Scout Privacy Policy

Effective Date: September 21st 2022

This Privacy Policy belongs to SCOUT registered under the name of TechKnowledgey Pte Ltd. (“SCOUT”, “we”, “us” or “Owner”), a Company registered in Singapore with its registered address at 100 Peck Seah Street, #08-14, S079333. 

We recognise that your privacy is very important and take it seriously. This Privacy Policy describes SCOUT’s policies and procedures on the collection, use and disclosure of your information when you use the services offered by SCOUT when you use www.getscout.ai and its affiliated websites (the “Services”). By using the Services, you consent to our use of your information in accordance with this Privacy Policy. This Privacy Policy applies to all users of the Services, whether you are a candidate who is listed on our database (“Candidate”) or an HR Manager/talent acquisition manager/recruiter looking for prospective hires on behalf of your company (“Business User”, “Customer”).

Data Processing Policy

1. Scope and order of precedence

TechKnowledgey Pte Ltd and Customer have entered into an agreement for the provision of Services, including SCOUT’s Terms of Use and/or an applicable Master Services Agreement (“Agreement”).

2. Definitions

In the document, the following terms will have these meanings:

“Customer” means the other party that has executed the Agreement with SCOUT.

“Customer Personal Data” means Personal Data and/or personal information (as those terms are defined under the applicable Data Protection Laws) provided to SCOUT by Customer for processing by SCOUT in connection with the Services.

“Data Protection Laws” means applicable laws, standards and regulations governing the Processing of Personal Data by SCOUT for Customer under the Agreement, as may be amended or enacted from time to time, including, but not limited to the Personal Data Protection Act, 2012.

“Third Party Sub-processor” means a third-party subcontractor engaged by SCOUT which, as part of the subcontractor’s role of providing Services, will Process Customer Personal Data.

“Services” means the services to be provided by SCOUT for the benefit of Customer that are specified in the Agreement.

3. SCOUT’s Processing of Customer Personal Data

3.1 Categories of Personal Data and Data Subjects

To perform the Services, Customer hereby authorizes and requests that SCOUT process the following categories of Customer Personal Data:

Categories of data subjects whose personal data is transferred: Customer’s employees and potential job candidates.

Purpose(s) of the data transfer and further processing: The Authorized Purposes as provided in the Agreement, namely to identify candidates for possible recruitment and make initial contact with such candidates.

3.2 Roles and Restrictions on Processing of Customer Personal Data

Customer will at all times

remain the Controller of Customer Personal Data pursuant to the Data Protection Laws;
determine the purposes and means of its Processing of Customer Personal Data;
comply with the obligations applicable to it pursuant to the Data Protection Laws regarding the Processing of Customer Personal Data, including, without limitation, establishing a legal basis for Processing of Customer Personal Data and with respect to the transfer and provision of Customer Personal Data to SCOUT for Processing hereunder; and
Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. SCOUT is a Processor with respect to its Processing of Customer Personal Data hereunder. SCOUT will Process Customer Personal Data solely for the provision of the Services, and will not otherwise (i) Process Customer Personal Data for purposes other than those set forth in the Agreement or as instructed by Customer in accordance with the Agreement or (ii) disclose such Customer Personal Data to third parties other than Third Party Sub-processors as permitted or required by the Agreement, this document, or the Data Protection Laws. SCOUT will comply with the obligations applicable to it pursuant to the Data Protection Laws regarding the Processing of Customer Personal Data.

3.3 Rights of Data Subjects

SCOUT will follow Customer’s detailed written instructions to meet its obligations pursuant to the Data Protection Laws to respond to Data Subject requests to access, delete, release, correct, or block access to Customer Personal Data held in SCOUT’s information technology environment. In case of any Data Subject requests to access, delete, release, correct or block Customer Personal Data, SCOUT will directly respond to the request and remove the Data Subject from the technology environment, as required by the Data Protection Laws.

3.4 Third party Sub-processors

Some or all of SCOUT’s obligations under the Agreement may be performed by Third party Sub-processors. SCOUT maintains a list of Third party Sub-processors that may process Customer Personal Data. Customer can request a copy of that list by email to XYZ.

The Third Party Sub-processors shall abide by substantially the same obligations as SCOUT under this Addendum as applicable to their Processing of Customer Personal Data as determined by SCOUT.

Customer consents to SCOUT’s use of Third Party Sub-processors in the performance of the Services in accordance with the terms.

3.5 Technical and Organizational Measures

SCOUT has implemented and will maintain appropriate technical and organizational security measures for the Processing of Customer Personal Data, including the measures specified in Schedule 1 to this document to the extent applicable to SCOUT’s Processing of Customer Personal Data. These measures are intended to protect Customer Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure, or access, and against all other unlawful forms of Processing.

3.6 Audit Rights

3.7 Incident Management and Breach Notification

SCOUT evaluates and responds to incidents that create suspicion of or indicate a Personal Data Breach. SCOUT staff is instructed on responding to Personal Data Breach as required pursuant to the Data Protection Laws. SCOUT will notify Customer as soon as reasonably practicable, and in any event within any notice period required pursuant to the Data Protection Laws, if SCOUT has determined that Personal Data Breach has niPersonal Data Breach and take reasonable measures to identify its root cause(s) and prevent a recurrence. As information is collected or otherwise becomes available, unless prohibited by applicable law, SCOUT will provide Customer with a description of the Personal Data Breach, the type of Personal Data that was the subject of the Personal Data Breach, and other information Customer may reasonably request concerning the affected Data Subjects. The parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected Data Subjects and/or notices to the relevant data protection authorities.

3.8 Deletion of Personal Data upon End of Services

Following termination of the Services, at Customer’s instruction, SCOUT will delete all Customer Personal Data then available in SCOUT’s information technology environment that holds Customer Personal Data, or if Customer provides no instructions, destroy the data in accordance with SCOUT’s then-current data retention policies and applicable law.

3.9 Legally Required Disclosures

Except as otherwise required by applicable law, SCOUT will promptly notify Customer of any subpoena, judicial, administrative, or arbitral order of an executive or administrative agency, regulatory agency, or other governmental authority (“Demand”) that it receives, and which relates to the Processing of Customer Personal Data. At Customer’s request, SCOUT will provide Customer with reasonable information in its possession that may be responsive to the Demand and any assistance reasonably required for Customer to respond to the Demand in a timely manner. Customer acknowledges that SCOUT has no responsibility to interact directly with the entity making the Demand.

Schedule 1 – Technical and Organizational Security Measures

SCOUT has implemented and will maintain appropriate technical and organizational security measures for the Processing of Customer Personal Data include the following:

SCOUT maintains access controls which include, but are not limited to:

• Limiting access to its information systems and the facilities in which they are housed to properly authorized persons;

• Access by SCOUT personnel to Customer Data is removed upon termination of employment or a change in job status that results in the personnel no longer requiring access to Customer Data;

and • System passwords conform to strong password standards (9 characters minimum) that include length, complexity and expiration. A maximum of ten (10) password attempts can be made, after which access is blocked until the password is reset by authorized personnel. Password policies conform with NIST Special Publication 800-53.

All communications to Customer transmitted over the internet are encrypted. SCOUT utilises encryption on its own email servers to ensure point-to-point encryption via opportunistic TLS. All Customer Data storage and backups are encrypted with high-grade encryption.

SCOUT monitors its network and production systems and implements and maintains security controls and procedures designed to prevent, detect, and respond to identified threats and risks. Such monitoring and testing include, but is not limited to, the following:

• Employing an industry standard network intrusion detection system to monitor and block suspicious network traffic;

• Reviewing access logs on servers and security events and retaining network security logs for 180 days;

• Reviewing all access to production systems;

• Engaging third parties to perform network penetration testing on at least an annual basis.

SCOUT shall ensure that:

• All endpoints run an anti-virus solution and apply timely signature updates; and

• All critical, exploitable vulnerabilities are patched in a timely manner.