How can we help you?

Email GDPR Information to Candidates

site_admin_all.png

If you included a GDPR notice on your job post, all applicants who applied through that specific job post will see your company's GDPR information displayed. However, if candidates, prospects, or referrals were entered into your system without having applied through a job post, either through a referral process, being manually added to your account, or submitted through an agency, those individuals never had the opportunity to review your GDPR notification.

By configuring data collection email rules, your organization can automatically email a GDPR notification to candidates and/or prospects who entered into your system without having applied to a job post. These rules can be configured on a per-office basis. In this article, we will cover: 

Note: Before continuing, we strongly advise that you speak with your legal counsel to draft the language of your email template to unwitting candidates, prospects, and referrals. 

To start, click the Configure icon configure.png in the upper right-hand corner and navigate to GDPR on the left-hand panel.

Screen_Shot_2019-10-21_at_12.12.29_PM.png

 

Add Data Collection Email Rule

From the GDPR page, navigate to the Data Collection Email Rules panel and click Add a Rule.

Screen_Shot_2019-10-21_at_1.14.08_PM.png

Use the panel to select the Offices that will be impacted by the rule and the recipients of the GDPR notification email. 

Click Save when finished.

Screen_Shot_2019-10-21_at_1.37.17_PM.png

Candidates and/or prospects who are added to your system for the selected offices and match the configured recipient criteria will receive your organization's GDPR notification. 

Note: Users who added a candidate/prospect that match the criteria you have specified in your rule will need to provide an email address for the candidate and/or prospect.

Screen_Shot_2019-10-21_at_2.37.21_PM.png

Repeat as necessary for other offices.

Screen_Shot_2019-10-21_at_1.41.57_PM.png 

 

Configure GDPR Email Template 

From the Data Collection Email Rules panel, click Configure GDPR Email Template to create the email that will be sent to selected individuals.   

Screen_Shot_2019-10-21_at_1.48.34_PM.png

From the Edit Email Template page, input a name for the template, sender address, and subject heading for the email in the appropriate fields.

5.jpg

Draft language that will be automatically sent to candidates whose data you are collecting from other sources.

Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. A Greenhouse example of an Article 14 notification is provided below to serve as a starting point, but Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company.

When you have finished, click Save.

6.jpg

 

Greenhouse GDPR Notice to Unwitting Prospects Example

Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. What follows is an example of an Article 14 notification. Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company

This email is to notify you that personal data about you has been collected by [CONTROLLER] (“Controller”), which is located at [ADDRESS] and can be contacted by emailing [EMAIL], because Controller wishes to evaluate your candidacy for employment at Controller. Your personal data was either obtained from publicly available sources (e.g. LinkedIn) or provided to Controller by someone who referred you for potential employment. Controller’s data protection officer is [DPO NAME], who can be contacted at [CONTACT INFORMATION]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data has been shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data has been transferred to the United States. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer was subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at example@yourcompany.com

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.