| Available for | Roles | Super Admin, Admin, Team Member, Limited Team Member GDPR settings can only be configured by Super Admins |
| Permissions | • Manage profiles and view associated postings • (To configure GDPR) View and edit compliance settings |
|
| Packages | Lever Basic, LeverTRM, LeverTRM for Enterprise |
If you have enabled data compliance policies in your Lever instance, candidates' consent status will appear on their profiles. This way, you and your team can avoid non-compliant actions such as reaching out to candidates that should not be contacted as per your data compliance policy. This article provides readers with information on the different ways a candidate's consent status can appear on their profile.
Methods for data retention management
How a candidate's consent status appears on their profile will differ depending on where you are using Data compliance settings or GDPR to manage candidate data retention in your Lever instance. To understand the difference between these two data management options, as well as how to set up each one, refer to the following help articles:
- Understanding the difference between Data compliance and GDPR settings
- Configuring GDPR settings
- Configuring data compliance settings
This article assumes you are familiar with the following terms related to data compliance as well as how they are defined in Lever:
- Lawful basis
- Candidate consent
- Legitimate interest
- Retention period
Viewing candidate consent information
Regardless of which data retention management method you have enabled, candidate consent information can be found on the right sidebar of a candidate's profile.
The following sections will describe the differences in how a candidate's consent information will appear based on retention management method you have enabled.
GDPR enabled
Candidate consent information will display differently depending on whether you are using candidate consent or legitimate interest as your lawful basis.
Candidate consent
If a candidate with an active opportunity as provided their consent, their consent information will appear as shown below:
If a candidate has not provided consent, or provided consent and later revoked it, their consent information will appear as shown below:
If a candidate has not yet had a chance to provide consent, their consent information will appear as shown below:
Legitimate interest
If a candidate has an active opportunity and you are relying on legitimate interest as your lawful basis, their consent information will appear as shown below:
If a candidate has revoked permission to be contacted about future jobs, their consent information will appear as shown below:
Data compliance settings enabled
If a candidate has an active opportunity linked to a postings associated with a location for which a data compliance policy has been enabled, their consent information will appear as shown below:
In the image above (1) represents the country name, (2) represents the data retention period.
Note, the image above depicts consent information for a candidate whose consent status is known. The language in the consent status will differ accordingly if the candidate has either provided or revoked their consent.
If all of a candidate's opportunities have been archived, the newest of which are past the retention period defined in the applicable data compliance policy (or their consent was revoked or has expired), a warning icon will appear in their consent information as shown below:
In the image above, the outlined area indicates the data retention period ended for this specific candidate.
Editing GDPR and consent status (GDPR only)
|
|
The following instructions only apply if you have enabled GDPR as your data retention management method. |
When configuring GDPR, you need to define which candidates GDPR will apply to. You can select from the following three options:
- (1) Only candidates and jobs located in the EU
- (2) Candidates and jobs located in the EU & unknown locations
- (3) All candidates (regardless of their current location)
If you have selected options (1) or (2), you will have the ability to manually edit whether a candidate and their opportunities are protected by GDPR by hovering over their GDPR status, clicking the pen icon, and selecting a new country from the dropdown menu. GDPR-protected countries are denoted with an "EU" in the menu.
If a candidate provides you with a written update to their consent status outside of Lever, you can manually update their consent status by hovering over it on their candidate profile, clicking the pen icon, and then clicking the button to change the status in the pop-up that appears.
Managing candidates marked as 'Do not contact'
A candidate is marked as 'Do not contact' when their opportunity is archived and their consent has expired, revoked, or was never provided (when relying on consent), or when the candidate explicitly revokes contact permission (when relying on legitimate interest).
In both cases, it is important to detect if a candidate who previously was marked as 'Do not contact' somehow gets back into your pipeline, as you do not want to reach out to them unintentionally. Lever matches contact permission by e-mail address, and surfaces the match to you as a banner at the top of the candidate profile. Lever will show the banner on any opportunity for a candidate whose latest consent status is marked with 'Do Not Contact.’
For example, if a candidate has revoked consent to contact on their opportunity A, and then a new opportunity B is created manually with the same e-mail address, the banner will appear. If, however, the candidate then explicitly grants contact permission on either opportunity A or B, the banner will disappear - this is because this candidate’s most recently provided contact permission gives consent to contact them.
Lever looks at active, archived, and anonymized opportunities. For fully anonymized candidates, Lever stores a hashed list of emails, as well as the contact status at the time the candidate and associated opportunities were anonymized. We use this to resurface the contact status if/when the candidate is sourced again.