Privacy around our products

Effective: 10 September 2018

About us (the “Data Controller”)

WorkForce Software, LLC
38705 Seven Mile Road, Suite 300
Livonia, MI 48393
United States of America
+1‐877‐493‐6723
privacy@workforcesoftware.com

…including subsidiaries:

WorkForce Software Limited
Precedent Drive, Rooksley
Milton Keynes, Buckinghamshire MK13 8PP
United Kingdom
+44‐1908‐242‐042
privacy@workforcesoftware.com

WFS Australia: A WorkForce Software Company
Level 4, 69 Regent Street
Chippendale, NSW 2008
Australia
+61‐2‐8399‐1688
privacy@workforcesoftware.com

WorkForce Software processes personal data relating to our role as a provider and processor of workforce management solutions, along with related services such implementation and support.

Data Protection Officer

We have contracted with IT Governance in the UK for Data Protection Officer Services. The Data Protection Officer (DPO) provides advice and guidance around our General Data Protection Regulation Compliance. Generally, questions you may have around privacy should first go to privacy@workforcesoftware.com and we will escalate to the DPO as necessary. Our Data Protection Officer is:

Colin Currie
IT Governance Ltd
Unit 3 Clive Court
Bartholomews Walk
Cambridgeshire Business Park
Ely
Cambridgeshire
CB7 4EA
dpoaas@itgovernance.co.uk
+44 (0) 333 800 7000

What information is collected in our products?

Personal Information stored and processed using our cloud-based products, such as WorkForce Suite, WorkForce Forecasting & Scheduling, EmpLive, and Enterprise are not collected by WorkForce. Such data are uploaded and processed by the Customer, who owns all title, rights, and interest to that data. WorkForce does not collect personal data for use in our cloud-based products, but may collect personal data such as IP address that is normally found in system and application logs.

Each customer requires different personal information to be processed. Common types of information include (but not limited to):

  • Employee ID, name, work hours/schedules, and pay rates/salary.
  • Optional fields the customer may use if necessary include:
    • employee photograph,
    • corporate logon ID,
    • work address, location, e-mail address, etc.
    • home address, phone numbers, email address, etc.
    • Biometric data for authentication for data collection devices
    • Trade union membership, to ensure pay and absence rules conform to collective bargaining agreements
    • Health information to ensure compliance with leave regulations
  • IP address may be collected as part of normal system and application logging.

Why do we process personal data in our products?

The personal data is collected based on the performance of a contract with our customer (the Data Controller).  Data is only processed by Workforce Software (the Data Processor) per the instructions from the customer (contractual agreement). The customer may use their data to perform time and attendance processing, to create and maintain labor schedules, to manage employee leave, or for other purposes the customer may identify in their privacy notice.

We have a legitimate interest to protect personal information from customers, and we use monitoring to detect security, performance and availability events on our systems and networks. Personal data (e.g., IP address) may be included in such monitoring.

Who has access to your data in our products?

Personal information stored and processed by our products may be accessed by

  • Authorized members of the customer (your employer);
  • Authorized staff at WorkForce Software who are responsible for delivering, maintaining and supporting the services we provide to the customer;
  • Authorized members of third-parties that WorkForce Software may contract with to provide services to our customers.

Your personal information may be transferred out of your home country. For example, we host your data from the processing facility selected by the customer from a list of WorkForce Software global processing facilities. We may also employee third-parties to help customers configure and test business rules and import/export functionality. Data is only transferred outside the EEA based on a declaration of adequacy, the Standard Contractual Clauses, or EU-US Privacy Shield Certification. You may request more details about those safeguards by sending an email to privacy@workforcesoftware.com).

WorkForce Software is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body, and is required to disclose personal information in response to lawful requests by public authorities to meet national security or law enforcement requirements.

How do we protect data in our products?

We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorized employees and partners in the performance of their duties. We are ISO 27001 certified.

Where we engage third parties, from us, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of your data. We have a third-party risk management program. We are responsible for any data that is transferred to third parties.

You may request more details about those safeguards by sending an email to privacy@workforcesoftware.com).

For how long does we store data in our products?

The contract we hold with the customer specifies how long we retain personal information stored in our products. The customer determines the retention period. We delete personal information at the end of the contract. Deletion occurs based on the contractual agreement, but no longer than 90 days after contract termination. The customer, if they request, will receive a copy of the data.

Your rights

Individuals whose data is processed by our products have several privacy rights. You can:

  • access and obtain a copy of your data on within one month via a written request and free of charge;
  • require us to change incorrect or incomplete data;
  • require us to delete or stop processing your data, for example, when processing is found to be unlawful or your data is no longer needed for the purpose of processing;
  • object to the processing of your data where we rely on legitimate interests as the legal ground for processing; and
  • ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether your interests override the company’s legitimate grounds for processing data.
  • provide a copy of your data to you in an industry-standard format.

If you would like to exercise any of these rights, you should contact the Human Resource Department or Data Privacy Officer for your organization. If you have any questions or issues, please contact

Privacy Officer
WorkForce Software, LLC
38705 Seven Mile Road, Suite 300
Livonia, MI 48152
United States of America
+1‐877‐493‐6723
privacy@workforcesoftware.com

Do we use automated decision-making?

The data processing may make automated decision-make around payrolls, schedules, and leave.

What do I do if I have a dispute?

If you believe your data protection rights are being violated, you should first contact the Data Privacy Officer in your organization. If you contact us, we will redirect the request to our customer.
If your Privacy Officer or WorkForce Software is not able to provide a satisfactory response, you may escalate to:

People in the European Economic Area (EEA)

Supervisory Authority: You may seek resolution by contacting the Supervisory Authority in your country or our lead Supervisory Authority:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Phone: +44 1625 545 745
Email: international.team@ico.org.uk

Privacy Shield: You may also seek resolution through Privacy Shield. WorkForce Software complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  WorkForce Software has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ and WorkForce Software U-US Privacy Shield Certification.

In compliance with the Privacy Shield Principles, WorkForce Software commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact:

Privacy Officer
WorkForce Software, LLC
38705 Seven Mile Road, Suite 300
Livonia, MI 48152
United States of America
+1‐877‐493‐6723
privacy@workforcesoftware.com

WorkForce Software has further committed to refer unresolved Privacy Shield complaints to International Centre for Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint (http://go.adr.org/rs/294-SFS-516/images/PrivacyShield_Notice_of_Arbitration.pdf).  The services of International Centre for Dispute Resolution are provided at no cost to you. Under certain conditions, you may invoke binding arbitration.

People who are not in the European Economic Area

Disputes that cannot be resolved between WorkForce Software and you will be handled, free of charge, in accordance with applicable dispute resolution procedures through the American Arbitration Association, which are available for review at http://go.adr.org/privacyshield.html.

Pin It on Pinterest