ACCOUNTABILITY: Ceridian, its employees, and third-party service providers take responsibility for personal data in accordance with Ceridian polices and standards. There are designated individuals within Ceridian who are accountable for compliance with these privacy principles.
NOTICE, CHOICE AND CONSENT: Ceridian provides notice as to the purposes for which personal data is collected, used, retained, and disclosed. Ceridian describes any choices available to individuals and obtains consent from either the individual or the customer, as appropriate.
COLLECTION & USE: Ceridian collects personal data only for the purposes identified in the notice and limits the use of personal data to those purposes. If personal data will be used for additional purposes, the individual will receive notice prior to the additional use.
RETENTION & DISPOSAL: Ceridian retains personal data only as long as necessary to fulfill the stated purposes or as legally required and thereafter appropriately disposes of such data.
ACCESS: Ceridian provides individuals with access to their personal data for review and update. Where appropriate, Ceridian will refer an individual to the employer (i.e., a Ceridian customer).
SHARING: Ceridian discloses personal data to third parties only for purposes identified in the notice, or, when sharing for other purposes, only in accordance with Principle 2, Notice, Choice and Consent.
CROSS BORDER TRANSFER: Ceridian transfers personal data outside of a local jurisdiction only with adequate protection in place and in compliance with applicable laws and standards. For transfers from the E.U. to the U.S. Ceridian complies with U.S.-E.U. Privacy Shield Framework.
SAFEGUARDS: Ceridian protects personal data using recognized industry standard security safeguards appropriate to the sensitivity of the information. Ceridian takes reasonable precautions to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
QUALITY: Ceridian relies on its clients to supply Ceridian with accurate, complete and up-to-date information that is relevant to the purposes identified in the notice. Ceridian maintains accurate and complete personal data that is relevant to the purposes identified in the notice.
MONITORING AND ENFORCEMENT: Ceridian monitors its compliance with our policies and procedures, has processes to address complaints, and disputes. For questions on our Principles or to file a complaint, please contact the Privacy Office at Privacy@ceridian.com.
This policy replaces and supersedes all prior policies regarding the same or similar subject matter, as of the Policy Version Effective Date set forth below. Policy Version Effective Date: May 4, 2018