ScoutRex is fully aligned with the EU General Data Protection Regulation (GDPR). We built privacy-by-design into every product, every process, and every line of code.
The General Data Protection Regulation (GDPR) is EU Regulation 2016/679, which came into force on 25 May 2018. It is one of the world's strongest data protection frameworks, giving individuals in the European Economic Area (EEA) extensive rights over their personal data and imposing strict obligations on organisations that process it.
GDPR applies to ScoutRex because we process personal data of individuals located in the EEA, including job seekers using JobRex and HR professionals using HireRex: regardless of where ScoutRex itself is based.
ScoutRex treats GDPR not as a compliance checkbox, but as a core product value. Privacy by design is embedded in how we build, deploy, and operate our platforms.
Data minimisation, purpose limitation and privacy controls are built into every feature from day one, not bolted on after launch.
Every processing activity is mapped to a valid legal basis under Article 6 GDPR before it goes into production.
Candidates and company users can exercise all GDPR rights directly from their account dashboard, no email needed.
All third-party processors are assessed for GDPR compliance before onboarding. Data Processing Agreements are in place with every sub-processor.
We maintain a documented incident response plan that ensures regulatory notification within 72 hours where legally required.
Internal privacy audits are conducted quarterly. Our Records of Processing Activities (RoPA) are kept up to date.
We collect only the personal data necessary for the specific purposes described below. We do not sell personal data to third parties.
ScoutRex does not require you to provide special category data (e.g. race, health, religion) as defined in Article 9 GDPR. If a candidate voluntarily adds such information to their profile, it is processed under explicit consent and can be withdrawn at any time.
We rely on the following legal bases under Article 6 GDPR:
If you are located in the EEA, UK, or Switzerland, you have the following rights. All can be exercised via your account settings or by contacting privacy@scoutrex.com.
Request a copy of all personal data we hold about you, including how it is being used (Art. 15).
Ask us to correct inaccurate or incomplete personal data without undue delay (Art. 16).
Request deletion of your personal data where we no longer have a lawful basis to retain it ("right to be forgotten") (Art. 17).
Ask us to pause processing of your data while a dispute about accuracy or lawfulness is resolved (Art. 18).
Receive your personal data in a structured, machine-readable format and transfer it to another service (Art. 20).
Object to processing based on legitimate interests or direct marketing, we will stop unless compelling grounds override your interests (Art. 21).
Request human review of any significant decision made solely by automated means, including AI-based candidate ranking (Art. 22).
Withdraw any consent you have given at any time. Withdrawal does not affect the lawfulness of prior processing (Art. 7(3)).
We will respond to all rights requests within 30 days. Complex requests may take up to 3 months with notice. There is no charge for standard requests.
ScoutRex implements appropriate technical and organisational measures under Article 32 GDPR to protect personal data against unauthorised access, disclosure, alteration, or destruction.
Where personal data is transferred outside the EEA, we ensure adequate safeguards are in place in accordance with Chapter V GDPR:
Enterprise customers can request that their data be stored and processed exclusively within the EU. Contact privacy@scoutrex.com to activate this option.
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law (Article 5(1)(e) GDPR, storage limitation).
We use cookies in accordance with the ePrivacy Directive (Cookie Law) and GDPR. A cookie consent banner is displayed on your first visit.
You can update your cookie preferences at any time via the Cookie Preferences link in our footer.
ScoutRex has appointed a Data Protection Officer (DPO) responsible for overseeing our GDPR compliance programme. You may contact the DPO directly for any privacy-related concerns:
Email: privacy@scoutrex.com
Subject line: "GDPR, [Your Request Type]"
We aim to acknowledge all DPO contacts within 2 business days.
If you believe we have not handled your personal data in accordance with GDPR, we encourage you to contact us first at privacy@scoutrex.com so we can try to resolve the matter directly.
You also have the right to lodge a complaint with the supervisory authority in the EU member state where you live, work, or where the alleged infringement occurred. For example:
Our privacy team is here to help. Reach out with any GDPR or data protection questions.
📧 Contact Privacy Team