Whether you're relying on consent or legitimate interest, our goal is to ensure that consent/interest information is visible to team members when they’re interacting with candidates, so they can avoid non-compliant actions, like reaching out to a candidate who did not give consent to be contacted.
It's worth noting that the 'Location' value on an opportunity is separate from the GDPR location. GDPR location is determined either by using the IP address associated with a submitted application, or by manual entry by a user. GDPR location determines whether a candidates is protected by the GDPR. The 'Location' on the profile does not.
To do this, we’ve surfaced the candidate’s consent/interest information directly on the candidate profile in the right sidebar:
You’ll be able to see quickly whether the candidate is covered by the GDPR, whether you have consent to contact them for future opportunities, and if their consent is about to expire - all informed by your configuration in Company Settings.
If a recruiter gains additional insight as to where the candidate submitted information from and wants to change whether the GDPR protects that specific candidate, a recruiter can do so by clicking on the consent status:
If you need to merge two candidates, Lever will use the most recent consent on either profile as the value for the new primary profile. If the most recent consent response was to not provide consent for future opportunities, and you merge it with a slightly older profile where the consent was granted, the new profile will be marked as having not provided consent.
If you're collecting consent from candidates, you'll see the following for an active opportunity:
If the candidate did not provide consent, or revoked it, you'll see:
Sourced candidates that have never had an opportunity to provide consent will have the following:
If you're relying on Legitimate interest, you'll see the following for an active candidate:
If they've revoked permission to contact them about future jobs, you'll see:
Editing Protected Status
If your account is set to protect all candidates, this will not be applicable. If you are only offering GDPR protection to 'EU' or 'EU & Unknown' candidates, you can manually edit whether a candidate and their opportunities are protected by the GDPR by hovering over the GDPR status at the bottom right of the candidate profile:
Then, select the correct country for the candidates, and 'Update':
If you select a EU country, you'll see the GDPR protected status update for all of the candidate's opportunities - you may still need to update their consent status:
Managing 'Do not contact'
A candidate is marked as 'Do not contact' when their opportunity is archived and their consent has expired, revoked, or was never provided (when relying on consent), or when the candidate explicitly revokes contact permission (when relying on legitimate interest).
In both cases, you'll want a way to detect if a candidate who previously was marked as 'Do not contact' somehow gets back into your pipeline - you don't want to e-mail them by accident!
Lever matches contact permission by e-mail address, and surfaces the match to you as a banner at the top of the candidate profile:
Lever will show the banner on any opportunity for a candidate whose latest consent status is marked with 'Do Not Contact.’
For example, if a candidate has revoked consent to contact on their opportunity A, and then a new opportunity B is created manually with the same e-mail address, the banner will appear.
If, however, the candidate then explicitly grants contact permission on either opportunity A or B, the banner will disappear - this is because this candidate’s most recently provided contact permission gives consent to contact them.
Lever looks at active, archived, and anonymized opportunities. For fully anonymized candidates, Lever stores a hashed list of emails, as well as the contact status at the time the candidate and associated opportunities were anonymized. We use this to resurface the contact status if/when the candidate is sourced again.