Candidate Privacy Notice
Our Candidate Privacy Notice template:
- expertly drafted by a GDPR-specialist solicitor
- quick & easy to use
- GDPR-compliant
- money-back satisfaction guarantee
How Does It Work?
-
1. Download
-
2. Edit
-
3. Print
-
4. Sign
Our Candidate Privacy Notice template is for use when you are recruiting either employees or independent contractors.
What does the Candidate Privacy Notice do?
It enables you to tell them how you will handle their personal data, enables them to consent to this, and therefore enables you to keep compliant with GDPR and the Data Protection Act 2018 in processing their personal data.
Once you have recruited them, you will need our Staff and Contractor Data Privacy Notice template to cover your processing of their personal data.
If you need other GDPR compliance documentation, then have a look at our GDPR data protection compliance kit and benefit from 33% off our already low prices.
The remainder of this page gives you a preview of the guide to the template.
Guide to our Candidate Privacy Notice
This template is to be used when obtaining information from potential candidates that your business is looking to consider for employment or self-employed work with the business. Therefore, it contains all of the information that a business is legally required to provide to candidates to assist in remaining GDPR compliant.
This guide will take you through editing and completing the template.
Clauses in this Candidate Privacy Notice – Numbered clauses
1. What is the purpose of this document?
This clause explains the purpose of the document. You will need to add your business’s name where indicated.
2. Data protection principles
There are data protection principles are that the business must adhere to. So this clause sets out what they are.
3. The kind of information we hold about you
This clause explains the type of information that the business will collect on the candidate. So you will need to consider the sections within the square brackets and edit, depending on what reflects the kind of recruitment information your business collects.
4. How is your personal information collected?
This clause sets out the means of collecting data and the parties used in collecting data in relation to the candidate. So you will need to consider the information within the square brackets and edit, depending on what applies to your business.
5. How we will use information about you
This clause in the candidate privacy notice explains to the candidate what your business will use the information that it collects for. We have listed the objectives that will apply to most businesses, but you should edit and, where irrelevant, delete the wording within the square brackets to reflect the uses that your business will make of a candidate’s information.
6. How we use sensitive personal information
It is likely that your business will collect some sensitive personal data from candidates, for example, data relating to their health and sickness absence record. So this clause explains how and why you use that data. So you will need to edit the wording within the square brackets to reflect your business’s use of that data.
7. Information about criminal convictions
This clause needs to be edited to state whether your business does or does not collect data relating to criminal convictions when considering a candidate.
8. Automated decision-making
This clause simply states that the business does not use automated decision-making technology in assessing candidates. If you do, then change this.
9. Data sharing
This clause sets out with whom your business may share data relating to the candidate. So you will need to complete the relevant details of any other parties with whom the data might be shared. For example, this might include recruitment agencies you use.
10. Data security
This clause in the candidate privacy notice sets out a statement that confirms that your business takes all reasonable measures to ensure that the data that it collects from a candidate is kept secure.
11. Data retention
This clause sets out how long the business keeps data relating to candidates. So you will need to edit the information within the square brackets.
12. Rights of access, correction, erasure, and restriction
This clause advises the candidate of the rights that they have regarding access to their data and other rights granted by GDPR.
13. Right to withdraw consent
This clause notifies the candidate that where your business uses consent as the basis for collecting and processing their data that they have a right to withdraw that consent.
14. Data protection [officer] or [manager]
You need to edit this clause in the candidate privacy notice to reflect:
- whether your business has an official data protection officer (who you must register with the Information Commissioner’s Office), or
- if you appoint a data protection manager instead.
