Salesforce

Understanding the Privacy Notice Feature & Data Request Messaging Options

Printable View
« Go Back

Information

 
Content

Overview

The iCIMS Talent Cloud is capable of supporting customer efforts to maintain compliance with applicable laws and regulations (e.g., GDPR, CCPA, etc.). For organizations using iCIMS Applicant Tracking (ATS), iCIMS Offer Management, and iCIMS Connect (Legacy CRM), the system includes a set of configurations that enable a customer to display a privacy notice to its candidates, capture acceptance or consent to the notice if desired, and manage data subject or privacy requests.

Note: The iCIMS Onboarding product’s new hire onboarding portal does not support the same privacy policy settings as iCIMS ATS, iCIMS Offer Management, and iCIMS Connect (Legacy CRM) because the candidate experience across these products is connected, and typically candidate information is captured prior to the onboarding stage. Should a new hire be required to review a privacy policy or access a mechanism to exercise any applicable privacy rights without doing so through the candidate-facing interface for one of the other aforementioned solutions (e.g., if a customer does not collect candidate information from candidates through an iCIMS ATS career site), it is the responsibility of the customer to determine any processes required to ensure that any information stored in the iCIMS Talent Cloud is in compliance with the relevant policies.  


The experience that candidates have on an ATS career site or other portal depends upon the configurations and messaging chosen by the customer and enabled by its user admin. Depending on the customer’s selected approach to compliance with applicable laws or regulations, its user admin may manage multiple requirements (e.g., GDPR and CCPA) using multiple ATS career sites/portals and/or using the same settings within a single ATS career site/portal.
 
Note: The information contained in this resource is not legal advice and is for informational and/or educational purposes only. The information is provided "as is" without any express or implied warranty of any kind.

 

Additional Resources

To learn more about iCIMS Privacy program, including Records of Processing Activities (ROPAs), Cookies, FAQs, and more, visit iCIMS Trust Center Portal. For links and other resources regarding how the iCIMS Talent Cloud can support customer GDPR or CCPA efforts, review the following resources:

 

Article Contents

 

Choosing a Privacy Notice Configuration

In consultation with their organization’s legal resource, as applicable, the user admin must make four fundamental decisions about the candidate experience for each ATS career site/portal prior to enabling the privacy notice feature within iCIMS ATS, iCIMS Offer Management, and iCIMS Connect (Legacy CRM):
 
  1. Should a privacy notice (or a link to a privacy notice) display to candidates?
  • If so, should the privacy notice display to all candidates, or should it display only to a specific population (e.g., self-identified EU/UK residents)?
 
  1. Should acceptance or consent to the privacy notice be captured from any candidates?
  • If so, should the acceptance or consent be captured from all candidates, or should it be captured only from a specific population (e.g., self-identified EU/UK residents)?
    • Note: If your organization would like the privacy notice to display to all candidates and would like to collect acceptance or consent only from a specific population, the organization must address applicable requirements across multiple ATS career sites/portals if possible or choose to collect acceptance or consent from all candidates for a single ATS career site/portal.
 
  1. Does your organization need to configure the system differently for new candidates vs. candidates who already have a profile in the system and return to the system for the first time after a privacy notice has been enabled (“existing candidates”)?
  • Although the experiences of these two populations can be configured separately, this is not recommended, as it may lead to undesired candidate experiences.
 
  1. If your organization will capture acceptance or consent from some or all candidates, does your organization also need to configure additional privacy features for iCIMS ATS, iCIMS Offer Management, and iCIMS Connect (Legacy CRM)?
  • For example, does your organization need to request time-based and job-based consent? Does your organization need to provide additional consent fields?



These decisions determine two things:
  1. The answers to questions 1-3 determine the values that the user admin will configure for the following system settings:
  • Enable Data Privacy Notice (Full text)
  • GDPR Consent Capture Type For New Candidates
  • GDPR Consent Capture Type For Existing Candidates

These settings are available to the user admin via Admin > System Configuration > Applicant Tracking > General.

  1. The answer to question 4 determines whether the organization will also need to request and configure additional privacy options beyond those covered in Scenario Two or Scenario Three in this article. Review the following articles for information about time-based and job-based consent and optional consent fields:

Notes:
  • The default values for the GDPR Consent Capture Type For New Candidates and GDPR Consent Capture Type For Existing Candidates settings is Do Not Capture Consent. A customer that wishes to display a privacy notice and not capture acceptance or consent to the privacy notice from any candidates does not need to change the value of these two settings.
  • The user admin must review or configure all relevant messaging for a customer’s iCIMS ATS career sites before enabling the Enable Data Privacy Notice (Full text) setting. Settings that control candidate-facing text are described in the Configuring the Privacy Notice Feature & Data Request Messaging section below.
  • This feature displays a privacy notice and, if applicable, a request that the candidate accept or consent to the privacy notice once per candidate. It is the responsibility of the customer to create any process required based on this information.
    • Organizations that require the presentation of job-based and time-based consent options to candidates must first make relevant privacy configurations for the privacy notice described in this article, then follow the process described in the Understanding the Job-Based and Time-Based Consent Data Privacy Option article to request the enablement of this additional feature.
    • Organizations that require the presentation of additional fields to candidates as part of consent collection must first make relevant privacy configurations for the privacy notice described in this article, then follow the process described in the Configuring Optional GDPR Consent Fields in iCIMS Applicant Tracking article.
  • Some customers may have a legacy privacy checkbox enabled on an iCIMS ATS career site. This legacy feature is disabled by default, limited in functionality (i.e., a 100-character limit without support for HTML), and unrelated to the privacy notice feature described in this document.
 
An image of the legacy privacy checkbox on the career portal.

 
If a customer using the legacy privacy checkbox feature wishes to cease doing so, the user admin can uncheck the Accept Privacy Policy First setting (Admin > System Configuration > Applicant Tracking > Configure > Portal > Pages > Login Page (New)) globally for all ATS career sites or on a per-career-site basis.

 

Highlighted Configuration Scenarios

Once your organization has made the decisions referenced in the Choosing a Privacy Notice Configuration section above, the user admin can begin to configure their organization’s privacy notice and preferred candidate-facing messaging within the system.

This document includes three configuration scenarios which cover each set of configurations in which the GDPR Consent Capture Type For New Candidates and GDPR Consent Capture Type For Existing Candidates settings have matching values. A brief overview of each scenario is included in this section. Configurations can be made globally for all ATS career sites or on a per-career-site basis.

Notes:
  • The order in which scenarios are listed does not indicate any recommendation or expectation from iCIMS regarding which scenario(s) customers may choose.
  • Although it is not recommended, the user admin can update the GDPR Consent Capture Type For New Candidates and GDPR Consent Capture Type For Existing Candidates setting values separately. These scenarios are not highlighted in this document, as they may lead to undesired candidate experiences. The following rules apply to configurations where these two settings do not match:
    • The GDPR Consent Capture Type For New Candidates setting value determines which scenario to reference for the settings that determine the new candidate iCIMS ATS career site and iCIMS Connect (Legacy CRM) portal experiences.
    • The GDPR Consent Capture Type For Existing Candidates setting value determines which scenario to reference for the settings that determine all other candidate experiences.
  • In the event that your organization must update configurations to the privacy notice feature after it has been enabled for candidates, it is the responsibility of the customer to ensure that those updates align with the customer’s compliance efforts.
    • To remove a privacy notice or to ensure a privacy notice does not display to candidates, ensure the Enable Data Privacy Notice (Full text) setting checkbox is unchecked. (This is the default value.)
  • For brevity, the section titles below include the term Consent in scenarios that refer to capturing candidate consent or acceptance to a privacy notice.
 

Scenario One: Display a Privacy Notice to & Do Not Capture Consent from All New and Existing Candidates

  • Make all relevant text configurations for all ATS career sites/portals (described in the Scenario One Messaging: Display Privacy Notice & Do Not Capture Consent section below).
  • Ensure the GDPR Consent Capture Type For New Candidates setting is set to Do Not Capture Consent. (This is the default value.)
  • Ensure the GDPR Consent Capture Type For Existing Candidates setting is set to Do Not Capture Consent. (This is the default value.)
  • Enable the Enable Data Privacy Notice (Full text) setting.
  • If desired, create a test candidate to test the candidate experience.

Scenario Two: Display a Privacy Notice to & Capture Consent from All New and Existing Candidates

  • Make all relevant text configurations for all ATS career sites/portals (described in the Scenario Two Messaging: Display Privacy Notice & Capture Consent section below).
  • Set the GDPR Consent Capture Type For New Candidates  setting to Capture Consent for Everyone.
  • Set the GDPR Consent Capture Type For Existing Candidates setting to Capture Consent for Everyone.
  • Enable the Enable Data Privacy Notice (Full text) setting.
  • If desired, create a test candidate to test the candidate experience.

Scenario Three: Display a Privacy Notice to Only a Self-Identified Population & Capture Consent from Only a Self-Identified Population

 

Configuring the Privacy Notice Feature & Data Request Messaging

Overview of the Privacy Notice Feature & Data Request Messaging

This overview provides a brief visual introduction to the candidate-facing pages where messaging related to the privacy notice feature might display.

Note: This article does not include information for the optional job-based and time-based consent feature. The configuration decisions in this article must be made prior to enabling both features. For additional information regarding the optional job-based and time-based consent feature, review the Understanding the Job-Based and Time-Based Consent Data Privacy Option article.

Depending on the products your organization uses and the organization’s specific configuration of the privacy notice feature, messaging may display in one or more of the following places:
 
  • To new candidates as part of the iCIMS ATS career site application process or iCIMS Connect (Legacy CRM) portal experience.
An image of the enter your email page 
Sample iCIMS ATS career site (scenario three).

An image of the connect with us page
Sample iCIMS Connect (Legacy CRM) portal (scenario three).
Note: No information is stored in iCIMS Connect (Legacy CRM) until the candidate provides any acknowledgement or consent required at this stage.
 
  • To existing candidates when they log in for the first time to iCIMS ATS, iCIMS Offer Management, or iCIMS Connect (Legacy CRM) after the Enable Data Privacy Notice (Full text) setting is enabled.
An image of the returning candidate experience.
Sample page for existing candidates (scenario three).

 
  • To new and existing candidates within a Data Subject Requests page, accessible from their candidate dashboard for iCIMS ATS, iCIMS Offer Management, or iCIMS Connect (Legacy CRM).
An image of the candidate dashboard
Sample candidate dashboard (screenshot reflects all scenarios).


An image of the Data Subject Requests page.
Sample Data Subject Requests page (screenshot reflects all scenarios).

 
Notes:
  • When the Enable Data Privacy Notice (Full text) setting is enabled, candidate access to the candidate Data Subject Requests page on their dashboard is automatically enabled. This access cannot be disabled without disabling the privacy notice.
    • In consultation with their organization’s legal resource, user admins can remove dropdown options from the Data Subject Requests page so that candidates cannot select them. This can be achieved by checking the checkbox beside the Hide [Request Type] Request setting(s) available via Admin > System Configuration > Applicant Tracking > Configure > Pages for the appropriate ATS career site(s)/portal(s). These settings hide the dropdown label, title, and message for the specified request type. Hiding all options does not remove access to the Data Subject Requests page nor prevent candidates from attempting to submit a comment, although the system will not submit the comment unless a request type is selected.
    • In consultation with their organization’s legal resource, user admins can re-add dropdown options, or add the Candidate Post Mortem Data Formulation Request and/or the Data Processing Objection Request options, if necessary. (These options are hidden by default for all customers in the 2024 Summer Release, and may or may not be hidden in your system depending upon the timing of your iCIMS ATS implementation.) This can be achieved by unchecking the checkbox beside the Hide [Request Type] Request setting(s) available via Admin > System Configuration > Applicant Tracking > Configure > Pages for the appropriate ATS career site(s)/portal(s). 
  • Relevant messaging can be configured globally for all ATS career sites/portals or on a per-career-site/portal basis.
  • The user admin cannot trigger the candidate experience with the privacy notice feature through use of the Log In As feature. To test the candidate experience, the user admin may wish to create a test candidate.
 

Configuration Scenarios for the Privacy Notice Feature & Data Request Messaging

The user admin can configure the privacy notice feature and relevant messaging. Based on guidance from your organization’s legal resource and the scenario(s) selected in the Choosing a Privacy Notice Configuration section of this document, select the relevant configuration scenario(s) below to review information on configuring messaging for this feature.  

Scenario One Messaging: Display Privacy Notice & Do Not Capture Consent

Unless otherwise indicated, the settings that control the privacy notice feature are available to the user admin via Admin > System Configuration > Applicant Tracking > Portal > Pages within the Data Privacy Compliance Configuration Page (e.g., GDPR, CCPA) section. These settings can be configured globally for all ATS career sites/portals or on a per-career-site/portal basis.

All screenshots and setting information in this section demonstrate the candidate-facing experience for this specific scenario. The screenshots in this section include sample text that may not match default system text and is for demonstration purposes only.

Notes:
  • When a setting first displays in a screenshot within a scenario, the screenshot includes a label (e.g., (B)) to the left of the setting value in the screenshot.
An example image with a label to the left.
  • When a setting displays on more than one screen within a scenario, later screenshots with that setting include labels to the right of the setting value to demonstrate where the setting was previously described.
An example image with labels to the left and right.
  • Labels for each setting are consistent across all three scenarios within this document.  
    • Labels from A-Z are part of the candidate ATS career site/portal access and lockdown experience.
    • Labels from AA-ZZ are part of the candidate dashboard and Data Subject Requests page.
    • Star labels (e.g., ★) are shared by both experiences. This labeling convention is for convenience in testing configurations on the ATS career site/portal.  
  • Unlabeled text that displays within a screenshot is not specific to this feature and may be configured as part of general ATS career site/portal configuration.


Unused Settings for this Scenario:
  • The following settings do not apply to this scenario:
    • (A) Message: EU/UK Resident
      • Related screen reader message: Accessible Message: EU/UK Resident
    • (C) Title: Consent
    • (D) Message: Consent
    • (E) Message: Affirmation of Consent
      • Related screen reader message: Accessible Message: Affirmation of Consent
    • (F) Message: Invalid Data Privacy Consent Capture Answers (e.g., GDPR, CCPA)
    • (H) rcf3328 (Are you a European Union (EU) resident?)
    • (I) rcf3327 (Do you accept the General Data Protection Regulation (GDPR) privacy policy?)
    • (J) Lockdown View Notification Message For EU Resident
    • (K) Lockdown View Title
    • (L) Lockdown View Notification Message For Non-EU Resident
    • (DD) Consent Revocation Request Display Label
    • (DD-1) Candidate Consent Revocation Title
    • (DD-2) Candidate Consent Revocation Message
    • (★) Consent Revocation Confirmation Message
  • The Cancellation Alert Message and Leave Page Alert Message settings do not currently override the default browser messages on the Data Subject Requests page, although they were intended to do so. These settings are under review by iCIMS Labs and may be fixed or removed in a future release.
  • The Data Privacy Consent Audit Log Message setting does not display to candidates. If a value for this setting is provided, this value is automatically added as a note to the data privacy consent audit log when a candidate uses the Data Subject Request page to revoke consent and then re-provide consent.
 

Scenario One Messaging: New Candidate ATS Career Site Experience

DisplaySetting Name
An image of the setting described to the right.B: Message: Privacy Notice (Full text)
This field can support 100,000+ characters and basic HTML.
 

 

Scenario One Messaging: New Candidate iCIMS Connect (Legacy CRM) Portal Experience

Display
An image of the setting described previously.

Scenario One Messaging: Existing Candidate Experience

DisplaySetting Name
An image of the setting described to the right.G: Title: Consent Capture For Existing Candidates
This setting sets the title for the page presented to existing candidates when they return for the first time after the privacy notice feature is enabled.
This field has a 100-character limit. It cannot support HTML.

Note: The default value for this setting is General Data Protection Regulation (GDPR); however, this page is not regulation-specific.



M: Next Button Label
This field has a recommended 35-character limit. It cannot support HTML.
 


 

Scenario One Messaging: Candidate Dashboard & Data Subject Requests Page

Notes:
  • When the Enable Data Privacy Notice (Full text) setting is enabled, candidate access to the Data Subject Requests page on the ATS career site/portal is automatically enabled. This access cannot be disabled without also disabling the privacy notice.
  • The request options displayed on the Data Subject Requests page correspond to hardcoded report values within this set of iCIMS solutions.
  • No automated actions within this set of iCIMS solutions take place in response to any candidate request except:
  • If a candidate submits any request, a data subject request is registered by the Personal Data Request reporting tool, described in the Understanding Personal Data Request Reporting article.
  • The Candidate Post Mortem Data Formulation Request and the Data Processing Objection Request options are included in the screenshots for this scenario, but may not be enabled in your system by default. For additional information, review the notes in the Overview of the Privacy Notice Feature & Data Request Messaging section of this article.
 
DisplaySetting Name
An image of the setting described to the right.
If the candidate selects Data Subject Requests on the candidate dashboard,
the Data Subject Requests page displays.		AA: Data Subject Requests Link Text
This field has a 35-character limit. It cannot support HTML.
  
Display
An image of the settings described below.
The text for items (1) and (2) in the screenshot updates dynamically based on the active request type.
The relevant settings are included beneath each request type label in the setting list below.

If the candidate takes an action with a confirmation message assigned,
a confirmation popup displays.
 
An image of the setting described to the right.
 
When applicable, the text for item () in the screenshot updates based on the active request type.
The relevant setting is included beneath each request type label in the setting list below.


 
Setting Name
BB: Data Subject Requests Page Title
This field has a 100-character limit. It cannot support HTML.

CC: Request Selector Title
This field has a 100-character limit. It cannot support HTML.

EE: Access Request Display Label
1: Candidate Information Access Title
2: Candidate Information Access Message
★: Candidate Information Access Confirmation Message

FF: Correction Request Display Label
1: Candidate Information Correction Title
2: Candidate Information Correction Message
★: Candidate Information Correction Confirmation Message

GG: Portability Request Display Label
1: Candidate Information Portability Title
2: Candidate Information Portability Message
★: Candidate Information Portability Confirmation Message

HH: Restrict Processing Request Display Label
1: Restrict Processing Request Title
2: Candidate Restrict Processing Request Message
★: Candidate Restrict Processing Confirmation Message

II: Deletion Request Display Label
1: Candidate Information Deletion Title
2: Candidate Information Deletion Message
★: Candidate Information Deletion Request Confirmation Message

JJ: Change Residency Status Display Label
1: Candidate Change Residency Status Title
2: Candidate Change Residency Status Message
★: Candidate Change Residency Status Request Confirmation Message
 
KK: Data Processing Objection Request Label
1: Objecting to Processing Candidate Information Title
2: Objecting to Processing Candidate Information Message
★: Confirmation Message for Objecting to Processing Candidate Information

LL: Request Control Over Candidate Post Mortem Data Formulation Label
1: Title for Controlling Candidate Post Mortem Data Formulation Information
2: Message for Controlling Candidate Post Mortem Data Formulation Information
★: Confirmation Message for Controlling Candidate Post Mortem Data Formulation Information 

Notes:
  • Labels (EE-LL) have a 100-character limit. They cannot support HTML.
  • Titles (1) each have a 100-character limit. They cannot support HTML.
  • Messages (2) each can support 100,000+ characters. They cannot support HTML.
  • Confirmation messages () each have a recommended 100-character limit. They cannot support HTML.


MM: Additional Comments Section Title
This field has a 100-character limit. It cannot support HTML.

NN: Text Area Placeholder Text
This field has a 100-character limit. It cannot support HTML.

OO: Cancel Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.

☆: Submit Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.
 
 
DisplaySetting Name
If the candidate submits a request, a confirmation message displays if the request processes successfully;
a failure message displays if the request does not process successfully.
An image of the setting described to the right.
PP:
  • Request Submission Success Message
This field has a 100-character limit. It cannot support HTML.
 
  • Request Submission Failure Message
This field has a 100-character limit. It cannot support HTML.


 

Scenario Two Messaging: Display Privacy Notice & Capture Consent


Unless otherwise indicated, the settings that control the privacy notice feature are available to the user admin via Admin > System Configuration > Applicant Tracking > Portal > Pages within the Data Privacy Compliance Configuration Page (e.g., GDPR, CCPA) section. These settings can be configured globally for all ATS career sites/portals or on a per-career site/portal basis.

All screenshots and setting information in this section demonstrate the candidate-facing experience for this specific scenario. The screenshots in this section include sample text that may not match default system text and is for demonstration purposes only.

Notes:
  • When a setting first displays in a screenshot within a scenario, the screenshot includes a label (e.g., (B)) to the left of the setting value in the screenshot.
An example image with labels to the left.
 
  • When a setting displays on more than one screen within a scenario, later screenshots with that setting include labels to the right of the setting value to demonstrate where the setting was previously described.
An example image with labels to the left and right.
  • Labels for each setting are consistent across all three scenarios within this document.  
    • Labels from A-Z are part of the candidate ATS career site/portal access and lockdown experience.
    • Labels from AA-ZZ are part of the candidate dashboard and Data Subject Requests page.
    • Star labels (e.g., ★) are shared by both experiences. This labeling convention is for convenience in testing configurations on the ATS career site/portal.  
  • Unlabeled text that displays within a screenshot is not specific to this feature and may be configured as part of general ATS career site/portal configuration.


Unused Settings for this Scenario:
  • The following settings do not apply to this scenario:
    • (A) Message: EU/UK Resident
      • Related screen reader message: Accessible Message: EU/UK Resident
    • (H) rcf3328 (Are you a European Union (EU) resident?) 
    • (J) Lockdown View Notification Message For EU Resident
    • (M) Next Button Label
  • The Cancellation Alert Message and Leave Page Alert Message settings do not currently override the default browser messages on the Data Subject Requests page, although they were intended to do so. These settings are under review by iCIMS Labs and may be fixed or removed in a future release.
  • The Data Privacy Consent Audit Log Message setting does not display to candidates. If a value for this setting is provided, this value is automatically added as a note to the data privacy consent audit log when a candidate uses the Data Subject Request page to revoke consent and then re-provide consent.
 

Scenario Two Messaging: New Candidate ATS Career Site Experience

DisplaySetting Name
An image of the setting described to the right.

An image of the setting described to the right.		B: Message: Privacy Notice (Full text)
This field can support 100,000+ characters and basic HTML.

C: Title: Consent 
This field can support 100,000+ characters. It cannot support HTML.

D: Message: Consent 
This field can support 100,000+ characters. It cannot support HTML.


E: 
  • Message: Affirmation of Consent
This field has a 100-character limit. It cannot support HTML.
  • Accessible Message: Affirmation of Consent
This setting determines the screen reader message associated with this checkbox. 
This field has a 100-character limit. It cannot support HTML.


F: Message: Invalid Data Privacy Consent Capture Answers (e.g., GDPR, CCPA) 
This field has a 200-character limit. It cannot support HTML.


 

 

Scenario Two Messaging: New Candidate iCIMS Connect (Legacy CRM) Portal Experience

Display
An image of the setting described previously.
Setting Name

D: Message: Consent (described previously) or Connect Message: Consent
This field can support 100,000+ characters. It cannot support HTML.

Note: A customer can configure the Connect consent message separately from ATS career site / portal consent message by adding text to the Connect Message: Consent field. If no text is available in the Connect Message: Consent field, the system defaults to the Message: Consent value.

 


Scenario Two Messaging: Existing Candidate Experience

DisplaySetting Name
An image of the setting described to the right.G: Title: Consent Capture For Existing Candidates
This setting sets the title for the page presented to existing candidates when they return for the first time after the privacy notice feature is enabled. This field has a 100-character limit. It cannot support HTML.

Note: The default value for this setting is General Data Protection Regulation (GDPR); however, this page is not regulation-specific.



I: rcf3327 (Do you accept the General Data Protection Regulation (GDPR) privacy policy?)
This field has a recommended 100-character limit. It cannot support HTML.

Default options:
  • I Accept
  • I Do Not Accept
Notes: 
  • This field and its list options can be configured via Admin > System Configuration > System > Profile Fields > Person > Platform > Global Group > Contact > General Information > rcf3327.
  • List options must not be added and must retain their meaning if configured (e.g., I Accept must indicate acceptance or consent to a privacy notice).



☆: Submit Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.

 

 

Scenario Two Messaging: Existing Candidate Lockdown View

DisplaySetting Name
If the candidate takes an action to revoke consent,
a confirmation popup displays.

An image of the setting described to the right.

If the candidate selects OK, the Lockdown View page displays.
An image of the setting described to the right.

★. Consent Revocation Confirmation Message 
This confirmation message displays if the existing candidate does not accept the privacy notice or revokes consent through the Revoke Consent option on the Data Subject Requests page. This message can be removed by removing all text from the field.
This field has a recommended 100-character limit. It cannot support HTML.

 


L: Lockdown View Notification Message For Non-EU Resident 
This setting sets the notification for the Lockdown page regardless of candidate residency when the GDPR Consent Capture Type For Existing Candidates setting is set to Capture Consent for Everyone.
This field can support 100,000+ characters. It cannot support HTML.

K: Lockdown View Title
This field has a 100-character limit. It cannot support HTML.

 
 

Scenario Two Messaging: Candidate Dashboard & Data Subject Requests Page

Notes:
  • When the Enable Data Privacy Notice (Full text) setting is enabled, candidate access to the Data Subject Requests page on the dashboard is automatically enabled. This access cannot be disabled without also disabling the privacy notice.
  • The request options displayed on the Data Subject Requests page correspond to hardcoded report values within this set of iCIMS solutions.
  • No automated actions within this set of iCIMS solutions take place in response to any candidate request except:
  • The Candidate Post Mortem Data Formulation Request and the Data Processing Objection Request options are included in the screenshots for this scenario, but may not be enabled in your system by default. For additional information, review the notes in the Overview of the Privacy Notice Feature & Data Request Messaging section of this article.
 
DisplaySetting Name
An image of the setting described to the right.
If the candidate selects Data Subject Requests on the candidate dashboard,
the Data Subject Requests page displays.		AA: Data Subject Requests Link Text
This field has a 35-character limit. It cannot support HTML.
  
Display
An image of the settings described below.
The text for items (1) and (2) in the screenshot updates dynamically based on the active request type.
The relevant settings are included beneath each request type label in the setting list below.


If the candidate takes an action with a confirmation message assigned,
a confirmation popup displays.
 
An image of the setting described to the right.
 
When applicable, the text for item () in the screenshot updates based on the active request type.
The relevant settings are included beneath each request type label in the setting list below.

 
Setting Name
BB: Data Subject Requests Page Title
This field has a 100-character limit. It cannot support HTML.

CC: Request Selector Title
This field has a 100-character limit. It cannot support HTML.

DD: Consent Revocation Request Display Label
1: Candidate Consent Revocation Title
2: Candidate Consent Revocation Message
★: Consent Revocation Confirmation Message

EE: Access Request Display Label
1: Candidate Information Access Title
2: Candidate Information Access Message
★: Candidate Information Access Confirmation Message

FF: Correction Request Display Label
1: Candidate Information Correction Title
2: Candidate Information Correction Message
★: Candidate Information Correction Confirmation Message

GG: Portability Request Display Label
1: Candidate Information Portability Title
2: Candidate Information Portability Message
★: Candidate Information Portability Confirmation Message

HH: Restrict Processing Request Display Label
1: Restrict Processing Request Title
2: Candidate Restrict Processing Request Message
★: Candidate Restrict Processing Confirmation Message

II: Deletion Request Display Label
1: Candidate Information Deletion Title
2: Candidate Information Deletion Message
★: Candidate Information Deletion Request Confirmation Message

JJ: Change Residency Status Display Label
1: Candidate Change Residency Status Title
2: Candidate Change Residency Status Message
★: Candidate Change Residency Status Request Confirmation Message
 
KK: Data Processing Objection Request Label
1: Objecting to Processing Candidate Information Title
2: Objecting to Processing Candidate Information Message
★: Confirmation Message for Objecting to Processing Candidate Information

LL: Request Control Over Candidate Post Mortem Data Formulation Label
1: Title for Controlling Candidate Post Mortem Data Formulation Information
2: Message for Controlling Candidate Post Mortem Data Formulation Information
★: Confirmation Message for Controlling Candidate Post Mortem Data Formulation Information

Notes:
  • Labels (DD-LL) have a 100-character limit. They cannot support HTML.
  • Titles (1) each have a 100-character limit. They cannot support HTML.
  • Messages (2) each can support 100,000+ characters. They cannot support HTML.
  • Confirmation messages () each have a recommended 100-character limit. They cannot support HTML.


MM: Additional Comments Section Title
This field has a 100-character limit. It cannot support HTML.

NN: Text Area Placeholder Text
This field has a 100-character limit. It cannot support HTML.

OO: Cancel Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.

 
   
DisplaySetting Name
If the candidate submits a request, a confirmation message displays if the request processes successfully;
a failure message displays if the request does not process successfully.
An image of the setting described to the right.
PP:
  • Request Submission Success Message
This field has a 100-character limit. It cannot support HTML.
  • Request Submission Failure Message
This field has a 100-character limit. It cannot support HTML.
 

Scenario Three Messaging: Display Privacy Notice to Only a Self-Identified Population & Capture Consent from Only a Self-Identified Population

Note: The names of some system settings for this configuration include terms specific to European residents, e.g., EU Residents. Although not recommended, it is possible to rename the candidate-facing values for these settings to display a privacy notice and collect acceptance or consent from other self-identified populations. Doing so may come with future configuration and/or reporting risks.

Unless otherwise indicated, the settings that control the privacy notice feature are available to the user admin via Admin > System Configuration > Applicant Tracking > Portal > Pages within the Data Privacy Compliance Configuration Page (e.g., GDPR, CCPA) section. These settings can be configured globally for all ATS career sites/portals or on a per-career-site/portal basis.

All screenshots and setting information in this section demonstrate the candidate-facing experience for this specific scenario. The screenshots in this section include sample text that may not match default system text and is for demonstration purposes only.

Notes:
  • When a setting first displays in a screenshot within a scenario, the screenshot includes a label (e.g., (A)) to the left of the setting value in the screenshot.
An example image with a label to the left.
  • When a setting displays on more than one screen within a scenario, later screenshots with that setting include labels to the right of the setting value to demonstrate where the setting was previously described.
An example image with labels to the left and right.
  • Labels for each setting are consistent across all three scenarios within this document.  
    • Labels from A-Z are part of the candidate ATS career site/portal access and lockdown experience.
    • Labels from AA-ZZ are part of the candidate dashboard and Data Subject Requests page.
    • Star labels (e.g., ★) are shared by both experiences. This labeling convention is for convenience in testing configurations on the ATS career site/portal.  
  • Unlabeled text that displays within a screenshot is not specific to this feature and may be configured as part of general ATS career site/portal configuration.

Unused Settings for this Scenario:
  • The following settings do not apply to this scenario:
    • (L) Lockdown View Notification Message For Non-EU Resident
    • (M) Next Button Label
  • The Cancellation Alert Message and Leave Page Alert Message settings do not currently override the default browser messages on the Data Subject Requests page, although they were intended to do so. These settings are under review by iCIMS Labs and may be fixed or removed in a future release.
  • The Data Privacy Consent Audit Log Message setting does not display to candidates. If a value for this setting is provided, this value is automatically added as a note to the data privacy consent audit log when a candidate uses the Data Subject Request page to revoke consent and then re-provide consent.
 

Scenario Three Messaging: New Candidate ATS Career Site Experience

DisplaySetting Name
An image of the setting described to the right.

If the candidate checks this checkbox, additional information displays.

An image of the setting described to the right.

An image of the setting described to the right.		A:
  • Message: EU/UK Resident
This field has a 200-character limit. It cannot support HTML.
 
  • Accessible Message: EU/UK Resident
This setting determines the screen reader message associated with this checkbox.
This field has a 100-character limit. It cannot support HTML.

Note: If a checked value is submitted, this checkbox automatically sets the value for (H) rcf3328 (Are you a European Union (EU) resident?), described later in this document, to Yes on the candidate profile.



B: Message: Privacy Notice (Full text)
This field can support 100,000+ characters and basic HTML.

C: Title: Consent 
This field can support 100,000+ characters. It cannot support HTML.

D: Message: Consent 
This field can support 100,000+ characters. It cannot support HTML.


E: 
  • Message: Affirmation of Consent
This field has a 100-character limit. It cannot support HTML.
  • Accessible Message: Affirmation of Consent
This setting determines the screen reader message associated with this checkbox. 
This field has a 100-character limit. It cannot support HTML.


F: Message: Invalid Data Privacy Consent Capture Answers (e.g., GDPR, CCPA) 
This field has a 200-character limit. It cannot support HTML.


 

 

Scenario Three Messaging: New Candidate iCIMS Connect (Legacy CRM) Portal Experience

 
Display
An image of the setting described previously.
Setting Name

D: Message: Consent (described previously) or Connect Message: Consent
This field can support 100,000+ characters. It cannot support HTML.

Note: A customer can configure the Connect consent message separately from ATS career site / portal consent message by adding text to the Connect Message: Consent field. If no text is available in the Connect Message: Consent field, the system defaults to the Message: Consent value.


Scenario Three Messaging: Existing Candidate Experience

DisplaySetting Name
An image of the setting described to the right.


If the candidate selects Yes, additional information displays.

An image of the setting described to the right.		G: Title: Consent Capture For Existing Candidates
This setting sets the title for the page presented to existing candidates when they return for the first time after the privacy notice feature is enabled. This field has a 100-character limit. It cannot support HTML.

Note: The default value for this setting is General Data Protection Regulation (GDPR); however, this page is not regulation-specific.


H: rcf3328 (Are you a European Union (EU) resident?)  
This field has a recommended 100-character limit. It cannot support HTML.

Default options:
  • Yes
  • No

Notes:
  • This field and its list options can be configured via Admin > System Configuration > System > Profile Fields > Person > Platform > Global Group > Contact > General Information > rcf3328.
  • If required, this field can be renamed to identify an alternative population; this is not recommended.
  • List options must not be added and must retain their meaning if configured (e.g., Yes must identify an individual as part of the population that would need to review and agree to a privacy notice).


☆: Submit Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.



I: rcf3327 (Do you accept the General Data Protection Regulation (GDPR) privacy policy?)
This field has a recommended 100-character limit. It cannot support HTML.

Default options:
  • I Accept
  • I Do Not Accept
Notes: 
  • This field and its list options can be configured via Admin > System Configuration > System > Profile Fields > Person > Platform > Global Group > Contact > General Information > rcf3327.
  • List options must not be added and must retain their meaning if configured (e.g., I Accept must indicate acceptance or consent to a privacy notice).

 

 

Scenario Three Messaging: Existing Candidate Lockdown View

DisplaySetting Name
If the candidate takes an action to revoke consent,
a confirmation popup displays.

An image of the setting described to the right.

If the candidate selects OK, the Lockdown View page displays.
An image of the setting described to the right.		★. Consent Revocation Confirmation Message
This confirmation message displays if the existing candidate does not accept the privacy notice or revokes consent through the Revoke Consent option on the Data Subject Requests page. This message can be removed by removing all text from the field.
This field has a recommended 100-character limit. It cannot support HTML.


J: Lockdown View Notification Message For EU Resident
This field can support 100,000+ characters. It cannot support HTML.

K: Lockdown View Title
This field has a 100-character limit. It cannot support HTML.

 
 

Scenario Three Messaging: Candidate Dashboard & Data Subject Requests Page

Notes:
  • When the Enable Data Privacy Notice (Full text) setting is enabled, candidate access to the Data Subject Requests page on the dashboard is automatically enabled. This access cannot be disabled without also disabling the privacy notice.
  • The request options displayed on the Data Subject Requests page correspond to hardcoded report values within this set of iCIMS solutions.
  • No automated actions within this set of iCIMS solutions take place in response to any candidate request except:
  • The Candidate Post Mortem Data Formulation Request and the Data Processing Objection Request options are included in the screenshots for this scenario, but may not be enabled in your system by default. For additional information, review the notes in the Overview of the Privacy Notice Feature & Data Request Messaging section of this article.
 
DisplaySetting Name
An image of the setting described to the right.

If a candidate not from the self-identified population selects Data Subject Requests on the candidate
dashboard, the page described in Scenario Three: Existing Candidate Experience displays.

If a candidate from the self-identified population selects Data Subject Requests on the candidate
dashboard, the Data Subject Requests page displays.
 		AA: Data Subject Requests Link Text
This field has a 35-character limit. It cannot support HTML.
  
Display
An image of the setting described below.
The text for items (1) and (2) in the screenshot updates dynamically based on the active request type.
The relevant settings are included beneath each request type label in the setting list below.

If the candidate takes an action with a confirmation message assigned,
a confirmation popup displays.
 
An image of the setting described to the right.
 
When applicable, the text for item () in the screenshot updates based on the active request type.
The relevant settings are included beneath each request type label in the setting list below.
 
Setting Name
BB: Data Subject Requests Page Title
This field has a 100-character limit. It cannot support HTML.

CC: Request Selector Title
This field has a 100-character limit. It cannot support HTML.

DD: Consent Revocation Request Display Label
1: Candidate Consent Revocation Title
2: Candidate Consent Revocation Message
★: Consent Revocation Confirmation Message

EE: Access Request Display Label
1: Candidate Information Access Title
2: Candidate Information Access Message
★: Candidate Information Access Confirmation Message

FF: Correction Request Display Label
1: Candidate Information Correction Title
2: Candidate Information Correction Message
★: Candidate Information Correction Confirmation Message

GG: Portability Request Display Label
1: Candidate Information Portability Title
2: Candidate Information Portability Message
★: Candidate Information Portability Confirmation Message

HH: Restrict Processing Request Display Label
1: Restrict Processing Request Title
2: Candidate Restrict Processing Request Message
★: Candidate Restrict Processing Confirmation Message

II: Deletion Request Display Label
1: Candidate Information Deletion Title
2: Candidate Information Deletion Message
★: Candidate Information Deletion Request Confirmation Message

JJ: Change Residency Status Display Label
1: Candidate Change Residency Status Title
2: Candidate Change Residency Status Message
★: Candidate Change Residency Status Request Confirmation Message
 
KK: Data Processing Objection Request Label
1: Objecting to Processing Candidate Information Title
2: Objecting to Processing Candidate Information Message
★: Confirmation Message for Objecting to Processing Candidate Information

LL: Request Control Over Candidate Post Mortem Data Formulation Label
1: Title for Controlling Candidate Post Mortem Data Formulation Information
2: Message for Controlling Candidate Post Mortem Data Formulation Information
★: Confirmation Message for Controlling Candidate Post Mortem Data Formulation Information
 

Notes:
  • Labels (DD-LL) have a 100-character limit. They cannot support HTML.
  • Titles (1) each have a 100-character limit. They cannot support HTML.
  • Messages (2) each can support 100,000+ characters. They cannot support HTML.
  • Confirmation messages () each have a recommended 100-character limit. They cannot support HTML.

MM: Additional Comments Section Title
This field has a 100-character limit. It cannot support HTML.

NN: Text Area Placeholder Text
This field has a 100-character limit. It cannot support HTML.

OO: Cancel Request Button Label
This field has a recommended 35-character limit. It cannot support HTML.

 
 
DisplaySetting Name
If the candidate submits a request, a confirmation message displays if the request processes successfully;
a failure message displays if the request does not process successfully.
An image of the setting described to the right.
PP:
  • Request Submission Success Message
This field has a 100-character limit. It cannot support HTML.
  • Request Submission Failure Message
This field has a 100-character limit. It cannot support HTML.
 
TitleUnderstanding the Privacy Notice Feature & Data Request Messaging Options
URL NameUnderstanding-the-Privacy-Notice-Feature-Data-Request-Messaging-Options
Powered by