Workday Guest Privacy Statement
Effective: January 20, 2021
We are Workday, a group of companies with offices all over the world. Workday is committed to protecting the personal data of guests visiting Workday offices.
This Guest Privacy Statement describes how Workday collects, uses, discloses, transfers, and stores personal data from guests visiting a Workday office, as well as from guests accessing, connecting to, or communicating via the Workday Guest Wireless Network (“Guest Wi-Fi”). This Guest Privacy Statement does not apply to other Workday websites, products, services, or applications.
Personal Data We Collect
When you visit a Workday office, you may be required to register as a visitor and provide the following information:
- Email address
- Company name
- Workday host
- Phone number (optional for delivery of visitor Wi-Fi credentials)
This information may also be collected from you directly by your Workday host prior to you visiting one of our offices.
When you visit a Workday office, you may access and use our complimentary Guest Wi-Fi. To register for our Guest Wi-Fi, you will be required to provide your name, your email address and the name of your Workday host. When you use the Guest Wi-Fi, Workday collects additional information about your device, such as:
- Operating system version
- Browser version
- Regional and language settings
- IP address
- Hardware ID
- Geographic location
- Usage statistics
Workday offices use CCTV (Closed Circuit Television) cameras for safety and crime prevention purposes. When you visit a Workday office, you may have your image captured on our CCTV. Notices will let you know where Workday is operating CCTV cameras.
Physical notices (for example, signage) will let you know when Workday is operating CCTV cameras.
How We Use Your Personal Data
When you visit a Workday office, we use your personal data to:
- Register you as a visitor and create your name tag
- Manage non-disclosure agreements that visitors may be required to sign
- Send an automated calendar invite
- Send you communications related to your visit
If you choose to connect to the Workday Guest Wi-Fi, Workday uses the information collected to:
- Enable your access to the Guest Wi-Fi
- Improve the Guest Wi-Fi service
- Respond to lawful third-party requests
- Protect the network
Workday may monitor, prevent, and intercept any transmissions made using the Guest Wi-Fi to protect Workday, other users, or the Guest Wi-Fi network.
Workday processes data collected through the CCTV systems to (i) control access to our premises and to ensure the safety of our premises, staff, and visitors, and (ii) prevent, deter, and if necessary, investigate unauthorized physical access, including unauthorized access to secure premises, IT infrastructure, or theft of equipment or assets.
The personal data collected will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Guest Privacy Statement or as otherwise required. Generally, this means your personal data will be retained until a reasonable period after the end of your visit to the Workday office to respond to any inquiries associated with your visit to a Workday office or to deal with any legal matters (e.g., judicial actions).
CCTV footage is retained for 90 days in North American offices and 30 days in other offices.
Disclosure of Data
Workday may share the information collected (see above) with (a) third-party service providers that process personal data as data processors on behalf of Workday to provide certain services (e.g., the hosted visitor sign-in application); (b) law enforcement, other government entities, or authorized third parties where Workday has a good faith belief that such disclosure is required to comply with applicable law or to respond to a valid legal process; or (c) as necessary in order to protect the vital interests of a data subject or of another natural person.
If Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred.
Workday does not sell personal data that it collects or processes as part of this Guest Privacy Statement.
International Data Transfers
Workday operates as a global business and may transfer, store, or process your personal data in a country outside your jurisdiction, including countries outside the European Economic Area (EEA). However, we have taken appropriate safeguards with respect to the protection of your privacy, fundamental rights, and freedoms, and the exercise of your rights. For example, if we transfer personal data from the EEA to a country outside the EEA, such as the United States, we will implement an appropriate data transfer solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law.
Your Rights Over Your Personal Data
Depending where you are located, you may have certain legal rights over the personal data we hold about you, subject to local privacy laws. These may include the right to:
- Access the personal data we hold about you
- Have incorrect personal data updated or deleted
- Have your personal data deleted
- Restrict the processing of your personal data
- Object to the processing of your personal data carried out on the basis of our legitimate interests
- Receive a copy of your personal data in an electronic and machine-readable format
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Workday does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
- Receive the categories of sources from whom we collected your personal data
- Complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
Workday will not discriminate against you for exercising your rights.
You, or an authorized individual we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through our Request Portal.
Legal Basis for Processing Personal Data
Our legal basis for collecting and using the personal data described above will depend on the personal data and the specific context in which we collect it.
However, we will normally collect personal data from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
If you have provided consent for the processing of your personal data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources.
EU-U.S. and Swiss-U.S. Privacy Shield
Workday adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, although Workday no longer relies on the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the European Union in Case C-311-18. To learn more, visit our Privacy Shield Notice here.
Changes to this Privacy Statement
This Guest Privacy Statement may be amended or revised from time to time at the discretion of Workday. The “Last Updated” date at the top of the page will be revised when changes are made to the Guest Privacy Statement. In the event of a material change to this Guest Privacy Statement or how Workday processes your information, we will provide notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
How to Contact Us
If you have any questions about this Statement, or wish to exercise your rights, please submit your request through our Request Portal. You may also contact us at email@example.com or one of the mailing addresses below:
6110 Stoneridge Mall Road
Pleasanton, CA 94588
Dublin 7 Ireland
To contact the Workday Data Protection Officer, please email firstname.lastname@example.org.
Workday will respond to your request within a reasonable timeframe or as required by law.
If you visit a Workday office in Switzerland or one of the member states of the EEA, the appropriate local Workday affiliate you are visiting will be the controller of your personal data. For a list of Workday affiliates and their contact details, please see here.