This document is intended for informative purposes only. It does not constitute legal advice regarding any privacy regulations or any other matter, and may not be used or relied on for such purposes.
The General Data Protection Regulation (GDPR) has been a huge change in digital privacy protection rights and obligations. It significantly expands the privacy rights of European Union residents while imposing many obligations on organizations that manage personal data of European Union residents.
This is only one example of the many standards and legislature being passed across the globe in the interest of protecting the privacy rights of individuals.
See How Comeet Makes Compliance Easier
Important Concepts and Compliance Tools
Data subject – You must decide whether you wish to have privacy protections apply to all positions or only to positions in the EU or UK. Learn more
Consent request – Comeet makes it easy to request candidate consent if you decide to do so. Request consent when candidates apply on your careers page or email consent requests to them. Candidates can subsequently withdraw their consent at any time. Learn more
Data removal (Pseudonymization) – Pseudonymization removes identifying information while keeping traces for reporting purposes. If a candidate is subsequently added or subsequently applies, their activity log can be restored. Learn more
Personal data delivery – Comeet enables you to easily send candidates their personal data if requested. You can specify in your Privacy settings which information will be sent. Learn more
Your Next Steps
To prepare for complying with privacy regulations, please consider the following next steps:
1. Consult your legal resource
Consult your legal resource on how to leverage Comeet’s configuration options to best meet your obligations.
2. Define data subject scope
Define in your Privacy settings whether privacy protections should apply to all positions or only to positions in the EU and UK. Learn more
3. Choose data retention period
Retention time clocked from when a candidate applies or is added to the database
Retention time clocked since the last activity taken with the candidate
Retention time clocked since the candidate consented to an additional retention period (should you choose to request consent)
4. Review email templates
Review your rejection email templates and delete any statements regarding retaining candidate data. To modify email templates in Comeet, click More > Restore system template. Revise as needed.
The identity and contact details of the company (and contact details for the company’s data protection officer, where applicable).
Any additional relevant information on the purpose and legal basis of data processing.
The steps candidates need to take to exercise their privacy rights to access, correct and erase their data, and how they should contact you to exercise those rights.
How candidates can contact you to understand the source from which their data was obtained and then uploaded to Comeet.
The existence of automated decision-making regarding the candidate, and meaningful information about the logic used and consequences for the candidate.
How you treat information about candidates who are minors.
Description of the recipients who may have access to the candidate’s data, as well as additional international data transfers.
8. Request consent
If you wish to do so, Comeet allows you to automate the consent request process:
Enable the Request Consent option in your Privacy settings. Once enabled, candidates will be able to provide consent when applying on your careers website.
Review and revise the email templates to request consent.
Enable the email templates by setting the sending option to Send Automatically.
9. Enable data removal (pseudonymization)
If you decide to use the pseydonymization option, enable it in your Privacy settings and define which data should be deleted or retained.
10. Choose personal information to be delivered
In your Privacy settings, specify the information that will be sent to candidates if they request a copy of their personal data. Learn more
11. Automate data removal
Note: If you decide to request consent, do not activate data removal immediately as you may want to give candidates time to respond before automating data removal.
Comeet can automate removal of candidates’ data when the retention period ends. To enable automatic data removal, decide what Comeet should do when the data retention period ends. Under Data Retention, select whether to delete or pseudonymize candidates automatically. Learn more
Have more questions? Contact us at email@example.com