Recruit customers are required to publish their own privacy notice in Recruit.
This document is intended for informative purposes only. It does not constitute legal advice regarding any privacy regulations or any other matter, and may not be used or relied on for such purposes.
The General Data Protection Regulation (GDPR) has been a huge change in digital privacy protection rights and obligations. It significantly expands the privacy rights of European Union residents while imposing many obligations on organizations that manage the personal data of European Union residents.
This is just one example of the many standards and legislations being passed across the globe in the interest of protecting the privacy rights of individuals.
Important concepts and compliance tools
Data subject – You must decide whether you wish to have privacy protections apply to all positions or only to positions in the EU or UK.
Privacy policy – Given the liabilities and potential financial penalties for non-compliance, we strongly urge you to revise your organization’s privacy policy following the privacy regulations. Once finalized, notify all candidates about your policy.
Data retention period – Specify your data retention period in Recruit and state it in your privacy policy. Retention period options are the time since applying or being added to the database, the time since the last activity taken with the candidate, or an additional retention period to which candidates consent.
Consent request – Recruit makes it easy to request candidate consent if you decide to do so. Request consent when candidates apply on your careers website or email consent requests to them. Candidates can subsequently withdraw their consent at any time.
Data removal (Pseudonymization) – Pseudonymization removes identifying information while keeping traces for reporting purposes. If a candidate is subsequently added or subsequently applies, their activity log can be restored.
Personal data delivery – Recruit enables you to easily send candidates their personal data if requested. You can specify in your Privacy settings which information will be sent.
Next steps
To prepare for complying with privacy regulations, please consider the following next steps:
1. Consult your legal resource
Consult your legal resource on how to leverage Recruit’s configuration options to best meet your obligations.
2. Define data subject scope
Define in your Privacy settings whether privacy protections should apply to all positions or only to positions in the EU and UK.
3. Choose a data retention period
Specify your data retention period in Recruit and state it in your privacy policy. Choose one of the following retention period options:
Retention time clocked from when a candidate applies or is added to the database
Retention time clocked since the last activity taken with the candidate
Retention time clocked since the candidate consented to an additional retention period (should you choose to request consent)
4. Review email templates
Review your rejection email templates and delete any statements regarding retaining candidate data. To modify email templates, click the three-dot menu > Restore default template.
5. Update privacy policy
Update your privacy policy to reflect your data retention period choice in Recruit. Your privacy policy should also address the following matters:
The identity and contact details of the company (and contact details for the company’s data protection officer, where applicable).
Any additional relevant information on the purpose and legal basis of data processing.
The steps candidates need to take to exercise their privacy rights to access, correct, and erase their data, and how they should contact you to exercise those rights.
How can candidates contact you to understand the source from which their data was obtained and then uploaded to Recruit.
The existence of automated decision-making regarding the candidate, and meaningful information about the logic used and the consequences for the candidate.
How you treat information about candidates who are minors.
Description of the recipients who may have access to the candidate’s data, as well as additional international data transfers.
6. Publicize privacy policy
Publish your company’s privacy policy on your website. Update your Privacy settings in Recruit with the link to the policy.
7. Notify candidates about your new privacy policy
Review the automated notice in Recruit that informs candidates about your privacy policy and their rights.
8. Request consent
If you wish to do so, Recruit allows you to automate the consent request process:
Enable the Request Consent option in your Privacy settings. Once enabled, candidates will be able to provide consent when applying on your careers website.
Review and revise the email templates to request consent.
Enable the email templates by setting the sending option to Send Automatically.
9. Enable data removal (pseudonymization)
If you decide to use the pseydonymization option, enable it in your Privacy settings and define which data should be deleted or retained.
10. Choose personal information to be delivered
In your Privacy settings, specify the information that will be sent to candidates if they request a copy of their personal data. Learn more
11. Automate data removal
📝 Note: If you decide to request consent, do not activate data removal immediately as you may want to give candidates time to respond before automating data removal.
Recruit can automate the removal of candidates’ data when the retention period ends. To enable automatic data removal, decide what Recruit should do when the data retention period ends. Under Data retention rules, select whether to delete or pseudonymize candidates automatically.
Have more questions? Contact us at recruit.support@sparkhire.com