Organization Settings
You will find the details for GDPR automation under your Organization Settings. This is available only for Admin user roles.
The Organization Settings β GDPR tab will list the following options:
Privacy Policy URL
This is used with the GDPR automation flow. When sending out consent renewal requests, it's automatically added to the Candidate view. The candidate must always have the option to read your organization's privacy policy and how you process their data.
Default data processing consent request validity duration
By default, the data processing consent request link is valid for 7 days. This is how long the candidate can open the link from the sent email and accept or decline your request for processing consent.
Dispute months
By default, the dispute period is 12 months. This gives you the right to save candidate data and use them in case of a dispute resolution.
The data processing consent automation
The data processing consent automation
It can be turned on or off. When enabled, Teamdash's GDPR automation helps you acquire, manage, document, and monitor all your candidates' data processing consents. It works like this:
On the second Tuesday of every month, all your candidates without valid data processing consent get a "consent renewal request" email.
9 days later we purge your database of all candidate's data which we didn't get processing consent for.
A few days before sending out the renewal requests, you get a report - how many and which candidates are going to get renewal messages. You will always have the option to skip a month. The same goes with purging the database, you always get a notification beforehand and an option to skip. You will always have the final say in any actions.
For conformance with the GDPR, please follow these guidelines for the request message. For more information, consult your DPO, Teamdash support, or a lawyer.
List all kinds of data you might be processing (e.g. CV, contact info, etc)
Inform them that they can immediately decline consent from the link.
Inform that ignoring this message is assumed to be a non-consent.
Assure that declining this consent will not affect any pending candidacy.
As described here, you can manage your database manually too. When switching on the automation, Teamdash will automatically sort candidates by GDPR statuses matching dispute and invalid and by excluding already contacted candidates:
The above filtering example shows how Teamdash will automatically sort, send consent renewals, and gather profiles to anonymize each month.
GDPR contact email
This email is shown to candidates as the email address to contact for GDPR related questions and requests.
Consent renewal view content
This is the content that will be shown to candidates when they click on the consent renewal link. You can edit this content to better reflect your tone or legal language. If not set, the default message will be shown.
Default message:
You can add the text in four different languages: English, Estonian, Latvian, and Lithuanian. You can also set separate privacy policy URLs for different countries.
In addition to [privacy_policy_url]
, there are two other recommended merge tags:
[recruiter_name]
β when a recruiter sends out the consent request from a specific project, this tag will display the name of that recruiter in the message.[organization_name]
β this shows the name of the organization sending the message. If you're using the Teams functionality, it will use the name of the organization your team is part of.
Enable permanent delete
By default, candidate profiles are pseudonymized using a one-way cryptographic function. When they re-apply then their history (comments, projects) is restored. If you enable permanent deletion the candidate histories will not be restored.