Skip navigation


EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF

Updated: May 3, 2024

Scout Exchange LLC (“Scout Exchange”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  Scout Exchange has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit

This Data Privacy Framework Notice supplements the Scout Exchange's Privacy Notice. Unless specifically defined in this Data Privacy Framework Notice, the terms in this Data Privacy Framework Notice have the same meaning as in our Scout Exchange's Privacy Notice. In case of conflict between this Data Privacy Framework Notice and the Principles, the Principles will govern.


We obtain and process Personal Information from the European Union and United Kingdom in different capacities:

As a data processor, we obtain and process EEA Personal Information on behalf of and under the instructions of our customers in connection with the Scout Services (“Services”). In this capacity, our customers decide what Personal Information they submit, and we process Personal Information at our customers' instructions and pursuant to the Services agreements with those customers. We may access this information to provide the Services, to prevent, correct, or address service or technical problems, to respond to customer support matters in response to our customers' instructions, or to fulfill our contracts with our customers. This information includes data referred to in the Scout Exchange Privacy Notice as “Candidate Resume Data” and “ATS Integration Data”.

As a data controller, we may collect and process EEA Personal Information directly from individuals, either via our publicly available websites, including and or in connection with our customer, partner, and vendor relationships. In this capacity, we process personal information in order to run our business and provide the Services to our customers. Examples of data we process as a controller include and are referred to in the Scout Exchange Privacy Notice as “User Data”, “Site Visitor Data”, and “Voluntary Self-Identified Diversity Data”.


We do not sell or rent personal information to third parties who are not affiliated with Scout Exchange. We will share personal information with third parties only in the ways that are described in The Scout Exchange Privacy Notice.

Scout may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

For more information on how we use and share personal data please see our  Privacy Notice


Scout Exchange is responsible for the processing of personal data it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DP and subsequently transfers to a third party agent acting on its behalf. Scout Exchange shall remain liable under the Data Privacy Framework Principles if its agents that it engages to process such personal information do so in a manner inconsistent with the Principles, unless Scout Exchange proves that it is not responsible for the event giving rise to the damage.


When providing the Services, our customers choose the types of Personal Information that they submit to us and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals.

In the event Scout Exchange is acting as a data controller, Scout Exchange will provide individuals with choices. To the extent Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt-out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.


Individuals whose data is subject to this Data Privacy Framework Notice and whose data is submitted directly to us have rights to access Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. These individuals may request access to their Personal Information by contacting us at [email protected]

When providing our Services, we only process and disclose the Personal Information as specified in our Services agreements with customers. Our customers control how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, individuals that wish to request access, or to limit use or disclosure of Personal Information that was provided to one of our customers, should contact the company to which they submitted their Personal Information and that uses our Services. We will support our customers in responding to these requests.


In case of disputes, individuals whose data is subject to this Data Privacy Framework Notice are able to seek resolution of their questions or complaints regarding the processing of their Personal Information in accordance with the Principles. If an individual feels that Scout Exchange is not abiding by this Data Privacy Framework Notice or is not in compliance with the Principles, they should first contact Scout Exchange at the contact information provided below.

If an issue cannot be resolved through Scout Exchange's internal dispute resolution mechanism, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Scout Exchange commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO)with
regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

If your dispute can't be resolved through use of the above referenced independent recourse mechanisms, you may have the right to require that Scout Exchange enter into binding arbitration with you. Additional information on this process can be found here.


Scout Exchange is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).


This Data Privacy Framework Notice may be amended consistent with the requirements of the EU-U.S. PrivEU-U.S. Data Privacy Framework (EU-U.S. DPF),  and the UK Extension to the EU-U.S. DPF. When we update this Notice, we will also revise the “Last Updated” date at the top of this document.


If you have any questions, concerns or complaints regarding our privacy practices, or if you would like to exercise your choices or rights, you can contact us:

By email at [email protected]