Workday Guest Privacy Statement

Effective: August 3, 2020


Introduction

We are Workday, a group of companies with offices all over the world. Workday is committed to protecting the personal data of guests visiting Workday offices.

This Guest Privacy Statement describes how Workday collects, uses, discloses, transfers, and stores personal data from guests visiting a Workday office, as well as from guests accessing, connecting to, or communicating via the Workday Guest Wireless Network (“Guest Wi-Fi”). This Guest Privacy Statement does not apply to other Workday websites, products, services, or applications.

 

Personal data we collect.

When you visit a Workday office, you may be required to register as a visitor and provide the following information:

  • Name
  • Email address
  • Company name
  • Workday host
  • Phone number (optional for delivery of visitor Wi-Fi credentials)

This information may also be collected from you directly by your Workday host prior to you visiting one of our offices.

When you visit a Workday office, you may access and use our complimentary Guest Wi-Fi. To register for our Guest Wi-Fi, you will be required to provide your name, your email address and the name of your Workday host. When you use the Guest Wi-Fi, Workday collects additional information about your device, such as:

  • Operating system version
  • Browser version
  • Regional and language settings
  • IP address
  • Hardware ID
  • Geographic location
  • Usage statistics

Workday offices use CCTV (Closed Circuit Television) cameras for safety and crime prevention purposes. When you visit a Workday office, you may have your image captured on our CCTV.  Notices will let you know where Workday is operating CCTV cameras.

 

How we use your personal data.

When you visit a Workday office, we use your personal data to:

  • Register you as a visitor and create your name tag
  • Manage non-disclosure agreements that visitors may be required to sign
  • Send an automated calendar invite
  • Send you communications related to your visit

If you choose to connect to the Workday Guest Wi-Fi, Workday uses the information collected to:

  • Enable your access to the Guest Wi-Fi
  • Improve the Guest Wi-Fi service
  • Respond to lawful third-party requests
  • Protect the network

Workday may monitor, prevent, and intercept any transmissions made using the Guest Wi-Fi to protect Workday, other users, or the Guest Wi-Fi network.

Workday collects data through the CCTV systems to (i) control access to our premises and to ensure the safety of our premises, staff, and visitors, and (ii) prevent, deter, and if necessary, investigate unauthorized physical access, including unauthorized access to secure premises, IT infrastructure, or theft of equipment or assets.

 

Data retention.

The personal data collected will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Guest Privacy Statement or as otherwise required. Generally, this means your personal data will be retained until a reasonable period after the end of your visit to the Workday office to respond to any inquiries associated with your visit to a Workday office or to deal with any legal matters (e.g., judicial actions). 

CCTV footage is retained for 90 days in North American offices and 30 days in all other offices.

 

Disclosure of data.

Workday may share the information collected (see above) with (a) third-party service providers that process personal data as data processors on behalf of Workday to provide certain services (e.g., the hosted visitor sign-in application); (b) law enforcement, other government entities, or authorized third parties where Workday has a good faith belief that such disclosure is required to comply with applicable law or to respond to a valid legal process; or (c) as necessary to protect persons from harm.

If Workday goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred.

Workday does not sell personal data that it collects or processes as part of this Guest Privacy Statement.

 

Where your personal data is processed.

Personal data collected about you may be stored and processed in the United States and in any other country where Workday or its subsidiaries and affiliates, or subcontractors maintain operations. Third parties processing personal data on Workday’s behalf are required to comply with applicable laws, including, without limitation, onward transfer requirements.

Workday operates as a global business and may transfer, store, or process your personal data in a country outside your jurisdiction, including ones that are not subject to an adequacy decision by the European Commission. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Statement. These safeguards include implementing the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies, thus requiring all group companies to protect personal data they process from the EEA in accordance with European Union data protection law.

 

Your rights over your personal data.

Depending where you are located, you may have certain legal rights over the personal data we hold about you, subject to local privacy laws. These may include the right to:

  • Access the personal data we hold about you
  • Have incorrect personal data updated or deleted
  • Have your personal data deleted
  • Restrict the processing of your personal data
  • Object to the processing of your personal data carried out on the basis of our legitimate interests
  • Receive a copy of your personal data in an electronic and machine-readable format
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Workday does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
  • Receive the categories of sources from whom we collected your personal data
  • Complain to a data protection authority about our collection and use of your personal data.  For more information, please contact your local data protection authority.

Workday will not discriminate against you for exercising your rights. 

You, or an authorized individual we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through our Request Portal.

 

Legal basis for processing.

Our legal basis for collecting and using the personal data described above will depend on the personal data and the specific context in which we collect it.

However, we will normally collect personal data from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If you have provided consent for the processing of your personal data you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

 

Security.

We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources.

 

Third-party certifications.

E.U.-U.S. and Swiss-U.S. Privacy Shield
Workday complies with the U.S. Department of Commerce-maintained EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal data transferred from the European Economic Area (EEA), Switzerland, or the United Kingdom to the United States. Workday has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield Frameworks and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

Workday is responsible for processing personal data we receive under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Workday complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, Switzerland, or the United Kingdom, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Workday is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

 

Changes to this Privacy Statement.

This Guest Privacy Statement may be amended or revised from time to time at the discretion of Workday. The “Last Updated” date at the top of the page will be revised when changes are made to the Guest Privacy Statement. In the event of a material change to this Guest Privacy Statement or how Workday processes your information, we will provide notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

How to contact us.

If you have any questions about this Statement, or wish to exercise your rights, please submit your request through our Request Portal. You may also contact us at privacy@workday.com or one of the mailing addresses below:

Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA

Workday Limited
Attn.: Privacy
Kings Building
May Lane
Dublin 7 Ireland

To contact the Workday Data Protection Officer, please email privacy@workday.com

Workday will respond to your request within a reasonable timeframe or as required by law. 

If you visit a Workday office in Switzerland or one of the member states of the EEA, the appropriate local Workday affiliate you are visiting will be the controller of your personal data. For a list of Workday affiliates and their contact details, please see here.