Prescreen supports you in making your recruiting process GDPR-compliant. For more information on the topic of GDPR in the context of recruitment, we recommend reading the article "DSGVO & Recruiting – Fragen & Antworten" (German only) from April 2018 in our HR magazine (incl. whitepaper and webinar download).

---

Table of contents

1. How do you use Prescreen to ensure your applicant data is compliant with the GDPR?

1.1 Purpose limitation and storage limitation

1.1.1 Erase function when applying for a specific job ad

1.1.2 Storage of data for potential job offers

1.2 Data minimization 

1.3 Transparency

1.4 Accuracy

1.5 Request for erasure

1.5.1 Requesting your right to erasure as a candidate 

1.5.2 Requesting your right to erasure as a recruiter

1.5.3 Effects of the request for erasure

1.5.4 Final automatic erasure

1.5.5 Withdrawing the request for erasure

1.5.6 Communication in the context of the request for erasure

2. Privacy notice / data protection declaration for candidates and data protection contact of your company

3. How does Prescreen process your company data?

---

1. How do you use Prescreen to ensure your applicant data is compliant with the GDPR?

How to include the most important GDPR principles in your recruitment process using Prescreen.

---

1.1 Purpose limitation and storage limitation

Data may only be stored and processed for a specific, clear and legitimate purpose. In the context of a recruitment process, Prescreen distinguishes between two cases of data storage:

1. application to a specific job ad and
2. storage of data for potential job offers.

The storage period for personal data should be limited to the absolutely necessary minimum and expire when the purpose of the data storage is fulfilled. 

In the "Privacy & Data Processing" administration area, you have the option of including the management of your applicant data for both purposes.

---

1.1.1 Erase function when applying for a specific job ad

That means that if an application has received either the status of "Hired", "Rejected" or "Rejected by candidates", the candidate should be deleted after the individually defined deletion period. For applicant profiles that have not been assigned one of these statuses, the deletion period begins after the last change in the profile.

We recommend you choose the following administrative options:

• Automatic erasure of data once the recruitment process is completed. This way you won’t miss any deadlines for erasing and also won’t have to erase candidates’ profiles manually. 
• You don’t want to lose track of good candidates and be allowed to contact them in case of further suitable job offers? Activate the notification email to be sent out to candidates two weeks before the deadline for erasing. This email gives candidates the chance to agree to longer data storage as well as to have their data erased directly. Alternatively, you can send this invitation to desired candidates individually in the candidate’s profile, or to several candidates in the candidate list at the same time.

---

1.1.2 Storage of data for potential job offers

If you want to keep storing candidates in your candidate pool not in relation to a specific application, but as interested parties for potential job offers, you must specify a set data storage period. To do this, Prescreen gives you the following options:

• Activate the checkbox for extended data retention when you are recruiting. 
• Specify a set period for extended data retention.
• Use the function to automatically delete candidate profiles after the last agreed storage period has expired. 
• Activate the notification email to be sent out to candidates two weeks before the deadline for erasing. Alternatively, you can offer certain candidates a longer data storage period on an individual basis using the corresponding function in the candidate’s profile.

---

1.2 Data minimization 

Decide which data is required for the recruitment process and structure your application forms accordingly. Ask only for the data that has absolute relevance to the job. You can specify the type of job application process under "Settings" > "Applications" > "Application process".

---

1.3 Transparency

• Each of your applicants always has the possibility to view and edit their stored data in the candidate center.
• To provide a candidate with information about the personal data stored, select the download function "Download stored personal data" in the candidate’s profile.
• You have the option of individualizing your data protection declaration and storing information about your company's data protection officer. To do this, use the "Privacy & Data Processing" section under "Settings".

---

1.4 Accuracy

You always have the possibility to update and correct the stored personal data of the applicants. Applicants can also make changes themselves at any time in the candidate center.

---

1.5 Request for erasure

Candidates have the right to be forgotten (request for erasure).

---

1.5.1 Requesting your right to erasure as a candidate 

Candidates can request their right to erasure in the candidate center in the settings.

The period mentioned in the text depends on the "Timeframe for application related data retention" you have set – 6 month is only exemplary here.

In the following dialog, the candidate is again reminded of the deadline until final erasure. Here, too, the date of final erasure is calculated from the "Timeframe for application related data retention" specified by you and begins with the submission of the application. 

Receipt of the request for erasure is displayed in settings after confirmation.

---

1.5.2 Requesting your right to erasure as a recruiter

You can submit the request for erasure in the candidate’s profile at the candidate's request.  You will find a button for this at the end of the candidate’s profile.

After requesting erasure, you must confirm this request and can also provide a reason for your choice. Like with the candidate, the deadline depends on the settings of the "Timeframe for application related data retention".

---

1.5.3 Effects of the request for erasure

Implications for the candidate 

The candidate will not receive any automated messages from the system during this period, such as job newsletters, mass emails or messages sent due to automated workflows. 

The candidate will also not be able to apply for another position with your companies while the request for erasure is still in effect. The following information is displayed in this case: "You can no longer apply to any open position as you requested your data to be removed."

---

Implications for the recruiter

You cannot send the candidate any questionnaires, invitations to assessments or invitations to extended data storage (talent pool). You also cannot assign the candidate to new jobs.

However, you can send candidates a manual message, so that in case of any clarifications regarding the request for erasure, you can send them in a well-documented manner.  You will, however, be informed once the candidate has initiated the request for erasure.

These candidates will no longer be displayed in the normal candidate overview. There is a special filter to find all candidates who have requested for their data to be erased.

Note: As a recruiter, you can also delete the candidate before the deadline. To do so, select this option in the candidate’s profile. Candidates can delete their profile / account in the candidate center independently only if they are not in an active application process: only in the case of unfinished applications or in the talent pool. A deletion request can be made during the application process.

---

1.5.4 Final automatic erasure

After the deadline expires, the candidate's personal data will be automatically erased. The candidate receives an optional notification in the form of an email – here, too, you can choose what to write.

---

1.5.5 Withdrawing the request for erasure

The candidate can withdraw their request for erasure.

Withdrawing your request for erasure as a candidate

Candidates can withdraw their request for erasure in the candidate center in the settings:

Once this withdrawal has been confirmed, the candidate can actively participate in job application processes again.

The candidate can receive a confirmation email once you have activated this setting (see above). Furthermore, this process will be recorded in the activity log and also – if activated – a notification will be sent out to all recruiters.

As a recruiter on behalf of the candidate

The candidate can withdraw their request for erasure within the deadline. This option can be found in the candidate profile. 

Once the withdrawal has been confirmed and the optional reason provided, the candidate will be made available again for the job application process. 

The candidate can receive a confirmation email once you have activated this setting (see above). Furthermore, this process will be recorded in the activity log and also – if activated – a notification will be sent out to all recruiters. 

---

1.5.6 Communication in the context of the request for erasure

Activity log

The request for erasure is recorded in the activity log. The log records who submitted their request for erasure and – in the case of recruiters – also the optional reason provided. It is also recorded if the request for erasure has been withdrawn.

 

Confirmation email

The content of the emails to the candidates can be freely defined at "Settings" (1) > "Messaging" (2) > "Notifications to applicants" (3). There you can also deactivate the notifications (4).

For example, the candidate will receive the following confirmation email upon their request for erasure. The content corresponds to the default text.

Notification to the recruiter

You can also receive a notification if you request and equally withdraw your request for erasure.

This way all recruiters who have access to the candidate can be notified.

---

2. Privacy notice / data protection declaration for candidates and data protection contact of your company

Save your company's data protection declaration in different languages under "Settings" (1) > "Privacy & Data Processing" (2) > "Privacy policy/privacy notice for candidates and data protection contact" (3) > "Customer privacy policy / privacy notice for candidates" (4). 

This will be linked on all pages visible to candidates, such as in the candidate center under your-subdomain.jobbase.io/policy, application process, as well as in email notifications. By default, a sample privacy policy template for candidates is already stored. You must adapt this template or upload your own privacy policy. You can also store the privacy policy in different languages.

In the data protection declaration, you can store the placeholders for the company name as well as the contact details of your data protection officer (name, address, phone number and email address). Please fill in the contact details of the data protection officer in advance under "Settings" > "Privacy & Data Processing" > "Privacy policy/privacy notice for candidates and data protection contact" > "Data protection contact of the customer".

You can now find the current sample privacy policy template here or directly in Prescreen under "Settings" (1) > "Privacy & Data processing" (2).

If you reset the privacy policy, you will go directly to the latest version. Please note: As soon as you click the "Reset to default" button, your changes will be lost and you will have to reinsert them.

---

3. How does Prescreen process your company data?

The new General Data Protection Regulation stipulates that personal data must be stored for a specific purpose and for a limited period: after the termination of the business relationship, all personal data must be deleted. More specifically, if you stop using Prescreen and terminate your contract or do not renew your Prescreen trial, your account including all company and applicant data will be irrevocably deleted after three months.