Companies are required to provide a variety of details at the time data is requested (e.g. when a candidate applies to a job), including why they are requesting certain information, how long it will be stored, where it will be sent, and the safeguards in place relating to transfer. You can provide the required GDPR notification on job posts as a custom question. In this article we will cover how to:


Configure GDPR Information on Existing Job Post

To disclose GDPR information on an existing job post via a custom question click All Jobs on the navigation bar and select a job from the subsequent list.


Click the Job Setup tab and navigate to Job Posts on the left-hand panel. 


From the Job Posts page, click Edit edit.png inline with a specific job post. 


From the Edit Your Job Post page, navigate to the Custom Application Questions header and click Add Custom Question.


Use the subsequent dialog box, input a title in the Question field and disclose GDPR information in the Description field. 

Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. A Greenhouse example of an Article 13 notification is provided below to serve as a starting point, but Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company

Select Single select from the Answer type drop-down menu and input a statement of acknowledgement in the Options field.

Additionally, click the checkbox to make the question Required.

When you have finished, click Add.


When you have finished, click Preview to review the GDPR disclosure on the job post. Click Save to confirm the change.

All applicants applying through the job post must acknowledge the GDPR notice before they can successfully submit their application.


Greenhouse GDPR Notice on Job Post Example

Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. What follows is an example of an Article 13 notification. Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company.

When you apply to a job on this site, the personal data contained in your application will be collected by [CONTROLLER] (“Controller”), which is located at [ADDRESS] and can be contacted by emailing [EMAIL]. Controller’s data protection officer is [DPO NAME], who can be contacted at [CONTACT INFORMATION]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at example@yourcompany.com

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.