When your candidates submit their job applications or connect with your company you collect their permission to process their personal data. When a candidate is sourced or referred into the system, you can also collect their permission to do so. How these permissions are collected depends on your configuration of the Collect permissions settings.
In this article we will go through the Manage permissions setting where you decide how to manage your collected permissions over time.
You will learn how to manage candidates permission by:
Specifying the validation time for a candidate's permission for you to keep their data
Control whether an automatic permission renewal request will be sent out when the permission expires
Edit the message being sent along with your permission renewal request
Validation time of collected permissions
For how long are you planning to keep your candidates' information?
Deicide after how long their permission will expire by selecting one of the options in the drop-down menu:
Once this time has passed, the candidates' privacy status will be updated to Permission expired, and you might want to extend that permission. You can make sure the system sends Automatic permission renewal request. For this, you have two approaches to choose between: 1) Opt-out, or 2) Opt-in.
Option 1. Ask your candidates to Opt-out
Once a candidate's permission has expired, you can choose to provide them with information regarding your processing of their data, and with that also give them the option to opt out.
This means the candidate is asked to let you know if they no longer want to be a part of your candidate pool by submitting a removal request. If such a request isn't done, the candidates' permission will automatically be extended for the validation time configured above.
We automatically give you an email template for the opt-out message, but be sure to review it to ensure it aligns with your company's preferences for wording your opt-in message. Click 'Edit email template' to review and update the email.
The opt-out email received by the candidate looks like this. You see the Remove my data section at the bottom of the email ↓
Option 2. Ask your candidates to Opt-in
Once a candidate's permission has expired, you can choose to provide them with information regarding your processing of their data along with a request to actively extend their permission by opting in.
This means the candidate has to give new permission for you to keep storing their data. When given, the permission will be extended for the validation time configured above. If the permission isn't extended, the candidate will remain marked with Permission expired until the candidate gives permission, requests to be removed, or you delete them from your system.
We automatically give you an email template for the opt-in message, but be sure to review it to ensure it aligns with your company's preferences for wording your opt-in message. Click 'Edit email template' to review and update the email.
The opt-out email received by the candidate looks like this. You see the Extend section at the bottom of the email ↓
When is the Opt-in email sent?
The opt-in email is sent one week before the expiry date.
Let's say you've decided to store your candidate's data for 12 months, the email will be sent one week before the 12 months have passed. After the 12 months have passed, and no new permission is collected, the candidate will be marked with Permission expired.
Permission statuses and warnings
The status of whether a candidate has given or not given permission can be found in the Data & privacy center for candidates. If a candidate does not have valid permission, a warning will be displayed in their profile.
Read more about the different privacy statuses in this article.
Keywords: GDPR, Data protection, data & privacy