to receive information about open positions. You can manage these settings yourself at any time in your Connect profile.
- Applicants and recruited candidates: data are kept as long as necessary to assess suitability for current and future roles within the two-year retention window. If not selected, data may be considered for future recruitment during that time. If hired, data are also retained for that two-year period.
- Data generated by AI functions: inputs and outputs of Co-pilot calls are generally not stored, and logs are deleted after 30 days. The input and output of the “Suggest existing candidates” function are kept only as long as needed to make suggestions and are then deleted. AI results (e.g. résumé summaries, screening scores) are stored as part of the candidate profile for as long as the profile itself is retained.
- References: data are kept for as long as we keep the related candidate’s data.
- Legal matters: if your data are processed in relation to a legal claim, they are retained until the matter is resolved or as required by law.
10. Your rights
You have the following rights regarding your data:
- Right to be informed – this notice and other communications tell you how we process your data and use AI. We will notify you if new purposes arise.
- Right of access – you may request a copy of your data and details about processing.
- Right to data portability – you may request data processed on the basis of consent or contract in a machine‑readable format and, if technically possible, to have it transferred to another controller.
- Right to erasure – you may request deletion of your data if there is no longer a basis for processing, if you withdraw consent or if you object and there are no overriding legitimate grounds.
- Right to object – you may object to processing based on our legitimate interest, such as AI use, by referring to your personal situation. We will reassess our basis.
- Right to restrict processing – if you contest the accuracy or lawfulness of data or we only need it for legal claims, you may request restriction of processing.
- Right to rectification – you may ask us to correct inaccurate or incomplete data.
- Right to withdraw consent – when processing is based on consent (e.g. analysing a recorded interview), you may withdraw consent at any time.
- Right to lodge a complaint – you may complain to the Finnish Data Protection Ombudsman or your national supervisory authority.
You can exercise these rights via the data and privacy settings on our career site, by logging into your account or by contacting us (see section 11).
11. Contact details
If you wish to exercise your rights or have questions about this notice or the use of AI in recruitment, please contact us at careers@vincit.com. We will also be happy to provide further information about how Teamtailor’s Co‑pilot functions or external AI services operate in our recruitment.
12. Updates to this notice
We update this notice when necessary, for example when adopting new AI functions, developing recruitment processes or when legislation changes. The latest version is always available on our career site. Check the publication date at the top of the notice for the latest update.
