Frequently asked questions

Once a candidate has completed the registration process, either using LinkedIn or your registration form, their profile can be found within the Candidates section of the Roles page. 

Click the view icon to see the full list of candidate profiles, and click on a candidate name or the edit icon to view an individual profile.

We will be able to send opt ins and consent messages to your CRM via the normal application process. It will be up to you to ensure that the data is posted into your other systems such as your CRM.

All of our systems are ISO 27001 compliant, which ensures they either meet or surpass the terms of the GDPR.

No-one within Volcanic can view candidate data. In case of a specific issue where we would need to look at a data subject’s data, eg a problem with a candidate registration, temporary access is requested of the site owner’s DPO and, once the request is approved, access for a specified timeframe is given to a designated person at Volcanic, as this is for a legitimate business interest.

The Volcanic platform uses these cookies: 

volcanic_saved_jobs_id - This is used to store some jobs for users before they register on the website. These jobs can then be logged on the users account when they do register.

volcanic_rumble_uid - This cookie name is associated with Volcanics CMS platform tracking. It is used to track and record the unique actions of each user on the website. By default it has no expiry date. The main purpose of this cookie is performance.

_user_logged_in - This cookie name is associated with Volcanics CMS platform tracking. It is used to keep the user logged in if they leave the website and return. By default it expires after the users session ends. The main purpose of this cookie is performance.

_oliver_session - This cookie name is associated with Volcanics CMS platform tracking. It is used to track the users session on the website for Analytics. By default it expires after the users session ends. The main purpose of this cookie is performance.

There may be other cookies on your website. This is how to find them:

  • Go to the site's homepage and right click with your mouse anywhere on the page
  • Click Inspect in the the list that appears
  • Tabs will appear on the right of the page
  • Click the Application (over to the right)
  • Review the list on the left hand side and you will see a cookie icon - it even looks like a cookie - click on this until the arrow points down 
  • Then you will see your url again - click on this and your cookie list will appear on the page to the right hand side.

First of all, it's important to understand the relationship between the GDPR and the ePrivacy Directive. In a nutshell, the GDPR provides overarching legislation to govern all aspects of processing personal information, whereas the ePrivacy Directive has a tighter focus on communications and internet services. This means in practice that it relies on the general rules of the GDPR and adds more specific requirements within its own remit. It will ultimately remove differences in interpretation of the cookie rules in different countries.

The GDPR mentions cookies once, in Recital 30:

Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

What this essentially means is that cookies, where they are used to identify the device or, in combination with other data, the individual associated with or using the device, should be treated as personal data.

Cookies are governed by the Privacy and Electronic Communications Regulations (PECR) which sit alongside the Data Protection Act. In recognition of the forthcoming changes, the European Commission has launched a public consultation as part of a process for a revision of the ePrivacy Directive from which the EU cookie laws are derived. 

The PECR do not set out exactly what information you must provide or how to provide it – this is up to you. 

In regulation 6 of the PECR, it is set out that you should:

  • Tell people that the cookies are there
  • Explain what the cookies are doing and why
  • Get the individual’s consent to store a cookie on their device.

Under the PECR, to be valid, consent must be freely given, specific and informed, and must involve some form of positive action. This consent should be unbundled from other information in your website, such as your privacy policy. Consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set. Consent should be obtained from the subscriber or the user and, in practice, you may not be able to tell who is a subscriber or a user. The key will be that valid consent has been provided by one of them.

On the Volcanic platform, the first time a user visits your website, a pop-up cookie message will appear and prompts the user to take the positive action of clicking a button. As also mentioned above, consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set. Individuals can read the cookie policy on the candidate dashboard (as long as you have uploaded it in the Admin Area - Compliance).

On the Volcanic platform, you will be able to set up all the messages you require, including your cookie policy, in the Admin Area > Your Website > Compliance. The fields will be set up to allow free text, so that you may upload your own message titles and wording.

At Volcanic, we have set up our portal exactly as stipulated by the articles of the GDPR, which recommends the self-service model as best practice. Switching off opt-in consent, to receive marketing material for example, is not possible as specific, pro-active, transparent consent is a core requirement of the GDPR.

Candidates will not be asked to give consent every time they apply for a job. Once consent is given, it remains valid until the candidate chooses to remove that consent.

Every business should write its own consent messages and we would advise you to take legal advice and/or seek approval from the ICO.

It is important to keep a record of which version of your legal message a candidate has agreed to. When you upload your first cookie policy, for example, it will be logged as version 1 and time and date stamped. When a candidate consents to this policy, it is important to know and record that they have consented to version 1. If you change the cookie policy, this will become version 2 and the date and time of change will be logged. It will be visible on the candidate dashboard which version of the legal message the candidate has consented to.

The Terms and Conditions of using your website are not affected by the GDPR. We’d advise that you take legal advice on your Terms and Conditions.

All Volcanic client websites have been upgraded to comply with the GDPR as standard. The Compliance Area which features the self-service candidate dashboard has been deployed across the Volcanic platform.

Volcanic is a data processor under the definitions of the GDPR. Data processors can only process data in accordance with the instructions of the controller.

  • The right to be informed
  • The right to rectification i.e. to update their data
  • The right to erasure (the right to be forgotten or RTBF)
  • The right to data portability
  • The right to restrict processing
  • The right to object
  • The right of access (Subject Access Requests or SARs)
  • Rights in relation to automated decision making

Candidates can manage their data by logging in to their candidate dashboard, where they have live visibility of the status of their data and consents.

A candidate can give consent by ticking the tick box in the list of consents on the candidate dashboard. By actively ticking a box in the list, a pop-up message will appear. This message must be scrolled through and consented to by clicking the submit button to confirm. By unticking the box, consent is removed in the same way.

You have 30 days to deliver the RTBF or SAR. At Volcanic we log the request as soon as it is made, which triggers an email to your DPO or designated compliance contact.

The candidate can login to the candidate dashboard and download their data as a .csv file.

This is the recruiter’s obligation to provide ‘fair processing information’, typically through a privacy notice. 

The Volcanic platform provides for this obligation within an area where the client’s privacy policy exists. You can upload your privacy notices in the Compliance Area and this obligation will be handled by the Volcanic platform.

If a candidate requests this, you must suspend their data from being processed in the system. Search the user in the admin area and click the suspend user button to prevent any further processing of their data.

Individuals have the right to object if they have grounds relating to their particular situation and they must be informed of this at the point of first communication, presented separately from other information.

When a candidate makes a deletion request for all or part of their data, the Volcanic platform sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to instruct Volcanic whether or not to delete the data.

If candidates request the Right To Be Forgotten or The Right Of Access, this generates an email to your designated Data Protection Officer or Compliance contact.

As part of your vendor due diligence process, you should audit your CRM supplier.

There is no need to encrypt the email to the DPO as the only information it contains is non-sensitive. The DPO will be alerted via the email to visit their portal to review the information.

This is to make sure that data subjects are clear in what they are consenting to. So, for example, it is not GDPR-compliant to bundle consent messages to opt-in to receive marketing material together with the Terms and Conditions to use your website.

The EU General Data Protection Regulation (GDPR) will supersede the 1995 Data Protection Directive. It introduces tougher fines for non-compliance and breaches and gives individuals more say over what companies can do with their data. It also standardises data protection rules throughout the EU.

GDPR compliance on a Volcanic website is included as part of your contract with us. All websites hosted on the Volcanic platform are GDPR-compliant as part of our service.

(Source: ICO)

You must have a valid lawful basis in order to process personal data.

There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data: 

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Volcanic is ISO 9001 and ISO 27001 accredited. We are the first recruitment technology supplier to achieve this. Any company that has achieved the ISO 27001 standard is compliant with the GDPR as its requirements surpass those of the GDPR.

The GDPR allows individuals the right not to be subject to a decision when it is based on automated processing. This needs to be declared as part of the Terms and Conditions or privacy policy. This right does not apply if the decision is necessary for entering into or performance of a contract between you and the individual, is authorised by law or is based on explicit consent.

This allows a data subject the right to confirm that their data is being processed and access to their personal data. The Volcanic platform provides an area where the individual can make a subject access request. The request is recorded and date stamped and the DPO or designated compliance contact notified by email.

Personal data can be rectified if it is inaccurate or incomplete. The request must be actioned within one month. 

The Volcanic approach makes this simple - all data on a candidate is shown in the candidate dashboard area and can be updated by the individual.

The right to be forgotten (RTBF) process is very clear. When a candidate makes a deletion request for all or part of their data, the Volcanic platform logs this request and sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to validate the request and instruct Volcanic whether or not to delete the data. 

There may be legal reasons for you to keep their data, for example if you have placed a candidate in a role and are required by HMRC to keep the data - these reasons supersede the GDPR.

GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual to predict their performance and behaviour, among other criteria. You must ensure processing is fair and transparent by providing meaningful information about the logic involved as well as the envisaged consequences, and secure data in a way that is proportionate to the risk to the rights of the individual.

If a candidate has registered on your website, they will have already agreed or disagreed to their Preferences (Legal Messages) you have set. Depending on the wording you choose to use, the consents may refer to opting-in to receiving marketing material.

Job alerts form part of your Terms and Conditions, which are not within the GDPR.

Yes! We use UTM source tracking to identify the third-party sites that applicants come from. When you view an application, the source will be included.

To delete a consultant, in admin go to Your Website > Consultant pages. 

On the consultants homepage you will see a list of your consultants in the consultant tree. You may want to use the search bar at the top of the page if you have a long list of consultants. 

To delete the consultant, click on the bin icon alongside the consultant's name.

You will find the candidate registration form by going to Roles > Candidates, click on the view icon and then the Question Groups button in the top right corner. 

The registration form will sit within the table on the 'Question Groups - for Candidates' page. Click the edit icon and you will be presented with the fields included in this form. 

To add a new question, either choose from the list of Core Questions or select a question type using the icons along the top of the questions section (e.g. Free text, date select etc.). 

To edit an existing question, click on the edit icon next to the question you would like to update.

This may be due to the browser or device not displaying correctly. Try testing this using a number of browsers and devices, or request the users browser or device that the issue has been reported on.

Everything after the '?' in the URL is a search parameter, and therefore ignored by bots as it is added to the robots.txt (a list of things that the site tells bots to allow or disallow). As a result, this means it will not negatively affect your Google ranking.

When a user who does not have an account on the site applies for a job, the system will automatically create a guest profile for that user. 

The user will be notified that a profile has been created for them via email, this email will contain a link to complete the account registration process. 

As an admin user, If you would like to be notified when a new candidate user registers in this way, you can activate the email notification under Settings > Notification center > "When a candidate registers through the quick apply form... send the Volcanic email to a custom address". 

When a user profile is missing mandatory information, this is usually because their account was created during the job application process. These accounts are system generated at the point of application, and the user is sent an email containing a link to complete the registration process. If the user does not complete the registration process, the missing fields will remain empty.

This is not possible as the functionality of the job search page only allows for one category option from each filter to be selected at one time.

If there is no keyword query, jobs are ordered in date order with the most recent at the top. 

If there is a keyword query, jobs are ordered in relevance order, with a slight preference on recent jobs. 

Featured jobs appear at the top of the list in both cases.

If your phone number field does not accept international phone numbers, this is because it has been set up as a number field. This means that any phone numbers which include the country code (e.g. +44) will not be accepted. 

There are two ways to solves this problem:

You can either change the field to a text field so that it can accept the '+' symbol, or alternatively you can add a hint to the number field, asking users to only enter numbers into the field (e.g. 0044 rather than +44).

When you are writing a blog post, you will want to preview what the content will look like from the reader's point of view before you publish it. To do this, simply set the publish date in the future and submit your blog. Don't worry, it won't be published until the publication date. You can also go back and amend your publication date if need be. 

From the Blogs homepage, click on the eye icon to preview your blog post. Your post will open in a new tab. 

You can then make any necessary amendments using the more extensive editing tools on the page editor for that blog post.

If you have identified that when adding new content to a page and saving, the content disappears from view and the page appears blank. This is most likely caused if content has been copied and pasted without removing the style format using the 'remove format' option on the toolbar. As a result this breaks the layout of the page.

This is a simple fix for the Volcanic support team and can be rectified by raising a support ticket with the relevant details.

To prevent this from happening in the future, we recommend you remove any styling when pasting content onto pages.

You may be able to find a cached version of the page by searching for the page in Google. To do this, type the page you're looking for in the Google search and next to the URL of the page in the search results, click on the green downwards arrow. You will then be able to view a cached version of the content and if it is available, you can copy the content. If there is not a cached version of the content available then we will be unable to recover this information.

We would recommend always having a backup of the content of your website. 

If you have received this error either on your Google console or another testing tool, this is because there are jobs posted on your website without a location. 

To ensure the job location is presented on Google For Jobs, find the job via your Jobs page and add a location. 

We recommend specifying the town in the location field, and you will then be presented with a list of location options to choose from. Google will then be able to identify the town and region of the job, and then present your jobs in the relevant location searches. 

The system adds the name of the website "SITENAME" by default to all the jobs published on your site. 

If you receive this error, please send support a link to the jobs with an error and we will investigate further.

Log into your company Google profile (this will be the same Google account that Volcanic uses to track your analytics). Make sure you are logged in with admin rights. 

Depending on the social network, you may be asked to verify your profile using the social media site’s verification process. This will help Google to authenticate the social profile with your Google profile. 

For further clarification and consistency, you will need to add your social media profiles to the markup (code) of the website. From the admin area of your website, go to Your Website > SEO Area > Page Tags and paste the following code into the header code text area:

<script type="application/ld+json">

{

"@context" : "http://schema.org", 

"@type" : "Organization", 

"name" : "company name ", 

"url" : "company url/", 

"sameAs" : ["https://www.facebook.com/facebook-profile", 

"https://twitter.com/twitter-profile", 

"http://plus.google.com/your_profile", 

"https://www.instagram.com/your-profile/", 

"https://www.linkedin.com/company/linkedin-profile"]

}

</script>

Please bear in mind that it can take Google up to 4 weeks to crawl a brand new website.

These pages are intentionally blocked by us to present any issues caused from .php pages, so it is not possible to redirect them.

Through the Volcanic platform, we support a wide range of job posting integrations, each one relies on a number of data points to display jobs on the website. If you are experiencing an issue with Jobs not posting correctly, please raise a support ticket with as much information as possible including any Job reference numbers, and the team will check the data error logs to identify any issues.

This could have happened because the user has tried to upload a large file (the minimum file size is 3MB). 

If the file size is too large the system will not be able to process the application. If this is not the problem and an error is still occurring, please raise a support issue.

To setup two-factor authentication on your website, please contact the support team who will be able to do this for you. 

Please note: Users will need to download the Google authenticator app and scan the barcode to receive the code.

The 'Sign-in' and 'Forgot Password' pages are system pages that cannot be modified as this will affect all of our clients' sites. 

We can change the colour of the buttons, however, the structure and the wording cannot be modified.

As agreed in your contract, once your website goes live, the support team will check through the first 10 pages of Google (100 links), and identify if any of these links are broken (i.e. we receive a 404 ERROR). 

If any of these links are broken, these will be redirected to the most relevant page on the new website using the 301 redirects tool within the SEO Area. This can be found under the 'Your Website' tab in the admin area.

With our job search, we use a technology called Elastic search which is designed to search for the exact words added to the keyword field. 

So for example, if the user types "Vet surgeon" into the search field, the system will search for the words "vet" and "surgeon", and return jobs that contain these keywords in the title or the description. 

Unfortunately, we do not currently support the functionality to identify synonyms of certain words.

We can implement third party plugins for blog comments. You will need to supply us with the required information so that we can review and test platform compatibility. An alternative option that we recommend is to share your blog posts across social media and make use of the comment functionality on these platforms.

In order for a new page to be visible on your website, you need to ensure that you have added the page to the site navigation. To do this, go to Settings > Navigation. 

TIP - SMALL NAV = Mobile menu --- MAIN NAV = Desktop menu --- You can drag and drop the tab to position the tab where you would like it to appear in the navigation

N.B - If you have already added the page to your site navigation and the page still does not appear, please note that changes can take up to two hours to be visible to website visitors. This is due to a system called Varnish that caches all the websites on the Volcanic platform. For a more in depth guide to Varnish please see the following blog here.

In the top menu, go to Your Website, and then Clients. 

You will arrive at the Clients page and will see your full list of clients that have been added to your website. 

From here, you can edit client records or remove clients.

These images are not saved in the image library as the majority of these are used for header images. If you would like a copy of any of the images on your website, please raise a support ticket.

N.B - Due to licensing restrictions any Shutterstock images supplied can only be used on the website. We can only supply you with Shutterstock images during the website build phase.

If you have received this error either on your Google console or another testing tool, this is because there are jobs posted on your website either without a salary, or the salary field contains invalid characters. 

To ensure the salary is presented with the job on Google For Jobs, you will need to set up the salary bands in the admin area and also the currency (you may have also received the error: "Missing or invalid field: baseSalary.currency"). You will then be able to assign these values to your jobs. 

Currencies can be setup through the admin area via Settings > Reference data > Currencies. 

Salary bands can also be setup through the admin area via Settings > Reference data > Salaries.

Organic search traffic arrives at your site through a result on a search engine, such as Google or Bing. 

Any traffic arriving at your site from a job board or other referring channels is attributed to the specific site.

The stats on your admin dashboard are pulled from Google Analytics once a day. As a result there may be some discrepancies between the stats displayed on your Google Analytics dashboard and the stats displayed on your website.

Everything after the '?' in the URL is a search parameter, and therefore ignored by bots as it is added to the robots.txt (a list of things that the site tells bots to allow or disallow). As a result, this means it will not negatively affect your Google ranking.

If you have received this error either on your Google console or another testing tool, this is because there are jobs posted on your website without a location. 

To ensure the job location is presented on Google For Jobs, find the job via your Jobs page and add a location. 

We recommend specifying the town in the location field, and you will then be presented with a list of location options to choose from. Google will then be able to identify the town and region of the job, and then present your jobs in the relevant location searches. 

The system adds the name of the website "SITENAME" by default to all the jobs published on your site. 

If you receive this error, please send support a link to the jobs with an error and we will investigate further.

Log into your company Google profile (this will be the same Google account that Volcanic uses to track your analytics). Make sure you are logged in with admin rights. 

Depending on the social network, you may be asked to verify your profile using the social media site’s verification process. This will help Google to authenticate the social profile with your Google profile. 

For further clarification and consistency, you will need to add your social media profiles to the markup (code) of the website. From the admin area of your website, go to Your Website > SEO Area > Page Tags and paste the following code into the header code text area:

<script type="application/ld+json">

{

"@context" : "http://schema.org", 

"@type" : "Organization", 

"name" : "company name ", 

"url" : "company url/", 

"sameAs" : ["https://www.facebook.com/facebook-profile", 

"https://twitter.com/twitter-profile", 

"http://plus.google.com/your_profile", 

"https://www.instagram.com/your-profile/", 

"https://www.linkedin.com/company/linkedin-profile"]

}

</script>

Please bear in mind that it can take Google up to 4 weeks to crawl a brand new website.

With our job search, we use a technology called Elastic search which is designed to search for the exact words added to the keyword field. 

So for example, if the user types "Vet surgeon" into the search field, the system will search for the words "vet" and "surgeon", and return jobs that contain these keywords in the title or the description. 

Unfortunately, we do not currently support the functionality to identify synonyms of certain words.

If you have received this error either on your Google console or another testing tool, this is because there are jobs posted on your website either without a salary, or the salary field contains invalid characters. 

To ensure the salary is presented with the job on Google For Jobs, you will need to set up the salary bands in the admin area and also the currency (you may have also received the error: "Missing or invalid field: baseSalary.currency"). You will then be able to assign these values to your jobs. 

Currencies can be setup through the admin area via Settings > Reference data > Currencies. 

Salary bands can also be setup through the admin area via Settings > Reference data > Salaries.

Organic search traffic arrives at your site through a result on a search engine, such as Google or Bing. 

Any traffic arriving at your site from a job board or other referring channels is attributed to the specific site.

We will be able to send opt ins and consent messages to your CRM via the normal application process. It will be up to you to ensure that the data is posted into your other systems such as your CRM.

All of our systems are ISO 27001 compliant, which ensures they either meet or surpass the terms of the GDPR.

No-one within Volcanic can view candidate data. In case of a specific issue where we would need to look at a data subject’s data, eg a problem with a candidate registration, temporary access is requested of the site owner’s DPO and, once the request is approved, access for a specified timeframe is given to a designated person at Volcanic, as this is for a legitimate business interest.

The Volcanic platform uses these cookies: 

volcanic_saved_jobs_id - This is used to store some jobs for users before they register on the website. These jobs can then be logged on the users account when they do register.

volcanic_rumble_uid - This cookie name is associated with Volcanics CMS platform tracking. It is used to track and record the unique actions of each user on the website. By default it has no expiry date. The main purpose of this cookie is performance.

_user_logged_in - This cookie name is associated with Volcanics CMS platform tracking. It is used to keep the user logged in if they leave the website and return. By default it expires after the users session ends. The main purpose of this cookie is performance.

_oliver_session - This cookie name is associated with Volcanics CMS platform tracking. It is used to track the users session on the website for Analytics. By default it expires after the users session ends. The main purpose of this cookie is performance.

There may be other cookies on your website. This is how to find them:

  • Go to the site's homepage and right click with your mouse anywhere on the page
  • Click Inspect in the the list that appears
  • Tabs will appear on the right of the page
  • Click the Application (over to the right)
  • Review the list on the left hand side and you will see a cookie icon - it even looks like a cookie - click on this until the arrow points down 
  • Then you will see your url again - click on this and your cookie list will appear on the page to the right hand side.

First of all, it's important to understand the relationship between the GDPR and the ePrivacy Directive. In a nutshell, the GDPR provides overarching legislation to govern all aspects of processing personal information, whereas the ePrivacy Directive has a tighter focus on communications and internet services. This means in practice that it relies on the general rules of the GDPR and adds more specific requirements within its own remit. It will ultimately remove differences in interpretation of the cookie rules in different countries.

The GDPR mentions cookies once, in Recital 30:

Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

What this essentially means is that cookies, where they are used to identify the device or, in combination with other data, the individual associated with or using the device, should be treated as personal data.

Cookies are governed by the Privacy and Electronic Communications Regulations (PECR) which sit alongside the Data Protection Act. In recognition of the forthcoming changes, the European Commission has launched a public consultation as part of a process for a revision of the ePrivacy Directive from which the EU cookie laws are derived. 

The PECR do not set out exactly what information you must provide or how to provide it – this is up to you. 

In regulation 6 of the PECR, it is set out that you should:

  • Tell people that the cookies are there
  • Explain what the cookies are doing and why
  • Get the individual’s consent to store a cookie on their device.

Under the PECR, to be valid, consent must be freely given, specific and informed, and must involve some form of positive action. This consent should be unbundled from other information in your website, such as your privacy policy. Consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set. Consent should be obtained from the subscriber or the user and, in practice, you may not be able to tell who is a subscriber or a user. The key will be that valid consent has been provided by one of them.

On the Volcanic platform, the first time a user visits your website, a pop-up cookie message will appear and prompts the user to take the positive action of clicking a button. As also mentioned above, consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set. Individuals can read the cookie policy on the candidate dashboard (as long as you have uploaded it in the Admin Area - Compliance).

On the Volcanic platform, you will be able to set up all the messages you require, including your cookie policy, in the Admin Area > Your Website > Compliance. The fields will be set up to allow free text, so that you may upload your own message titles and wording.

At Volcanic, we have set up our portal exactly as stipulated by the articles of the GDPR, which recommends the self-service model as best practice. Switching off opt-in consent, to receive marketing material for example, is not possible as specific, pro-active, transparent consent is a core requirement of the GDPR.

Candidates will not be asked to give consent every time they apply for a job. Once consent is given, it remains valid until the candidate chooses to remove that consent.

Every business should write its own consent messages and we would advise you to take legal advice and/or seek approval from the ICO.

It is important to keep a record of which version of your legal message a candidate has agreed to. When you upload your first cookie policy, for example, it will be logged as version 1 and time and date stamped. When a candidate consents to this policy, it is important to know and record that they have consented to version 1. If you change the cookie policy, this will become version 2 and the date and time of change will be logged. It will be visible on the candidate dashboard which version of the legal message the candidate has consented to.

The Terms and Conditions of using your website are not affected by the GDPR. We’d advise that you take legal advice on your Terms and Conditions.

All Volcanic client websites have been upgraded to comply with the GDPR as standard. The Compliance Area which features the self-service candidate dashboard has been deployed across the Volcanic platform.

Volcanic is a data processor under the definitions of the GDPR. Data processors can only process data in accordance with the instructions of the controller.

  • The right to be informed
  • The right to rectification i.e. to update their data
  • The right to erasure (the right to be forgotten or RTBF)
  • The right to data portability
  • The right to restrict processing
  • The right to object
  • The right of access (Subject Access Requests or SARs)
  • Rights in relation to automated decision making

Candidates can manage their data by logging in to their candidate dashboard, where they have live visibility of the status of their data and consents.

A candidate can give consent by ticking the tick box in the list of consents on the candidate dashboard. By actively ticking a box in the list, a pop-up message will appear. This message must be scrolled through and consented to by clicking the submit button to confirm. By unticking the box, consent is removed in the same way.

You have 30 days to deliver the RTBF or SAR. At Volcanic we log the request as soon as it is made, which triggers an email to your DPO or designated compliance contact.

The candidate can login to the candidate dashboard and download their data as a .csv file.

This is the recruiter’s obligation to provide ‘fair processing information’, typically through a privacy notice. 

The Volcanic platform provides for this obligation within an area where the client’s privacy policy exists. You can upload your privacy notices in the Compliance Area and this obligation will be handled by the Volcanic platform.

If a candidate requests this, you must suspend their data from being processed in the system. Search the user in the admin area and click the suspend user button to prevent any further processing of their data.

Individuals have the right to object if they have grounds relating to their particular situation and they must be informed of this at the point of first communication, presented separately from other information.

When a candidate makes a deletion request for all or part of their data, the Volcanic platform sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to instruct Volcanic whether or not to delete the data.

If candidates request the Right To Be Forgotten or The Right Of Access, this generates an email to your designated Data Protection Officer or Compliance contact.

As part of your vendor due diligence process, you should audit your CRM supplier.

There is no need to encrypt the email to the DPO as the only information it contains is non-sensitive. The DPO will be alerted via the email to visit their portal to review the information.

This is to make sure that data subjects are clear in what they are consenting to. So, for example, it is not GDPR-compliant to bundle consent messages to opt-in to receive marketing material together with the Terms and Conditions to use your website.

The EU General Data Protection Regulation (GDPR) will supersede the 1995 Data Protection Directive. It introduces tougher fines for non-compliance and breaches and gives individuals more say over what companies can do with their data. It also standardises data protection rules throughout the EU.

GDPR compliance on a Volcanic website is included as part of your contract with us. All websites hosted on the Volcanic platform are GDPR-compliant as part of our service.

(Source: ICO)

You must have a valid lawful basis in order to process personal data.

There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data: 

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Volcanic is ISO 9001 and ISO 27001 accredited. We are the first recruitment technology supplier to achieve this. Any company that has achieved the ISO 27001 standard is compliant with the GDPR as its requirements surpass those of the GDPR.

The GDPR allows individuals the right not to be subject to a decision when it is based on automated processing. This needs to be declared as part of the Terms and Conditions or privacy policy. This right does not apply if the decision is necessary for entering into or performance of a contract between you and the individual, is authorised by law or is based on explicit consent.

This allows a data subject the right to confirm that their data is being processed and access to their personal data. The Volcanic platform provides an area where the individual can make a subject access request. The request is recorded and date stamped and the DPO or designated compliance contact notified by email.

Personal data can be rectified if it is inaccurate or incomplete. The request must be actioned within one month. 

The Volcanic approach makes this simple - all data on a candidate is shown in the candidate dashboard area and can be updated by the individual.

The right to be forgotten (RTBF) process is very clear. When a candidate makes a deletion request for all or part of their data, the Volcanic platform logs this request and sends an email to your business’ Data Protection Officer (DPO), or designated compliance contact. It is up to the DPO or designated contact to validate the request and instruct Volcanic whether or not to delete the data. 

There may be legal reasons for you to keep their data, for example if you have placed a candidate in a role and are required by HMRC to keep the data - these reasons supersede the GDPR.

GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual to predict their performance and behaviour, among other criteria. You must ensure processing is fair and transparent by providing meaningful information about the logic involved as well as the envisaged consequences, and secure data in a way that is proportionate to the risk to the rights of the individual.

If a candidate has registered on your website, they will have already agreed or disagreed to their Preferences (Legal Messages) you have set. Depending on the wording you choose to use, the consents may refer to opting-in to receiving marketing material.

Job alerts form part of your Terms and Conditions, which are not within the GDPR.

Once a candidate has completed the registration process, either using LinkedIn or your registration form, their profile can be found within the Candidates section of the Roles page. 

Click the view icon to see the full list of candidate profiles, and click on a candidate name or the edit icon to view an individual profile.

Yes! We use UTM source tracking to identify the third-party sites that applicants come from. When you view an application, the source will be included.

To delete a consultant, in admin go to Your Website > Consultant pages. 

On the consultants homepage you will see a list of your consultants in the consultant tree. You may want to use the search bar at the top of the page if you have a long list of consultants. 

To delete the consultant, click on the bin icon alongside the consultant's name.

You will find the candidate registration form by going to Roles > Candidates, click on the view icon and then the Question Groups button in the top right corner. 

The registration form will sit within the table on the 'Question Groups - for Candidates' page. Click the edit icon and you will be presented with the fields included in this form. 

To add a new question, either choose from the list of Core Questions or select a question type using the icons along the top of the questions section (e.g. Free text, date select etc.). 

To edit an existing question, click on the edit icon next to the question you would like to update.

This may be due to the browser or device not displaying correctly. Try testing this using a number of browsers and devices, or request the users browser or device that the issue has been reported on.

When a user who does not have an account on the site applies for a job, the system will automatically create a guest profile for that user. 

The user will be notified that a profile has been created for them via email, this email will contain a link to complete the account registration process. 

As an admin user, If you would like to be notified when a new candidate user registers in this way, you can activate the email notification under Settings > Notification center > "When a candidate registers through the quick apply form... send the Volcanic email to a custom address". 

When a user profile is missing mandatory information, this is usually because their account was created during the job application process. These accounts are system generated at the point of application, and the user is sent an email containing a link to complete the registration process. If the user does not complete the registration process, the missing fields will remain empty.

If your phone number field does not accept international phone numbers, this is because it has been set up as a number field. This means that any phone numbers which include the country code (e.g. +44) will not be accepted. 

There are two ways to solves this problem:

You can either change the field to a text field so that it can accept the '+' symbol, or alternatively you can add a hint to the number field, asking users to only enter numbers into the field (e.g. 0044 rather than +44).

To setup two-factor authentication on your website, please contact the support team who will be able to do this for you. 

Please note: Users will need to download the Google authenticator app and scan the barcode to receive the code.

The 'Sign-in' and 'Forgot Password' pages are system pages that cannot be modified as this will affect all of our clients' sites. 

We can change the colour of the buttons, however, the structure and the wording cannot be modified.

When a user who does not have an account on the site applies for a job, the system will automatically create a guest profile for that user. 

The user will be notified that a profile has been created for them via email, this email will contain a link to complete the account registration process. 

As an admin user, If you would like to be notified when a new candidate user registers in this way, you can activate the email notification under Settings > Notification center > "When a candidate registers through the quick apply form... send the Volcanic email to a custom address". 

This is not possible as the functionality of the job search page only allows for one category option from each filter to be selected at one time.

If there is no keyword query, jobs are ordered in date order with the most recent at the top. 

If there is a keyword query, jobs are ordered in relevance order, with a slight preference on recent jobs. 

Featured jobs appear at the top of the list in both cases.

This could have happened because the user has tried to upload a large file (the minimum file size is 3MB). 

If the file size is too large the system will not be able to process the application. If this is not the problem and an error is still occurring, please raise a support issue.

You will find the candidate registration form by going to Roles > Candidates, click on the view icon and then the Question Groups button in the top right corner. 

The registration form will sit within the table on the 'Question Groups - for Candidates' page. Click the edit icon and you will be presented with the fields included in this form. 

To add a new question, either choose from the list of Core Questions or select a question type using the icons along the top of the questions section (e.g. Free text, date select etc.). 

To edit an existing question, click on the edit icon next to the question you would like to update.

Everything after the '?' in the URL is a search parameter, and therefore ignored by bots as it is added to the robots.txt (a list of things that the site tells bots to allow or disallow). As a result, this means it will not negatively affect your Google ranking.

When you are writing a blog post, you will want to preview what the content will look like from the reader's point of view before you publish it. To do this, simply set the publish date in the future and submit your blog. Don't worry, it won't be published until the publication date. You can also go back and amend your publication date if need be. 

From the Blogs homepage, click on the eye icon to preview your blog post. Your post will open in a new tab. 

You can then make any necessary amendments using the more extensive editing tools on the page editor for that blog post.

If you have identified that when adding new content to a page and saving, the content disappears from view and the page appears blank. This is most likely caused if content has been copied and pasted without removing the style format using the 'remove format' option on the toolbar. As a result this breaks the layout of the page.

This is a simple fix for the Volcanic support team and can be rectified by raising a support ticket with the relevant details.

To prevent this from happening in the future, we recommend you remove any styling when pasting content onto pages.

You may be able to find a cached version of the page by searching for the page in Google. To do this, type the page you're looking for in the Google search and next to the URL of the page in the search results, click on the green downwards arrow. You will then be able to view a cached version of the content and if it is available, you can copy the content. If there is not a cached version of the content available then we will be unable to recover this information.

We would recommend always having a backup of the content of your website. 

The 'Sign-in' and 'Forgot Password' pages are system pages that cannot be modified as this will affect all of our clients' sites. 

We can change the colour of the buttons, however, the structure and the wording cannot be modified.

We can implement third party plugins for blog comments. You will need to supply us with the required information so that we can review and test platform compatibility. An alternative option that we recommend is to share your blog posts across social media and make use of the comment functionality on these platforms.

In order for a new page to be visible on your website, you need to ensure that you have added the page to the site navigation. To do this, go to Settings > Navigation. 

TIP - SMALL NAV = Mobile menu --- MAIN NAV = Desktop menu --- You can drag and drop the tab to position the tab where you would like it to appear in the navigation

N.B - If you have already added the page to your site navigation and the page still does not appear, please note that changes can take up to two hours to be visible to website visitors. This is due to a system called Varnish that caches all the websites on the Volcanic platform. For a more in depth guide to Varnish please see the following blog here.

In the top menu, go to Your Website, and then Clients. 

You will arrive at the Clients page and will see your full list of clients that have been added to your website. 

From here, you can edit client records or remove clients.

These images are not saved in the image library as the majority of these are used for header images. If you would like a copy of any of the images on your website, please raise a support ticket.

N.B - Due to licensing restrictions any Shutterstock images supplied can only be used on the website. We can only supply you with Shutterstock images during the website build phase.

These pages are intentionally blocked by us to present any issues caused from .php pages, so it is not possible to redirect them.

As agreed in your contract, once your website goes live, the support team will check through the first 10 pages of Google (100 links), and identify if any of these links are broken (i.e. we receive a 404 ERROR). 

If any of these links are broken, these will be redirected to the most relevant page on the new website using the 301 redirects tool within the SEO Area. This can be found under the 'Your Website' tab in the admin area.

The stats on your admin dashboard are pulled from Google Analytics once a day. As a result there may be some discrepancies between the stats displayed on your Google Analytics dashboard and the stats displayed on your website.