top of page

DPA

Data Protection Agreement

Effective Date: June 1st, 2025


This DPA forms part of the RecruitScout Terms & Conditions.

 

1. Parties and Roles

This DPA is between:

  • RecruitScout – Silvio Bonomi, acting as Data Processor,

  • The User, acting as Data Controller.

The parties agree to the following terms regarding personal data processing under the GDPR (EU Regulation 2016/679).

 

2. Subject Matter, Nature, and Purpose of Processing

RecruitScout processes personal data solely to provide the RecruitScout SaaS platform, which includes:

  • data enrichment,

  • opportunity and job-signal detection,

  • identification of publicly available decision makers,

  • outreach automations and integrations,

  • analytics and output generation.

RecruitScout processes data only on documented User instructions.

 

3. Duration of Processing

Processing continues for as long as the User maintains an active account or until the User requests deletion, as defined in this DPA.

 

4. Categories of Data Subjects

  • business professionals,

  • employees of companies the User chooses to target,

  • prospects, leads, and decision makers.

RecruitScout processes B2B contact data only.

 

5. Types of Personal Data

RecruitScout may process:

  • names, job titles, roles;

  • business email addresses, phone numbers;

  • company details;

  • publicly available business data;

  • messages or notes uploaded by the User;

  • technical logs and metadata required for service operation.

RecruitScout does not process sensitive personal data (GDPR Articles 9–10).

 

6. Obligations of the Controller (User)

The User warrants that:

  1. They determine the lawful basis (e.g., legitimate interest).

  2. They have obtained required notices or consents.

  3. They will not upload unlawful or unauthorized data.

  4. They instruct RecruitScout to process data exclusively for the purposes of providing the Service.

The User indemnifies RecruitScout for violations of GDPR caused by their instructions or misuse of personal data.

 

7. Obligations of the Processor (RecruitScout)

RecruitScout shall:

  1. Process data only on User instructions.

  2. Implement appropriate technical and organizational measures (encryption, access control, secure hosting).

  3. Ensure personnel handling data are under confidentiality obligations.

  4. Not use Customer Data for advertising, reselling, or other purposes outside the Service.

  5. Assist the User with data subject rights (access, deletion, rectification).

  6. Maintain records of processing activities.

  7. Notify the User of any personal data breach without undue delay after becoming aware.

 

8. Sub-Processors

RecruitScout may use the following categories of sub-processors:

  • hosting providers,

  • analytics providers,

  • enrichment providers,

  • email delivery services,

  • CRM and automation integrations.

RecruitScout ensures sub-processors are bound by GDPR-compliant contracts.
User provides general authorization for RecruitScout to use and update sub-processors.

A list of sub-processors is available on request.

 

9. International Data Transfers

If personal data is transferred outside the EEA, RecruitScout will ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs),

  • adequacy decisions,

  • GDPR-compliant transfer mechanisms.

 

10. Data Retention & Deletion

Upon termination:

  • RecruitScout retains data for up to 30 days for export.

  • After 30 days, RecruitScout will delete Customer Data from active systems.

  • Backups are deleted according to automated retention cycles.

User may request early deletion at any time.

 

11. Security Measures

RecruitScout maintains:

  • encryption in transit and at rest,

  • role-based access control,

  • password and credential protection,

  • activity logging,

  • regular patching,

  • secure hosting environment,

  • incident response procedures.

 

12. Data Subject Requests

RecruitScout will assist the User in responding to:

  • access requests,

  • erasure requests,

  • objections,

  • portability requests.

RecruitScout does not respond directly to Data Subjects unless legally required.

 

13. Audit Rights

User may request documentation proving GDPR compliance.
RecruitScout will cooperate with reasonable audits without causing disruption.

 

14. Termination

Upon termination of the Service, this DPA also terminates.
Deletion obligations remain in force.

 

15. Governing Law

This DPA is governed by Italian law.

bottom of page