Recruitment Privacy Statement
Effective: September 2, 2020
Prior Recruitment Privacy Statement
We are Workday, a group of companies with offices all over the world. We are committed to protecting the personal data of all Workday applicants—whether employee, contingent worker, contractor, or intern.
This Recruitment Privacy Statement describes how Workday collects, uses, discloses, transfers, and stores personal data as part of our recruitment process for companies in the Workday group. It provides details on your personal data rights and how to exercise your rights with us.
We recommend that you read this Recruitment Privacy Statement completely to ensure you are fully informed; however, if you only want to access a particular section, you can click on the relevant link below to jump to that section:
Where your personal data is processed
Your rights over your personal data
Changes to this Privacy Statement
Personal data we collect.
To apply for a position within Workday, you will create an account on the Workday careers site portal. The portal requires an email address and password to authenticate your account.
Additional basic contact information such as name, email address, and phone number, is also required to create your profile and for the recruitment process to work.
When you submit a job application on the careers site, you will be asked to supply your resumé/CV so that we have your employment background and academic and professional qualifications, which are required in order to be considered for a role.
If expenses are incurred during the recruitment process that are covered by Workday, you will be asked to share your banking details so Workday can reimburse you.
You can apply for a role at Workday using a number of third-party career sites; for example, SEEK, LinkedIn, and so on. This will connect your profile from these systems with the Workday job application.
For some roles, we may request candidates to perform candidate matching assessments with a third-party talent management organization.
As part of our commitment to diversity and inclusion, where permitted or required by law, we will ask you to provide information such as ethnicity, sexual orientation, or gender identity.
We collect work authorization information to verify lawful employment eligibility.
Later in the recruitment process, we may collect additional identity information to complete background checks.
We mostly collect your personal data directly from you with a few exceptions, including:
- Recruitment agencies that you have asked to support you in finding a job
- Workday personnel who have referred you
- Background checking company that will verify the accuracy of information that you have provided
How we use your personal data.
We will use your contact information, such as email and telephone number, to keep in touch with you and send you relevant information throughout the course of your recruitment journey with us. We may also contact you with roles that we believe may be of interest to you.
During the application process, we will process your resumé/CV information to check your skills and experience against the position for which you have applied. If we ask you to complete a candidate matching assessment with a talent management company, we will include the match results in the recruitment process. We will also capture additional personal data during in-person and/or remote interviews to assess your suitability for the job.
We will use your bank account details to reimburse you if you have claimed expenses associated with the Workday recruitment process.
If you are successful in the interview process, we will carry out background checks and validation of your experience and academic and professional qualifications. We will use a third-party organization to perform these checks and will share the CV and identity information that you have provided. Background checks will be completed only as permitted by local law.
If you accept an offer for a position at Workday, your personal data will transfer to your personnel file.
In certain Workday locations, we are required by law to provide reports on the diversity of our recruitment talent pools and will need to send reports to the relevant authorities covering a particular time period.
Where permitted by law, Workday may use the personal data you submit for statistical or product improvement purposes.
If you are not successful in the interview process, we will hold onto your details so that we may reach out to you and invite you to apply for other positions that we think may be a good fit for you. If you don’t want us to do this, you can let us know.
Disclosure of data.
We will share your personal data internally within Workday to allow the job application and recruitment processes to work. Your data will only be shared with those people in Workday who need to view your data in order to do their job.
We will share your personal data with the following categories of third parties:
- Background-checking organizations that verify employment history, and academic and professional achievements
- Third-party service providers that support the Workday Recruitment process
- Third parties that Workday can share your personal data with, per your instruction
- Government agencies or authorities where laws require us to share your data
- Law enforcement or government agencies where we have a good-faith belief we must share the data to comply with the law, protect individuals/the general public, or to respond to a valid legal process
Third-party organizations that we use to process data on our behalf must protect your data to the same standard as Workday and only process the data as we have instructed.
Workday does not sell personal data that we collect or process as part of the recruitment process or any related processes.
Where your personal data is processed.
Your personal data may be processed in the countries where you have applied for a job, the United States, or any other country where Workday or its subcontractors have operations. Third-party organizations processing personal data for Workday must comply with all relevant privacy laws in order to protect your personal data in any country where they process or transfer the data.
Workday operates as a global business and may transfer, store, or process your personal data in a country outside your jurisdiction, including ones that are not subject to an adequacy decision by the European Commission. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Statement. These safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, thus requiring all group companies to protect personal data they process from the EEA in accordance with European Union data protection law.
Workday will retain your data at least as long as necessary to fulfill the service that you have requested, comply with any laws or regulations, resolve disputes, and enforce our agreements. Workday may retain your data longer with your consent or for a legitimate business interest where we have assessed the business benefit and confirmed that this is not outweighed by your personal rights and freedoms.
Your rights over your personal data.
Depending where you are located, you may have certain rights over the personal data we hold about you, subject to local privacy laws. These may include the right to:
- Access the personal data we hold about you.
- Have incorrect personal data updated or deleted.
- Have your personal data deleted.
- Restrict the processing of your personal data.
- Object to the processing of your personal data carried out on the basis of our legitimate interests.
- Receive a copy of your personal data in an electronic and machine-readable format.
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Workday does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
- Receive the categories of sources from whom we collected your personal data.
- Complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
Workday will not discriminate against you for exercising your rights.
You, or an authorized individual who we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Statement or by submitting your request through our Request Portal.
Legal basis for processing personal data.
Our legal grounds for collecting and using your personal data as described in this privacy statement fall into the following four categories.
Consent: In some cases, we ask you for your consent to process your personal data. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by emailing email@example.com.
Legitimate Interest: We process certain data for the legitimate interests of Workday, our affiliates, our partners, or our customers. These legitimate interests include, for example, improving effectiveness and efficiency in our recruitment processes and detecting, preventing, and investigating illegal activities and potential security issues. We will rely on our legitimate interests for processing personal data only after balancing our interests and rights against the impact of the processing on individuals.
Performance of a Contract: We process personal data to perform our obligations under an agreement we have with you. For example, we use your personal data to make you a job offer or complete a contract of employment with you.
Other Legal Bases: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.
We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured areas of any Workday recruitment web page. Access to and use of password protected and/or secure areas of any Workday recruitment web pages is restricted to authorized users only.
E.U.-U.S. and Swiss-U.S. Privacy Shield
Workday complies with the U.S. Department of Commerce-maintained EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal data transferred from the European Economic Area (EEA), Switzerland, or the United Kingdom to the United States. Workday has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
To learn more about the Privacy Shield Frameworks and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Workday is responsible for processing personal data we receive under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Workday complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, Switzerland, or the United Kingdom, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Workday is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
The Workday privacy practices, described in this Privacy Statement, comply with the APEC Cross-Border Privacy Rules (CBPR) system. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.
Changes to this Privacy Statement.
This Recruitment Privacy Statement may be amended or revised from time to time at the discretion of Workday. The most recent document is available via the Workday careers webpages. If we propose to make any material changes, we will provide notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
How to contact us.
If you have any questions about this Recruitment Privacy Statement, or wish to exercise your rights, please submit your request through our Request Portal. You may also contact us at firstname.lastname@example.org or via one of the mailing addresses below:
6110 Stoneridge Mall Road
Pleasanton, CA 94588
Dublin 7 Ireland
To contact the Workday Data Protection Officer, please email email@example.com.
The controller of your personal data is the hiring Workday affiliate. For a list of Workday affiliates and their contact details, please see here.
Workday will respond to your request within a reasonable time frame or as required by law.
If you have a privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.