Privacy Statement

Effective: November 8, 2021

Prior Workday Privacy Statement
Prior Peakon Privacy Statement
Prior Zimit Privacy Statement

TRUSTe


Introduction

This Workday Privacy Statement (“Privacy Statement”) describes how we collect, use, disclose, transfer, and store your personal data for the activities described below, including when you visit a Workday website that links to this Privacy Statement (“Website”), when you attend our marketing and learning events both online and offline (“Events”), and for our business account management. This Privacy Statement describes your choices and rights related to your personal data.

 

Quick Links

We recommend that you read this Privacy Statement in its entirety to ensure you are fully informed; however, if you only want to access a particular section, click the relevant link below to jump to that section:

Workday as a Service Provider

Personal Data We Collect

How We Use Your Personal Data

Disclosure of Data

International Data Transfers

Data Retention

Your Rights Over Your Personal Data

Legal Basis for Processing Personal Data

Workday Forums

Workday Extend

Security

Third-Party Certifications

Changes to this Privacy Statement

How to Contact Us

 

Workday as a Service Provider

Workday customers are organizations such as businesses and schools that use our enterprise cloud applications to process personal data about their personnel, students, and applicants (“Customer Data Subjects”) and to manage their relationships with these individuals. Workday processes personal data about these Customer Data Subjects in our enterprise cloud applications only according to our customers’ instructions as a “processor” or “service provider” and this Privacy Statement does not apply.

If you are a Customer Data Subject and have questions or want to exercise any of your rights regarding your personal data, you should direct your inquiry to the relevant Workday customer. If you contact Workday directly for these purposes, we are required to inform the relevant Workday customer (if we can identify them from the contact details you provided).

TRUSTe   TRUSTe
 

Personal Data We Collect

Personal Data We Collect Directly from You

Website

As a visitor, you may be asked or choose to provide us with your personal data on some areas of our Website, such as:

  • First name
  • Last name
  • Business email
  • Telephone number
  • Company name
  • Job level
  • Functional role
  • Street address

Some areas of the Website, including Workday Community, require you to create a user account. As part of your user account, you may choose to provide us with additional information, such as:

  • A photo
  • Social media profiles
  • Areas of expertise

Events
If you register to attend a Workday-sponsored Event, we may require certain data, including:

  • First name
  • Last name
  • Business email
  • Telephone number
  • Company name
  • Emergency contact (in some instances)
  • Dietary preferences (in some instances)
  • Health and safety information (in some instances)
  • Billing information (such as billing name, billing address, and credit card number)

Customer Account Management
We collect business contact information for account management purposes related to the use of Workday software-as-a-service applications or professional services. 

End User Account Management
If you have registered for an account directly with Workday (for example, to access the Workday Resource Center, or as a user of Workday Strategic Sourcing), we collect the account registration information you give us (for example, your name and email) and your profile information (for example, your company name). Additionally, we collect name, company, and email address to manage Workday Learning registrations for customers and partners. You may have the option to personalize your account with additional information.

If you use certain systems provided by Workday (such as the Workday Resource Center), we will collect data from you to enable multifactor authentication, such as mobile number, email address, or unique verification identifier.

Cookies and Other Similar Technologies
Like many websites, Workday uses cookies and similar tracking technologies (including for analytics, functionality, advertising, and other purposes). For more information about the technologies we use and how you can control these technologies, please see our Cookie Notice.

Workday Events Mobile Application
When you choose to use a Workday Events mobile application, then with your consent we may collect information from your device, such as your photos, contacts, or geolocation data, to enable some functions in accordance with your device’s privacy settings.

Other Information
If Workday collects any other personal data from you, we will explain which data and why we need it at the time we collect it.

Personal Data Obtained from Third-Party Sources

Workday may also collect business contact information about you from other sources including third parties from whom we have purchased business contact information and from publicly accessible websites, such as your company’s website, professional network services, or press releases. Business contact information may include:

  • First name
  • Last name
  • Business email
  • Telephone number
  • Company name
  • Job level
  • Functional role
  • Business street address
  • Online identifier
  • Employment history 

In some instances, Workday may combine personal data you have provided to us with personal data collected from other sources as described above. We use this data for our internal customer analytics, to identify prospective customer marketing opportunities, and to improve the relevance of our Website content and our advertising.

 

How We Use Your Personal Data

To Contact You
Workday uses the data we collect about you to provide Workday Websites, services, and support. For example, if you provide data to us in a “Contact Us” form, we will use your data to respond to the request. 

Workday uses your personal data and information about your activity on our websites to contact you for marketing purposes (including by phone or email) in accordance with your marketing preferences, including to contact you about product announcements, newsletters, and details on upcoming Events. We also use it to send administrative information, such as notices related to products, services, or policy changes.

To Plan and Manage Events
If you register or attend an Event, Workday uses your data for Event planning and management, including registration, billing, and connecting with other Event attendees, or to contact you further about relevant products and services in accordance with your marketing preferences. Any information you provide about emergency contacts or dietary preferences would be used only for your safety and health purposes.

To Facilitate Event Participation
Workday uses the information collected using Workday Events mobile applications to deliver requested application services and to facilitate Event participation, such as providing Event schedules and the opportunity to connect with Event attendees. For example, when you are using Workday Events mobile applications, then with your consent we may access your camera to allow you to upload photographs to the mobile service; access your calendar, social media, and contact information to allow you to interact with other Event attendees; or access the geographic location of your device to enable you to identify nearby contacts. Workday may also collect information from your usage of Workday Events mobile applications to improve Events and services, communicate with you about the Event and relevant products and services (in accordance with your marketing preferences), and for security purposes. You can control the collection of certain information using your device permission settings.

For Improvement Purposes
Workday uses the personal data we collect to understand how our websites and services are being used and to make improvements. For example, we may solicit your feedback about your experience using our services, and ways that we can improve those services. In addition, we may use the search queries entered into Workday Community to improve search capabilities or performance. Additionally, we use questions posted or comments on Workday Community to enrich the content or help guide future enhancements to our products and services.

Similarly, the Workday mobile application gathers information for troubleshooting and improvement.  We use third party services, such as Google Analytics, to view aggregated information about end user usage and interactions. 

For Security and Investigations
Workday may use your Personal Data by tracking use of our Website to diagnose Website technical problems, as well as to prevent, detect, mitigate, and investigate potential security issues, as well as fraudulent or illegal activity.

For Education and Training
If you participate in a Workday-offered education or training course, your enrollment and attendance information will be recorded to track and potentially report your participation and completion. We may use this information to recommend additional training courses.

Completion of Workday certifications by a services partner may be visible to Workday and our customers, and completion of a training course may also be visible to the entity making the training available to you. This registration and tracking may be conducted by third parties on behalf of Workday.

 

Disclosure of Data

Affiliates and Service Providers
Workday may share personal data with other Workday affiliates and third-party service providers or vendors contracted to provide services on our behalf (such as email fulfillment providers and payment service providers). These third-party service providers or vendors may use data we provide to them only as instructed by Workday.

Webinars, Events, and Other Activities Related to Workday Offerings
Workday may offer the following solely or jointly with third parties or partners: webinars, Events, whitepaper downloads, or other services related to Workday offerings or services. We may share your contact information and interests in these offerings or services with these approved third parties to communicate with you about Workday.

When you attend an Event (either sponsored by Workday or one where Workday is a participating vendor) and have your badge scanned, your personal data will be shared with Workday, as well as with any partner or third party participating in that Event, and potentially with the entity sponsoring your attendance at the Event. For example, if your badge is scanned as you attend a session at a Workday-sponsored conference, Workday and any co-presenters will have access to that information to understand who was in attendance, and potentially follow up with you on relevant products or services. If you do not want your data shared with Workday or partners in this manner, do not have your badge scanned. If your badge is scanned by a partner or a third party at an event, your data will be governed by that party’s privacy statement.

Additional Disclosures
Workday may disclose personal data if we have a good faith belief that such action is necessary to (a) conform to legal requirements or comply with legal processes; (b) protect and defend our rights or property; (c) enforce the Website Terms and Conditions; and/or (d) act to protect the interests of our users or others.

If Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred.

Workday does not sell personal data that we collect or process under this Privacy Statement.

 

International Data Transfers

Workday operates as a global business and may transfer, store, or process your personal data in a country outside your jurisdiction, including countries outside the European Economic Area (“EEA”) and the United Kingdom (“UK”). However, we have taken appropriate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights. For example, if we transfer personal data from the EEA or UK to another country, such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent UK authority (as applicable) with the data importer, or take other measures to provide an adequate level of data protection under EU and UK law.

 

Data Retention

Workday will retain your personal data as long as is necessary to perform a service for you, comply with applicable laws or regulations, resolve disputes, and enforce our agreements or as is otherwise necessary for the purpose of a legitimate interest pursued by Workday or a third party that is not overridden by your personal rights and freedoms. 

 

Your Rights Over Your Personal Data

Depending where you are located, you may have certain legal rights over the personal data we process about you, subject to local privacy laws. These may include the right to:

  • Obtain information about and access the personal data we process about you
  • Have incorrect personal data updated
  • Have your personal data deleted
  • Restrict the processing of your personal data
  • Object to the processing of your personal data carried out on the basis of our legitimate interests or for direct marketing purposes
  • Receive a copy of your personal data in an electronic and machine-readable format
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Workday does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement. 
  • Receive the categories of sources from whom we collected your personal data
  • Opt out of marketing communications at any time by clicking on the “Unsubscribe” or “Opt out” link in marketing emails we send you or by contacting us
  • Complain to a regulator or data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

Workday will not discriminate against you for exercising your rights. 

You can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through our Request Portal

If your personal data has been submitted to us by or on behalf of a Workday customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly (see Workday as a Service Provider section above for further information).

 

Legal Basis for Processing Personal Data

Our legal grounds for collecting and using your personal data as described in this Privacy Statement fall into the following four categories.  

Consent: In some cases, we ask you for your consent to process your personal data, such as when we need your consent for marketing purposes. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by contacting us as provided in the How to Contact Us section below.

Legitimate Interest: We process certain data for the legitimate interests of Workday, our affiliates, our partners, or our customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and mobile applications. We will rely on our legitimate interests for processing personal data only after balancing our interests and rights against the impact of the processing on individuals.

Performance of a Contract: Sometimes we process personal data to perform our obligations under an agreement with you. For example, we use payment information you provide when you register for an Event to process your payment.

Other Legal Bases: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.

 

Workday Forums

You may post comments or questions on our websites; for example, on a blog, community site, or developer forum. Some of these forums allow you to provide your personal data and create a profile. Personal data you submit in these public areas can be read and collected by others who access them. You should only post personal information to online forums with the awareness that the information will be available to others in the forum. Comments posted by individuals in an online forum reflect their own views and should not be considered to reflect the opinion of Workday.

 

Workday Extend

Workday Extend allows partners and developers to build applications independent of Workday. Before using these applications, please review the relevant privacy statement and terms of service.

 

Security

We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources.

 

Third-Party Certifications

E.U.-U.S. and Swiss-U.S. Privacy Shield

Workday adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, although Workday no longer relies on the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the European Union in Case C-311/18. To learn more, visit our Privacy Shield Notice here.

TRUSTe

APEC Participation

Workday’s privacy practices, described in this Privacy Statement, comply with the APEC Cross-Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC framework can be found here.

TRUSTe
  

Changes to this Privacy Statement

This Privacy Statement may be amended or revised from time to time at the discretion of Workday. Changes to this Privacy Statement will be posted on the Website and links to the Privacy Statement will indicate that the statement has been changed or updated. If we propose to make any material changes, we will provide notice on this page prior to the change becoming effective. We encourage you to periodically review this Privacy Statement for the latest information on our privacy practices.

 

How to Contact Us

If you reside in the European Economic Area, the United Kingdom, and Switzerland, Workday Limited is the controller for your personal data. For all other individuals, Workday, Inc. is the controller for your personal data.

If you have any questions about this Privacy Statement, wish to exercise your rights, or to contact our Data Protection Officer, please submit your request through our Request Portal. You may also contact us at one of the mailing addresses below:

Contact Details of Business/Controller Contact Details of Workday Inc.’s Data Protection Representative in the EEA
Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA
Workday Limited
Attn.: Privacy
Kings Building
May Lane
Dublin 7 Ireland

Workday will respond to your request within a reasonable timeframe or as required by law. 

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.