Scout logo
Scout Talent

Privacy Policy

Effective Date: 8/2/2025

1. Introduction

Scout and Talent is committed to protecting the privacy and personal data of its employees, clients, talent, and all other individuals with whom it interacts. This Privacy Policy outlines how Scout and Talent collects, uses, stores, protects, and discloses personal data, and it reflects our commitment to transparency and compliance with applicable data protection laws and regulations.

2. Purpose

The purpose of this policy is to:

  • Ensure compliance with all relevant data protection and privacy laws (e.g., GDPR, CCPA, and any other applicable regional laws)
  • Establish clear guidelines for the lawful, fair, and transparent processing of personal data
  • Inform individuals about their rights regarding their personal data
  • Minimize the risk of privacy breaches and ensure robust data protection practices
  • Foster trust and confidence among employees, clients, and talent

3. Scope

This policy applies to all personal data collected, used, stored, or otherwise processed by Scout and Talent, regardless of the format (digital, physical, verbal) or the location of processing (e.g., on-premise, cloud services). This policy applies to all individuals who process personal data on behalf of Scout and Talent, including:

  • All full-time and part-time employees
  • Contractors, consultants, and temporary staff
  • Interns
  • Any third parties who process personal data on behalf of Scout and Talent

4. Definitions

Personal Data: Any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data (Sensitive Personal Data): Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subject: The identified or identifiable natural person to whom the personal data relates.

Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. (Scout and Talent is typically the Data Controller).

Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Privacy Principles

Scout and Talent adheres to the following core privacy principles:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner in relation to the data subject
  • Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Data Minimization: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed
  • Accuracy: Personal data is accurate and, where necessary, kept up to date. Every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • Integrity and Confidentiality (Security): Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures
  • Accountability: Scout and Talent is responsible for, and able to demonstrate compliance with, these principles

6. Types of Personal Data Collected

Scout and Talent may collect and process various types of personal data, depending on the context of the relationship:

6.1. Employee Data:

  • Contact information (name, address, phone, email)
  • Employment details (job title, department, employment history, performance reviews)
  • Financial information (bank details for payroll, tax information)
  • Identification documents (passport, visa, driver's license)
  • Emergency contact details
  • Health information (for benefits, accommodations, if applicable)
  • Background check information

6.2. Client Data:

  • Contact information of client representatives (name, email, phone)
  • Company details, job descriptions, mission, vision, and values
  • Contractual information and project requirements
  • Payment and billing information (e.g., billing contact, invoice details; direct financial account numbers are not typically collected or stored by Scout and Talent)

6.3. Talent Data:

  • Contact information (name, address, phone, email)
  • Professional background (resume, work history, skills, education, certifications)
  • Information from phone screen interviews (e.g., detailed employment history, career aspirations)
  • Feedback from references

6.4. Website/Service User Data:

  • IP addresses, browser type, operating system
  • Usage data, cookies, and similar tracking technologies
  • Information provided through contact forms or inquiries

7. How Personal Data is Collected

Personal data may be collected through various means, including:

  • Directly from the data subject (e.g., through application forms, interviews, email correspondence, website forms)
  • From clients or third parties (e.g., references, background check providers, public sources, job boards)
  • Automatically through website usage (e.g., cookies, analytics)
  • During the course of providing our services (e.g., project updates, performance feedback)

8. How Personal Data is Used

Scout and Talent uses personal data for legitimate business purposes, including:

  • For Employees: Recruitment, human resources administration, payroll, benefits, performance management, internal communications, and legal/regulatory compliance
  • For Clients: Providing talent acquisition and management services, matching talent to job descriptions, understanding client culture (mission, vision, values) for better fit, managing contracts, billing, and communication related to projects
  • For Talent: Matching with client opportunities based on skills and experience, facilitating job applications, career guidance, and maintaining professional relationships
  • For Website/Service Users: Responding to inquiries, improving website functionality, and analyzing user behavior
  • General Business Operations: Internal reporting, auditing, security monitoring, legal obligations, and business development

9. Legal Basis for Processing Personal Data

Scout and Talent processes personal data based on one or more of the following legal bases:

  • Consent: The data subject has given clear consent for processing their personal data for a specific purpose
  • Contractual Necessity: Processing is necessary for the performance of a contract with the data subject or to take steps at the data subject's request before entering into a contract
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which Scout and Talent is subject
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by Scout and Talent or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject
  • Vital Interests: Processing is necessary to protect the vital interests of the data subject or another natural person (rarely applicable)
  • Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (rarely applicable)

10. Disclosure of Personal Data

Scout and Talent may disclose personal data to third parties only when necessary for the purposes outlined in this policy and with appropriate safeguards in place. These third parties may include:

  • Clients: For the purpose of talent placement and management (with talent's consent)
  • Service Providers: Third-party vendors who provide services on our behalf (e.g., IT support, payroll processing, cloud hosting, background checks). These providers are contractually obligated to protect data and use it only for the purposes for which it was shared
  • Legal and Regulatory Authorities: When required by law, court order, or to protect our rights, property, or safety, or the safety of others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where personal data may be transferred as part of the business assets

11. International Data Transfers

As a US-based company with US clients, Scout and Talent may process personal data of talent who reside outside the US. In such cases, if personal data is transferred outside of the original country of collection (e.g., from the European Economic Area (EEA) to the US), Scout and Talent will ensure that appropriate safeguards are in place to protect the data, such as:

  • Standard Contractual Clauses (SCCs): Implementing SCCs approved by relevant authorities (e.g., the European Commission) for transfers from the EEA to third countries
  • Explicit Consent: Obtaining the data subject's explicit consent for the transfer after informing them of the possible risks of such transfers
  • Other mechanisms: Utilizing any other valid transfer mechanisms recognized by applicable data protection laws

12. Data Security

Scout and Talent implements robust technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data at rest and in transit
  • Access controls and least privilege principles
  • Regular security assessments and penetration testing
  • Employee security awareness training
  • Incident response procedures
  • Physical security measures for data storage locations

13. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, or to resolve disputes. Retention periods are determined based on the type of data and the applicable legal requirements. (Refer to the Data Retention and Disposal Policy).

14. Data Subject Rights

Depending on applicable data protection laws (e.g., GDPR, CCPA), data subjects may have the following rights regarding their personal data:

  • Right to Information: To be informed about the collection and use of their personal data
  • Right of Access: To request access to their personal data
  • Right to Rectification: To request correction of inaccurate or incomplete personal data
  • Right to Erasure (Right to be Forgotten): To request the deletion of their personal data under certain circumstances
  • Right to Restriction of Processing: To request the restriction of processing of their personal data under certain circumstances
  • Right to Data Portability: To receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller
  • Right to Object: To object to the processing of their personal data under certain circumstances (e.g., for direct marketing)
  • Rights in relation to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them
  • Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time

To exercise these rights, data subjects should contact privacy@scoutandtalent.com. We will respond to requests in accordance with applicable law.

Procedure for Handling Data Subject Requests:

  • Request Receipt: Requests are received via email at privacy@scoutandtalent.com
  • Identity Verification: The identity of the data subject making the request will be verified using reasonable means to prevent unauthorized disclosure
  • Forwarding to Data Owner: The request will be immediately forwarded to the relevant Data Owner(s) (e.g., HR for employee data, Joaquin Roca for client/talent data)
  • Fulfillment: The request will be fulfilled within 30 days of receipt, unless an extension is permitted by applicable law
  • Documentation: All requests and actions taken will be documented

15. Policy Enforcement

Any violation of this Privacy Policy may result in disciplinary action, up to and including termination of employment or contract, and may also result in legal action.

16. Policy Review and Updates

This policy will be reviewed at least annually, or more frequently if there are significant changes in data processing activities, technology, or legal/regulatory requirements. Any updates will be communicated to all affected parties.

17. Contact Information

For any questions or concerns regarding this Privacy Policy or Scout and Talent's data protection practices, please contact:

Joaquin Roca, CEO
Email: privacy@scoutandtalent.com

18. Related Policies and Procedures

  • Information Security Policy
  • Data Classification and Handling Policy
  • Data Retention and Disposal Policy
  • Access Control Policy
  • Incident Response Policy and Plan
  • Acceptable Use Policy