EU-U.S.Privacy Shield Notice
Updated January 1, 2019
This Privacy Shield Notice describes our standards and procedures for handling Personal Information transferred from the European Economic Area (“EEA”) and United Kingdom to the U.S. in accordance with Scout Exchange’s obligations under the EU-U.S. Privacy Shield Framework.
Scout Exchange has subscribed to and will adhere to the EU-U.S. Framework by adopting and implementing the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (“Principles”) for Personal Information we receive from participating European countries and the United Kingdom. Our Privacy Shield certification can be found here.
Data Processed and Purpose
Scout Exchange obtains and processes Personal Information from the EEA and United Kingdom in different capacities:
As a data processor, we obtain and process EEA and United Kingdom Personal Information on behalf of and under the instructions of our Clients, Providers, or other Users in connection with our Scout Exchange services (“Services”). In this capacity, our Users decide what Personal Information they submit, and we process Personal Information at our Users’ instructions and pursuant to the agreements with those Users. We may access this information to provide the Services, to prevent, correct, or address service or technical problems, to respond to Service support matters in response to our Users’ instructions, or to fulfill our contract obligations with same.
As a data controller, we may collect and process EEA and United Kingdom Personal Information (such as name, e-mail address, IP address, company affiliation, or similar personally identifying data) directly from individuals, either via our publicly available websites, including www.goscoutgo.com, or in connection with our User and vendor relationships. In this capacity, we process Personal Information in order to run our business and provide the Services to our Users.
Third Parties with Whom We May Disclose Personal Information
We may disclose Personal Information with a limited number of trusted third-party providers who assist us in providing the Services and help us run our business. To date, these third parties are limited to those assisting with technical operations such as applicant tracking, hosting, database and security monitoring, customer support, and marketing and analytics operations. These third parties may only use Personal Information at Scout’s instruction and not for their own purposes. We may also disclose Personal Information to other Users of the Scout Software, such as Clients and Providers, but only to the extent necessary for the provision of our Services.
In the case of onward transfer of Personal Information collected under our Privacy Shield Certification to third parties acting on our behalf (as that term is defined in the Principles), Scout may have certain liability under the Privacy Shield if the agent processes the personal data in a manner inconsistent with Privacy Shield and Scout Exchange is responsible for the event giving rise to the damage.
When providing the Services, our Users choose the types of Personal Information that they submit to us and the purposes of the processing. Accordingly, our Users are responsible for providing notice to the individuals whose Personal Information they are providing.
In the event Scout Exchange is acting as a data controller of Personal Information submitted through our websites, Scout Exchange will provide individuals with choices. To the extent Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third-party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt-out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.
Right of Access
Individuals whose data is subject to this Privacy Shield Notice and whose data is submitted directly to Scout Exchange as the data controller have rights to access Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. These individuals may request access to their Personal Information by contacting Scout Exchange as described below.
When providing our Services, we only process and disclose the Personal Information as specified in our agreements with our Users. Our Users control how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, individuals that wish to request access or to limit use or disclosure of Personal Information that was provided to one of our Users, should contact the entity to which they submitted their Personal Information and that use our Services. We will support our Users in responding to these requests.
Scout Exchange may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Dispute Resolution and Arbitration
In case of disputes, individuals whose data is subject to this Privacy Shield Notice are able to seek resolution of their questions or complaints regarding the processing of their Personal Information in accordance with the Principles. If an individual feels that Scout Exchange is not abiding by this Privacy Shield Notice or is not in compliance with the Principles, he or she should first contact Scout Exchange at the contact information provided below.
If an issue cannot be resolved through our internal dispute resolution mechanism, individuals may submit a complaint to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAA) which provides, at no cost to the individual, an independent third-party dispute resolution option based in the U.S. To contact ICDR-AAA and/or learn more about their dispute resolution services, including instructions for submitting a complaint, please visit their site at http://go.adr.org/privacyshield.html. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Scout Exchange is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
This Privacy Shield Notice may be amended consistent with the requirements of the EU-U.S. Privacy Shield Framework. When we update this Notice, we will also revise the “Updated” date at the top of this document.
Questions or Complaints
If you have any questions, concerns or complaints regarding our privacy practices, or if you would like to exercise your choices or rights, you can contact us:
By email at email@example.com
By mail to Scout Exchange, 501 Boylston St, Third Floor, Boston, MA 02116