Greenhouse Recruiting allows for configuring one of two legal bases to retain candidate data in your account. You can edit your preferred legal basis at any time. We recommend consulting with your internal legal team to determine the best configuration for your organization.
Note: By default, Greenhouse Recruiting supports legitimate interest or contract or contract as your organization's legal basis.
Edit legal basis
To edit the legal basis for your organization's GDPR configuration, click Configure on your navigation bar, then select Privacy & Compliance on the left.
Click Configure beside General Data Protection Regulation (GDPR).
Navigate to the Legal Basis panel and click Configure.
Click the button to the left of either Legitimate Interest or Explicit Consent and click Save when finished.
A dialog box will ask you to confirm the change. Click Change Legal Basis.
Note: In compliance with GDPR, you may need to provide an email address when you manually add a candidate. This applies if the following is true:
- You select the explicit consent legal basis and have a data retention rule enabled for the job the candidate is applying to; or
- You select the legitimate interest or contract or contract legal basis and have a data collection rule enabled for the job the candidate is applying to.
Impact of explicit consent on GDPR configuration
When Explicit Consent is used as the legal basis for your organization's GDPR configuration, a question that requests consent will be automatically appended to existing and new job posts for offices with a data retention rule.
Note: This automatically appended question is non-editable. Greenhouse Recruiting will use the {{COMPANY}}
token and the {{CANDIDATE_RETENTION_TIMER}}
token for the office associated with the job.
Additionally, an email requesting permission to collect, store, and process candidate data will be automatically sent to anyone under a data retention rule that does not enter approve or deny consent through their job post application.
You can also manually request consent from any pre-existing candidate and / or prospect who has yet to provide consent to have their data collected, stored, and processed. Check out the links below to learn more:
Impact of legitimate interest or contract or contract on GDPR configuration
When legitimate interest or contract or contract is used as the legal basis for your organization's GDPR configuration, you'll lose Greenhouse Recruiting's built-in consent request functionality.
Since collecting consent is not the legal basis of your GDPR configuration, your organization can customize organizational data collection email rules and email templates to automatically email a GDPR notification to candidates and / or prospects who entered your system without having applied to a job post.