What's The Difference Between Website Terms of Use, Cookie Policy & Privacy Policy ?
AND DO I NEED THEM ALL ON MY RECRUITMENT AGENCY WEBSITE?
Since the introduction of the UK’s & EU’s laws around data privacy (GDPR/PECR) it has never been so important to ensure the integrity of users' data. This means protecting user data wherever it may be processed and stored, whether that’s in your CRM, the inboxes of your consultants, or while those users are on your website. Failing to do so can land you in hot water with the English courts, ICO and your clients and candidates, potentially causing long-lasting damage to your recruitment agency.
Your website should carry the details of several standard company policies but the three most important documents are your cookie policy, your privacy policy, and your website’s terms of use (I’d also recommend looking into a modern slavery policy, a corporate social responsibility document, a DEI Policy and an anti-corruption & bribery policy).
While these are legal documents, aim to use plain language and avoid overly complex legal jargon to ensure they’re user-friendly. We’ll talk you through what they are, where they should be located on your agency’s website, why they’re important and how to write them.
Website Terms of Use
The website terms of use on a recruitment agency’s website are essentially a legally binding agreement between the website owner (aka you) and its users (aka your existing and prospective candidates, clients and talent), laying down the rules & guidelines for using the site. Its main purpose is protecting the recruitment agency’s intellectual property, governing user behaviour, and limiting liability for you. Its key components will include the following…
-
The user's rights & responsibilities - what they can and cannot do while on your site, how they’re protected while visiting your site and what constitutes misuse (such as spamming your site, making offensive comments in a user comment section or any illegal activities).
-
Copyright and trademark notices - protecting the site’s content, images, logo, etc.
-
Disclaimers and limitations of liability - protecting you as a director and your recruitment agency from website errors that visitors may experience, issues from third-party libraries, incorrect cookie policy setups, retaining and misuse of user data while on the website, etc.
-
Dispute resolution - how to resolve conflicts, arbitration procedures, etc.
-
Candidate user accounts - a section on managing account creation, termination, and responsibilities around candidate registration section / portal.
-
Links to third parties - pages such as your blog will contain links to other sites and you may not be responsible for their practices if users decide to visit those sites.
This document is so important for protecting you, your recruitment agency, and the business and handling any issues and conflicts if they do occur while clients and candidates are using your website.
Cookie Policy
Your recruitment agency’s cookie policy should lay out how and why your website leaves cookies on users' devices and what these cookies are used for i.e. basic website functionality, analytics, browsing behaviour, preferences, etc.
Your agency’s cookie policy should explain the following…
-
Types of cookies left by the website - such as basic functionality, session, analytics, persistent, third party, etc.
-
How users can opt out of cookies - cookies should only be left on a user's device once they have given their explicit permission for you to do so (and your cookie pop up should give users the option to opt out of cookies).
-
It should outline your legal compliance to laws around GDPR and the Privacy & Electronic Communications Regulation (PECR).
Data privacy is so important these days. Users regularly see data breaches compromising their personal data and they know the importance and value of their personal information. Misusing a user’s data is a breach of trust and breaching trust is a very dangerous tactic in recruitment. A lot of recruitment agencies recruit for more than one geographical location so ensuring you have a robust cookie policy that covers all jurisdictions is crucial. If you also recruit for the EU then you may need a different cookie policy in the coming months as the UK may be changing its stance on opting in and out of cookies.
Privacy Policy
This is a statement or legal document that tells users how your recruitment agency’s website collects, gathers, uses, holds, shares and maintains their personal data. It’s a legal document which aims to protect the website visitors' interest whilst also protecting your recruitment agency’s interests. Its key components should include…
-
The personal information you collect - typically, for a recruitment agency website, this would be information obtained through your contact or application form so would include, first and last names, addresses, contact information, employment history, NI numbers, visa and passport details and other sensitive information.
-
Data collection methods - explain how your recruitment agency collects this information (e.g., contact form, application form, newsletter subscription form, third-party sources, etc.).
-
Purpose of data processing - specify reasons for collecting and using personal data (e.g., matching candidates with jobs, client communication, events, newsletters, email marketing, etc.).
-
Data sharing - disclose if you share personal data with third parties such as clients, recruitment CRMs, AI CV formatting tools, etc. and their purpose for accessing the data.
-
Data retention - outline how long you retain personal data. Recruitment agencies must keep candidate details for at least one year, unless you are asked to delete their data.
-
Security measures - describe how you secure personal data to protect it against unauthorised access, alteration, or loss. This could include details of on premises servers or how you keep data in cloud services such as AWS, Google Cloud or Azure.
-
Individuals' rights - explain the rights individuals have over their data (e.g., right to access, correct, or delete their data).
How to write them?
If you’re on a tight budget you can piece these three documents together using the internet, competitor recruitment agency websites and AI tools but I would always recommend having them checked by a qualified solicitor who can practice law in that particular jurisdiction. They are all legal documents and should be treated as so. They ultimately, could really save your bacon.
- The ICO has a great template generator for generating your privacy policy.
- Here’s a standard cookie policy template generator.
- And here’s a website terms of use template generator.
Where should they be listed?
I personally don’t think they really need a place in your header navigation menu and instead should be placed as links within your footer, maybe under a “Legal” section / menu. All three policies should be easily findable but I don’t think they need to be that prominent that they’re taking up valuable real estate in your main navigation menu. Each should have a separate page dedicated to them under URLs such as “.../privacy-policy”, “.../cookie-policy” and “.../terms-of-use” - all logical URL structures for these documents.
We’ve given you a rough guide to all three policies but please don’t just leave them sitting on your site, untouched for years to come. Laws do change and you may need to review these policies regularly to ensure they still adhere to EU & UK law. If you have any questions in this area then we’re always happy to have an informal chat and give you an opinion.
Guest blog written by Robert Garner
Rob has been working within the recruitment industry since 2006, selling recruitment advertising space, working within recruitment, running his own recruitment firm, launching job boards, working for in-house talent acquisition teams and creating enterprise-level recruitment software. He now runs Abstraction Labs, designing and developing websites for recruitment agencies.