This document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes.

The General Data Protection Regulation (GDPR) has been a huge change in digital privacy protection rights and obligations. It significantly expands the privacy rights of European Union residents while imposing many new obligations on organizations that manage personal data of European Union residents.

This document is an overview of the functionality Comeet offers and suggested next steps to help your conformance with the GDPR.

Note: Please note that this document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR, and may not be relied on as legal advice.

See How Comeet Makes GDPR Compliance Easier

Important Concepts and Compliance Tools

  • Data subject – You must decide whether you wish to have GDPR protections apply to all positions or only to positions in the EU. Learn more
  • Privacy policy – Given the liabilities and potential financial penalties for non-compliance, we strongly urge you to revise your organization’s privacy policy in accordance with the GDPR regulations. Once finalized, notify all candidates about your new policy. Learn more
  • Data retention period – Specify your data retention period in Comeet and state it in your privacy policy. Retention period options are the time since applying or being added to the database, time since the last activity taken with the candidate, or an additional retention period to which candidates consent. Learn more
  • Consent request – Comeet makes it easy to request candidate consent if you decide to do so. Request consent when candidates apply on your careers page or email consent requests to them. Candidates can subsequently withdraw their consent at any time. Learn more
  • Data removal (Pseudonymization) – Pseudonymization removes identifying information while keeping traces for reporting purposes. If a candidate is subsequently added or subsequently applies, their activity log can be restored. Learn more
  • Personal data delivery – Comeet enables you to easily send candidates their personal data if requested. You can specify in your GDPR settings which information will be sent. Learn more

Your Next Steps

To prepare for complying with the GDPR, please consider the following next steps:

1. Consult your legal resource

Consult your legal resource on how to leverage Comeet’s configuration options to best meet your GDPR obligations.

2. Define data subject scope

Define in your GDPR settings whether GDPR protections will apply to all positions or only to positions in the EU. Learn more

3. Choose data retention period

Specify your data retention period in Comeet and state it in your privacy policy. Choose one of the following retention period options in Comeet:

  • Retention time clocked from when a candidate applies or is added to the database
  • Retention time clocked since the last activity taken with the candidate
  • Retention time clocked since the candidate consented to an additional retention period (should you choose to request consent)

4. Review email templates

Review your rejection email templates and delete any statements regarding retaining candidate data. To modify email templates in Comeet, click More > Restore system template. Revise as needed.

5. Update privacy policy

Update your privacy policy to reflect your data retention period choice in Comeet. Your privacy policy should also address the following matters:

  • The identity and contact details of the company (and contact details for the company’s data protection officer, where applicable).
  • Any additional relevant information on the purpose and legal basis of data processing, beyond those identified in Comeet’s privacy policy.
  • The steps candidates need to take to exercise their EU rights to access, correct and erase their data, and how they should contact you to exercise those rights.
  • How candidates can contact you to understand the source from which their data was obtained and then uploaded to Comeet.
  • The existence of automated decision making regarding the candidate, and meaningful information about the logic used and consequences for the candidate.
  • How you treat information about candidates who are minors.
  • Description of the recipients who may have access to the candidate’s data, beyond those identified in Comeet’s privacy policy, as well as additional international data transfers.

6. Publicize privacy policy

Publish your company’s privacy policy on your website. Update your GDPR settings in Comeet with the link to the policy. Learn more

7. Notify candidates about your new privacy policy

Review the automated notice in Comeet that informs candidates about your privacy policy and their GDPR rights. Learn more

8. Request consent

If you wish to do so, Comeet allows you to automate the consent request process:

  1. Enable the Request Consent option in your GDPR settings. Once enabled, candidates will be able to provide consent when applying on your careers website.
  2. Review and revise the email templates to request consent.
  3. Enable the email templates by setting the sending option to Send Automatically.

9. Enable data removal (pseudonymization)

If you decide to use the pseydonymization option, enable it in your GDPR settings and define which data should be deleted or retained.

10. Choose personal information to to be delivered

In your GDPR settings, specify the information that will be sent to candidates if they request a copy of their personal data. Learn more

11. Automate data removal

Note: If you decide to request consent, do not activate data removal immediately as you may want to give candidates time to respond before automating data removal.

Comeet can automate removal of candidates’ data when the retention period ends. To enable automatic data removal, decide what Comeet should do when the data retention period ends. Under Data Retention, select whether to delete or pseudonymize candidates automatically. Learn more

Have more questions? Contact us at support@comeet.co

Did this answer your question?