Disclose GDPR Information on prospect form in Greenhouse Events


Companies are required to provide a variety of details at the time data is requested (for example, when a prospect submits their information at a career fair), including why they are requesting certain information, how long it will be stored, where it will be sent, and the safeguards in place relating to transfer. Using Greenhouse's Events app, you can provide the required GDPR notification on the prospect form as a custom question.

In this article, we will cover how to add a GDPR notification to a pre-existing Events' prospect form and provide you with an example of what the notification could potentially look like.


Add GDPR Information on Prospect Form

To add GDPR Information to an Open or Planned Event, click the ellipsis ellipsis.png on the navigation bar and select CRM from the dropdown menu.


Navigate to the Events panel, and click the ellipse ellipsis.png inline with an Event. Click Edit Event from the dropdown menu.

Note: If you do not see the Event you are looking for, click See All and choose the Event from the subsequent list.


On the Editing Details page, navigate to the Prospect Info Form panel and click Add a Question.


Use the Edit a Custom Question dialog box to input your organization's GDPR information in the What is your question? field. Select Multi select from the Answer type drop-down menu and input a statement of acknowledgement in the Options field. 

Select Required.


When you have finished, click Add Custom Question.

Your organization's GDPR information will be added to the prospect form. Navigate down the Editing Details page and click Update Event to confirm the change.


Greenhouse GDPR Notice on Prospect Form Example

Note: You should seek the advice of your legal counsel to prepare this language as it applies to your business. What follows is an example of an Article 13 notification. Greenhouse cannot guarantee that this language will ensure GDPR compliance for your company.

When you apply to a job on this site, the personal data contained in your application will be collected by [CONTROLLER] (“Controller”), which is located at [ADDRESS] and can be contacted by emailing [EMAIL]. Controller’s data protection officer is [DPO NAME], who can be contacted at [CONTACT INFORMATION]. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at example@yourcompany.com

Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.