This article helps you ensure that your recruiting is data protection compliant. You must protect your candidates' data under both your requirements and those of the EU GDPR. For further resources on data protection, visit our website and read our white papers EU GDPR with Personio and AWS with Personio.
We recommend checking and using the following settings:
Data privacy statement and legal notice
What is a data privacy statement?
This document informs the candidate about how you process their data. As a person or entity responsible for an online application process, you are required by law to process personal data exclusively in accordance with current legislation.
In the context of an application process, this usually involves the execution of pre-contractual measures and/or the candidate's consent. You are also responsible for the compliance of your process with the candidate's rights of interest, such as transparent information and rights of access.
In addition to your personal data privacy statement, Personio, as the operator of your career pages, automatically adds a data privacy statement for the processing of (personal) data.
Add the data privacy statement to your Personio career page
Follow these steps to add your data privacy statement to your Personio career page.
- Go to Settings > Recruiting > Career page.
- Scroll down to the Descriptions & Translations section.
- Enter your statement in the Data Privacy Statement field.
- Under Translations, save your candidate data privacy statement in several languages if needed.
You can find a template for the data privacy statement in the Download section of this page. This is only a suggestion. It may not consider any potential company-specific particularities (industry, organizational structure, legislative environment...). It is necessary to adjust it to suit your specific requirements, and add any details that may be missing.
Your deadline for anonymizing personal candidate data should also appear in the document.
Add your legal notice to your Personio career page
If you use the Personio career page, you need to enter the link to your legal notice into Personio. Your career page visitors should access all the necessary legal information about your company and services. You can enter the link to the legal notice via Settings > Career page > Link to the legal notice.
Anonymization of candidate personal data
The anonymization of candidate data is irreversible. The data cannot be recovered, but will still appear in your reports in anonymized form.
Which data is anonymized?
The following information is anonymized:
- the candidate's name.
- the candidate's gender.
- all application documents.
- the message history, including all attachments.
- email address, phone number and the candidate's birthday.
- offers.
- evaluations, except quantitative evaluations, which will remain.
If the candidate has applied for several jobs, the data of the candidate will remain for now.
The anonymization of candidate data does not affect reporting. The application ID, application date and application channel remain in the database.
Automatic anonymization
Automatic anonymization only applies to candidates who are in the Rejected or Withdrawn recruiting stage.
To set up an automatic anonymization of candidate data, follow these steps:
- Navigate to Settings > Recruiting > Recruiting > General.
- Next to Data privacy settings, click Edit.
- For Anonymize data automatically? select Yes.
- Under Anonymize after, choose after how many days the data should be anonymized when an application is rejected or withdrawn from the process.
Note: When this number is set up or changed, the system will not update instantly. An update will run every morning, calculating the days that have passed since the disqualification. This will also apply for your historic candidate data. - Next to Include candidate name in notification emails? select whether the name of the candidate should appear in notification emails. If you select No, no candidate data will be included in notification emails.
- Then Save.
If a candidate is not suitable for an advertised job, but may be for a future job, you can use Personio to create a talent pool. You need the candidate's approval for this.
Manual anonymization
(Bulk) Anonymization
You can also anonymize your candidate's personal data manually. You can do so for one or several candidates at the same time, following these steps:
- Navigate to Recruiting > Applications.
- Filter and select the candidates whose personal data you want to delete.
- Click on Actions.
- Select Anonymize application from the drop-down-menu.
- Click Anonymize to confirm the anonymization.
Anonymization in the application
You can also anonymize the data directly in a specific application. To do this, follow these steps:
- Go to Recruiting > Applications.
- Click on the application you wish to anonymize.
- Click on and select Anonymize application.