Permissions: Site Admin, and Job Admin who can create, edit, and delete job posts

Product tier: Available for all subscription tiers

With GDPR, companies are required to provide a variety of details at the time data is requested (for example, when a candidate applies to a job), including why you are requesting certain information, how long it will be stored, where it will be sent, and any safeguards in place relating to the transfer of data. You can provide the required GDPR notification on job posts as a custom application question.

Configure GDPR information on an existing job post

To disclose GDPR information on an existing job post, click Jobs on your navigation bar and select a job from the subsequent list.

Click the Job Setup tab, then select Job Posts on the left.

From the Job Posts page, click Edit beside a specific job post.

Scroll to the Custom Application Questions and click Add Custom Question.

Use the subsequent box to input a title in the Question field and disclose your GDPR information in the Description field.

Note: You should seek the advice of your legal counsel to configure the GDPR notification text as it applies to your business. A Greenhouse Recruiting example of an Article 13 notification is provided below to serve as a starting point, but Greenhouse Software cannot guarantee that this text will ensure GDPR compliance for your company.

Select Single select from the Answer type drop-down menu, and input a statement of acknowledgement in the Options field.

Additionally, click the checkbox to make the question Required.

When you have finished, click Save.

When you have finished, click Preview to review the GDPR disclosure on the job post.

Click Save to confirm the change.

All applicants applying through the job post must acknowledge the GDPR notice before they can successfully submit their application.

Greenhouse Recruiting GDPR notice example

Note: You should seek the advice of your legal counsel to prepare your GDPR notification text as it applies to your specific business. What follows below is an example of an Article 13 notification. Greenhouse Recruiting cannot guarantee that this text will ensure GDPR compliance for your company.

Example: When you apply to a job on this site, the personal data contained in your application will be collected by [CONTROLLER] (“Controller”), which is located at [ADDRESS] and can be contacted by emailing [EMAIL]. Controller’s data protection officer is [DPO NAME], who can be contacted at [CONTACT INFORMATION]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.