Skip to main content

Visitor Privacy Statement

Last updated: October 6, 2024

 

We are Workday, a group of companies with offices around the world. Workday is committed to protecting the personal information of individuals who visit Workday offices.

This privacy statement describes how Workday handles the personal information of individuals who visit a Workday office, as well as from individuals who access, connect to Workday’s wireless visitor network (“Visitor Wi-Fi”). Please read our Video Surveillance Privacy Statement for information on video surveillance in Workday offices.

 

Personal Information we Collect

When you visit a Workday office, you may be asked to register as a visitor and provide information such as your name, email address, telephone number, and company. We will also record the date and time of your visit.

If your visit is scheduled, this information may also be collected directly from you by your Workday host so that we can pre-register you and print a personalized badge for your arrival.

During your visit, you may also use our complimentary Visitor Wi-Fi. To register for our Visitor Wi-Fi, you will be asked to provide your name, your email address, and the name of your Workday host. When you use the Visitor Wi-Fi, we may automatically collect certain information. In some countries, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically includes information such as your IP address, information about your device, your operating system and browser version, regional and language settings, device ID, and aggregated usage statistics.

 

How We Use Your Personal Information

We use your personal information to register you as a visitor and manage your visit to a Workday office, including printing your personalized badge.

If you choose to connect to the Workday Visitor Wi-Fi, Workday uses the information collected to enable and manage your access to the Visitor Wi-Fi and to protect the security of our network.

Workday may monitor, prevent, and intercept any transmissions made using the Visitor Wi-Fi to protect Workday, other users, or the Visitor Wi-Fi network.

 

Who We Share Personal Information With

We may disclose your personal information to the following categories of recipients:

  • to our group companies,

  • to any third party where, on a case by case basis, we believe that such disclosure is necessary for the purposes of their legitimate interests or ours, if such disclosure is in accordance with applicable law;

  • third party services providers who provide data processing services to us (for example that operate our visitor management tool). Third parties that process personal information on our behalf are required by contract to implement safeguards that are no less protective than those implemented by us in order to protect personal information that they receive from us. Third party service providers are further prohibited from using the personal information for any purpose other than to perform the services as instructed by Workday;

  • to any competent law enforcement body, regulatory, government agency, court, or other third-party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish, or defend our legal rights, or (iii) to protect your vital interests or those of any other person; and

  • to any other person with your affirmative consent to the disclosure, which we will seek in writing prior to the disclosure.
     

Data Retention Periods

The personal information collected will be stored in accordance with applicable laws and kept for no longer than it is needed to carry out the purposes described in this privacy statement or as otherwise required. This means your personal information will be retained until a reasonable period after the end of your visit to the Workday office to respond to any inquiries associated with your visit to a Workday office or to deal with any legal matters (e.g., judicial actions).

 

Your Privacy Rights

Depending where you are located, you may have certain rights over the personal information we hold about you. These may include the right to:

  • Obtain access to your personal information that is being processed by us, have inaccurate personal information corrected and request the deletion of your personal information.
  • Object to the processing of your personal data carried out on the basis of our legitimate interests and ask us to restrict the processing of your personal information.
  • Ask us to restrict the processing of your personal information.
  • Request the portability of your personal information in a structured, commonly used and machine-readable format.
  • Withdraw your consent at any time, if we have collected and process your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Workday will not discriminate against you for exercising your rights. Workday does not make decisions based solely on automated processing which produce legal or similarly significant effects as part of the processing activities covered by this privacy statement.

You can exercise your rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through our Request Portal.

If you are able to provide details of your concern this may assist Workday expedite the response. In any event, we will respond within a reasonable time frame under applicable law and keep you updated.

Security

We use technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

 

Updates to This Privacy Statement

We may update this privacy statement from time to time in response to changing legal, technical, or business developments. When we update our privacy statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this privacy statement was last updated by checking the effective date displayed at the top of this Privacy Statement.

 

How to Contact Us

If you have any questions about this privacy statement or wish to exercise your rights, or to contact our Data Protection Officer, please submit your request through our Request Portal. You may also contact us at one of the mailing addresses below:

Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA

Workday Limited
Attn.: Privacy
Kings Building
May Lane
Dublin 7 Ireland

Additional Region-Specific Disclosures

European Economic Area, UK and Switzerland 

If you’re located in the EEA, UK and Switzerland (“Europe”), please note the following additional disclosures:

Data Controller

If you are visiting or entering a Workday office in Europe, this “Local Workday Affiliate” will be the “data controller” of your personal information although it shares responsibility for protecting your personal information with Workday Limited. For a list Workday affiliates and their contact details, please see here

In Europe, Workday Limited is the data controller primarily responsible for protecting your personal information. Workday Limited and your Local Workday Affiliate are joint data controllers. We encourage you to contact Workday Limited with any questions you have about the protection of your personal information, although you can also contact your Local Workday Affiliate if you prefer.  As between Workday Limited and your Local Workday Affiliate, Workday Limited is primarily responsible for:

  • Preparing and providing you with this Privacy Statement;
  • Fulfilling any requests you make to exercise your data protection rights;
  • Determining the lawful bases for processing of your personal information;
  • Ensuring appropriate technical and organizational security measures are implemented to protect your personal information;
  • Reporting any personal data breaches that may occur in accordance with data protection law;
  • Conducting data protection impact assessments, where required;
  • Engaging a third party supplier or data processor; and
  • Ensuring appropriate safeguards have been implemented in respect of any international transfers of personal information.

Workday Limited is based in Ireland and is Workday’s main establishment and European headquarters. Workday Limited is regulated by the Irish Data Protection Commissioner, whose contact details are available here.

Workday Limited and your Local Workday Affiliate will cooperate as necessary to ensure the proper fulfillment of the responsibilities described above, in addition to any other requirements that apply under this Privacy Statement and data protection law. Both will ensure compliance with the data protection principles at all times.

Contact details for Workday Limited and your Local Workday Affiliate are provided under the “How to Contact us” heading above. 

Legal Basis for Processing Personal Information

Our legal basis for collecting and using the personal information described above is our legitimate interest (Article 6 (1) (f) GDPR). This includes providing visitors with a positive experience when visiting Workday offices and being able to stay connected.

Where we process your personal information on the basis of a legitimate interest then – as required by applicable data protections law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals affected by our processing (such as you) and to determine whether individuals’ interests outweigh our interests in the processing taking place.

International Data Transfers

Workday operates as a global business and may transfer, store, or process your personal information in a country outside your jurisdiction, including countries outside Europe.

For such transfers, we have taken appropriate safeguards with respect to the protection of your personal information, fundamental rights and freedoms, and the exercise of your rights, and in accordance with applicable law, by ensuring that: 

  • the recipient country provides an adequate level of data protection based on the European Commission’s adequacy decisions pursuant to Article 45 of the GDPR; or
  • we enter into “standard contractual clauses” approved by the European Commission in its Implementing Decision as referred to in Article 46 of the GDPR and supplementing safeguards approved competent by UK and Swiss authorities (as applicable) with the data importer. (You have a right to request a copy of these standard contractual clauses which you can exercise by contacting us using the contact details set out below in the “How to Contact Us” section).

Where applicable, we implement additional contractual, technical and organizational measures to ensure that your personal information which is transferred outside of Europe is subject to an essentially equivalent level of protection.

Data Privacy Framework

Workday adheres to the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the “UK Extension” to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Workday relies on the EU-U.S. DPF, the UK Extension and the Swiss-U.S. DPF as a legal basis for transfers of personal information. To learn more, visit our Data Privacy Framework Notice here.

Lodging a Complaint

You may lodge a complaint with a data protection authority such as the supervisory authority of your usual place of residence. You may lodge a complaint with the supervisory authority of your usual place of residence, your place of work, or the registered office of the data controller. A full list of EEA data protection supervisory authorities is available here. Contact details for the Irish Data Protection Commissioner are available here. In the UK, the data protection authority is the Information Commissioner’s Office and in Switzerland the Federal Data Protection and Information Commissioner. Alternatively, you may request the details of your competent supervisory authority by using the contact details below in the “How to Contact Us” section.

Please accept cookies to continue.

This content is blocked due to your cookie preferences for this site. By clicking here, you accept YouTube's Terms of Service and Privacy Policy. Workday will save your choice in a session cookie.