OUR PRIVACY COMMITMENT
As part of Company’s Online Services, our customers may load data into Company servers. Company will not share or distribute any such customer data except as provided in the contractual agreement between Company and customer, or as may be required by law.
On the Websites you may post comments, for example on a blog or bulletin board. These comments and discussions are moderated and may be accessed for technical reasons. We will not use the information you post on an online forum beyond the purpose for which you posted it. You should only post personal information to online forums with the awareness that the information will be made available to others inside and outside of Company. Any comments posted by individuals on an online forum, such as a blog, are their own and should not be considered as reflecting the opinion of Company. To request removal of your personal information from our blog or community forum, contact us. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
WEB ANALYSIS TOOLS
We may use web analysis tools to measure and collect anonymous session information. We use this information to monitor and analyze in a depersonalized form how users use the Online Services, to provide customers with the Online Services, and to maintain and improve the Online Services. We may also collect similar information from emails we may send to you, which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Online Services.
The personal data collected when you visit the Online Services include:
- Information about your browser, network, and device
- Web pages you visited prior to coming to this website
- Search engine used to locate the Online Services
- Web pages you view while on this website and how long you use them
- Your IP address
COLLECTION OF PERSONAL INFORMATION
We may collect certain personal information in connection with your account or an employer’s account with us, including your mailing address, phone number, date of birth, social security number, driver’s license or state identification number, financial information, information about your employment, and other information that may be required. If payment is required from you for any service, you will also be required to provide a credit card number and billing address, or other payment information. We also collect personal information when you receive customer or technical support.
USE OF PERSONAL INFORMATION
We will not sell, rent, lease, or transfer your data to any third-party commercial entity for the purpose of marketing or selling unrelated products or services for our financial gain or economic benefit. We use your personal information to provide Online Services to you, deliver products and services, complete transactions, handle your questions or issues, and send communications to you about promotions, updates, or special offers that may be of interest to you. Other uses include verifying your identity, preventing fraud, and alerting you of new products, features, or enhancements to the Online Services. We may also use your email address to send you messages about your account or the Online Services, as well as other general announcements.
By submitting personal information through the Online Services, you authorize Company to share this personal information for the purposes identified herein, and you grant us a royalty-free, worldwide, perpetual, irrevocable, and fully transferable right and license to use your personal information in connection with the creation and development of analytical and statistical analysis tools (the “Analytical Data”). We are expressly authorized to make any commercial use of the Analytical Data, including without limitation sharing the Analytical Data with third parties, provided that we do not sell, trade, or otherwise transfer from us any part of the Analytical Data that personally identifies any Users.
We will also share the personal information we collect from you under the following circumstances:
Feedback. You may choose to, or Company may invite you to, submit comments, bug reports, ideas, or other feedback about the Online Services (“Feedback”). By submitting Feedback, you agree that Company is free to use such Feedback at its discretion without any obligation to you. Company may also choose to disclose Feedback to third parties. You hereby grant Company a royalty-free, perpetual, irrevocable, transferable, sublicensable, worldwide, nonexclusive license under all rights necessary to incorporate and use your Feedback for any purpose.
Asset Transfers. If we become involved in a merger, acquisition, or other transaction involving the sale of some or all of Company’s assets, User information may be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you through email and/or a prominent notice on the Site.
If you make a purchase or need to upload payment information through the Online Services, we may use a third-party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover.
Although no method of transmission over the Internet or electronic storage is 100% secure, Company follows all PCI-DSS requirements and implements additional generally accepted industry standards.
Re-Targeted advertising uses information collected on an individual’s web browsing behavior such as the pages they have visited or the searches they have made. This information may then be used to display Company employment opportunities to you if you have visited our careers page. The information collected is only linked to an anonymous cookie ID (alphanumeric number); it does not include any information that could be linked back to a particular person, such as their name, address, or credit card number. The information used for targeted advertising either comes from Company or through third-party website publishers. If you would like to opt-out of re-targeted advertising from Company, please delete your cookies when leaving our site. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
THIRD-PARTY SERVICES’ PRIVACY POLICIES
In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner your personal information will be handled by these providers.
Certain providers may be located in a different jurisdiction or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
LEGAL DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
ELECTRONIC COMMUNICATION; SIGNATURES
You may withdraw your consent to receive communications by following the “unsubscribe” link at the bottom of our emails. You may withdraw your consent to use an electronic signature at any time by contacting us. If you withdraw your consent, you may be unable to access the Online Services, and we will be unable to continue to process any pending applications for products and services.
HOW IS YOUR PERSONAL INFORMATION SAFEGUARDED?
The personal information that you provide to us is stored on servers that are located in secure facilities with restricted access and protected by protocols and procedures designed to ensure the security of such information. We restrict access to only those Company employees, independent contractors, and agents who need to know this information in order to develop, operate, and maintain the Online Services. All Company personnel who have access to this information are trained in the maintenance and security of such information. However, no server, computer, or communications network or system, or data transmission over the Internet, can be guaranteed to be 100% secure. As a result, while we strive to protect User information, we cannot ensure or warrant the security of any information you transmit to us or through the use of the Online Services and you acknowledge and agree that you provide such information and engage in such transmissions at your own risk.
In the event that personal information you provide to us is compromised as a result of a breach of security, when appropriate we will take reasonable steps to investigate the situation, notify you, and take the necessary steps to comply with any applicable laws and regulations.
RESIDENTS OF CALIFORNIA
We may collect customer information from persons other than the individual or individuals using the Online Services. Such information, as well as other personal or privileged information subsequently collected, may in certain circumstances be disclosed to third parties without your authorization as permitted by law. If you would like additional information about the collection and disclosure of customer information, please contact us.
Under the General Data Protection Regulation (GDPR) of the European Union (EU), EU citizens are entitled to certain privacy protections regarding the use of, storing, and processing of your personal information as well as having right to be notified if personal information is stolen, copied or accessed on an unauthorized basis.
The GDPR is a modern privacy rights framework adopted to create better transparency and control over who, how and when your personal data may be used, including the “right to be forgotten”.
This section will explain how Company complies with the GDPR and how your personal data may be collected, stored, and used. We also explain under what circumstances and for what purposes we may use your personal data and also provide instructions on how you can “opt-out” from our using your personal data and also request the removal of your personal data from our systems.
Our business is a “B2B” business, meaning we sell products and services to government agencies and private businesses, and not to individual consumers. Even so, under the GDPR, if you are an employee of or associated with a business customer, certain information may be considered personal data such as your business email, business mobile number or other similar information from which your personal identity may be known. It is also customary in many instances for business associates of business or government customers to furnish their private or personal contact information such as private email address, home telephone number, and similar information. Even if done in the context of a business purpose, this information may be deemed personal data. Therefore, if you believe your business information discloses personal data that you do not wish disclosed, you should not give it to us. You should also ask your employer to change your business contact information an anonymized format, such as changing your email form “my.name@mycompany” to “randomcharacters@mycompany”.
Please be advised that our business has less than 250 employees. Accordingly, we are subject to less stringent recording requirements under GDPR requirements. We are, however, not exempt from other privacy protection and reporting requirements which apply to all businesses equally.
COLLECTION AND USE OF YOUR PERSONAL DATA
Our ability to use your personal data may come about by the following means:
- By Your Consent. You may expressly give your consent to our using your data for the specific purposes we detail below. Even if you give consent, however, you can subsequently withdraw your consent at any time without retribution.
- By Other Permitted Means. We may collect your personal data under certain other cases whether consent is expressly given as follows:
- Contractual obligations. In certain circumstances, we need your personal data to comply with our contractual obligations. This would include information such as your and your employer’s name, address, telephone number, email address, driver’s license, or other document number associated with identity for the purpose of delivery of goods and services, billing, collection, legal notification, authentication, and contract enforcement. For example, if you work for an employer who designates you as a point of contact for purposes of contract administration or notice, we will retain that information and use it for such purposes and for other related purposes as is reasonable.
- Legal compliance. If the law requires us to, we may need to collect and process your data. This data may include personal identification data, transactional data relating to purchases, communications data, such as IP address, telephone number, and other meta-data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement. If you reside outside of the United States or are a non-US citizen, we may collect personal data from you and other third-party sources for purposes of complying with export control, anti-money laundering and anti-terrorism laws, rules and regulations.
- Legitimate interest. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests. For example, we may use your contact information to send information and updates regarding our products, endorsement of our products or their use by others, recommendations on optimizing the use of our products and services, product updates, new products, offers regarding products or services and other education information or information of interest relevant to you in your job, your employer’s line of business, or your profession.
Additionally, many of our products and services are employment-based products, such as payroll services. As such, personal identity information is required to enable communications and messages to be delivered to you, for other in-network users to identify and communicate with you, and for us and others to authenticate identity and employ various network and information security measures.
HOW WE USE YOUR PERSONAL DATA
We will use your personal data only in connection with furthering our business relationship with you, to enhance and protect the security of your information, and to enable your use of our products and services, and those add-on products and services that may be integrated with our products and services.
- We will not sell, rent, lease or transfer your data to any third-party commercial entity for the purpose of marketing or selling unrelated products or services for our financial gain or economic benefit. We may share basic business contact information such as your name, business title, and business contact information (“Basic Business Referral Information”) and product and services information, including technical configuration information, customer compliant information, trouble-shooting information with third-party product and solutions providers that work with our products, such as channel partners and sales representatives, product repair and service providers, and operationalization consultants and specialists (“Sales and Service Partners”).
- Security Data Use. We will use your personal data that is Security Data when it is necessary to perform security authentication functions related to purchasing, payment and the use of our products and services. We may link or issue encrypted tokens to your applications or devices to provide increased security and to limit the transmission of your passwords or other sensitive data.
If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
However, if you choose not to share your personal data with us, or refuse certain contact permissions, Company might not be able to provide the services you require.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. We have outlined above the various circumstances, purposes, and time periods when we will hold personal data.
At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. To summarize:
Ten Years from Transaction date. As described above, you should expect your personal data that is Business Transaction Data including any pertinent Relationship Data to be held for ten (10) years from the date of its creation for contract and legal purposes. The same ten-year period would apply to Security Data from the date of its last use or transactional entry.
WHERE WILL YOUR PERSONAL DATA BE PROCESSED
Your personal data will be stored in the United States unless you are notified otherwise. In certain countries we may a local computer processing center or point of presence and data will be held in the local environment as requested by our customers and to the extent available.
We will not transfer your personal data to any provider in any jurisdiction unless such provider and jurisdiction meet the requirement under the GDPR.
YOUR RIGHTS OVER YOUR PERSONAL DATA
Below is an overview of your various rights.
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date, or incomplete.
- The deletion of the data we hold about you, in specific circumstances. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- A computer file in a common format (e.g. CSV or similar) containing the personal data that you have previously provided to us and the right to have your information transferred to another entity where this is technically possible.
- Restriction of the use of your personal data, in specific circumstances, generally whilst we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances. For example, when you have withdrawn consent, or object for reasons related to your individual circumstances. Please be advised, however, your employer may reasonably object as the customer having direct contract relationship with us, and we reserve the right to notify your employer or organization of such as request and advise them that removal may impair the intended use or enjoyment of our product and services functions.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You can contact us to request to exercise these rights at any time by completing an online form. If we choose not to adhere to your request we will explain to you the reasons for our refusal.
YOUR RIGHT TO WITHDRAW CONSENT
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
RIGHT TO STOP DIRECT MARKETING
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
This right does not include communications and information functions, such as alerts and notices, which are displayed in any application or product interface of ours which is part of the operation of or relates to a normal function of our product. By logging into our products or services, you are expressly giving your consent for such purposes. If you disagree with that then do not log in or use our products or services.
CHECKING YOUR IDENTITY
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
HOW TO SEND US NOTICE
You may send us notice of the exercise of your rights, whether to “opt-out” of certain or all marketing channels, to request deletion of your personal data or to correct, receive a copy of your personal data by any of the following means:
Send an Email to:
Please include the subject line “GDPR Request”
Please include the action you are requesting we take, the basis for the action, and any information which can reasonably identify you, and valid means to respond back to you.
When you send us a communication through a form, you may check a box indicating your preference to opt-out of marketing campaigns and contacts.
COMPLAINTS OR CONCERNS
We are dedicated to adhering to the EU’s privacy laws for our EU customers. If you believe that we are not fulfilling our obligations in accordance with the law, you may file a complaint with the European Data Protection Supervisor (EDPS). We have provided this link for your convenience (note you are linking to an external third-party site unaffiliated with us):
RESERVATION OF RIGHTS
We provide this privacy notice to EU citizens in accordance with our understanding of the GDPR and will endeavor to comply with such law on a voluntary basis. We reserve all rights afforded under United States laws and treaties. This privacy notice is not a contractual obligation or guarantee to you that may be enforced in the United States or any other jurisdiction which does not recognize the GDPR as part of its law. Our contract obligations are limited to those contained in the purchase agreements and end-user license agreements between us and our customers. We, for ourselves and on behalf of directors, officers, employees, advisors, and all other persons affiliated with us reserve all rights regarding personal and subject jurisdictional matters, and the applicability and enforcement of the GDPR with respect to US citizens and non-EU citizens. Neither this privacy notice nor any actions taken to comply with the GDPR shall constitute a waiver of such rights or submission to jurisdictional authority of any court, tribunal, or governmental authority outside of the United States.