Employment Privacy Statement
Effective: December 14, 2021
We are Workday, a group of companies with offices all over the world. Workday is committed to protecting the personal data of all Workday Personnel. “Workday Personnel” includes current and former employees and those who work on a non-permanent basis, including contingent workers, temporary and contract workers, independent contractors, and interns.
This Employment Privacy Statement (“Privacy Statement”) describes how Workday collects, uses, discloses, transfers, and stores your personal data and your rights in connection with your personal data as part of your employment/engagement. How we process your personal data may vary by jurisdiction based on (i) applicable law, (ii) your employment agreement or other terms, and/or (iii) the nature of your position and duties.
We recommend that you read this Privacy Statement in full to ensure that you are fully informed; however, if you only want to review a particular topic, you can click on the relevant link below to jump to that section:
Personal Data We Collect
As part of your employment/engagement with Workday, we may collect personal data about you, or your dependents, beneficiaries, and other related individuals whose personal data has been provided to us. The types of personal data we collect about you may vary based upon your role and applicable law. Personal data we may collect includes, but is not limited to:
- Identification data, such as your name, gender, photograph, date of birth, Workday IDs
- Contact information, such as email address(es), physical or mailing address(es), and telephone number(s)
- Employment information, such as goals, performance data, performance reviews and feedback, career development, payroll, stock, compensation, business expenses, reimbursements, and other financial information
- Job application information, such as a resume, an application, background check, security clearance checks (if applicable to your role), and public records information
- Government identification numbers, documentation, and security clearances relevant to working for certain customers, including public authorities
- Benefits and pension or superannuation information, such as benefits elections for welfare, disability, leave, medical, or other benefits and associated dependent information
- Dependent and/or beneficiary information to provide benefits packages to you, such as health or life insurance coverage or other benefits
- Emergency contact information to be used in the event of an actual or potential emergency
- Workplace information, such as photographs and videos
- Responses to voluntary workplace satisfaction surveys
- Information required to provide access to and ensure compliance with Workday policies in accordance with your use of Workday property, such as documents, data, computers, network, applications, physical facilities, and other resources, including IP addresses and access logs
- Work-related healthcare information, such as information related to a medical leave or safety incident, or vaccination information where required or permitted by applicable law
- Information required by applicable law or regulatory requirement
- Images captured on CCTV (Closed Circuit Television) cameras used in Workday offices for safety and crime prevention purposes. Notices will let you know where Workday is operating CCTV cameras. The CCTV system is not used to monitor the work of employees or their attendance.
- Other information described at the time it is collected or as necessary to establish, administer, manage, and terminate the employment relationship
If you are a contingent worker, the type of personal data we process is limited to what is needed to manage your particular work assignment with Workday, but may include all or some of the above items.
Sensitive personal data includes any information that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data, or data concerning health, sexual orientation, and criminal history (“Sensitive Personal Data”). As a general rule, we try not to collect or process any Sensitive Personal Data about you unless authorized by law or where necessary to comply with applicable laws. However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Data for legitimate employment-related purposes.
- Information about your racial/ethnic origin, gender, sexual orientation, and disabilities may be collected for the purposes of creating a diverse and inclusive work environment, compliance with equal employment opportunity obligations, or complying with anti-discrimination laws and government reporting obligations; or
- Information about your physical or mental condition may be collected to provide work-related accommodations or health and insurance benefits to you and your dependents, or to manage absences from work.
While most of this personal data is collected directly from you, Workday may collect information from third parties in relation to your employment, employment application, deployment on certain customer projects, benefits, or other services we may offer. Workday may use third-party services and providers to assist with collecting and preparing applications for security clearances for relevant client projects.
How We Use Your Personal Data.
We will use the personal data listed above to administer employment and employment-related activities, including:
- To establish, administer, and manage all aspects of your employment relationship (such as payroll, benefits, stock administration, travel, expenses, corporate credit cards, professional development, training, absence monitoring, performance management, disciplinary and grievance processes, business management and human resources-related processes)
- To maintain a global directory of Workday Personnel, which contains your professional contact details (such as your name, location, photo, job title, and contact details) for use by Workday Personnel to facilitate global cooperation, communication, and teamwork
- To ensure compliance with applicable Workday policies, including by managing and monitoring physical/IT/network security, and conducting internal investigations
- To comply with applicable legal or regulatory requirements
- To analyze data generated during the course of employees’ activities, to inform business intelligence, accelerate business operations, identify training/development/awareness opportunities (such as recommending learning courses to help develop skills), evaluate and/or suggest career opportunities (such as recommending short- and longer-term roles that match an employee’s skills), assist workers with data-driven predictions (such as suggesting skills that may be added to an employee’s profile), and personalization
- To perform analysis on organizational and activity data to identify potential business improvements or opportunities for efficiency
- To provide you with required tools and technology, and manage your access to these resources in line with your job role
- To evaluate and report on the demographic makeup of our workforce, where allowed by law (such as diversity reporting)
- To maintain and protect the safety and security of our employees, vendors, customers, other workers, Workday services, property of Workday, or the public
- To communicate with you or your designated contacts in case of emergency
- To send work-related materials to your home or workplace (such as equipment, items for team activities, or employee incentives or rewards)
- To control access to Workday premises and to ensure the safety of our premises, our staff, and visitors, and to prevent, deter, and if necessary, investigate, unauthorized physical access, including unauthorized access to secure premises, IT infrastructure, or theft of equipment or assets
- To assess your suitability and eligibility for work on certain Workday projects, assignments, and secondments, as well as compliance with customer requirements for projects and roles
- Other purposes described to you at the time we collect your personal data
Workday also may use third-party services, such as Google Analytics, to better understand website usage; for example, how many Workday Personnel are visiting internal websites, how long they are staying on the sites, and which pages are most popular. Internal website usage data is collected by Workday-approved third parties and aggregated before being provided to Workday for interpretation.
We process Workday Personnel personal data through several systems and third-party vendors, including our global human resources system (Workday on Workday), which helps us administer HR and employee compensation and benefits at an international level, and which allows Workday Personnel to manage their own personal data in some cases.
Disclosure of Data
We only disclose your personal data to those who require access to perform their tasks and duties, and to third parties that have a legitimate purpose for accessing it. When information is shared with third parties, it is either to fulfill our legal obligation or for a contracted service. For example, we may share identity information, including date of birth, with an insurance company where you have enrolled in a Workday benefit. Whenever we permit a third party to access personal data, we will implement appropriate measures to provide assurance that the information is used in a manner consistent with this Privacy Statement and with applicable law, and that the security and confidentiality of the information is maintained. When we process Sensitive Personal Data, this information will only be transferred outside your country if permitted by applicable law.
We may disclose personal data to the following recipients:
- Members of the Workday group around the world in order to administer human resources functions (such as staff member compensation and benefits at an international level), as well as for other legitimate business purposes, such as IT services/security, tax and accounting, and general business management
- Workday-contracted third-party service providers to carry out certain management activities (such as payroll, benefits, recruitment, stock administration, travel management, and emergency communications), IT-related tasks (such as maintenance of secure systems and networks), or other business services
- Third parties that provide tools and services to assist you in your job responsibilities
- Third parties where you have consented or otherwise instructed Workday to share your personal data
- Third parties that provide analysis, benchmarking, and other business intelligence services
- Contractors and vendors that require personal data to assist us with establishing, administering, and managing the employment relationship
- Third parties to comply with our legal obligations, including to respond to a court order, administrative, regulatory, or judicial process
- Third parties as necessary to establish, exercise, or defend against potential, threatened, or actual litigation
- Public authorities in response to lawful requests
- Other third parties when it is determined in good faith that disclosure is necessary to protect your safety or the safety of others
- Other corporate entities if Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets
Workday does not sell personal data that it collects or processes as part of the employment process or any related processes.
International Data Transfers
Your personal data may be processed in (i) the countries where you are employed or are conducting work for Workday, (ii) the United States, or (iii) any other country where Workday or Workday-contracted third-party service providers have operations. Third-party organizations processing personal data for Workday are contractually required to comply with all relevant privacy laws in order to protect your personal data in any country where they process or transfer the data.
Workday operates as a global business and may transfer, store, or process your personal data in a country outside your jurisdiction, including countries outside the European Economic Area (“EEA”). However, we have taken appropriate safeguards to protect your privacy, fundamental rights and freedoms, and the exercise of your privacy rights. For example, if we transfer personal data from the EEA to a country outside it, such as the United States, we will implement an appropriate data transfer solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law. If you would like to see a copy of any relevant provisions, please contact us using the details provided in the “How to Contact Us” section below.
Workday stores and retains your data for as long as needed to fulfill the purposes described in this Privacy Statement or as otherwise required by law. Typically, this means we keep your personal data until the end of your work relationship with us plus a reasonable period of time afterwards to respond to employment- or work-related inquiries or to deal with any legal matters (such as judicial or disciplinary actions), document the proper termination of your employment or work relationship (such as to tax authorities), or to provide you with ongoing pensions or other benefits.
To determine the appropriate retention period for your personal data, we typically consider our legal obligations; the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; our purposes for processing it; and whether we can achieve those purposes through other means.
CCTV footage is retained for 90 days in North American offices and 30 days in all other offices.
Your Rights Over Your Personal Data
Depending on where you are located, you may have certain legal rights over the personal data we hold about you, subject to local privacy laws. These may include the right to:
- Access the personal data we hold about you.
- Have incorrect personal data updated or deleted.
- Have your personal data deleted.
- Restrict the processing of your personal data.
- Object to the processing of your personal data carried out on the basis of our legitimate interests.
- Receive a copy of your personal data in an electronic and machine-readable format.
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Workday does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
- Complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Workday will not discriminate against you for exercising your rights.
You, or an authorized individual who we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through our Request Portal.
Legal Basis for Processing Personal Data
For Workday Personnel in the United Kingdom, Switzerland, or the European Economic Area, our legal basis for collecting and using the personal data described above, including any Sensitive Personal Data, will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to enter into or perform a contract with you (for example, to administer an employment or work relationship with us), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
These legitimate interests include, for example, contacting you to provide support or sending you employment information (subject to applicable law); detecting, preventing, and investigating illegal activities, potential security issues, or policy violations; and maintaining and improving our internal tools and systems. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data such as in response to a court or regulator order, to protect your vital interests or those of another person, or to exercise, establish, or defend legal claims.
If you have questions or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the details provided in the “How to Contact Us” section below.
We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data and require our vendors and suppliers to do the same. However, you are responsible for maintaining the security of your password or other forms of authentication involved in accessing password-protected or secured resources.
EU-U.S. and Swiss-U.S. Privacy Shield
Workday adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, although Workday no longer relies on the WU-U.S. or Swiss-U.S. Privacy Shield Frameworks as the legal basis for transfers of personal data in light of the judgment of the Court of Justice of the European Union in Case C-311/18. To learn more, visit our Privacy Shield Notice here.
Workday’s privacy practices, described in this Privacy Statement, comply with the APEC Cross-Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC framework can be found here.
Changes to This Privacy Statement
This Privacy Statement may be amended or revised from time to time at Workday’s discretion. The most recent document is available via your Workday on Workday account. If we propose to make any material changes, we will provide notice on this page prior to the change becoming effective. All amendments and revisions are effective immediately upon communication, unless your consent is necessary for the change.
How to Contact Us
If you have any questions about this Privacy Statement, or wish to exercise your rights, please submit your request through our Request Portal. You may also contact us at firstname.lastname@example.org or one of the mailing addresses below:
6110 Stoneridge Mall Road
Pleasanton, CA 94588
Kings Building, May Lane
To contact our Data Protection Officer, please email email@example.com.
If you are employed in the United Kingdom, Switzerland, or the European Economic Area, the Workday affiliate that employs or engages you will be the controller in relation to your personal data. For a list of Workday affiliates and their contact details, please see here.
In compliance with the Privacy Shield Principles, Workday commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our practices for complying with our Privacy Shield certification should first contact Workday as indicated above.
Workday has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at: