Overview
Various privacy regulations across the world seek to protect user rights to the protection of their personal data. iCIMS, Inc. and its subsidiaries (collectively “iCIMS”) is committed to complying with global privacy regulations and supporting its global customer base.
The following data subject rights are supported by various privacy regulations across the world. The rights that apply in any specific circumstance vary based on the data subject’s location.
- Notice and consent to use data: Businesses must be prepared to provide notice and consent options to data subjects regarding the use of their personal data.
- Rights of access by the data subject: Businesses must be prepared to honor a data subject’s request to access and transfer their personal data.
- Right to correction and rectification: Businesses must be prepared to honor a data subject’s request to correct or rectify their personal data.
- Right to erasure (‘right to be forgotten’): Business must be prepared to honor a data subject’s request to erase personal data, subject to a few exceptions that vary by jurisdiction.
- Right to data portability: Businesses must be prepared to honor a data subject’s request to transmit their personal data to another data controller.
- Right to restriction of processing: Businesses must be prepared to honor a data subject’s request to restrict processing of personal data.
- Right to object: Businesses must be prepared to honor a data subject’s objection to processing of personal data in specific circumstances, including a request to opt-out of the sale of personal data.
- Right to nondiscrimination: Businesses must not discriminate against a data subject after they have exercised their privacy rights.
The iCIMS Talent Cloud is capable of supporting customer efforts to maintain compliance with these data subject rights. It is the responsibility of the customer to take any applicable action in response to a data subject’s request. Many iCIMS solutions also provide the data subject with the ability to take certain actions themselves directly within the system.
For product-specific information, refer to the following sections of this document:
Customers leveraging the iCIMS Talent Cloud across multiple products must review information for each applicable product. Changes made within one product do not necessarily carry over to other products or to a customer’s third-party tools (e.g., HRIS, etc.), and some individual features within a product may require individual action on the part of the customer as well (e.g., iCIMS Social Distribution, etc.).
There may be cases where a customer’s users create profiles or store information on behalf of end-users, or cases where the end-user's information is imported into a system without their involvement. It is the responsibility of the customer to determine any processes required to ensure that any information stored in the iCIMS Talent Cloud is in compliance with the applicable privacy regulations.
The information included within this article is subject to change.
iCIMS Agreements, Policies, and Procedures
iCIMS maintains detailed and comprehensive privacy and security policies that apply to many of the areas covered by global data protection and privacy regulations and best practices, which are subject to internal and external audits as part of our ISO 27001 and ISO 27701 certifications. To access iCIMS’ public agreements, policies, and procedures, please review the
iCIMS General Counsel page. To learn more about iCIMS Privacy program, including Records of Processing Activities (ROPAs), Cookies, FAQs, and more, please visit the
iCIMS Trust Center Portal.
iCIMS Applicant Tracking (ATS), iCIMS Offer Management, iCIMS Onboarding, and iCIMS Connect (Legacy CRM) (back to top)
Notes:
- The iCIMS Social Distribution feature operates separately from the rest of iCIMS ATS. iCIMS ATS customers that receive data access or deletion requests within iCIMS ATS may determine that they must review information within iCIMS Social Distribution as well (e.g., for current or former employees). For more information about iCIMS Social Distribution, review the iCIMS Social Distribution section of this document.
- Information in this section applies exclusively to iCIMS ATS, including iCIMS ATS career sites. Additional information for customers who have purchased iCIMS Career Sites is included in the iCIMS Career Sites (formerly Attract) section.
- Information in this section applies exclusively to iCIMS Connect (Legacy CRM) and does not apply to iCIMS CRM. Information for iCIMS CRM is included in the iCIMS Candidate Relationship Management (CRM) section.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates as part of the candidate experience.
Should the customer determine that they wish to display a privacy notice to candidates, candidate-facing portals within iCIMS ATS, iCIMS Offer Management, and iCIMS
Connect (Legacy CRM) can be configured to present a privacy notice and/or a link to a privacy notice. This notice can be configured to display when a candidate creates an account and/or applies for a job, as well as when a candidate logs in to a candidate-facing iCIMS ATS career site, iCIMS
Connect (Legacy CRM) portal, or iCIMS Offer Management portal for the first time after a privacy notice has been enabled. This notice can display with the option for the candidate to select a checkbox to consent to the notice and/or to select time-based or job-based consent; when presented with one of these options, candidates who do not indicate consent are prevented from accessing the next screen.
For information regarding privacy notice functionality within iCIMS ATS, iCIMS Offer Management, and iCIMS
Connect (Legacy CRM), review the
Understanding the Privacy Notice Feature & Data Request Messaging Options article. For information regarding the job-based and time-based consent option within iCIMS ATS, review the
Understanding the Job-Based and Time-Based Consent Data Privacy Option article.
Notes:
- For customers with integrated iCIMS Candidate Relationship Management (CRM) and iCIMS Applicant Tracking (ATS) systems, candidate consent data and limitations captured in one product are now synced to the other to ensure consistent application of data governance rules. For more information on data synced between ATS and CRM, review the Understanding Data Syncing Between iCIMS Applicant Tracking (ATS) and iCIMS Candidate Relationship Management (CRM) article.
- The iCIMS Onboarding product’s new hire onboarding portal does not support the same privacy notice settings as iCIMS ATS, iCIMS Offer Management, and iCIMS Connect (legacy CRM). The candidate experience across these products is not connected to iCIMS Onboarding, and typically the privacy notice has already been presented because candidate information is captured prior to the onboarding stage. It is the customer’s responsibility to determine a business process to allow a candidate to review a privacy notice during the onboarding stage if the customer determines this is a requirement. Customers may configure a form within iCIMS Onboarding to present a privacy notice and collect acknowledgement. To configure these forms, review the Creating and Managing Acknowledgement iForms article. It is the customer’s responsibility to monitor acknowledgement and take any applicable action in response. For more information regarding forms within iCIMS Onboarding, review the Introduction to iForms article.
- Should a customer determine that they wish to display information in addition to a privacy notice to candidates on a candidate-facing portal within this set of iCIMS solutions (e.g., a toll-free telephone number, a link to additional privacy notices and/or contact information, a “Do Not Sell My Personal Information” link, or information about use of any optional solutions, such as the iCIMS Talent Cloud AI product), the user admin may include this information within the privacy notice, the branding and/or footer, and/or other areas of the portal. Some of these options (e.g., updated branding) may require submitting a case to iCIMS Technical Support following the standard request process.
.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to monitor access requests submitted via the Data Subject Requests page and/or to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights. It is the customer’s responsibility to enable, update, and maintain any applicable configurations to the Data Subject Requests page.
Notes:
Customers that receive a data access or data portability request may download the candidate’s information via the customer-facing interface for iCIMS ATS, iCIMS Offer Management, iCIMS Onboarding, and iCIMS
Connect (Legacy CRM). For information regarding downloading the candidate’s information, review the
Downloading and Sending a Candidate Personal File article.
Customers that receive a request to restrict processing or an objection to processing may move a candidate into a Restrict Processing folder via the customer-facing interface. For information regarding the Restrict Processing folder, review the
Purge & Restrict Processing Folder Access section of the
Understanding the Time-Based and Job-Based Consent Data Privacy Feature article.
Customers that receive a data correction & rectification request may update information on the candidate profile via the customer-facing interface for this set of iCIMS solutions. For information regarding the candidate profile, review the
Introduction to the Person Profile and
Introduction to the Recruiting Workflow Profile articles.
It is the responsibility of the customer to take any applicable action in response to a candidate data access, data portability, or data correction & rectification request.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to monitor deletion requests submitted via the Data Subject Requests page and/or to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights. It is the customer’s responsibility to enable, update, and maintain any applicable configurations to the Data Subject Requests page. In the event a customer has enabled the job-based and time-based consent option, it is the customer’s responsibility to ensure appropriate handling of candidate data per the consent type selected.
Notes:
Customers that receive a data deletion request may delete the candidate’s information via the customer-facing interface for iCIMS ATS, iCIMS Offer Management, iCIMS Onboarding, and iCIMS Connect (Legacy CRM). For information regarding deleting the candidate’s information, review the Purging Person Profiles article.
It is the responsibility of the customer to take any applicable action in response to a candidate deletion request.
iCIMS Social Distribution (a feature of iCIMS ATS) (back to top)
Note: The iCIMS Social Distribution feature operates separately from the rest of iCIMS ATS. iCIMS ATS customers that receive data subject requests within iCIMS ATS may determine that they must review information within iCIMS Social Distribution as well. For more information about iCIMS ATS, review the iCIMS Applicant Tracking (ATS), iCIMS Offer Management, iCIMS Onboarding, and iCIMS Connect (Legacy CRM) section of this document.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be presented to employees as part of the employee user experience.
Should the customer determine that they wish to present a privacy notice to employees, it is the responsibility of the customer to determine a business process to meet that requirement.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data access, data portability, or data correction & rectification request may contact iCIMS Technical Support following the standard request process. The customer name, and employee full name and email address used with iCIMS Social Distribution must be included in the request.
Upon receipt of a request from a customer, iCIMS will provide the customer with access to the requested information and/or confirm correction or rectification of applicable information. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data deletion request may purge the employee’s information via the Company tab within iCIMS Social Distribution. For information regarding downloading data within this interface, review the
Removing Employees and Other Users from Social Distribution section of the
Social Distribution: Inviting and Managing Employees from the Company Tab article.
It is the responsibility of the customer to take any applicable action in response to a data deletion request.
The employee may also delete data directly from iCIMS Social Distribution. For the employee to delete data, the employee may follow the steps below:
- Log in to the iCIMS Social Distribution tool.
- Hover over the user options menu, then select Settings.
- Select Deactivate My Account.
Note: Information in this section applies exclusively to customers who have purchased iCIMS Career Sites (formerly Attract) and does not apply to iCIMS ATS career sites. Information for iCIMS ATS career sites is included in the iCIMS Applicant Tracking (ATS), iCIMS Offer Management, iCIMS Onboarding, and iCIMS Connect (Legacy CRM) section.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates as part of the candidate experience.
Should the customer determine that they wish to display a privacy notice to candidates, it is the responsibility of the customer to take appropriate action to ensure that the privacy notice is displayed.
Customers with iCIMS Career Sites may display specific information or links on an iCIMS Career Sites page. As applicable, the capture of consent to a privacy notice is typically handled within an alternate solution (e.g., iCIMS ATS) once a candidate has decided to apply to a job and/or log in to that solution. To add or update information on a candidate-facing iCIMS Career Sites page, contact iCIMS Technical Support following the standard request process.
Note: Should a customer determine that they wish to display information in addition to a privacy notice to candidates on an iCIMS Career Sites page (e.g., a toll-free telephone number, a link to additional privacy notices and/or contact information, a “Do Not Sell My Personal Information” link, or information about the use of any optional features, such as job matching), the customer may submit a case to iCIMS Technical Support to submit a request of this nature.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Candidate data is not stored as part of a candidate’s experience with iCIMS Career Sites unless a customer has the legacy Apply solution.
- Customers with Apply and iCIMS CRM may leverage tools within iCIMS CRM to address data requests; for more information about iCIMS CRM, review the iCIMS Candidate Relationship Management (CRM) section of this document.
- Customers with the Apply solution that do not have iCIMS CRM that receive a data access, data portability, or data correction & rectification request may contact iCIMS Technical Support following the standard request process. The candidate’s full name, email address, and request details must be included in the request. Upon receipt of a request from a customer, iCIMS will provide the customer with access to the requested information and/or confirm correction or rectification of applicable information. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Candidate data is not stored as part of a candidate’s experience with iCIMS Career Sites unless a customer has the legacy Apply solution.
- Customers with Apply and iCIMS CRM may leverage tools within iCIMS CRM to address data requests; for more information about iCIMS CRM, review the iCIMS Candidate Relationship Management (CRM) section of this document.
- Customers with the Apply solution that do not have iCIMS CRM that receive a candidate deletion request may contact iCIMS Technical Support following the standard request process. The candidate’s full name, email address, and request details must be included in the request. Upon receipt of a request from a customer, iCIMS will purge candidate information from Apply. Upon completion of the purge, iCIMS will notify the customer that the purge has been completed. It is the responsibility of the customer to determine any next steps that may be required after a purge has been completed.
iCIMS Marketing Automation (back to top)
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates as part of the candidate experience.
Should the customer determine that they wish to display a privacy notice to candidates, landing pages, forms, and emails created in Marketing Automation can be configured to present a privacy notice and/or a link to a privacy notice. In emails, this notice can display with the option for the candidate to unsubscribe from receiving future communications.
In forms, this notice can display with the option to select a checkbox to consent to the notice. The consent can be configured so that candidates who do not indicate consent are prevented from submitting the form.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data access or data portability request may download data fields, including custom fields that the customer creates, as a .csv or an .xls file. This can be done from the people screen on the customer-facing interface for iCIMS Marketing Automation. Documents, recruiter notes, and the candidate engagement log are not included in the export.
Customers that receive a data correction & rectification request may update information (including custom fields that the Customer chooses to collect) on the candidate profile via the customer-facing interface for iCIMS Marketing Automation. This can be done by clicking on a candidate in the people page.
There is no candidate-facing portal for candidates to view their personal data directly; however, candidates can send data subject requests to customers. Customers can satisfy data subject requests without assistance from iCIMS.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers with iCIMS Marketing Automation that receive a candidate deletion request may delete the candidate’s information via the customer-facing interface. Customers have the option to hard-delete or soft-delete a candidate profile. Soft deletion will preserve some personal data as well as contact preferences so that contact preferences are respected if a candidate is added back into the system. Hard delete will remove all candidate data. For more information regarding purging data within this interface, review the
Purging Candidate Data in iCIMS Marketing Automation article.
iCIMS Candidate Relationship Management (CRM) (back to top)
Note: Information in this section applies exclusively to iCIMS CRM and does not apply to iCIMS Connect (Legacy CRM). Information for iCIMS Connect (Legacy CRM) is included in the iCIMS Applicant Tracking (ATS), iCIMS Offer Management, iCIMS Onboarding, and iCIMS Connect (Legacy CRM) section.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates as part of the candidate experience.
Should the customer determine that they wish to display a privacy notice to candidates, the candidate Talent Network sign-up form can be configured to present a privacy notice and/or a link to a privacy notice when a candidate signs up to join the Talent Network. Customers may request changes by contacting iCIMS Technical Support following the standard request process. This notice can display with the option for the candidate to select a checkbox to consent to the notice; when presented with this option, candidates who do not indicate consent are prevented from accessing the next screen.
Notes:
- For customers with integrated iCIMS Candidate Relationship Management (CRM) and iCIMS Applicant Tracking (ATS) systems, candidate consent data and limitations captured in one product are now synced to the other to ensure consistent application of data governance rules. For more information on data synced between ATS and CRM and how CRM handles user consent, review the Understanding Data Syncing Between iCIMS Applicant Tracking (ATS) and iCIMS Candidate Relationship Management (CRM) and iCIMS Candidate Relationship Management (CRM) and Understanding User Consent in iCIMS Candidate Relationship Management (CRM) articles.
- Should a customer determine that they wish to display information in addition to a privacy notice (e.g., a toll-free telephone number, a link to additional privacy notices and/or contact information, a “Do Not Sell My Personal Information” link, or information about the use of any optional features), the user admin may include this information within their presented and/or their linked privacy notice. Some of these options may require submitting a case to iCIMS Technical Support following the standard request process.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data access or data portability request may download the candidate’s information via the customer-facing interface for iCIMS CRM. (If a customer has both the Apply solution and iCIMS CRM, Apply-related data is available in the iCIMS CRM interface).
Customers that receive a data correction & rectification request may update information on the candidate profile via the customer-facing interface for iCIMS CRM.
For information regarding exporting or updating data within this interface, review the Understanding Candidates' Right to CRM Data Privacy Features section of the Viewing Profiles and Taking Action on Candidates in iCIMS Candidate Relationship Management article. It is the responsibility of the customer to take any applicable action in response to a candidate access request.
The candidate may also access data directly from the candidate portal. To learn more about this functionality, review the Candidate Guide to Downloading and Purging Data from an Organization's Talent Network article.
Note: For customers with integrated iCIMS Candidate Relationship Management (CRM) and iCIMS Applicant Tracking (ATS) systems: customers that receive a request to restrict processing or an objection to processing may move a candidate into a restrict processing folder via the iCIMS Applicant Tracking customer-facing interface. For information regarding the Restrict Processing folder, review the Purge & Restrict Processing Folder Access section of the Understanding the Time-Based and Job-Based Consent Data Privacy Feature article.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers with iCIMS CRM that receive a candidate deletion request may delete the candidate’s information via the customer-facing interface for iCIMS CRM. (If a customer has both the Apply solution and iCIMS CRM, Apply-related data is available in the iCIMS CRM interface).
For information regarding purging data within this interface, review the Understanding Candidates' Right to CRM Data Privacy Features section of the Viewing Profiles and Taking Action on Candidates in iCIMS Candidate Relationship Management article. It is the responsibility of the customer to take any applicable action in response to a candidate access request.
The candidate may also access data directly from the candidate portal. To learn more about this functionality, review the Candidate Guide to Downloading and Purging Data from an Organization's Talent Network article.
iCIMS Opportunity Marketplace(back to top)
Note: iCIMS Opportunity Marketplace (OMP) is a product within the iCIMS Applicant Tracking System (ATS) focused on internal mobility for customers’ employees. Many of the functionality described in this section occur within the iCIMS ATS interface and have been broken out into a new section to highlight how these features apply to iCIMS OMP.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to employees as part of the employee experience.
Should the customer determine that they wish to display a privacy notice to employees, it is the responsibility of the customer to take appropriate action to ensure that the privacy notice is displayed. This policy can display with the option for the employees to agree or disagree. Employees who do not agree prevented from accessing the next screen.
To add or update a privacy notice on an employee-facing iCIMS Opportunity Marketplace page, contact iCIMS Technical Support following the standard request process. For information regarding privacy notice functionality within iCIMS OMP, review the
Understanding the Privacy Notice Feature & Data Request Messaging Options article.
Right to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to monitor access requests submitted via the Data Subject Requests page and/or to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights. It is the customer’s responsibility to enable, update, and maintain any applicable configurations to the Data Subject Requests page.
Customers that receive a data access request may download the employee’s information via the customer-facing interface for iCIMS OMP. For information regarding downloading the employee's information, review the
Downloading and Sending a Candidate Personal File article.
Customers that receive a data correction request may update information on the employee profile via the customer-facing interface for iCIMS OMP.
It is the responsibility of the customer to take any applicable action in response to an employee access request.
Notes:
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to monitor deletion requests submitted via the Data Subject Requests page and/or to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights. It is the customer’s responsibility to enable, update, and maintain any applicable configurations to the Data Subject Requests page.
Customers that receive a data deletion request may delete the employee’s information via the customer-facing interface for iCIMS OMP. For information regarding deleting the employee’s information, review the
Purging Person Profiles article.
It is the responsibility of the customer to take any applicable action in response to a employee deletion request.
Notes:
Note: SkillSurvey Services includes SkillSurvey Pre-Hire (Reference and Source), Post-Hire, Career Readiness, and Credential OnDemand.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates or employees as part of the end-user experience.
Should the customer determine that they wish to display a privacy notice, it is the responsibility of the customer to take appropriate action to ensure that the privacy notice is displayed. If this feature is disabled, or is enabled but not configured, the system displays a message that a company privacy notice is not available when a person attempts to access the privacy notice. Company level executives can add or update a privacy notice on SkillSurvey Reference, Source, or Post-Hire.
For SkillSurvey Reference, candidates and references may opt-out of receiving email or text communications at any point.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism through which candidates, providers, references, and any other applicable persons within the customer’s solution may exercise any applicable privacy rights.
Customers that receive a data access or data portability request may download the candidate’s information via the customer-facing interface for SkillSurvey Services. Recruiter notes are not included in candidate exports.
- SkillSurvey Credential OnDemand: The ability to export candidates is found in the Export tab. Individual candidate exports can include application documents. To bulk export candidates as well as their documents, contact iCIMS Technical Support following the standard request process.
- SkillSurvey Reference: The ability to export candidates is found in the Candidate Export setting in the Reports tab.
- SkillSurvey Source: The ability to export sourced candidates is found in the Search Candidate page.
- SkillSurvey Post-Hire: To export employees and supervisors, contact iCIMS Technical Support following the standard request process.
- SkillSurvey Career Readiness: The ability to export students is found in the Students tab under Manage All Students. Bulk exports do not include student reports. Student reports may be downloaded individually from the student’s profile.
Customers that receive a data correction & rectification request may update information on the candidate profile via the customer-facing interface for SkillSurvey Services.
It is the responsibility of the customer to take any applicable action in response to a candidate data access, data portability, or data correction & rectification request.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data deletion request may contact iCIMS Technical Support following the standard request process. The candidate’s full name, email address, and request details must be included in the email.
Upon receipt of a request from a customer, iCIMS will take the requested action. Upon completion of the action, iCIMS will notify the customer that the action has been completed. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
iCIMS Talent Cloud AI (TCAI)(back to top)
iCIMS Talent Cloud AI (TCAI) provides AI features throughout other products in the iCIMS Talent Cloud. Privacy notice, consent, and data subject rights functionality is managed within the product that contains the AI features, such as iCIMS ATS or iCIMS CRM.
iCIMS Text Engagement and iCIMS Digital Assistant (back to top)
Note: All iCIMS Digital Assistant customers have a Text Engagement instance. The data is stored in the Text Engagement instance. Controls to manage data subject requests are found within the Text Engagement instance, as detailed below.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a privacy notice must be displayed to candidates as part of the candidate experience.
Should the customer determine that they wish to display a privacy notice to candidates, it is the responsibility of the customer to determine whether the customer’s other tools can meet the customer’s requirements and to provide any required notification to the candidates by working with the relevant solution providers. As applicable, the capture of consent to a privacy notice is typically handled within an alternate solution (e.g., iCIMS ATS) once a candidate has decided to apply to a job and/or log in to that solution.
iCIMS Digital Assistant customers that wish to add a link to a privacy notice as part of an automated message may contact iCIMS Technical Support following the standard request process. As part of this request, the customer must provide the URL for the privacy notice as well as detailed information regarding the circumstances when the URL should be displayed to candidates. It is the responsibility of the customer to determine a process to capture any required consent.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data access or data portability request may download the candidate’s information via the iCIMS Text Engagement web application and then securely send applicable information to the candidate.
To download the candidate’s information, follow the steps below:
- Locate the profile for the applicable candidate.
- Select Actions > Save Candidate Data (PDF). This will export the candidate’s data in PDF format.
Customers that receive a data correction & rectification request for a candidate's name or contact information may update information on the candidate profile via the customer-facing interface for iCIMS Text Engagement.
It is the responsibility of the customer to securely send applicable information to the candidate and/or make applicable corrections in response to a candidate access request.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data deletion request may use the Candidate Purging feature to purge candidates from the iCIMS Text Engagement system. (To request that this feature be enabled within the customer’s solution, customers may contact their iCIMS Account Manager.)
For information regarding deletion of data within this interface, review the iCIMS Text Engagement: Purging Candidates article on the iCIMS Customer Community site. It is the responsibility of the customer to take any applicable action in response to a candidate deletion request.
iCIMS Video Interview, iCIMS Language Assessment, and iCIMS Test Builder (back to top)
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a notice must be displayed to candidates and any other applicable persons.
Should the customer determine that they wish to display a privacy notice to candidates, iCIMS Video Interview can assist the customer in presenting a privacy notice when a candidate starts a video interview iCIMS Language Assessment
and iCIMS Test Builder can assist the customer in presenting a privacy notice when a candidate starts an assessment in the following ways:
- Customers may display specific information or links within one or more text fields on a Terms and Conditions pop-up prior to collecting additional candidate data. Customers may request changes to these fields by contacting iCIMS Technical Support following the standard request process. This notice displays with the option for the candidate to Validate their acceptance; the candidate may not progress until they validate their acceptance.
- Customers may display specific information or links in the footer of the Terms and Conditions pop-up and invitation emails that a candidate receives. Customers may request changes to this field by contacting iCIMS Technical Support following the standard request process.
Note: Should a customer determine that they wish to display information in addition to a privacy notice to candidates (e.g., a toll-free telephone number, a link to additional privacy notices and/or contact information, a “Do Not Sell My Personal Information” link, or information about the use of any optional features), the customer may submit a case to iCIMS Technical Support.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data access, data portability, or data correction & rectification request may contact iCIMS Technical Support following the standard request process. The candidate’s full name, email address, and request details must be included in the request.
Upon receipt of a request from a customer, iCIMS will provide the customer with access to the requested information. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which candidates (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers that receive a data deletion request may contact iCIMS Technical Support following the standard request process. The candidate’s full name, email address, and request details must be included in the request.
Upon receipt of a request from a customer, iCIMS will take the requested action. Upon completion of the action, iCIMS will notify the customer that the action has been completed. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
Notice and Consent to Use Data
It is the responsibility of the customer to determine if a notice must be displayed to employees as part of the employee user experience.
Should the customer determine that they wish to display a notice to employees
, the customer has full control to configure their terms of service/privacy notice and customize it based on region. Notices are displayed when a new user accesses a workspace or a returning user accesses a workspace after changes have been made to the notice text. This notice displays with the option for the employee to Accept or Reject; employees who Reject are logged out.To add or update a notice leveraging the Terms & Conditions functionality built into iCIMS Video Studio, a workspace admin user may follow the steps below:
- Select the profile picture (or silhouette) on the far right of the menu bar, then select Settings > Custom Terms, or navigate to https://admin.altrulabs.com/settings/terms.
- Make any applicable additions or updates to the Terms & Conditions field.
- Select Save.
Note: Should a customer determine that they wish to display information in addition to a privacy notice to candidates (e.g., a toll-free telephone number, a link to additional privacy notices and/or contact information, a “Do Not Sell My Personal Information” link, or information about the use of any optional features), the customer may submit a case to iCIMS Technical Support.
Rights to Access, Data Portability, and Correction & Rectification
It is the customer’s responsibility to provide a mechanism through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customer employees can access and correct their own profile data (name, image, job title, employer, department).Customers that receive a data access, data portability, or data correction and rectification request can address the request through the customer-facing portal. Customer admins can satisfy a data access and a data portability request (including filtering for disabled and derivative content) by filtering for the data subject and exporting the information to a .PDF, .XLSX, or .CSV. Customer admins can satisfy a data correction and rectification request by directly accessing their employee’s profile/data.
Customers that receive a data access, data portability, or data correction and rectification request may contact iCIMS Technical Support following the standard request process. The workspace name, request details (including applicable video or answer IDs), and employee full name and email address used with iCIMS Video Studio must be included in the request.
Upon receipt of a request from a customer, iCIMS will provide the customer with access to the requested information and/or confirm correction or rectification of applicable information. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.
Right to Erasure (‘Right to be Forgotten’)
It is the customer’s responsibility to provide a mechanism (e.g., an email address in their privacy notice, etc.) through which employees (and any other applicable persons within the customer’s solution) may exercise any applicable privacy rights.
Customers can disable their employees’ data and request that their employees’ data be permanently deleted. Disabled data is invisible to everyone except for admins that are intentionally filtering for disabled data. Data can only be permanently deleted by iCIMS upon request to avoid accidental deletion.
Permanent deletion requests may be submitted to iCIMS Technical Support following the standard request process. The workspace name, request details (including applicable video or answer IDs), and employee full name and email address used with iCIMS Video Studio must be included in the request.
Upon receipt of a request from a customer, iCIMS will take the requested action. Upon completion of the action, iCIMS will notify the customer that the action has been completed. It is the responsibility of the customer to determine any next steps that may be required after the action has been completed.