Privacy Notice for EU/UK Applicants

Last Revised October 10, 2023

• Introduction

  Sprout Social respects the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. It is important that you read this Privacy Notice for EU/UK Applicants (“Notice”) carefully as it sets out how Sprout Social Limited (Ireland) and Sprout Social UK Ltd. (collectively referred to as “Sprout Social”, “Company“, “we” or “us“) handles your personal information when you apply for a job or other role with us and the rights you have in connection with that information. If you are applying for a role based in Ireland, then Sprout Social Limited (Ireland) will be the entity that is the controller of your personal information. If you are applying for a role based in the United Kingdom, then Sprout Social UK Ltd. will be the entity that is the controller of your personal information. Sprout Social, Inc. is the parent company to other subsidiaries as well, and Sprout Social, Inc. and all of its subsidiaries will be referred to as the “Sprout Social Group” in this Notice. The term “Applicant” used in this Notice refers to anyone who applies for a job role, or who otherwise seeks to carry out work with or for us (whether on a permanent or non-permanent basis).

  If you are in any doubt, or have any comments or questions about this Notice, please contact us using the contact details set out at Section 7 below.

• Types of personal information we collect when you apply

  Information that we collect automatically

  You can visit the Careers page of our website at sproutsocial.com (“Website”) by navigating to sproutsocial.com/careers and search for jobs without providing personal information. However, we do collect certain information automatically from your device when you visit our Website. For further information, please see the privacy notice that applies to the use of our Website at sproutsocial.com/privacy-policy.

  If you are ineligible to work in the country (e.g. work authorization, work permit, etc.) specified in the job posting on our Careers page, your application will be rejected and we do not review your application further.

  In the event that you attend one of our offices for an interview, we may also process personal information related to such visit.

  Personal Information collected from you

  The types of personal information we collect and process when you apply for a role with the Company includes (but is not limited to):

  • Identification Data and Contact Data – including but not limited to your name, address, email address, phone number and other contact information, gender, date of birth, nationality/ies, national identifiers (such as national ID/passport).
  • Employment History – such as previous employers and job titles/positions.
  • Background Information – such as criminal history for the last 7 years, ID check, passport verification, and global sanctions.
  • Details of your Nominated Referee (including their name, contact details, employer and job role).
  • Immigration/Visa Data – details of your immigration/visa status.
  • Previous Applicant Data – information relating to previous applications you have made to the Company’s Group and/or any previous employment history with the Company’s Group.
  • Other information you voluntarily provide throughout the process, including through assessments and interviews.

  As a general rule, during the recruitment process, we try not to collect or process any of the following: information that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health/sex life (“Sensitive Personal Information“), unless authorised by law or where necessary to comply with applicable laws.

  However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruitment-related purposes. For example, we may need to collect information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, complying with anti-discrimination laws and government reporting obligations; alternatively, we may need to collect information about your physical or mental condition to consider accommodations for the recruitment process and/or subsequent job role. You may provide, on a voluntary basis, other Sensitive Personal Information during the recruitment process.

  Personal information collected from other sources

  • Criminal records data obtained through criminal records checks for vetting purposes.
  • Information provided by background checking agencies (refer to “Background Information” above) and other external database holders (for example credit reference agencies and professional/other sanctions registries).
  • Information provided by recruitment or executive search agencies.
  • Information collected from publicly available sources, including any social media platforms you use or other information available online.

  (in each of the above cases, where permissible and in accordance with applicable law).

• Purposes for processing personal information

  We collect and use this personal information primarily for recruitment purposes – that is, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying out reference checks or background checks (where applicable) and to generally manage and communicate with you about the hiring process.

  Specific information on the purposes, examples of the types of personal information processed for these purposes, and the grounds on which we process it are set out in the table below. In relation to the types of data, we have used the names of the categories identified above. The examples provided in the table cannot, of course, be exhaustive.

  Purpose	Examples of personal information that may be processed	Grounds for processing
  Assessing your skills, qualifications and experience for a particular role	Employment History Background Information Information you voluntarily provide through an interview or assessment process Previous Applicant Data	To take steps prior to entering into an employment contract with you.
  Verifying information you have provided to us in relation to the role you are applying for	Identification Data Employment History Immigration/visa Data Background Information / Criminal checks	To take steps prior to entering into an employment contract with you. Legal obligation, such as any requirement for a work visa or similar documentation under employment or other laws to which the Company is subject.Additional Article 10 grounds: where processing is authorized by Member State law providing for appropriate safeguards for the rights and freedoms of data subjects
  To manage the hiring process and communicate with you about it	Identification and Contact Data	To take steps prior to entering into an employment contract with you.
  To provide assistance in relation to the application process	Sensitive Personal Information, specifically health data (e.g., accommodations needed during the interview process)	Legal obligation, such as any requirement to provide adjustments in compliance with employment law and other laws to which the Company is subject. In some cases, with your explicit consent. Additional Article 9 grounds: processing is necessary for the purposes of carrying out obligations and exercising specific rights of the controller in the field of employment
  Monitoring of diversity and equal opportunities	Background Information Sensitive Personal Information More specifically: to the extent required or permitted by local law, information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, age and other diversity markers.	Legitimate interests as necessary for ensuring a diverse recruitment program. On substantial public interest grounds for assessment as to equality of opportunity of treatment. In some cases, with your explicit consent. Additional Article 9 grounds: processing is necessary for reasons of substantial public interest

  If you are accepted for a role at Sprout Social, the information collected during the recruitment process will form part of your ongoing staff member record and will be processed in accordance with our EU/UK Employee Privacy Notice (provided to you during the employment onboarding process).

  If we do not end up giving you an offer related to a role at Sprout Social, we may still keep your application to allow us to consider you for other suitable openings within Sprout Social in the future unless you email us a written request that we delete your application to careers@sproutsocial.com.

• Who we share your personal information with and transfers abroad

  We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

  Transfers to other group companies

  We will only share your personal information with other members of the Company’s Group where necessary to administer the recruitment process.

  Transfers to third party service providers

  We may make certain personal information available to third parties who provide services relating to the recruitment process to us, including:

  • recruitment or executive search agencies involved in your recruitment, if applicable;
  • background checking or other screening providers and relevant local criminal records checking agencies;
  • data storage, shared services and recruitment platform providers, IT developers and support providers and providers of hosting services in relation to our careers website; and
  • third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing/reporting issues.

  We may also disclose personal information to third parties on other lawful grounds, including:

  • Where you have provided your consent;
  • To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
  • In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes);
  • As necessary to establish, exercise or defend against potential, threatened or actual legal claims;
  • Where necessary to protect your vital interests or those of another person; and/or
  • In connection with the sale, assignment or other transfer of all or part of our business.

  In some cases, the sharing described above may result in your personal information being transferred internationally, including from the UK and European Economic Area to a country outside it. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

  Where we transfer your personal information to a different country, we will take steps to ensure that such data exporters comply with applicable laws. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. Such safeguards include our use of European Commission-approved Standard Contractual Clauses (along with the UK Addendum, where appropriate) and, as applicable, our commitment (and commitments made by third party transferees) to honor the principles set forth in the Data Privacy Frameworks (defined below), to the extent each such Data Privacy Framework is accepted as a lawful mechanism under which personal information can transfer in compliance with applicable laws.

  A copy of our Standard Contractual Clauses and UK Addendum can be provided on request. Please note that some sensitive commercial information may be redacted.

• Data Privacy Framework

  Transfers to Sprout Social, Inc. in the United States.

  Sprout Social, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (collectively, “Data Privacy Frameworks”). Sprout Social has certified to the U.S. Department of Commerce that it adheres to (i) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; and (ii) the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).** If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  With respect to any personal information received or transferred pursuant to the Data Privacy Frameworks, Sprout Social is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

  Where Sprout Social, Inc. transfers your personal information to a third party acting as an agent on its behalf, it shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles (unless Sprout Social Inc is not responsible for the event giving rise to the damage).

  **Sprout Social, Inc. does not rely on the Swiss-US Data Privacy Framework as a mechanism under which to receive (or onward transfer) personal information, pending its approval by the Swiss authorities; however, Sprout Social, Inc. adheres to the required commitments in anticipation of such approval.

  Contacting Us, Complaints and Dispute Resolution

  In compliance with the DPF Principles, Sprout Social, Inc. commits to resolve complaints about your privacy and our collection or use of your information transferred to the United States pursuant to the Data Privacy Frameworks. EEA, UK, and Swiss individuals with privacy inquiries or complaints should first contact us by email at privacy@sproutsocial.com. We will work to resolve your issue and will respond within 45 days of receipt. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, the United Kingdom, or Switzerland, you have the right to lodge a complaint with the competent supervisory authority.

  Sprout Social, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org for more information and to file a complaint. This service is provided free of charge to you.

  If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

• Data retention periods

  Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally this means your personal information will be retained for a period of twelve (12) months after confirming your application was unsuccessful, unless you contact us at careers@sproutsocial.com and request that we delete your application prior to the twelve (12) month period.

• Your data privacy rights

  You may exercise the rights available to you under applicable data protection laws as follows:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided at Section 7 below.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided at Section 7 below.
  • If we collect and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

  We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

• Contact details

  Please address any questions or requests relating to this Notice to careers@sproutsocial.com with privacy@sproutsocial.com on the copy line.