Candidate Data and AI Use Best Practice

1. Purpose of This Guide

2. Before Uploading Candidate Data

• ●Confirm the agency has a lawful basis for processing the candidate's data for recruitment purposes.
• ●Provide candidates with a clear privacy notice that explains relevant CV processing, use of service providers, and AI-assisted drafting where applicable.
• ●Use the latest candidate-approved CV where possible.
• ●Remove unnecessary direct identifiers, home addresses, personal contact details, sensitive data, identity documents, and unrelated personal history.
• ●Avoid uploading diversity monitoring data, health data, criminal-offence data, right-to-work evidence, or financial information unless strictly necessary and lawful.

3. Using AI in Recruitment Workflows

• ●Use SyncCV Agency for drafting, formatting, summarising, and role alignment, not as a final decision-maker.
• ●Keep a human consultant responsible for reviewing the candidate output before it is sent or used.
• ●Do not use generated scores or summaries as the sole basis for rejection, shortlisting, ranking, salary decisions, or client recommendation.
• ●Check for fairness, accuracy, unsupported claims, exaggerated seniority, missing context, and wording that could create bias or discrimination risk.
• ●Document your agency's review process so consultants know what must be checked before client submission.

4. Candidate CV Output Review

• ●Check names, candidate references, roles, dates, employers, education, qualifications, certifications, skills, tools, achievements, and metrics.
• ●Confirm the output does not invent experience, imply unearned responsibility, or convert exposure into expertise.
• ●Check that role-specific keywords are accurate and source-backed.
• ●Ask the candidate to confirm material rewrites where the wording changes how their experience is presented.
• ●Review PDF and Word downloads before sharing externally.

5. Client Sharing Controls

• ●Only send outputs to clients that are involved in the relevant recruitment process or otherwise covered by the candidate notice and lawful basis.
• ●Use candidate references instead of direct identifiers where the client does not need the candidate's identity at the first review stage.
• ●Do not include personal contact details if the client should communicate through the agency.
• ●Avoid sharing special-category or criminal-offence data with clients unless there is a clear lawful reason and appropriate safeguards.
• ●Keep a record of which version was shared, when, and with whom through your normal recruitment system.

6. Workspace Administration

• ●Give access only to consultants and administrators who need it.
• ●Remove users promptly when they leave the agency or change roles.
• ●Use separate accounts rather than shared logins.
• ●Keep billing, branding, and document access under a responsible workspace owner.
• ●Report suspected unauthorised access or data incidents promptly through the contact page.

7. Retention and Deletion

• ●Define how long candidate source files and generated outputs should remain in SyncCV Agency.
• ●Delete old candidate documents when they are no longer needed for the recruitment purpose.
• ●Refresh candidate CVs where records become outdated.
• ●Keep billing, security, and audit records only as long as needed for legitimate purposes.
• ●Align SyncCV Agency retention with your ATS, CRM, and candidate privacy notice.

8. Recommended Agency Checklist

• ●Candidate notice covers AI-assisted CV drafting and service providers.
• ●Lawful basis and special-category conditions are documented where needed.
• ●Consultants remove unnecessary data before upload.
• ●Every output receives human review before external sharing.
• ●Material rewrites are checked with the candidate where appropriate.
• ●Client sharing is limited to the relevant recruitment purpose.
• ●Workspace access is reviewed regularly.
• ●Retention and deletion rules are documented.