As part of our commitment to privacy by design, our platform allows your organization to choose its lawful basis for the processing of personal data of candidates. This setting can be changed in the Assessio platform by a user with the Owner role.
Two options
There are two options for an organization to clarify its lawful basis for the processing of personal data, these are: other lawful basis and consent.
Other lawful basis
This is the default setting. This setting is complemented by your ability and obligation to clarify the lawful basis in your privacy notice. In the Assessio Platform you can link to your own privacy notice.
The reason for this approach is that the candidate has already interacted with the organization before and been informed about the data collection and its purpose. Assessio provides the opportunity for the organizations to once again clarify this by referring to its privacy notice in the communication with the candidate. For more information how you set the privacy notice for candidates see this article.
Consent as a lawful basis for the assessment data collection.
Processing the personal data of the candidate in the platform on the basis of consent may in some instances be a legal requirement, company policy or trade customs. Assessio ensures that the organization can obtain the consent of the candidate in accordance with those requirements. When choosing this option, candidates need to consent prior to taking the assessments. The consent is given for the given recruitment, which is the purpose of the data collection. Candidates are sent a consent receipt by email, through which they can easily withdraw their consent anytime (2 clicks).
Please note that you are always required to communicate your privacy notice to the candidate. For more information how you set the privacy notice for candidates see this article
Changing lawful basis
The Owner of the organization selects the lawful basis in the Recruitment settings.
- Click on Settings in the menu on the left and select Recruitment settings.
- Click on the option you wish to use.
- Click on Save.
An Owner can view and change the lawful basis anytime in the Recruitment settings. This does not impact the lawful basis setting for previous/prior data collection . The change will only affect new data collection.
Consent as a lawful basis
Assessio will ask for the consent of the candidate prior to allowing the candidate to take the assessments. See below what this will look like.
Consent register
Consequently, when consent is obtained from the candidate it is registered and logged. The Assessio platform supports the organization to demonstrate its compliance obligations i.e. it has collected consent prior to processing the personal data. The consent register can also be exported for you to demonstrate your compliance vis-à-vis any internal or external audit. This export is controlled and restricted to authorized users only.
Consent withdrawal
When a candidate withdraws their consent for a recruitment, all data collected for the candidate in the context of the corresponding recruitment is deleted from the Assessio platform, since there is no lawful basis to store this data anymore.
Candidates are informed that in the case they are in other recruitments or have given consent to reuse their data automatically (see link), their data will be kept in the platform and they can contact the organization to be completely removed from the platform.
In the scenario where the candidate is in progress for another recruitment, their data will be reset. When the candidate is removed from the last recruitment, the candidate is removed from the platform, since there is no purpose to keep candidate’s data.
Data subject access rights
As part of our privacy by design, we have embedded the lawful basis consent in the template that will appear when a data subject makes access request in accordance with Article 15 of the GDPR. This will ensure that your response to the request is swift and efficient.