Workday Guest Privacy Statement

Last Updated: December 27, 2019

Introduction

We are Workday, a global group of companies with offices all over the world. Workday is committed to protecting the personal data of guests visiting Workday offices.

This Guest Privacy Statement describes Workday’s collection, use, disclosure, transfer, and storage of personal data from guests visiting a Workday office as well as guests accessing, connecting, or communicating on the Workday Guest Wireless Network (“Guest Wi-Fi”). This Guest Privacy Statement does not apply to other Workday websites, products, services, or applications.

 

Personal data we collect.

When you visit a Workday office as a guest we collect the following information, including personal data:

  • Name
  • Email address
  • Company name
  • Workday host
  • Phone number (optional for delivery of visitor Wi-Fi credentials)

This information may be collected from your Workday host prior to you visiting one of our offices, or may be provided by you at the time you access one of our offices. When you visit a Workday office you may access and use the Guest Wi-Fi. When you use the Guest Wi-Fi, Workday collects information about you and your device such as:

  • Name
  • Email address
  • Workday host
  • Operating system version
  • Browser version
  • Regional and language settings
  • IP address
  • Hardware ID
  • Geographic location
  • Usage statistics

 

How we use your personal data.

When you visit a Workday office, we use the information provided to:

  • Present you with a standard non-disclosure agreement
  • Send an automated calendar invite
  • Create a name tag and/or allow you to access our secure offices
  • Send you communications related to your visit

If you choose to connect to the Workday Guest Wi-Fi, Workday uses the information collected to:

  • Enable your access to the Guest Wi-Fi
  • Improve the Guest Wi-Fi service
  • Respond to lawful third-party requests
  • Protect the network

Workday may monitor, prevent, and intercept any transmissions made using the Guest Wi-Fi to protect Workday, other users, or the Guest Wi-Fi network.

 

Data retention.

The personal data collected will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Guest Privacy Statement or as otherwise required. Generally, this means your personal data will be retained until the end of your visit to a Workday office plus a reasonable period of time thereafter to respond to any inquiries associated with your visit to a Workday office or to deal with any legal matters (e.g., judicial actions).

 

Disclosure of data.

Workday may share the information collected (see above) with (a) third-party service providers that process personal data as data processors on behalf of Workday to provide certain services (e.g., the hosted visitor sign-in application); (b) law enforcement, other government entities, or authorized third parties where Workday has a good faith belief that such disclosure is required to comply with applicable law or to respond to a valid legal process; or (c) as necessary to protect persons from harm.

If Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred.

Workday does not sell personal data that it collects or processes as part of this Guest Privacy Statement.

Data transfers.

Personal information collected about you may be stored and processed in the United States and in any other country where Workday or its subsidiaries and affiliates, or subcontractors maintain operations. Third parties processing personal data on Workday’s behalf are required to comply with applicable laws, including, without limitation, onward transfer requirements.

Workday complies with the U.S. Department of Commerce-maintained EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States, and from Switzerland to the United States, respectively. Workday has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov. Please click here to view our EU-U.S. & Swiss-U.S. Privacy Shield Notice.

Workday’s privacy practices described in this Guest Privacy Statement comply with the APEC Cross Border Privacy Rules System.

 

Your rights over your personal data.

Depending where you are located, you may have certain legal rights over the personal data we hold about you, subject to local privacy laws. These may include the right to:

  • Access the personal data we hold about you
  • Have incorrect personal data updated or deleted
  • Have your personal data deleted
  • Restrict the use of your personal data
  • Object to certain uses of your personal data
  • Receive a copy of your personal data in an electronic and machine-readable format
  • Not be subject to automated decision-making
  • Receive the categories of sources from whom we collected your personal data

Workday will not discriminate against you for exercising your rights.

You, or an authorized individual we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Statement.

You also have the right to complain directly to a data protection authority about our collection and use of your personal data.

 

Legal basis for processing.

Our legal basis for collecting and using the personal data described above will depend on the personal data and the specific context in which we collect it.

However, we will normally collect personal data from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If you have provided consent for the processing of your personal data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

 

Security.

We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources.

 

Changes to this Privacy Statement.

This Guest Privacy Statement may be amended or revised from time to time at Workday’s discretion. The “Last Updated” date at the bottom of the page will be revised when changes are made to the Guest Privacy Statement. In the event of a material change to this Guest Privacy Statement or how Workday processes your information, we will post a notice of such changes prior to the effective date or send you a notice.

 

How to contact us.

If you have any questions about this Statement, or wish to exercise your rights, please contact the Privacy Team at privacy@workday.com or by regular mail addressed to:

Contact details of business/controller Contact details of EU subsidiary
Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA
Workday Limited
Attn.: Privacy
Kings Building
May Lane
Dublin 7 Ireland

To contact the Data Protection Officer, please email privacy@workday.com.

If you are an EEA, UK, or Swiss resident and are unsatisfied with the responses provided to you regarding the processing of your personal data, you have the right to lodge a complaint with your local data protection supervisory authority.

If you visit an office in the U.S., Workday, Inc. will be the controller of your personal data. If you visit an office in Switzerland, one of the member states of the European Union or European Economic Area, the appropriate Workday entity you are visiting, will be the controller of your personal data.