Service Privacy Policy

Workday has self-certified to the EU-U.S. Privacy Shield. Please click here to view our Workday Service Privacy Shield Notice.

This Privacy Policy covers the privacy practices Workday employs when Workday customers (“Customers”) use our Cloud-Based Enterprise Applications (the “Service”). This Privacy Policy does not cover any information or data collected by Workday for other purposes, such as information collected for marketing purposes. Please see

Validate TRUSTe privacy certification

Personal Information Workday Processes

In the normal course of using the Workday Service, Customers will input electronic data into the Workday systems (“Customer Data”). The use of information collected through our service shall be limited to the purpose of providing the service for which the Customer has engaged Workday. Workday may access Customer Data for the purposes of providing the Service, preventing or addressing service or technical problems, responding to support issues, responding to Customer’s instructions or as may be required by law, in accordance with the relevant agreement between Customer and Workday.

Workday processes Customer Data under the direction of its Customers, and has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Workday for processing purposes.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to the Workday Customer (the data controller). If the Customer requests Workday to remove the personal data to comply with data protection regulations, Workday will respond to their request within 30 business days.

Workday will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Workday may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Workday will notify Customer of such request unless prohibited by law.

Accessing the Service

Customers and their authorized users may access the Service directly through a URL unique to their individual tenant, or may elect to use internal launch pages for single sign on or other purposes. Customers input information for processing and storage as they use the Service. Customers may also configure the Service to allow end users to input information directly into the Service.

Data Retention

Workday retains Customer Data according to the timeframes set forth in the relevant agreement with its Customers.


The security of Customer Data, including personal data, is very important to Workday. Workday maintains a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Workday designs its applications to allow Customers to achieve differentiated configurations, enforce user access controls, and manage data categories that may be populated and/or made accessible on a country-by-country basis. Configuring these settings appropriately is the Customer’s responsibility. Additional information about the security settings and configurations can be found in the Workday Documentation made available to Customers

TRUSTe Privacy Program Statement

Workday has received TRUSTe's Privacy Seal signifying that this privacy policy and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal. If you have questions or complaints regarding our privacy policy or practices, please contact us at If you are not satisfied with our response you can contact TRUSTe here. This TRUSTe certification covers only information that is collected through the Web site and the Workday Service, and does not cover information that may be collected through software downloaded from the website.

Safe Harbor Program Statement

Workday complies with the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from Switzerland. Workday has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity access, and enforcement. Information regarding the Swiss Safe Harbor Frameworks can be found at:

Changes to this Privacy Policy

We reserve the right to change or update this Privacy Policy at any time. Changes to the Privacy Policy will be posted on this website and links to the Privacy Policy will indicate that the policy has been changed or updated. We encourage you to periodically review this Privacy Policy for any changes. For new Customers, changes or updates are effective upon posting. For existing Customers, changes or updates are effective 30 days after posting.


Workday has appointed a Chief Privacy Officer responsible for overseeing the implementation of the privacy program in the organization. If you have further questions related to this policy, please ask your Customer Support contact to log a customer care case with the privacy question.



Last Updated: August 17, 2015