Skip to main content
SmartRecruiters

Configure compliance rules

Plans:
  • Personal
  • Team
  • Corporate
Plans:
  • Personal
  • Corporate
  • Enterprise
  • Global

SmartRecruiters helps automate the compliant management of candidates' personal data by following configurations that you can set up with the Global Compliance tool. 

Components

A compliance configuration consists of two parts:

  • A Data Retention period for rejected candidates. When the period ends, SmartRecruiters will delete the identifying personal information stored in the candidate’s profile.
  • A Privacy Policy url, which is added to the candidate application. This URL will link to your corporate privacy policy privacy. If you have separate policies for different countries, just add URLs for each policy within the configuration for the appropriate country.  

Some countries, such as the USA and UK, have additional guidelines or requirements on collecting demographic information about candidates. When you add configuration for these countries, it will include a summary of the requirements for the country.

Multiple configurations

By default, SmartRecruiters adds a default configuration ruleset to your account, and will apply these default compliance rules to jobs in any country for which you don't set up a specific configuration.  

You can also add country-specific configurations with differing privacy policies and data retention periods.

SmartRecruiters will use a job's location to determine which configuration applies to that job.
  • If you post jobs in only one country, either modify the default configuration, or just set up a new configuration for that specific country.
  • If you post jobs in more than one country, it's a good idea to set up a configuration for each country.

Edit configurations

To edit or create new compliance configurations:

  1. Navigate to Settings / Admin.
  2. Click Global Compliance in the Administration list. 
  3. Click on a configuration to edit it.
  4. If you'd like to add a new country-specific configuration, start typing the country into the search field, and select it.

Choose retention period

Once you've opened the Default configuration or added a new country configuration, choose the data retention period.

From the list, choose a data retention period for the country. This period begins after you reject a candidate or mark them withdrawn. When it ends, SmartRecruiters will ask the candidate if they would like their info kept or deleted, and follow the candidate's instructions to delete or keep their info.

Here's a full explanation of when SmartRecruiters will delete candidate data, and a list of the data that's deleted.

Available periods for data retention

  1. Don't delete
  2. (Delete) Upon Rejection
  3. 1 months later
  4. 2 months later
  5. 3 months later
  6. 6 months later
  7. 1 year later
  8. 2 yeas later
  9. 3 years later
  10. 4 years later
  11. 5 years later
  12. 10 years later

Data retention requirements by country

Some countries have explicit requirements on the minimum or maximum period for retaining candidates’ data. 

D = Duration of employment.

  In Process/Hired Rejected
  Min # years Max # years Min # years Max # years
Austria 3 30   0
Belgium       0
Denmark   D   0
Finland D+10   2  
France 5     2
Germany 10     0
Hungary   3   0
Ireland D+7   1.5  
Italy 10     0
Netherlands 7     1
Poland 50     0
Romania 10      
Spain D+4   3  
Sweden 7     0
Switzerland 10     0
UK   D+6   0.5
US   EEO: 2 
OFCCP: 3

When you create a new policy for a specific country, SmartRecruiters automatically selects a default value.  You can choose a different duration. If so, that period begins on the date that you reject the candidate, and depends on the location of the job, not the candidate’s location.

SmartRecruiters will observe whatever data retention policy you set, and will not enforce any regulations. If you choose a duration other than the default for the countries in the table above, it’s up to you to make sure you’re compliant. Data retention periods are subject to change by local compliance authorities.

Add privacy policy 

By default, SmartRecruiters adds a link to its standard privacy policy at the end of the candidate application. Candidates can click and review this policy when applying to a job. The disclaimer looks like this:

BY CLICKING SUBMIT, YOU AGREE TO SMARTRECRUITERS’ PRIVACY POLICY. IN PARTICULAR, YOU EXPRESSLY AGREE TO THE TRANSFER OF YOUR PERSONAL INFORMATION FOR THE PURPOSES DESCRIBED IN THAT POLICY.

You can also add your own privacy policy in each country where you operate by adding the policy to the compliance configuration for that country. 

If you do add your own policy for a country, when a candidate applies to a job in that country, they’ll see this disclaimer:

BY CLICKING SUBMIT, YOU AGREE TO SMARTRECRUITERS’ PRIVACY POLICY AND <Your Company’s name>’s PRIVACY POLICY, IN PARTICULAR, YOU EXPRESSLY AGREE TO THE TRANSFER OF YOUR PERSONAL INFORMATION FOR THE PURPOSES DESCRIBED IN THAT POLICY.

Candidates can follow the second link to review your policy.