Skip to main content

Manage collected permissions

Learn how to manage candidates permissions by configuring their validation time and renewal requests

Evelina Lundmarck avatar
Written by Evelina Lundmarck
Updated this week

When your candidates submit their job applications or connect with your company, you collect their permission to process their personal data. When a candidate is sourced or referred into the system, you can also collect their permission to do so.

How these permissions are collected depends on your configuration of the Collect permissions settings.

In this article, we’ll walk through the Manage permissions settings, where you decide how to handle collected permissions over time. This includes:

  • Specifying how long a candidate’s permission is valid for you to keep their data

  • Controlling whether an automatic renewal request is sent when the permission expires

  • Editing the message that follows your email permission renewal requests

Already storing candidates in your account before configuring the permission settings? Make sure you first learn how to collect and manage their permissions before continuing.

Set validation time for collected permission

Decide how long you plan to keep candidate information by selecting the desired expiration period from the drop-down menu.

Once this time has passed, the candidate’s privacy status will be updated to Permission expired. At that point, you can extend their permission using one of the following options:

Send permission requests manually

By default, automatic permission requests are disabled. This means that once a candidate’s permission expires, the system will tag them as Permission expired, and your designated Privacy managers will be notified.

To extend permissions, you can manually send an opt-in or opt-out permission request email using bulk select in the candidate bank.

Send permission requests automatically

You can set up permission requests to be sent out automatically once a candidate's permission expires. For these emails, you have two options:

Opt-out email

This email provides the candidate with information regarding your processing of their data and the option to opt out.

This means the candidate is asked to let you know if they no longer want to be a part of your candidate pool by submitting a removal request. If such a request isn't done, the candidates' permission will automatically be extended for the validation time configured above.

We automatically give you an email template for the opt-out email, but be sure to review it to ensure it aligns with your company's preferences for wording your opt-out email. Click Edit email template to review and update the email.

The opt-out email received by the candidate looks like this. You see the Remove my data section at the bottom of the email ↓

Opt-in email

This email provides the candidate with information regarding your processing of their data, along with a request to actively extend their permission by opting in.

This means the candidate has to give new permission for you to keep storing their data. When given, the permission will be extended for the validation time configured above. If the permission isn't extended, the candidate will remain marked with Permission expired until the candidate gives permission, requests to be removed, or you delete them from your system.

We automatically give you an email template for the opt-in message, but be sure to review it to ensure it aligns with your company's preferences for wording your opt-in email. Click 'Edit email template' to review and update the email.

The opt-out email received by the candidate looks like this. You see the Give permission button in the email ↓

When is the Opt-in email sent?

The opt-in email is sent one week before the permission expires.

Let's say you've decided to store your candidate's data for 12 months, the email will be sent one week before the 12 months have passed. After the 12 months have passed, and no new permission is collected, the candidate will be marked with Permission expired.

Permission statuses and warnings

The status of whether a candidate has given or not given permission can be found in the Data & privacy center for candidates. If a candidate does not have valid permission, a warning will be displayed in their profile in the action bar.


Read more about the different privacy statuses in this article.


Keywords: GDPR, Data protection, data & privacy

Did this answer your question?