Manage candidates that don’t apply from your career page

Candidates applying for a job, sending in a general application, or subscribing to vacant positions need to give their consent to the managing of their personal data according to GDPR. You can read about settings for consent and automatic clearing of candidate data in our guide for GDPR settings. 


Not all candidates apply this way. Sometimes applications are received through email, and in some cases you source for candidates. These candidates may be added to projects manually. You need to make sure you have consent to process personal data for these candidates. You also need to keep a record of where you found the candidates’ information. You can choose between three workflows for handling candidates that do not apply through the career page:


  • You as a customer take responsibility for receiving consent from the candidates outside of ReachMee
  • All manually added candidates give their consent through ReachMee
  • You only allow candidates to apply through the career page, and turn off the possibility to add candidates manually


Consent is given outside of ReachMee 

If you would like to be able to add candidates manually, and at the same time ensure that data cannot be deleted by candidate or recruiter, you will need to ask for consent from the candidate before registering their information in ReachMee. It is of great importance that you have consent (or another legal basis for data processing) as the candidates cannot delete their applications themselves.


When a candidate is added, ReachMee will assume that you have ensured consent, or that there is another legal basis for the processing of data. The candidate’s data will then be handled and deleted in accordance with the policy that has been applied to the project.


Choose this setting in GDPR settings if you would like to work according to this alternative:



Consent is given through ReachMee 

If the candidate didn’t apply for the job themself, it is important to ensure consent before processing and sharing the candidate’s information. GDPR specifies that you need to receive consent to keep processing the candidate’s data either 30 days from the moment of registration, when the candidate’s information is shared with an external party, or the first time you are in contact with the candidate.


One way to be able to keep working with the candidate’s data is to ask for consent from manually added candidates. When you add a candidate manually, you will be able to add the candidate’s information, e.g. name and email. In the dialogue box you will also be asked to specify where the candidate’s information was found, for instance if the application was received through email or if a recruiter found the candidate through LinkedIn. This information will then be included in the data record, if a record is requested by the candidate, since it has to be clear where the information was found.


When adding the candidate manually, you will also be able to write and send a personal email to each added candidate, with a link to the career page where they will be able to give their consent.


In the email sent out to collect consent, you need to tell the candidate:

  • Where the information was found
  • What kind of personal data will be processed
  • Other receivers of the data, with whom you will share/have shared the information

The candidate also has the right to know who the data controller is, how long the information will be saved and their rights as a registered individual. That is, the same information that should be included in the consent text. Ask the candidate to read the text and give consent to further processing of their data. 


If the candidate hasn’t given consent within 14 days, an email is sent to the ReachMee user who added the candidate. If the candidate still hasn’t given consent after 30 days, the candidate will be deleted, and a new email will be sent to the ReachMee user in question.


As long as consent hasn’t been given, it is not possible to share the candidate, find it by search, see it in the Candidate bank or add the candidate to other projects. Candidates that haven’t given their consent is marked with a red warning triangle.


To further limit access to candidates without consent we recommend that you put these candidates in a separate process folder. Access should be limited to a small number of users and candidates should not be moved to other process folders until you have valid consent from them.


Direct candidates to the career page 

The safest way to comply with GDPR requirements is to not add candidates manually at all, or to limit the use of this function. Instead, ask candidates applying through other channels to visit your ad, and click apply. This way, you will receive a complete application, including answers to selection questions.


You can turn off the possibility to add candidates manually by removing permission access to ”Add candidates manually”. You decide for yourselves if you want to remove this access from all users, or if some user roles should still be able to use this function.

Did you find it helpful? Yes No

Send feedback
Beklager, at vi ikke kunne hjælpe. Hjælp os med at forbedre denne artikel med din feedback.