Candidate cookie management

Recruitment Marketing Public

Under GDPR, when cookies can identify an individual via their device, it is considered personal data. Therefore, under GDPR, a candidate must provide a statement of consent or a "clear affirmative action", which may include ticking a box on a website.

Note: Pre-ticking of boxes or similar inactivity is not considered an acceptable form of consent.

For information on the other PageUp modules, refer to Cookie consent.

Recruitment Marketing uses the following cookies:

Cookie Name Description Type (expiration) GDPR Classification Personal data stored within the cookie
_clinch_session This functionality is used by the Clinch platform to maintain a candidate’s session integrity, whilst they are accessing the system. It is not stored beyond the session’s duration and does not store personal data. Session Strictly Necessary No
aws-waf-token This cookie is used by the AWS Web Application Firewall to ensure the security of the platform.


(4 days)

Strictly Necessary No




A cookie that indicates whether the visitor has been presented with the welcome message for the chatbot functionality which appears on the website.



Strictly Necessary No




Indicates whether the visitor has dismissed the “Implied Consent” banner.



Functionality / preference No
ctc_rejected This cookie is used to record that Clinch performance cookies have not been accepted, and to stop the Cookie Consent box from appearing. It is local to a candidate device – there is no PII and there is no record on the back end to match this candidate.



Functionality / preference  
ctc A cookie that identifies the candidate if they had agreed to the cookie policy. Each time a user takes an action on the career site, we examine the identifier in the cookie and look up the candidate.



ctc_session A cookie that ties together all the activity (page views, forms, etc) and interactions of a visitor (identified by the “ctc” cookie above) in one session or visit to the site.


(15 minutes after the completion of the browsing session)



  • Cookies with a "Performance" classification are only placed on the candidate's device if the relevant consent (either explicit or implied consent depending on your specific configuration) has been provided by the candidate.
  • Where stated, the expiry of persistent cookies can be configured via Company settings.
  • The actual expiry of persistent cookies may be less than the configured setting due to rules enforced by specific browsers.

This document explains how to manage candidate cookies and tracking in compliance with GDPR. By enabling these options and making sensible choices that suit your company, Recruitment Marketing allows you to be fully compliant with GDPR, in a fully automated way. Our goal is for compliance without adding chores or manual tasks to recruiters' schedules.

Cookie configuration

Candidate cookies are managed via:

  1. From the side menu, under Company click Settings.
  2. Under Web click Data protection rules.

For more information refer to Candidate anonymization.

External cookie management tools

The use of external or third-party cookie management tools, such as OneTrust or TrustArc, is not supported within Recruitment Marketing.

To ensure that visitors to the Recruitment Marketing powered careers site or Personalised Job Page are not prompted with multiple cookie preference dialogues, customers should ensure that any third-party cookie management tools that are enabled on their domain are disabled for the career site sub-domain.




Article is closed for comments.