Privacy Shield Privacy Notice on Privacy Statement
EU-U.S. & Swiss-U.S. Privacy Shield Privacy Notice
Effective Date: April 8, 2019
Workday, Inc. (“Workday”) commits to subject to the Privacy Shield Principles all personal data that Workday receives from the European Economic Area (“EEA”), the United Kingdom and Switzerland in reliance on the respective EU-U.S. & Swiss-U.S. Privacy Shield. Information regarding the Privacy Shield framework and Workday’s certification can be found at: https://www.privacyshield.gov.
Types of personal data collected
Workday collects personal data from individuals who visit our public and customer-facing web and mobile sites ("EEA, UK and Swiss-based Website Visitors"), and individual representatives of our corporate customers, suppliers and business partners ("EEA, UK and Swiss-based Business Contacts"). We also supplement the data with data collected from third parties (including other companies).
From EEA, UK and Swiss-based Website Visitors, Workday may collect the following types of personal data:
- contact information;
- company information;
- activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to use of our websites and our services;
- log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our websites;
- photos, social media profile, areas of expertise and any other information visitors choose to provide when accessing Workday Community;
- feedback and reviews, or requests for support;
- event registrations and preferences;
- resume and applicant information for those applying to job openings; and
- other personal data provided by the EEA, UK and Swiss Website Visitors.
From EEA, UK and Swiss-based Business Contacts, Workday may collect the following types of personal data:
- contact information;
- financial and billing information;
- company information;
- security authorization and authentication information;
- usage data; and
- other personal data provided by the EEA, UK and Swiss Business Contacts.
Purposes of collection and use
Workday collects and uses personal data of EEA, the UK and Swiss-based Website Visitors and EEA, UK and Swiss-based Business Contacts for the purposes of:
- providing information about our services and events;
- personalizing visitors’ experience on our websites;
- providing products, services and support to our customers;
- communicating with corporate business partners about business matters;
- conducting related tasks for legitimate business purposes;
- aggregating data; and
- other purposes disclosed at the time of collection.
Commitment to subject to the Principles
We subject to the Principles all European, British and Swiss personal data that we receive from individuals or companies in the EEA, the UK or Switzerland in reliance on the Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Type of third parties to which we disclose personal data and purposes
Workday may share personal data we collect from individuals or companies in the EEA, the UK or Switzerland with the following types of third parties and for the following purposes:
- subsidiaries, affiliates and contractors, who process personal data on behalf of Workday to provide the services requested;
- channel partners, such as distributors and resellers, to fulfill product and information requests, and to provide customers and prospective customers with information about Workday and its products and services;
- other third party service providers contracted to provide services on our behalf;
- partner, sponsors or other third parties with whom Workday jointly offers webinars, white paper downloads or other related services; and
- other corporate entities if Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets.
Right to access
If EEA, UK and Swiss-based Website Visitors and EEA, UK and Swiss-based Business Contacts have any questions regarding this Privacy Shield Notice or need to update, change or remove information, please contact firstname.lastname@example.org or by regular mail addressed to:
6110 Stoneridge Mall Road
Pleasanton, CA 94588
Alternatively, regular mail may also be directed to our EEA-based subsidiary, Workday Limited, by addressing it to:
Workday will respond to your request to access or delete your information within 30 days.
Choices and means
If you are an EEA, UK or Swiss-based Workday Website Visitor or EEA, UK or Swiss-based Business Contact, if at any time after registering for information, your personal data changes, you change your mind about receiving information from us, wish to cancel your account or request that Workday no longer use your information to provide you services, contact us via the contact information in the “Right to Access” section above. You may choose to unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the message you received. We will retain and use your information for as long as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Independent dispute resolution body
In compliance with the Privacy Shield Principles, Workday commits to resolve complaints about our collection or use of your personal data. EEA, UK or Swiss -based Workday Website Visitors or EEA, UK or Swiss-based Business Contacts with inquiries or complaints regarding our Privacy Shield notice should first contact Workday via the information provided above.
Workday commits to cooperate with the panel established by the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel or Commissioner, as applicable with regard to data transferred from the EEA, the UK and Switzerland, as applicable.
Investigatory and enforcement powers of the FTC
Workday is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Workday also is committed to cooperating with EEA, UK and Swiss data protection authorities.
If you are located in the EEA, the UK or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of Workday’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please see Annex I of the Privacy Shield: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Requirement to disclose
Workday may disclose personal data in special cases when we have a good faith belief that such action is necessary to: (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce the website Terms and Conditions; or (d) act to protect the interests of our users or others.
If a third party service provider providing services on Workday’s behalf processes personal data from the EEA, the UK or Switzerland in a manner inconsistent with the Privacy Shield Principles, Workday will be liable unless we can prove that we are not responsible for the event giving rise to the damages.