Note: Managing GDPR functionality can only be performed by a user with Site Admin level permissions.
If you included a GDPR notice on your job post, all applicants who applied through that specific job post will see your company's GDPR information displayed. However, if candidates, prospects, or referrals were entered into your system without having applied through a job post, either through a referral process, being manually added to your account, or submitted through an agency, those individuals never had the opportunity to review your GDPR notification
In this article we will cover how to activate this feature for GDPR compliant offices, configure email templates and recipients, and provide a Greenhouse example of what the email could potentially look like. Before continuing, we advise that you speak with your legal counsel to draft the language of your email template to unwitting candidates, prospects, and referrals.
Activate Email GDPR Information to Candidates Feature for GDPR Compliant Offices
To activate the feature for GDPR compliant offices, click on the Configure tab from your Dashboard and navigate to the GDPR tab from the left-hand panel.
From the GDPR page, navigate to the Email GDPR Information to Candidates panel and click the toggle button so ON is displayed.
Any future configurations made to Email GDPR Information to Candidates will be applied to candidates for all GDPR compliant offices. Once activated, all referrals or candidates manually entered into your system for jobs associated with GDPR compliant offices will require that the individual have an email address.
Configure Email Template and Recipients
Click Configure Email Template to create the email that will be sent to selected individuals.
From the Edit Email Template page, input a name for the template, sender address, and subject heading for the email in the appropriate fields.
Draft language that will be automatically sent to candidates whose data you are collecting from other sources. You should seek the advice of your legal counsel to prepare this language as it applies to your business. A Greenhouse example of an Article 14 notification is provided below to serve as a starting point, but Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company
When you have finished, click Save.
If you navigate back to the GDPR page (Configure>GDPR) we can configure the candidate types who will receive this email.
Click Edit in the Email Recipients row.
From the same pane, you can select the types of candidates that should be emailed immediately with your organization's GDPR information after being added to your Greenhouse account.
When you have finished, click Save.
Selected candidate types will be emailed with your GDPR notification email template when they are entered into your system for all GDPR compliant offices.
Greenhouse GDPR Notice to Unwitting Prospects Example
Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. What follows is an example of an Article 14 notification. Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company
This email is to notify you that personal data about you has been collected by [CONTROLLER] (“Controller”), which is located at [ADDRESS] and can be contacted by emailing [EMAIL], because Controller wishes to evaluate your candidacy for employment at Controller. Your personal data was either obtained from publicly available sources (e.g. LinkedIn) or provided to Controller by someone who referred you for potential employment. Controller’s data protection officer is [DPO NAME], who can be contacted at [CONTACT INFORMATION]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data has been shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data has been transferred to the United States. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer was subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at firstname.lastname@example.org.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.