Privacy policy

Data controller

The data controller is Rett Bemanning AS (organisation number 935166829), Bogstadveien 27b, 0355 Oslo, Norway.

"TeamsUp" is a product operated by Rett Bemanning AS; references to TeamsUp in this policy describe services provided by Rett Bemanning AS.

For any privacy-related questions or to exercise your rights, contact us at .

Scope of this policy

This policy covers personal data we process through the teamsup.no website and through the TeamsUp mobile application for iOS and Android.

Where the website and the application differ, each section explains which one it applies to.

What we collect on the website

When you submit the interest form on teamsup.no we store the information you provide: your email address, your name, an optional phone number, whether you identify as an employer or a job-seeker, and — if you identify as an employer — the name of your business.

Our server also records technical metadata with each submission: the IP address the request was made from, the browser user-agent string and a timestamp. This metadata is used only to prevent abuse and duplicate submissions.

The interest list is stored in a self-administered SQLite database on a server we host within the EEA. The list is deleted when the TeamsUp application launches. Contacts we have actively engaged in pre-launch communication are only migrated to continued correspondence on the basis of fresh, explicit consent.

The website sets no tracking cookies and uses no third-party analytics.

What we collect in the app

Job-seekers. When you create a job-seeker account in the TeamsUp application we collect: first name, last name, email address, phone number, date of birth, a profile photo, your city or region (selected from a predefined list — no GPS location), your skills and availability, an introductory text about yourself, and a one-way hash of your password.

Employers. When you create an employer account we collect: company name, Norwegian organisation number, the contact person's name, email address and phone number, the information you add to your business profile, and the job listings you publish together with their search criteria.

Authentication. We offer sign-in with email and password; on iOS we additionally support Sign in with Apple. Passwords are stored using a strong one-way hash — we never store the plain-text password.

We do not require identity-document verification at launch.

How data is shared inside the app

Job-seeker profiles are only shown to employers when the job-seeker has marked themselves as actively looking for work and the profile matches the search criteria on a specific job listing.

Before a match, an employer sees only the job-seeker's first name, photo, city, skills, introductory text and general availability. Last name, contact details and date of birth are not shown.

All communication prior to a match takes place through in-app messaging. When both parties confirm a match, contact information is shared between them so they can continue the conversation outside the application.

Job-seekers do not browse employers. When an employer initiates contact, the job-seeker sees the related job listing, the employer's business profile and the name and photo of the person representing the employer.

Profiles are not publicly indexable — they are accessible only inside the authenticated application. Employers cannot export or download lists of job-seekers.

Employers can filter candidates only by skills, location and availability. Filtering by age, gender, nationality or other protected characteristics is not supported.

Device permissions

The application asks for the following device permissions, and only at the moment they are needed to perform an action you have chosen to take:

Camera and photo library — when you upload or change a profile photo or business logo.

Notifications — so that we can alert you to new messages, match requests and other events you expect the application to notify you about.

The application does not use GPS or precise location; you enter your city or region manually. The application does not request access to your contacts, microphone or biometric data.

Purpose and legal basis

Website interest list — legal basis: legitimate interest (GDPR art. 6(1)(f)) in building a list of people interested in being informed at launch. You can object to this processing at any time by contacting us at .

Application accounts and matchmaking — legal basis: performance of the contract between you and Rett Bemanning AS to provide the TeamsUp service (GDPR art. 6(1)(b)).

Security, abuse prevention and service integrity — legal basis: legitimate interest (GDPR art. 6(1)(f)) in keeping the service safe for everyone.

Marketing messages — legal basis: your explicit, freely given consent (GDPR art. 6(1)(a)). You can withdraw your consent at any time; every marketing message includes an unsubscribe link.

How matching works

Matching in the TeamsUp application is a deterministic filter: employer job listings specify required skills, location and availability, and the application shows job-seekers whose profile matches all three criteria. There is no ranking algorithm, no behavioural scoring and no machine-learning component.

An employer still has to review each profile manually and decide whether to make contact. No decision with legal or similarly significant effect on you is made solely by automated means (GDPR art. 22).

How long we keep data

Interest list: deleted when the TeamsUp application launches, as described above. Until then, you can ask us to remove you at any time.

Job-seeker accounts: kept until you delete the account. Inactive accounts are erased automatically after 24 months of inactivity; we send a warning email 30 days before an automatic deletion.

Employer accounts: kept until the account is deleted. After deletion we may retain a limited amount of business information (company name, organisation number and the name of the representative) for conflict resolution for a limited period. Accounting records relating to invoices are processed separately and retained for the period required by Norwegian law.

In-app messages: retained for the lifetime of the participating accounts. See "Deleting your account" below for what happens when one party deletes their account.

Job listings: archived when closed, and deleted when the associated employer account is deleted.

Matches: linked to the accounts involved and deleted when those accounts are deleted.

Backups: we keep rolling backups for up to 30 days; deleted data is fully gone from backups within 30 days of deletion.

Deleting your account

You can delete your TeamsUp account directly from the application's settings. After you confirm, a 30-day grace period begins; during this period you can cancel the deletion by signing in again.

After the grace period, your profile, uploaded photos and other personal data are permanently erased from our live systems and purged from backups within an additional 30 days.

Messages you have sent to other users are retained in the recipient's conversation history so that their record of the conversation is not broken. Your name and photo are replaced with a "Deleted user" placeholder. Because the message body was written by you, we cannot automatically remove personal information you may have included inside a message — for this reason our Terms of Use ask you not to share personal or sensitive details in chat messages.

Third parties and data processors

We operate both the website and the application backend on cloud infrastructure located within the EEA, and we use a limited number of data processors — for email delivery, object storage (such as uploaded photos) and push-notification delivery — also located within the EEA.

Push notifications are delivered through Apple Push Notification service and Firebase Cloud Messaging, which are operated by Apple Inc. and Google LLC respectively as part of their platform services. Their handling of the data they receive is governed by their own privacy notices.

We do not use advertising SDKs, and we do not share your personal data with third parties for advertising or marketing purposes.

International transfers

All personal data is processed within the European Economic Area (EEA), with the exception of push-notification delivery via Apple Push Notification service and Firebase Cloud Messaging as described above. Those transfers are covered by the respective platform providers' standard contractual clauses and applicable adequacy decisions.

Security

We apply appropriate technical and organisational measures, including encrypted transport (TLS), encrypted storage at rest, strong one-way password hashing, access to production data restricted on a need-to-know basis, and routine backups.

If a personal data breach occurs, we notify the Norwegian Data Protection Authority (Datatilsynet) within 72 hours where required by GDPR art. 33, and notify affected users directly where the breach poses a high risk to their rights and freedoms (GDPR art. 34).

Your rights

Under the General Data Protection Regulation (GDPR) you have the right to access the personal data we hold about you, to have incorrect data corrected, to have your data deleted, to restrict or object to our processing, and to receive a machine-readable copy of the data you have provided us (data portability).

You can update your profile directly in the application, and you can delete your account from the application's settings. For any other request — including access, portability and objection — contact us at . We will respond within 30 days.

If you believe we process your data unlawfully you can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no).

Children

TeamsUp is not intended for persons under the age of 18. We collect date of birth at account creation specifically to prevent minors from creating an account. If you become aware that a person under 18 has created an account, please contact us at and we will erase it.

Sensitive information in free-text fields

The introductory text, skills description and chat messages are free-text fields you fill in yourself. Please do not enter special categories of personal data — such as information about health, religion, political opinions, trade-union membership, sexual orientation, ethnicity or criminal record — in these fields. Our Terms of Use prohibit doing so. We do not automatically scan message content; human review happens only when content is reported for abuse.

Changes to this policy

We may update this policy to reflect changes to the service or to applicable law. When we make material changes we update the "last updated" date at the top of this page and, where the change affects you materially, notify you in the application or by email.

Contact

Questions about this policy or requests to exercise your rights can be sent to .

Rett Bemanning AS, Bogstadveien 27b, 0355 Oslo, Norway.