Recruitment privacy notice
Effective Date 19th December 2025
This Recruitment Privacy Notice (“Notice”) explains how we process personal data of candidates who apply for roles at Templafy, participate in our assessments or join our talent pool. It supplements our general Privacy Policy, which describes our general privacy practice.
1. Data Controller
By “us”, “we”, and “Templafy”, we refer to Templafy ApS and any other affiliates of Templafy which will be indicated to you during the recruitment process.
If there are any questions or concerns regarding this Notice, you may contact us using the information below.
Templafy ApS
Wilders Plads 15A
1403 Copenhagen
Denmark
privacy@templafy.com
2. Processing activities
In this Notice, „personal data” means information that identifies you as an individual.
We process candidates’ personal data for the following purposes:
| Purpose | Data subjects | Categories of personal data | Sources | Legal basis | Recipients (categories) | Retention period |
|---|---|---|---|---|---|---|
| Recruitment for a specific role – receiving and reviewing applications, organising interviews, communicating with candidates, deciding on hiring | Candidates applying for roles at Templafy | Identification and contact details, professional information (education, work history, skills), application documents (CV, cover letter, portfolio), information from interviews and communications, technical metadata from our recruitment systems | Directly from you (including data you choose to import from third-party services, such as professional networking platforms or cloud storage services); from recruitment agencies; from professional networking or job platforms where permitted by law | Steps prior to entering into an employment contract / entering into a contract (Art. 6(1)(b) GDPR); legitimate interest in organising recruitment and selecting suitable candidates (Art. 6(1)(f) GDPR); similar legal bases under other applicable laws | Templafy HR team and hiring managers; other Templafy group entities involved in the role; external recruitment and HR service providers (such as applicant tracking systems, recruitment agencies and communication tools) acting on our behalf; IT and cloud service providers hosting our systems | For the duration of the recruitment process and, if you are not hired, for a limited period afterwards (generally up to 12 months, unless a shorter or longer period is required by applicable law or needed for legal claims) |
| Assessments and evaluation – using online assessments or similar tools for some roles | Candidates taking part in assessments | Assessment results, scores and related notes, limited to job-related criteria | Directly from you; from assessment tools | Where required: your consent (Art. 6(1)(a) GDPR); otherwise legitimate interest in evaluating candidates for specific roles (Art. 6(1)(f) GDPR). Where assessments may involve special categories of data, we rely on your explicit consent (Art. 9(2)(a) GDPR) or other applicable legal basis | Templafy HR and hiring managers; external assessment providers acting on our behalf; IT and cloud service providers supporting these tools | Stored as part of your recruitment file for as long as the relevant recruitment data is kept, unless a shorter retention period is required by law or by the provider’s own legal obligations. |
| Background screening (where applicable) – verifying information for specific roles where allowed by law | Candidates for roles requiring screening | Identification data, education and employment verification, sanctions screening and, where permitted by law, criminal records information | Directly from you; from background screening providers; from public records where permitted | Your consent (Art. 6(1)(a) GDPR) and, where applicable, Art. 10 GDPR and relevant local law provisions governing background checks; similar legal bases under other applicable laws | Templafy HR and Legal; external background screening providers acting on our behalf; public authorities or regulators where we are legally required to report | Kept only for as long as necessary to complete the screening, document our decision and comply with legal or regulatory requirements, and then retained for a limited period where needed for legal claims, generally aligned with the recruitment and claims-related retention described in this Notice |
| Talent pool and future opportunities – keeping your profile for roles that may arise in the futur | Candidates who choose to join our talent pool | Contact data, CV and other application documents, information about previous recruitment processes, your preferences regarding future roles | Directly from you | Your consent (Art. 6(1)(a) GDPR) and equivalent provisions under other applicable laws | Templafy HR and hiring managers; external recruitment platforms acting on our behalf; IT and cloud service providers hosting our systems | Up to 12 months from the date you join the talent pool (when you submit your CV), unless you withdraw your consent earlier;we may ask you to renew your consent for additional periods (for example another 12 months); after that, your data is deleted or anonymized, subject to any separate retention needed for legal claims |
| Recruitment analytics and process improvement – understanding and improving how we run recruitment (without automated decision-making that produces legal or similar effects) | All candidates | Aggregated and pseudonymised activity data, such as process stages, timestamps, interactions with our recruitment tools, technical logs | Derived from your use of our recruitment tools and internal systems | Legitimate interest in monitoring and improving recruitment, ensuring fairness and consistency, and maintaining secure and reliable systems (Art. 6(1)(f) GDPR) | Templafy HR, People and Legal teams; analytics and reporting tools acting on our behalf; IT and cloud service providers | Identifiable data used for analytics is kept only for a limited period after the relevant recruitment activities (typically up to 12–24 months, subject to local law); thereafter data is used only in aggregated or anonymised form where possible |
| Legal, compliance and claims handling – responding to complaints and defending legal claims | All candidates | “Minimal recruitment history record” (for example: internal candidate ID, job and location, dates and stages of the process, outcome, basic reasons for the decision, information about consents and withdrawals), correspondence relating to complaints or legal claims | Generated internally; from you; from courts, regulators or other authorities where applicable | Legitimate interest in establishing, exercising or defending legal claims and demonstrating non-discriminatory recruitment (Art. 6(1)(f) GDPR); compliance with legal obligations where applicable | Templafy Legal and relevant internal stakeholders; external legal advisers; courts, labour authorities and other public bodies where required; IT and cloud service providers supporting our systems | For the applicable limitation period for potential claims under relevant laws (typically up to 3 years, and up to 6 years in countries with longer statutory limitation periods), after which data is deleted or irreversibly anonymised |
| Security and system administration – protecting our systems and preventing misuse | All candidates using our online tools | Technical identifiers (IP address, device identifiers), login and access logs, security event | Automatically collected by our systems and service providers | Legitimate interest in ensuring the security, availability and integrity of our systems and protecting data (Art. 6(1)(f) GDPR); compliance with applicable security and record-keeping obligations | Templafy information security and operations teams; IT, security monitoring and cloud service providers acting on our behalf | Technical and security logs are retained for a proportionate period needed for security monitoring, troubleshooting and compliance (up to 12 months, unless a longer period is required by law or for investigating specific incidents), after which they are deleted or anonymised |
If you choose not to provide certain information that we reasonably need for recruitment, we may not be able to assess your application or move you forward in the recruitment process.
We do not retain personal information for longer than is necessary for the purposes described below or than is permitted under applicable law.
We do not intentionally request special categories of data (such as health, religion or ethnic origin) or information about criminal convictions unless this is required by law for a particular role. Please do not include such information in your application unless we specifically ask you to do so.
3. AI-assisted recruitment
Some of our recruitment tools use AI features to help us review and organise applications and to suggest potentially relevant candidates from our Talent Pool for a specific role (e.g., a limited set of suggested candidates). The AI may analyse information such as your CV/resume and application answers to generate summaries and recommendations.
Human decision-making and supervision: the AI does not automatically reject or hire candidates, it does not send interview invites or other selection outcomes, and does not make hiring decisions. Our recruiters and hiring managers always review the information and make the final decisions. In the EU/EEA, some of the AI features we use may qualify as a high-risk AI use case under the EU AI Act because it supports recruitment/selection activities.
No solely automated decisions (Article 22 GDPR): we do not make decisions about you that produce legal effects or similarly significant effects based solely on automated processing. Our recruiters and hiring managers always remain meaningfully involved and make the final decisions (e.g. who to contact, interview, shortlist, or reject) and are not required to follow AI suggestions. We may use automated processing to help evaluate candidate suitability for a role (this can constitute “profiling” under Article 4(4) GDPR).
4. Data Sharing
We share candidate personal data only with parties that support our recruitment processes, under strict confidentiality and data protection obligations, including:
- Templafy affiliates (group companies) listed in our Privacy Policy, when they are involved in the role you apply for;
- carefully selected service providers that support our recruitment processes (such as recruitment platforms, assessment tools, background screening providers and IT/cloud providers), all acting on our instructions.
Your data will be processed in the EU and may be disclosed to recipients in other countries outside the EU/EEA, the UK and Switzerland (for example the United States and Australia, and, if you are located in Australia, recipients in the EEA and the United States), and for such international transfers we rely on safeguards such as adequacy decisions (e.g. the EU-US Data Privacy Framework) and the EU/UK Standard Contractual Clauses, as described in our general Privacy Policy.
5. Your rights
Depending on the law applicable to you, you may have the right to:
- access your personal data,
- request rectification, deletion or restriction of processing,
- object to processing based on our legitimate interests ,including our use of limited recruitment history or profiling used to support recruitment (art. 21 GDPR),
- withdraw consent at any time (for example, for the talent pool), receive your data in a portable format,
- request information about the role of AI in decisions affecting your application (EU AI Act, Article 86).
- lodge a complaint with your local supervisory authority or other regulator.
In some locations, you may have additional rights. For example, under CCPA/CPRA (California) you have specific rights to know, access and delete your personal data, and we do not sell or share candidate personal data, where applicable. Under Australian law (APPs), you may request access to and correction of your personal information. To exercise your rights, contact us at privacy@templafy.com or at postal address listed in section 1 (“Data Controller”). If obu are participating in a process run via an external recruitment platform, you may also use tools provided in that platform to access or update your data.
Changes to this Notice
Templafy reserves the right to modify this Recruitment Privacy Notice. We will post any changes on this page and indicate the “Effective date” at the top. Please check this page regularly to stay up to date.