Available for | Roles | Super Admin, Admin, Team Member, Limited Team Member Super Admin and Admin for GDPR or compliance settings configuration |
Permissions | • Anonymize candidates | |
Packages | Lever Basic, LeverTRM, LeverTRM for Enterprise |
Before proceeding, note that Lever does not give legal advice. We advise contacting your organization's legal counsel for any questions related to data handling practices. If you are relying on Explicit Consent as the lawful basis for retention of inactive candidate data, you will need to reach out to candidates to collect or refresh consent once their initial consent has expired. Before proceeding, we advise reading the following help articles on the two (mutually exclusive) methods for managing data compliance in Lever, as the configuration you choose has bearing on how you will identify the candidates from which you must collect consent:
- Configuring General Data Protection Regulation (GDPR) settings
- Configuring localized data compliance settings
How opportunity data is stored under explicit consent
Relying on candidate consent or 'explicit consent' means you will be asking candidates for their explicit consent to retain their data for storage and/or marketing purposes. Lever will surface opportunities where consent has expired in a number of ways, including email notifications, inbox notifications, the 'Data Requests' report, the User Workspace 'my tasks' list, and with a banner on the opportunity.
Banner when localized data compliance is configured
Banner when GDPR is configured
From here, you have the option to anonymize their opportunity or refresh their consent status. To learn more on how to anonymize candidate data, refer to our help article on anonymizing candidate opportunities.
When a candidate provides or revokes consent, their preference is immediately applied to all of their archived opportunities in your Lever system.
Example
A candidate applies for three different roles at the same organization over the course of 2 years. All three roles are archived within the organization's Lever system. The organization has configured GDPR with a lawful basis of candidate consent and a data retention period of 2 years. Exactly 2 years from the day of the candidate's first application, they receive an email with a consent link prompting them to refresh their consent. The candidate uses the link to revoke their consent. Their consent preference not only applies to the opportunity associated with their initial application, but also the opportunities associated with the two subsequent applications they submitted over the course of the following 2 years.
If a candidate with multiple archived opportunities refreshes their consent and you have GDPR enabled, their consent will be extended for the data retention period configured in your GDPR policy. If a candidate with multiple archived opportunities refreshes their consent and you have localized data compliance enabled, their consent will be extended for the shortest retention period configured for all applicable countries, and will be added cumulatively to remainder of the consent period for other applicable opportunities.
Example
A candidate applies to two job postings with different locations on January 1 2023. The location of posting A is configured with a data retention period of 6 months, and the location of posting B is configured with a data retention period of 1 year. On June 30 2023, the candidate refreshes their consent in relation to posting A. Their consent relative to posting A is thus extended for another 6 months (until December 31 2023). Their consent relative to posting B is extended by another 6 months, applied cumulatively to the ongoing data retention period for that country (i.e. their consent is extended to June 30 2024, adding 6 months to the 1 year to which they initially consented when they applied to posting B on January 1 2023).
To learn more about how candidate consent appears on candidate profiles, refer to our help article on viewing consent information on a candidate's profile.
Refreshing candidate consent via consent links
If you would like to ask candidates to refresh their consent, you can capture their consent by emailing them a consent link via Lever. This can also be used when capturing initial consent from candidates who did not apply through your career site such as referrals, sourced candidates, or candidates who were shared by an agency. This action can be taken by navigating to the candidate's profile and following the prompts on the flyover banner.
What are consent links and how do they work?
A consent link is a unique URL that allows a candidate to update their consent regarding the retention of their data in your Lever system. When a candidate clicks a consent link, they will be brought to a page where they can specify whether or not they consent to Lever retaining their data for the purpose of contacting them about future jobs. Candidates can also review and submit data handling requests under the 'your data' tab. For more information on data handling preferences, refer to our help article on resolving data requests.
Adding consent links to emails
When you are drafting an emails to candidates (either individually or in bulk), you can generate a consent link in the body of the email by inserting the 'Consent link' auto-text token. In the email editor, click the 'Insert' menu and select Consent link from the list of tokens. Note that since the consent link is unique for each candidate, the link is not actually generated until the placeholder is inserted into the email editor.
|
Due to the sensitivity of data privacy, never copy/paste a candidate's unique consent link into an email to another candidate. |
We recommend providing context to the candidate in the body of the email, so they know exactly what action is required in order to refresh their consent preference. To make the process of collecting candidate consent more scalable, consider using email templates with the consent link auto-text token embedded that you can then personalize using other auto-text tokens such as the candidate's name. To learn more, refer to our help article on how to create email templates.
|
If a candidate revokes consent when sent a consent link, this will revoke both storage and marketing and will trigger a data removal request for the candidate. |
Sending consent refresh emails in bulk
If you are sending emails in bulk to more than one opportunity associated with the same candidate, by default Lever will only send one email for each unique candidate. In order to send one email per opportunity (instead of one per candidate), de-select the checkbox in the email composition modal. You can also select the option to exclude candidates with other active opportunities (outside of those selected) from the bulk-sent email, as well as preview how the email will look to reach recipient.
|
When sending emails in bulk, configure the sender field in the email editor so that the emails come from a no-reply email address in order to avoid rate limits set by your organization's email client. If you are bulk sending emails from your own work email address, we recommend sending no more than 50 emails at a time in order to avoid rate limit issues. |