Find out how to manage your Data Protection and Data Retention functionality in the Manage tool
Check out this video for managing your Data Protection preferences in your ATS, or read on for a step-by-step guide:
Accessing the Data Protection section
The 'Data Protection' section in Manage is found under the 'Platform Configuration' dropdown:
You will be presented with this page:
You have 3 sections in the top-left corner:
- User Opt-Ins (the page defaults to this setting)
- Data Retention
- Emails for Importing Candidates
More on each of these sections throughout this article.
User Opt-Ins
At the top of the page, you will see details on password set up:
This is used when you wish to change how a user sets up a password when accessing the ATS. You can force them to include digits, mixed casing and/or special characters, and determine how long their password should be.
Further down the page are Usage Terms and Communication Opt-Ins:
This relates to your Terms and Conditions, Privacy Policy and Cookie Consent policies. You can choose when they are presented to a candidate signing up to the ATS.
You can also edit the text that is presented to new candidate when they register on the ATS. Simply click on the blue hyperlink 'Edit text' on the left-hand side.
Please note - this is not where the content of the Terms and Conditions etc. is held. That content is held at the bottom of the page.
Further down the page, you are presented with Opt-In permissions for candidates:
This relates to the communications permissions that your candidates are able to opt in to if they choose, i.e.
- Job Matching (they are happy to receive automatic alerts about appropriate jobs)
- Suggest profile to recruiters (they are happy to be contacted by other recruiters in your organisation, about other opportunities)
- Recruiter to contact for new opportunities (they are happy to be contacted relating to other roles you feel might be of interest to them)
- Application SMS updates (they want to receive SMS updates relating to their application)
- General SMS Updates (they are happy to receive SMS updates relating to the rest of the organisation)
You are able to edit the text of any of these preferences by clicking on the blue hyperlink 'Edit text' on the left-hand side of the page.
Please note - it is good practice to add in your organisation's name to each of these preferences. If they are left as the default text, they state [insert company name] or recruiters in each of the fields.
If left as 'recruiters', your candidates may be under the impression that their details might be sold onto external 3rd parties, and so may not opt in to the preferences at all.
If the fields display your organisation name, your candidates can be better informed about the preferences they are opting into.
On the right-hand side of the page, you can decide when these preferences will be triggered. You may wish to have them triggered at the point of registration or as a candidate is signing up to your ATS:
You can also choose to automatically opt your candidates in to the communication preferences if you wish:
Please note - due to GDPR rules and regulations, it is best practice to consult your legal team if you wish to activate this option.
If you do choose this option, please ensure you have the authorisation of your legal team and all appropriate colleagues, before you select the tickboxes.
Finally, you can also decide which preferences you might wish to recommend to candidates, and also if you would like these preferences to display on a candidate's profile within the ATS:
At the bottom of the page, you can edit and add in text relating to your Terms and Conditions, Privacy Policy and Cookie Policy. You can also include separate Terms and Conditions for your internal users ('Recruiters Terms and Conditions') - this is used if you would like your internal users to agree to terms of usage as and when they become ATS users.
Data Retention
Within the Data Retention section (choose 'Data Retention' from top left-hand corner of page), you will be presented with your Deletion Request Settings:
If a candidate has requested that their details are deleted from your platform, emails are sent out to the candidate as detailed here.
Candidates will receive a 'Grace period' email (i.e. to advise that their details will be deleted in a specific number of days), and also a 'Final account Deletion Warning', prior to the account being deleted.
You can specify how many days in this section here.
You can also edit the email text that is sent out to the candidate as well.
Further down the page, you can see an area to input email addresses for third parties, relating to account deletion.
This relates to any integrations you have set up that might need to be notified if candidates have requested account deletion.
Further down the page, you are presented with your Default Deletion Settings:
In this section, you can determine if you wish to completely delete the candidate and all data related to them, or you can anonymise the candidate instead. Options given for anonymising the candidate include:
All data will be anonymised unless checked. Any checked fields will remain visible in reporting and the ATS.
You are able to choose if the checked fields also relate to Internal or External candidates.
Underneath this, you can also determine Idle Account Deletion Settings.
In this section you can choose if you would like Idle Account Deletion to be enabled by ticking this box:
You can then determine how many days you might allow candidates to be idle within your database before they are deleted:
The example above shows that
- A first warning email would be sent after 182 days of the candidate's account being idle
- A second warning email would be sent after 196 days of the candidate's account being idle
- Accounts will be deleted after 205 days of a candidate's account being idle.
You can add in any number of days into these boxes.
If you are entering details into these boxes for the first time, any candidates who have been in your platform for longer than the specified number of days, will be deleted automatically.
However, it will not happen instantly.
- If you have input date periods for the first and second warning emails, the candidate will receive both of those emails on the day that you input time periods into the system
- Their data will then be deleted/anonymised (as per your requirements), the number of days afterwards that you have specified in the system.
- For example:
- First warning email set to be sent at 100 days
- Second warning email set to be sent at 120 days
- Both of these emails sent on the same day
- Deletion/Anonymisation set to 140 days - account will be deleted 20 days after the date periods are initially set in the system
- following the same 20 day period between the second warning email being sent and the action occurring.
Please note - we recommend that you seek advice from your legal team here, on what time periods to include.
You may have specific time periods you need to adhere to as an organisation, in relation to GDPR.
You can choose to delete or anonymise the data held on a candidate, and again, if you prefer to have different options for Internal and External candidates, you can do so here.
If you wish to edit the emails that are sent out to candidates, you can do so underneath:
Once happy with your Default Deletion Settings, click here:
If you wish to create custom location settings for the information on this page, you can do so by selecting a country from the dropdown list at the bottom of the page:
Emails for Importing Candidates
The final section within the Data Protection page, is the 'Emails for Importing Candidates' in the top left-hand corner of the page. You will be presented with these emails:
Here, you can edit the emails that are sent out to
- Passive Candidates
- Agency Candidates
- Broadbean Imports (if you are using Broadbean)
All of these emails are triggered when a candidate is created or imported into your ATS. The email is sent automatically to the candidate and explains the reason they have been contacted.
All candidates have the right to remove their details from your platform, and so a link is given for them to remove themselves if required.