Recruitment Privacy Statement
Effective: April 2, 2025
Introduction and Statement Scope
Workday respects individual privacy rights and we are committed to processing personal information fairly, responsibly and in accordance with applicable local laws.
This Global Recruitment Privacy Statement (“Privacy Statement”) describes how we process personal information when considering candidates for roles with the Workday group. This Privacy Statement:
- applies to any individual we consider hiring for a job, whether we identified them in the job market or they shared their information with us
- applies to all Workday role types including full-time or part-time employment, contract work, or internship opportunities
- explains how individuals can exercise their privacy rights with Workday.
Workday has offices all over the world. How Workday handles personal information varies based on local laws in our recruiting locations. As well as this Privacy Statement, Workday or authorized parties may provide supplementary transparency information to keep you informed about our processing practices.
Workday is a leading provider of enterprise cloud applications for finance and human resources. This means Workday customers (companies, schools, governments and other organizations) use our software applications to manage their recruitment, workforces, and finances.
- This Privacy Statement doesn’t apply if you applied for a role with a Workday customer or another organization that is not part of the Workday group.
- As a cloud service provider, Workday does not control or make recruiting decisions for customers or other organizations that use Workday applications.
- Workday cannot respond directly to a request where the personal information processed relates to another organization's recruitment.
- If you have a question regarding another organization, you should refer to the recruiting organizations' privacy statement and contact information.
Quick Links
We recommend that you read this Privacy Statement completely to understand how Workday processes personal information in connection with our recruitment practices. You can also easily jump to specific sections of interest if you prefer:
What personal information do we collect and process?
Does Workday process sensitive personal information?
When is personal information required?
Will you contact me about future Workday roles and potential matches?
Does Workday share your personal information?
Does Workday use Artificial Intelligence (“AI”) tools?
Can my personal information be used for recruitment research, training or development?
How long does Workday retain your personal information?
How does Workday protect your personal information?
Does Workday transfer your personal information internationally?
Will Workday make changes to this privacy statement?
What personal information do we collect and process?
Information you provided
Information will be collected directly from you when you:
introduce yourself to Workday at an event or join the Workday Talent Community to be considered for potential future roles
create a candidate account to apply for roles
apply for a role at Workday
meet with us during in-person, telephone, or online meetings as a job applicant.
Information obtained from other sources
Information is generated about you during our recruitment processes by recruiting teams and Workday systems.
You can also apply for a role at Workday using various third-party career and recruitment sites, such as LinkedIn and SeekOut. Doing so connects your profile from the third party platform with Workday systems and the Workday job application process.
We collect personal information from external sources outside of Workday, when considering applications or searching for talented personnel, in accordance with applicable law, including:
recruiting agencies, academic institutions, professional organizations, alumni and resume sharing platforms and similar parties supporting job searches
Workday personnel who refer you
independent background checking and verification suppliers
referees in response to reference requests
publicly available sources, including any professional platforms you use and other relevant professional information available online, such as articles you may have written, research contributions or similar citations
future group companies that join the Workday global structure through a merger, acquisition or purchase of assets.
The table below provides a summary of the typical talent and recruitment purposes for which we collect and process personal information, in accordance with applicable law, with examples of the personal information processed in each case.
You can read more about the “legal bases” we rely on to process personal information for these purposes under the “Legal basis for processing” section if you are from the EU or UK or another location with similar legal requirements.
| No. | Purpose(s) | Personal Information Processed for This Purpose |
|---|---|---|
| 1 | Providing access to our recruitment site, posting job specifications, and managing site security. | We process the following personal information for this purpose:
|
| 2 | Identifying and shortlisting prospects and job applicants. | We process the following personal information for this purpose:
|
| 3 | Facilitating our recruitment processes, and managing in-person and online meetings and assessments. | We process the following personal information for these purposes:
|
| 4 | Making a hiring decision for current or future employment opportunities. | We process the following personal information for this purpose:
|
| 5 | Verifying your information and carrying out necessary background checks.
|
We or our approved service providers process the following personal information for this purpose in connection with the relevant activities:
|
| 6 | Promoting, monitoring, and reporting of diversity and equal opportunities | We process the following personal information for this purpose:
|
| 7 | Defending Workday against potential complaints, enquiries and responding to legal requests. | We process the following personal information for this purpose:
The specific information processed depends on the nature of the complaint, inquiry, or request and who raises it. |
| 8 | Improving Workday’s recruitment processes and services. | We process the following personal information for this purpose:
|
| 9 | Contacting you about future Workday opportunities and news. | We process the following personal information for this purpose:
|
Information collected automatically.
When you visit the Workday Recruitment site, we use cookies, tracking pixels, and scripts. For more information about the technologies we use, why we use them, and how you can control these technologies, please review the Workday Recruitment Site Cookie Notice.
Does Workday process sensitive personal information?
We understand that certain personal information requires greater protection. The meaning of “sensitive” or “special category” personal information differs globally, but typically includes information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data, data concerning health, sexual orientation, and criminal history. In some jurisdictions, it can also include the contents of your communications where Workday is not an intended recipient, or your precise geolocation.
We do not process sensitive personal information about you unless it’s needed to operate our business, such as for legitimate recruitment and employment-related purposes or to support you as a job applicant to, or employee of, Workday. If we need to collect sensitive personal information, we will do so in a way that is lawful, tell you and explain how we will use it.
For example:
We may process limited information about your racial or ethnic origin, gender, gender identity, sexual orientation, and disabilities collected to assess fairness and non-discrimination, and to create and cultivate an inclusive work environment, including where required:
to comply with equal employment and anti-discrimination laws
to strengthen Workday Value, Inclusion, Belonging and Equity initiatives with your explicit consent, where required by applicable laws;
We may also process information about your physical or mental condition to provide work-related accommodations, such as during fitness to work dialogue or limited information in the context of health and insurance benefits provided or arranged for you and your beneficiaries, to promote a healthy workforce as well as to support and manage work or upcoming absences.
Workday is proud to be an equal opportunity workplace. Workday does not use sensitive personal information to make recruitment or employment decisions. As a general rule, you can decline to provide sensitive personal information if you prefer not to say. There is no negative impact on any application if you prefer not to say.
When is personal information required?
Workday will inform you if there’s a legal, business or recruitment requirement to provide personal information. Generally, we’ll only ask for what is necessary and proportionate to consider you for a role and the relevant recruiting purpose. If you’re unable to provide the information required, we’ll explain if there might be any consequences or delays to your applications.
When we ask for your consent to collect or use your personal information by Workday or a third party, you’re not obliged to give consent - you can choose freely whether you wish to consent to that specific collection or use.
Will you contact me about future Workday roles and potential matches?
Yes. If you are curious about Workday but there is not a current job opening you wish to apply for, you can become a member of the Workday Talent Community or if your initial job application is not successful we’ll add your information to our internal Candidate Database and may reach out to you about future roles. You can advise your talent acquisition contact if you’d prefer not to be added.
During future recruitment initiatives, Workday may assess if there are matches where your profile might be a fit for an upcoming role and may invite you to apply. We may also send you information about Workday news and careers events. Workday Talent acquisition assesses your resume/CV, qualifications and experience when identifying and shortlisting potential candidates based on prior exchanges with you and may use Workday’s AI tools. You can provide a new version of your resume/CV at a later point and update your contact preferences at any time.
See: “Does Workday use AI tools to process my job application to support the recruitment process?” and “What are your privacy rights?”
We will keep the information for future job match purposes for a reasonable period after your application based on local laws and guidance. Keep in mind, if your initial application is unsuccessful, we need to retain information to respond to queries and assess compliance with local laws for a period, but you can still ask to be removed from future role consideration, job invitations and Workday news. See: “How long does Workday retain your personal information?”.
If you accept a role at Workday, the information collected during the recruitment process will form part of your personnel file and Workday profile and will be processed in accordance with our Employment Privacy Statement, which will be provided to you during onboarding.
Does Workday share your personal information?
There are a number of situations where we may need to share your personal information with others in line with the recruitment and business purposes outlined above. Workday takes care to disclose personal information to only those recipients who require access to perform their legitimate tasks and duties.
We’ll disclose your personal information to the following categories of internal and external recipients:
Subsidiaries and other group companies. Members of the Workday Group around the world:
Including for purposes 1-9.
Third-party suppliers and service providers. This may include technology and recruiter systems, software providers, including virtual assistant and chatbot technology, recruitment and search agencies, testing or assessment institutions, survey tool providers, payment processors, travel management, our background checks providers, and benefits providers. We do so on a “need-to-know basis” and in line with contractual provisions we implement with the suppliers.
Including for purposes 1-9.
Courts, tribunals, regulators, public authorities, and professional advisers (including immigration specialists, tax advisers, accountants and lawyers) to comply with our legal and regulatory obligations, inquiries or matters, including to respond to a complaint, court order, audit, warrant, subpoena, administrative, regulatory or judicial process, request or incident
Third parties as necessary: to establish, exercise or defend against potential, threatened, or actual litigation; when we have a good faith belief that disclosure is necessary to protect your safety, the safety of others, or compliance with local standards applicable to Workday; or in connection with a business transition or restructure, such as a merger, acquisition by another company, or sale of all or a portion of Workday’s assets.
Any other third parties where you’ve consented, instructed Workday to share your personal information or where disclosure is reasonable.
Workday personnel authorized to access or discuss personal information must comply with confidentiality, privacy and security requirements.
When we engage third parties and suppliers to process personal information on Workday’s behalf, we implement appropriate measures to provide assurance that third-party organizations do so in a manner consistent with this Privacy Statement and applicable law, and that the security and confidentiality of the information is maintained. This is in addition to the privacy and security obligations applicable to the third party in connection with their processing and services under applicable law.
Third-party recipients also have their own privacy statements outlining their data processing approach, that you may wish to consult where the third party has their own business purposes or if you have a direct relationship with them.
Does Workday use Artificial Intelligence (“AI”) tools?
Yes. We use responsible AI tools that assist us to process personal information for the recruitment and business purposes described in the table above. Workday is committed to using tried, tested and trusted AI tools to empower our talent acquisition team members and support their human judgment and valuable experience. We also believe AI can significantly enhance the recruitment experience for our prospective workmates. We currently use AI tools to review job applications, CVs and resumes and schedule interview times and availability.
Workday implements robust risk management practices to test our AI tools for fairness and to mitigate bias and similar risks. We also seek assurances from third parties that may provide AI tools before any deployment, alongside due diligence reviews.
Does Workday use AI tools to process job applications to support its recruitment process?
Yes. We receive very large volumes of applications and candidates, and to process these we use AI tools that help our recruiters identify and evaluate how closely candidate applications and resumes/CVs align with a given job requisition. The AI-powered tooling helps to improve consistency, accuracy and speed in the recruitment process and reduce the potential for human bias or errors.
How does it work? The AI tooling extracts personal information from within candidate applications and resumes/CVs that are relevant to the open role such as information you have disclosed about your skills, experience, location, and education as applicable. The tools then work out how closely this personal information matches the requirements of the role available, and assigns a suggested grade reflecting how close the match is, for example: “candidate exceeds”, “meets” or “does not meet some or all the basic qualifications".
The Workday talent acquisition team uses these suggested AI generated grades to help shortlist and prioritize applications in the recruitment process. Our talent acquisition team is trained in the responsible use of AI recruitment tools and as a general rule the grades are one of several factors they consider throughout the candidate consideration process for those minimally qualified for the role, in conjunction with screening interviews and hiring manager interviews. Workday hiring managers and prospective teammates in the recruiting department are involved in ultimate hiring decisions across all stages of the hiring process.
In some recruitment exercises, for example, where we have particularly high volumes of applicants, it is not possible for every CV/resume or application to be reviewed by a member of the talent acquisition team during initial sifting stages, and so your application may not be successful if an open role is filled while you are still in the recruitment process and/or you do not meet the minimum job requirements.
We will use such AI recruitment tools consistent with the requirements of applicable privacy laws. For more information, see: “What are your privacy rights?” below.
Can my personal information be used for recruitment research, training, testing or development?
Yes. We may use the personal information our candidates submit for recruitment research, training, testing and development, including:
Business reporting: Workday may produce or receive summary reports for Workday’s talent acquisition teams and leaders to understand overall recruitment metrics, including volumes, geographies or candidate pool inclusivity and progression trends. Recruiting research and reports help inform future recruitment strategies and third-party learning opportunities.
Product development: Workday’s own product technology can be developed using applicant and candidate data leveraged in Workday recruitment practices. AI models (that support the functioning of Workday AI products) may be improved and trained by learning from patterns manifest in Workday’s own recruitment practices, for example, recruiters for “sales roles” tend to advance candidates with “negotiation experience” therefore future iterations of Workday’s AI models may learn to place greater weight on “negotiation experience” for those select roles without impacting you personally - such improvements could help future applicants and candidates. These enhancements also support Workday and third parties including customers who later use Workday’s cloud application services for future recruitment exercises.
Internal testing: Workday may conduct assessments to support its responsible AI commitments to manage risks related to fairness, non-discrimination, inclusivity and efficacy.
We aim to implement privacy enhancing and security safeguards to responsibly use certain information within wider data sets to protect individual privacy. Specifically, de-identifying, pseudonymizing and/or aggregating techniques which are designed to mitigate and reduce individual privacy risk impacts are used when possible, for responsible security, research, analytics, reporting, product development purposes.
This use of data for responsible product development, reporting and testing supports Workday’s legitimate interests in innovation and improvement. Workday is required to work with quality and representative candidate datasets to train, test and develop Workday’s AI technology.
Please note that Workday does not share or license personal information provided during your applications to Workday, including identifiable job applications, resume/CV information, suggested grades or reports with other businesses for their own recruitment or other purposes.
How long does Workday retain your personal information?
Workday securely stores and retains your personal information for the time periods needed to fulfill legitimate business purposes, including those described in this Privacy Statement and in accordance with applicable local laws. In summary, we keep personal information:
Following the completion of a recruitment process and hiring decision so that we can consider and respond to potential enquiries, complaints, legal or compliance matters involving Workday’s recruitment operations
To keep you informed of future vacancies if you wish and maintain accurate records of your contact preferences.
You can update your preferences regarding future contact at any time, but please be aware that we’ll need to retain other information if we have lawful bases and purposes at the time of the request.
We have processes in place to delete recruitment information between six months and four years following an unsuccessful application. The period differs based on local laws and guidance in the recruiting location. To determine the appropriate retention period for personal information within our records, we consider many factors relevant to the Workday business and your recruitment, including:
our legal and regulatory obligations or any available guidance
claims risk and limitation periods
prevailing legitimate business needs
the amount, nature, and sensitivity of the personal information
the potential risk of harm from unauthorized use or disclosure of your personal information considering our technical security controls
if we can achieve any prevailing purposes through other means.
What are your privacy rights?
In some recruiting and role locations, you may have certain legal rights over the personal information we hold about you. In summary, the privacy rights can include the right to:
Obtain access to your personal information that is being processed by us, have inaccurate personal information corrected and request the deletion of your personal information.
Object to the processing of your personal information carried out based on our legitimate interests.
Ask us to restrict the processing of your personal information.
Request the portability of your personal information in a structured, commonly used and machine-readable format if the processing is carried out based on consent or a personal contract.
Withdraw your consent at any time, if we have collected and processed your personal information for a specific activity with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Not to be subject to a solely automated decision (including profiling) which produces legal or similarly significant effects. Under applicable privacy laws, we can only use solely automated tools that produce legal or significant effects within our recruitment processes if we have your consent to do so, it is necessary to enter into or perform a contract with you, or we are authorised by law. In such cases, you can contact our talent acquisition team and seek a human review.
Lodge a complaint with a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work, or the registered office of the “data controller”. You can also request the details of your competent supervisory authority by using the details in the “Want to Contact Us?” section. The “Additional region specific disclosures" section below provides further information about how to complain to your local data protection supervisory authority.
Lodge a case with a local court to claim a judicial remedy. If you believe there has been an infringement of your privacy rights or the requirements under applicable privacy laws, you can file a case with a court or similar judicial body to seek appropriate redress. You can file a case with a court in your usual place of residence, your place of work, the registered office of the data controller or the location of the applicable data protection supervisory authority. This right to seek a judicial remedy, is in addition to your right to lodge a complaint with a data protection supervisory authority.
We may need to ask you to provide information so that we can confirm your identity before responding to a request.
Workday will not discriminate against you for exercising your privacy rights. We’ll explain how any of the rights operate in your situation, including:
If the right differs in your location or because of the legal basis for the processing activity
If Workday has prevailing processing needs and what they are
How the rights of other individuals or parties interact with your specific request.
How can I exercise my privacy rights?
You, or an authorized individual or representative who we can verify is acting on your behalf, can exercise your privacy rights by contacting us using the details in “Want to Contact Us?” below or by submitting your request through our web form.
If you can provide details of any concerns, this may assist Workday expedite the response. In any event, we will respond without undue delay and keep you updated. We will usually provide a substantive response within one month of your request but this may be extended to three months in some complex cases.
How does Workday protect your personal information?
We have various teams that are dedicated to maintaining appropriate security arrangements to keep your information safe and secure with privacy risks, safeguards and protections in mind. We take cyber and personal information security seriously.
We implement technical, organizational, and contractual measures to protect the personal information against accidental loss, destruction, access or other incidents and the privacy risks involved.
Please note security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured areas of any Workday recruitment web page or process. Access to and use of password-protected and/or secure areas of any Workday recruitment web pages or processes are restricted to authorized users only.
Does Workday transfer your personal information internationally?
Yes. Workday is headquartered in the U.S. and operates as a global business. We transfer, store, access and process your personal information in various international locations, including countries:
where you are applying or being considered for a role
outside your jurisdiction
where Workday or Workday-contracted third-party suppliers, customers or relevant third-party recipients have operations.
Certifications
U.S. Data Privacy Framework
Workday adheres to the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the “UK Extension” to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Workday relies on the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF as a legal basis for transfers of personal information. To learn more, visit our Data Privacy Framework Notice here.
APEC Cross-Border Privacy Rules System
The Workday privacy practices, described in this Privacy Statement, comply with the APEC Cross-Border Privacy Rules (“CBPR”) system. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.
Will Workday make changes to this Privacy Statement?
We may update this Privacy Statement from time to time in response to changing legal, recruitment, or business developments including when we use new technologies in the recruitment process. When we update this Privacy Statement, we will take measures to inform you, consistent with the significance of the changes.
You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Privacy Statement.
Want to contact us?
If you have any questions about this Privacy Statement, or wish to exercise your privacy rights, please submit your request through our web form or through one of the mailing addresses below:
If you are applying to a role located in the EEA, UK or Switzerland, contact:
Workday Limited
Attn.: Privacy
Kings Building, May Lane
Dublin 7
Ireland
If you are applying to a role located anywhere else, contact:
Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA
You can also contact the Workday affiliate in the country in which you applied for a role or responded to a recruitment search process with any questions about your personal information. For a list of Workday affiliates and their contact details, see here.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.
Additional region-specific disclosures
California
If you’re located in California, please note the following additional disclosures:
Workday does not “sell” to third parties, or “share” with third parties for targeted advertising purposes, the personal information that it collects or processes as part of the recruitment, employment, or personnel management process or any related processes (including as those terms are defined under the California Privacy Rights Act).
For California residents, if you are submitting a request to access, please specify if you would like to access personal information categories or specific pieces of personal information. In addition to many of the rights described above, California residents have the right to opt out of a business’s sale of your personal information or sharing of your personal information to third parties for targeted advertising. Workday does not sell your personal information or share your personal information with third parties for targeted advertising. Workday also does not use your sensitive personal Information for any purpose other than to operate our business, for legitimate recruitment-related purposes, or where otherwise permitted by, or necessary to comply with, applicable laws, and therefore does not provide a right to limit the use of sensitive personal information.
When you submit a request, we will first acknowledge receipt of your request within 10 business days after receipt of your request. We will provide a substantive response to your request within 45 calendar days after its receipt. If we require more time (up to 90 days or the permitted time frame), we will inform you of the reason and extension period in writing.
Only you or an authorized agent (as described below) may make a verifiable consumer request related to your personal information.
How to Authorize an Agent. You may designate an authorized agent to submit your verifiable consumer request on your behalf only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.
- How We Verify Your Request. To respond to your request, we must verify your identity and/or the authority of your authorized agent. We will only use the personal information provided to us in that context to verify your identity or the authority of your authorized agent to make the request. Making a verifiable consumer request does not require you to create an account with us. To allow us to verify your request, we may require that you provide at least two pieces of personal information that we already have in our possession, if we cannot already verify you. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud.
European Economic Area, United Kingdom and Switzerland
If you’re located in the EEA, UK and Switzerland, please note the following additional disclosures:
Who is the responsible data controller?
Workday Limited is the data controller primarily responsible for protecting your personal information, although it shares responsibility for protecting your personal information with the European Workday affiliate that you applied to, or that has contacted you about a role (the “Local Workday Affiliate”). Workday Limited and the Local Workday Affiliate are joint data controllers.
We encourage you to contact Workday Limited with any questions you have about your personal information, although you can also contact your Local Workday Affiliate if you prefer. As between Workday Limited and your Local Workday Affiliate, Workday Limited is primarily responsible for:
Preparing and providing you with this Privacy Statement
Fulfilling any requests you make to exercise your privacy rights
Determining the lawful bases for processing of your personal information
Ensuring appropriate technical and organizational security measures are implemented to protect your personal information
Reporting any personal data breaches that may occur in accordance with applicable privacy laws
Conducting data protection impact assessments where required
Engaging a third party supplier or data processor
Ensuring appropriate safeguards have been implemented in respect of any international transfers of personal information
Workday Limited is based in Ireland and is Workday’s main establishment and European headquarters. Workday Limited is regulated by the Irish Data Protection Commissioner, whose contact details are available here.
Workday Limited and your Local Workday Affiliate will cooperate as necessary to ensure the proper fulfillment of the responsibilities described above, in addition to any other requirements that apply under this Privacy Statement and privacy laws. Both will ensure compliance with the data protection principles at all times.
Contact details for Workday Limited and your Local Workday Affiliate are provided under the “Want to Contact Us?” section above.
Lodging a complaint
You may lodge a complaint with a data protection authority such as the supervisory authority of your usual place of residence. A full list of EEA data protection authorities is available here. Contact details for the Irish Data Protection Commissioner are available here. In the UK, the data protection authority is the Information Commissioner’s Office and in Switzerland the Federal Data Protection and Information Commissioner.
Legal basis for processing
Under local privacy laws, there are various grounds which we need to rely on when processing your personal information. The legal basis will depend on the information concerned and the specific context and collection purposes.
For individuals in the EEA and UK or another jurisdiction which prescribes similar legal basis requirements, our legal basis for collecting and using the personal information, including sensitive personal information, is described in the following tables.
Purposes of processing personal information and legal bases
| Legal basis | Processing Purpose(s) |
|---|---|
Consent - we will ask for your consent to the extent that it is required by EU, UK or local law (as applicable).
In certain cases, such as background checks, you will be asked to advise the third-party service provider of your consent or withdrawal. |
Purpose(s): 5. Verifying your information and carrying out necessary background checks. 6. Promoting, monitoring, and reporting of diversity and equal opportunities, 9. Contacting you about future Workday opportunities and news (if you sign up to be a member of the Workday Talent Community).
|
| Contract - processing needed to enter a contract with you, or perform the obligations. |
2. Identifying and shortlisting prospects and job applicants.
|
| Legal obligation - to the extent that applicable EU or UK law (as applicable) requires us to process your personal information for this purpose, including regulatory guidance, and responding to a court or tribunal order. | Purpose(s): 5. Verifying your information and carrying out necessary background checks. 6. Promoting, monitoring, and reporting of diversity and equal opportunities 7. Defending Workday against potential complaints, enquiries and responding to legal requests. |
Legitimate interests - we rely on this legal basis to the extent that we need to process your personal information for a legitimate reason and none of the grounds above applies.
Legitimate interests can include:
We will not rely on this basis where an individual’s interests and rights should override. The interests of Workday and third parties are considered alongside individual privacy rights, benefits and potential impacts. |
Purpose(s): 1. Providing access to our recruitment site, posting job specifications and managing site security. 2. Identifying and shortlisting prospects and job applicants. 3. Facilitating our recruitment processes, managing in-person and online meetings and assessments. 4. Making a hiring decision for current or future employment opportunities. 7. Defending Workday against potential complaints, enquiries and responding to legal requests. |
The processing grounds we rely upon to process your sensitive personal information, are set out below:
Purposes of processing sensitive personal information and legal bases
| Sensitive personal information ground | Processing Purpose(s) |
|---|---|
Employment law rights and obligations - to the extent necessary under EU/UK employment laws. |
6. Promoting, monitoring, and reporting of diversity and equal opportunities. |
| Legal claims - to the extent necessary to process your sensitive personal information to exercise, establish or defend any legal claims or pursuant to the order of an EU, UK or other court. | 7. Defending Workday against potential complaints, enquiries and responding to legal requests. |
Explicit consent - to the extent we have obtained your explicit consent to process the sensitive personal information. |
Purpose(s): 2. Identifying and shortlisting prospects and job applicants. 5. Verifying your information and carrying out necessary background checks. 6. Promoting, monitoring, and reporting of diversity and equal opportunities. |
Transferring personal information internationally
We process personal information in the U.S. and other countries outside the EEA, UK and Switzerland.
Local importer privacy laws can be different to your home location. When we transfer personal information, we take appropriate measures to protect the exported information, your fundamental rights and freedoms, and your ability to exercise individual rights in accordance with local law.
We ensure the recipient is in a country that provides an adequate level of data protection based on the adequacy decisions of competent authorities, such as for personal information transfers within the Workday group to the U.S. - Workday, Inc. is certified to import personal information under the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF.
We also enter “standard contractual clauses” (“SCCs”) with data importers. SCCs are terms approved by competent authorities in the EEA, UK, Switzerland and other locations, as industry standard data transfer safeguards for cross border processing. You may have a right to request a copy of the SCCs. You can use the details in the “Want to Contact Us?” section.
Where it’s necessary, we implement additional contractual, technical and organizational measures to ensure that personal information transferred is subject to an essentially equivalent level of protection.