GDPR - Deletion of Applications

The GDPR compliance features for Recruiting are divided into the following main components:

  • Anonymization of Applicant Data - Applicant data will be anonymized based on recruiting compliance configurations in the admin portal.
  • Data Deletion of Internal User Profiles - User data will be anonymized and deleted based on configurations done in Core data via Global Customer Support. Global Customer Support uses the Legal Entity OU to manage different durations of time.
  • Data Deletion of Applications - Application data will be deleted based on configurations done via Global Customer Support. This impacts the deletion of both internal employee and external applicant applications. Global Customer Support uses the Location OU to manage different durations of time.

Note: To enable instant application data deletion and profile anonymization, contact Global Customer Support.

The time-based application data deletion scheme impacts both internal and external applicants. The retention period is configured by the Location OU (the trigger is based on the primary location of a requisition).

The trigger for the deletion is the first event happening by any of the following events:

  • For applicants that are not hired, either the closing of the requisition or the disposition of the applicant.
  • For applicants that are hired, changing the applicant status to Hired. Organizations can define a retention period for hired candidate application data. To set the retention period for hired application data, submit a case to Global Customer Support.

From this time, the clock starts ticking. When the retention period defined for the Location OU is reached, the application data is deleted.

For candidates in an active status in a Canceled requisition, candidate data is deleted based on the retention period and when the requisition was canceled. This will delete the applications only and not the user record. The candidates will still be searchable, but the applications will be deleted.

Applicants' inactivity does not matter for the deletion of their requisition data. In the case a client has anonymization AND Application data deletion configured, the applicant's profile can be anonymized and their application information will be deleted. It is possible, based on client configuration, that both events happen at different points in time.

When either the application data deletion or user based data deletion event is triggered, all data for the user’s application is permanently deleted and will no longer be recoverable in the database. The following data will be deleted:

  • Comments
  • Ratings
  • History / Audits
  • Interviews
  • Offer Letters
  • Reviewers
  • Selection Responses
  • Realistic Job Preview
  • Selection Assessment
  • Skills Test
  • Workflow Responses
  • Competency Assessment Task
  • Disclaimer
  • EEO Question
  • Training
  • Custom Integrations
  • Pre-Screening Responses
  • Emails
  • New Forms
  • External Assessments
  • Background Checks
  • Attachments
  • Flags
  • Referrals / Costs
  • Applicant Resume

When user based data deletion occurs, the above data points are deleted for ALL requisitions. In the case of only requisition data deletion occurs, the above data for only that specific requisition is deleted.

This functionality is controlled by a backend setting that is disabled by default.

Request process: Global Customer Support work order submitted by client administrator in order to conduct the following:

  1. Scheduled: One-time work order to define data deletion rules to Location OUs. Any new child locations will not dynamically inherit the data retention rules for its parent’s. If new Locations are created in the portal and retention preferences are needed to be set up for those please request this to Global Customer Support.
    1. This should be identified across all Parent Location OUs
    2. Frequency (e.g., Monthly / Annual)
    3. Day / Date (e.g., 15th of the month)
    4. Specify Retention period (e.g., 12 months)
  2. Applications - Day 1 of the retention period begins one day after the requisition is closed

The organization's named administrators who can submit a Global Customer Support work order will have the ability to make modifications to the data deletion configuration. It is the client’s responsibility to ensure the named administrators will adhere to the company data deletion policy and do not make modification without discussing with the client’s data security.

When the data deletion event is triggered, all data for the applicant is permanently deleted and will no longer be recoverable and will not be available in the database. The following data will be deleted:

  • General Applicant Information
  • Comments
  • Ratings
  • History / Audits
  • Interviews
  • Offer Letters
  • Reviewers
  • Selection Responses
    • Realistic Job Preview
    • Selection Assessment
    • Skills Test
  • Workflow Responses
    • Competency Assessment Task
    • Disclaimer
    • EEO Question
    • Training
    • Custom Integrations
    • Pre-Screening Responses
  • Emails
  • New Forms
  • External Assessments
  • Background Checks
  • Attachments
  • Flags
  • Referrals / Costs
  • Applicant Resume
  • Hired applications for users who leave the Legal Entity, become inactive and data has exceeded the data retention period
  • Applications on an ad-hoc basis through submission of a Global Customer Support work order

Note: If an application has been submitted through an Agency and that application is subject to time-based deletion and is deleted, then the actual Agency submission should be accurately reflected in Reporting.

Note: When a requisition has multiple locations, the data deletion rules will apply to the primary location.