Global Privacy Statement
Ceridian’s Global Privacy Statement was last updated on October 30, 2023
Scope
Ceridian HCM Holding, Inc., and its affiliates and subsidiaries (herein “Ceridian”) are committed to protecting your Personal Information and processing it responsibly. This Privacy Statement (“Statement”) describes our general practices relating to the collection, use and disclosure of data relating to our websites’ and physical sites’ visitors, consumers, and individuals within our client, supplier and business partner organizations with whom we have or contemplate a business relationship (“Personal Information”).
This Statement does not apply to the data about our customers’ employees or prospective employees which Ceridian processes as a service provider on our customers’ behalf (please see Ceridian’s Service Provider Privacy Statement for related details). This Statement also does not apply to prospective employees of Ceridian (please see Ceridian’s Job Applicant Privacy Statement for related details).
This Statement applies to any websites that link to this Statement but does not apply to those websites that have their own unique Statement.
Table of Contents
The Personal Information Ceridian Collects
How Personal Information is Used
How Personal Information is Disclosed
Third Party Websites
Cross Border Transfers
Sale / Share of Personal Information
How Personal Information is Protected
Retention of Personal Information
Do Not Track Disclosure
How to Exercise Your Rights
How to Contact Ceridian and Dispute Resolution Mechanism
Changes to this Privacy Statement
The Personal Information Ceridian Collects
Directly from You
Ceridian collects Personal Information directly from you when you interact with us online, in person or through other communication channels. For example:
- When you request information about our services, chat with Ceridian online, register for a webinar or download content from our website or mobile app, we collect your contact
information such as name, telephone number, mailing address and email address; - When you register for and/or engage with us at a trade show or other event, we collect your contact information and employment-related information such as the name of your employer and job title;
- If the event is managed by Ceridian, we may also collect payment information (such as credit card number), emergency contact information and dietary requirements for meals at the event;
- When you create an account on a Ceridian platform, we collect authentication credentials such as username and password;
- When you enter a contest or a sweepstakes, we collect your contact information and employment-related information;
- When you access our website, we automatically collect information about your device including your browsing history, IP address, and other system settings. We may also collect information pertaining to your usage. We do this by using technologies such as web beacons, pixels, and cookies—See Ceridian’s Cookie Statement for further details;
- When you use a Ceridian product or service, including mobile applications made available by Ceridian, we automatically collect information, such as usage data, product interaction, device ID, diagnostics, performance, and crash data;
- When you interact with the emails that we send to you, we automatically collect information about your activity, such as whether you opened the email;
- When you give us permission to post a customer testimonial, we collect photos or videos as well as your opinions;
- When you respond to a survey, we collect your contact information and your opinions on our products and services;
- When you engage with us via a social media platform, we collect contact information that includes social media handles;
- When you contact our customer support center, we collect personal information in order to authenticate you, voice recordings and chat transcripts;
- When you visit our offices, we collect your contact information and details about your visit such as the time and date of your arrival and departure; we may also capture your
image through security cameras; - We may also collect other information you may choose to provide through our interactions.
From Other Sources
Ceridian also obtains Personal Information from third parties. For example:
- Other companies provide us with the contact information and employment-related information of businesses or individuals that they think may be interested in our products or services;
- Ceridian purchases contact information and other information from third parties and combines it with information we already have to develop marketing leads and tailor advertising to customers and prospects;
- A colleague at your organization may share your contact information with us because they think you will be interested in our products or services;
- Ceridian collects contact information from publicly available sources as permitted by applicable law.
How Personal Information is Used
Ceridian uses Personal Information for Ceridian’s legitimate business purposes which include, among others, to:
- Develop and maintain business relationships;
- Personalize users’ experience on our websites and while using our applications;
- Plan and manage Ceridian-sponsored events;
- Send marketing communications
- If you decide you do not want to receive marketing communications from Ceridian, you can opt-out by clicking on the “unsubscribe” link provided at the bottom of every marketing email or by visiting our Preference Center;
- Understand how you interact with our marketing communications in order to provide tailored communications;
- Send informational communications such as invitations to events, satisfaction surveys, training and product alerts;
- Conduct sweepstakes and contests;
- Communicate with customers concerning normal business administration such as projects, services and billing;
- Provide access to information systems and premises;
- Develop, improve and maintain our products, services, mobile applications (apps), software and website through research, development, analytics and business intelligence;
- Comply with data protection legislation, information security requirements and other legal requirements;
- Manage claims with and between customers, Ceridian, individuals and/or third parties, including beyond termination of the Agreement;
- Manage Ceridian’s internal operations;
- Respond to inquiries and feedback from business contacts;
- Prevent fraud;
- Conduct internal audits or investigations;
- Manage network security, which includes disaster recovery and business continuity;
- Publish customer testimonials;
- Display targeted ads to groups of people who may be interested in our products and services.
Depending on the circumstances and applicable law, Ceridian processes Personal Information on a number of lawful bases, including obtaining your consent, performance of a contract, compliance with a legal obligation, to protect yours or someone else’s vital interests, to perform a task in the public interest or for other legitimate interest. In Europe and other jurisdictions where this is permitted, we rely on “legitimate interest” for example, for fraud prevention, network security, resolving product issues, planning and managing Ceridian events, developing and improving our services, sending informational communications and some direct marketing.
In the event that Ceridian de-identifies Personal Information in support of legitimate business purposes, we will not attempt to re-identify the data.
How Personal Information is Disclosed
Subsidiaries and Affiliates
We disclose Personal Information to subsidiaries and affiliates of Ceridian.
Service Providers
We disclose Personal Information to companies or individuals that provide us with services. These services include, among other things, providing products and services to you on our behalf, creating or maintaining our databases, preparing and distributing communications, managing events or responding to inquiries. Service providers can only process Personal Information as instructed by Ceridian. We use third-party services, such as Google Analytics, to view aggregated information about end-user usage and interactions. We disclose information collected via cookies and similar technologies to media agencies to show you ads for our products and services on third party platforms.
Partners
We disclose Personal Information to other companies that provide products or services that we think will be of interest to you.
Blogs, Online Postings and Testimonials
We allow users to share comments, postings, testimonials, or other information. If you choose to submit such information to us, the information you submit will be available generally to the public. Information you provide in these areas may be read, collected and used by others who access them.
Business Transaction
In the event that Ceridian sells or divests assets or any portion thereof, Ceridian may disclose Personal Information to the company involved in the business transaction in support of the sale or divestiture, and where applicable, in support of integration activities. It is Ceridian’s practice to require appropriate protection for Personal Information in these types of transactions.
Applications and Tools
We offer tools, widgets and applications on our website such as search engine functionalities, that are powered by third parties. If you use those applications or tools, any Personal Information that you provide will be disclosed to the third party that provides that functionality. The third party’s use of that Personal Information is subject to their Privacy Statement.
Law Enforcement
We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe will aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your Personal Information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your Personal Information will protect the rights, property, or safety of Ceridian, or another person.
Legal Process
We may disclose your Personal Information to others as required by, or permitted by, law. This includes disclosing your Personal Information to governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.
Third Party Websites
Our website, emails, or our application may link to third parties’ websites. It is also possible that third parties’ websites or emails may link to our website. We are not responsible for the content or the privacy practices employed by third parties and Personal Information collected by third parties is not governed by Ceridian’s Global Privacy Statement. We encourage you to read the Privacy Statements of these websites before transmitting any Personal Information to third parties.
Cross Border Transfers
Ceridian utilizes the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Ceridian also utilizes Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU, UK and Switzerland to other countries.EU-US and Swiss- US Data Privacy Framework
Ceridian HCM, Inc., and all its U.S. affiliates and subsidiaries using the Ceridian brand name, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Ceridian has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ceridian also utilizes SCCs and the UK Addendum to the SCCs for the transfer of Personal Information from the EU, Switzerland and UK to other countries.
To learn more about the Data Privacy Framework (DPF) Program, and to view Ceridian’s certification, please visit https://www.dataprivacyframework.gov/.
Sale / Share of Personal Information
Ceridian does not sell your Personal Information, that is provide it to third parties for monetary or other valuable consideration. Disclosure of device information and internet activity to third parties through cookies and other trackers may be considered “sharing” under some US state laws. Ceridian obtains opt-in consent before dropping any non-strictly necessary cookies. You may opt-out by visiting our Cookie Preference Center.
How Personal Information is Protected
Ceridian has implemented policies and procedures to protect Personal Information. Ceridian uses recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information. Ceridian reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Ceridian makes reasonable security arrangements to protect Personal Information from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction. The methods of protection include physical measures, organizational measures and technological measures. Ceridian requires all third parties to whom it transfers Personal Information to maintain adequate safeguards in compliance with applicable laws and standards to protect Personal Information. In the event that Ceridian is required by law to inform you of a breach of your Personal Information, we will notify you electronically, in writing or by telephone, if permitted by law.
Retention of Personal Information
Ceridian will retain your Personal Information for as long as necessary to fulfill the purpose for which it was collected or as required to comply with legal obligations and, thereafter, Ceridian will securely delete the Personal Information. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
Do Not Track Disclosure
Do Not Track (DNT) is a preference that users can set for their browsers to opt out of the online tracking activities by some websites. Ceridian responds to DNT and GPC signals where required to do so by applicable law.
How to Exercise Your Rights
Ceridian makes reasonable efforts to keep Personal Information as accurate, complete and up- to-date as is necessary to fulfill the purposes for which the information is to be used. Unless Ceridian is permitted or required by law to prohibit access, you can view and if necessary, update and correct your Personal Information. Depending on the jurisdiction in which you are, you may have additional rights such as the right to request deletion of your Personal Information, the right to restrict or object to processing your Personal Information by Ceridian or the right to transfer your Personal Information to another organization.
Individuals can submit requests for any of these rights here or by using the toll-free number (1-888-975-7674).
Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name and contact information. We may also ask you to provide a signed declaration confirming your identity. In some circumstances, you may designate an authorized agent to submit requests on your behalf here. We will require verification that you provided the authorized agent permission to make a request on your behalf.
If you choose to exercise any of these rights, we will not discriminate against you or deny services to you or provide different quality of services.Individuals can raise concerns or file complaints here. Ceridian will investigate all complaints and take appropriate action to remedy any issues.
How to Contact Ceridian and Dispute Resolution Mechanism
If you have any inquiries or complaints about our handling of your Personal Information please contact Ceridian at:
Chief Privacy Officer
Ceridian HCM, Inc.
3311 E. Old Shakopee Road
Bloomington, MN 55425
Telephone: 1-888-975-7674
Email: privacy@ceridian.com
If you have unresolved issues, you may contact your local privacy regulator.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Ceridian commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), regarding unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain circumstances, you may invoke binding arbitration. To learn more visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.The Federal Trade Commission has jurisdiction over Ceridian’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Changes to this Privacy Statement
Ceridian will update this Statement periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Statement.
