Candidate Privacy Notice
Our Candidate Privacy Notice template:
- expertly drafted by a GDPR-specialist solicitor
- quick & easy to use
- money-back satisfaction guarantee
How Does It Work?
Our Candidate Privacy Notice template is for use when you are recruiting either employees or independent contractors. It enables you to tell them how you will handle their personal data, enables them to consent to this, and therefore enables you to keep compliant with GDPR in processing their personal data.
Once you have recruited them, you will need our Staff and Contractor Data Privacy Notice template to cover your processing of their personal data.
If you need other GDPR compliance documentation, then have a look at our GDPR data protection compliance kit and benefit from 33% off our already low prices.
The remainder of this page gives you a preview of the guide to the template.
Guide to our Candidate Privacy Notice
This template is to be used when obtaining information from potential candidates that your business is looking to consider for employment or self-employed work with the business. It contains all of the information that a business is legally required to provide to candidates to assist in remaining GDPR compliant.
This guide will take you through editing and completing the template.
Clauses in this Candidate Privacy Notice – Numbered clauses
- What is the purpose of this document? – This clause explains the purpose of the document. You will need to add your business’s name where indicated.
- Data protection principles – This clause sets out what the data protection principles are that the business must adhere to.
- The kind of information we hold about you – This clause explains the type of information that the business will collect on the candidate. You will need to consider the sections within the square brackets and edit, depending on what reflects the kind of recruitment information your business collects.
- How is your personal information collected? – This clause sets out the means of collecting data and the parties used in collecting data in relation to the candidate. You will need to consider the information within the square brackets and edit, depending on what applies to your business.
- How we will use information about you – This clause explains to the candidate what your business will use the information that it collects for. We have listed the objectives that will apply to most businesses, but you should edit and, where irrelevant, delete the wording within the square brackets to reflect the uses that your business will make of a candidate’s information.
- How we use sensitive personal information – It is likely that your business will collect some sensitive personal data from candidates, for example, data relating to their health and sickness absence record. This clause explains how and why you use that data – you will need to edit the wording within the square brackets to reflect your business’s use of that data.
- Information about criminal convictions – This clause needs to be edited to state whether your business does or does not collect data relating to criminal convictions when considering a candidate.
- Automated decision-making – This clause simply states that the business does not use automated decision-making technology in assessing candidates.
- Data sharing – This clause sets out with whom your business may share data relating to the candidate. You will need to complete the relevant details of any other parties with whom the data might be shared, e.g. recruitment agencies you use.
- Data security – This clause sets out a statement that confirms that your business takes all reasonable measures to ensure that the data that it collects from a candidate is kept secure.
- Data retention – This clause sets out how long the business keeps data relating to candidates. You will need to edit the information within the square brackets.
- Rights of access, correction, erasure, and restriction – This clause advises the candidate of the rights that they have regarding access to their data and other rights granted by GDPR.
- Right to withdraw consent – This clause notifies the candidate that where your business uses consent as the basis for collecting and processing their data that they have a right to withdraw that consent.
- Data protection [officer] or [manager] – This clause needs to be edited to reflect whether your business has an official data protection officer (who must be registered with the Information Commissioner’s Office) or whether you appoint a data protection manager instead.