This document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes.

This guide is part of Comeet’s GDPR compliance options. See the overview here.

The GDPR requires companies to have new GDPR-friendly privacy policies informing about their data handling practices. Comeet provides tools to include the privacy policy links in the first message sent to candidates and also to automatically email the link to candidates who have not received it by other communication methods.

You are required to explain your GDPR data handling practices to candidates in the company’s privacy policy. Under the GDPR’s transparency principle, candidates must be given a privacy notice outlining various issues regarding the data processing practices you engage in. This notice must be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Comeet provides a privacy policy addressing general matters on Comeet. Your own privacy policy should address your company’s specific privacy practices, such as your data retention period choice in Comeet. Your privacy policy should also address, at a minimum, the following matters:

  • The identity and contact details of the company (and contact details for the company’s data protection officer, where applicable).

  • Any additional relevant information on the purpose and legal basis of data processing, beyond those identified in Comeet’s privacy policy.

  • The steps candidates need to take to exercise their EU rights to access, correct and erase their data, and how they should contact you to exercise those rights.

  • How candidates can contact you to understand the source from which their data was obtained and then uploaded to Comeet.

  • The existence of automated decision making regarding the candidate, and meaningful information about the logic used and consequences for the candidate.

  • How you treat information about candidates who are minors.

  • Description of the recipients who may have access to the candidate’s data, beyond those identified in Comeet privacy policy, as well as additional international data transfers.

  1. Publish your company’s privacy online, at a publicly available URL.

  2. In Comeet go to Company Settings > GDPR (requires an Admin or Owner role).

  3. Under the Privacy Policy section, add the link to the company’s privacy policy.

  4. Click Save

Note: Adding a link to the company’s privacy policy is a prerequisite for enabling the GDPR settings.

How candidates are notified

Application form

The  privacy policy URL is displayed on the application form.

First email message

Candidates who are defined as data subjects protected by the GDPR are notified in the first email message sent to them:

  1. The privacy policy URL is included in the first message that a candidate receives.

  2. The privacy policy URL is included in the following messages:Thanks for applying, Thanks for applying for discreet position, Referred by an employee

Note: When reaching out to passive candidates who are subject to GDPR, the first message sent to each candidate will automatically include the links to the privacy policies.

Did this answer your question?