Last Updated 02/01/2023.
Please note this Policy does not cover the practices of companies We don’t own or control, or people We don’t manage. For clarity, this policy applies when PerformYard acts as a “Controller” (as defined in the General Data Protection Regulation (the “GDPR”) or “Business” as defined under the California Consumer Privacy Act of 2018 (the “CCPA”)). Note that we may also process Personal Data of our customers’ employees in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor or service provider for your Personal Data (i.e., not the controller or business), please contact the controller/business party in the first instance to address your rights with respect to such data. Please read the following carefully to understand our views and practices regarding your Personal Data and how We will treat it.
For the purpose of the GDPR and the CCPA:
- In respect of the Personal Data of business contacts and prospects of PerformYard, the Data Controller is PerformYard;
What we collect & how
In connection with your access to our Site and/or use of our Service, we collect and store certain information about you. Some of this information can be used on its own or in combination with other information to identify you individually. This includes:
- Information You Provide: We collect your personal information when you, your employer, or your employer’s partners register to use the Service, provide information when using the Site or Service, update your account information, add additional services, contact us with questions or feedback, or otherwise communicate with us. The provision of your name and e-mail address is required to use our Services; this personal information may include additional information as determined by your employer.
- Automatically Collected Information: We automatically collect certain usage information when you access the Site or use the Service, such as your device identifier (if using a mobile device), Internet Protocol (IP) address (if using a browser), operating system, browser type and the address of a referring site. We also automatically collect certain usage information through cookies and related technologies, as described below.
This document details the categories of Personal Data that we collect and have collected over the past twelve (12) months.
Cookies, device and usage data
Like many standard web servers, the Site may collect log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. We may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We may use other types of cookies to enable certain Site features, to better understand how you interact with the site and to monitor aggregate usage and web traffic on the Site.
What we do with data
Where you are using our Services on behalf of our Customer, we rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your Personal Data.
We use information held about you in the following ways:
- To carry out our obligations arising from any contracts entered into between our Customer (on whose behalf you are using the Services) and Us to include the display and use of Personal Data to support Customer’s performance management efforts within PerformYard.
- To ensure that content from the Website is presented in the most effective manner for you and for your computer.
- To notify you about changes to our Services and provide you with information that is relevant to your use of the Services.
- To provide you with information, products or services that you request from us or which we feel may interest you or our Customer.
- Where you or your employer are a prospective Customer, to provide you with information about our Services for marketing purposes.
Disclosure of data
We may share your Personal Data as follows:
- Service Providers, Business Providers and Others: PerformYard may employ third party companies and individuals to facilitate our service, to provide the service on our behalf, to perform related services (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, customer relationship management, customer service, and improvement of the Site’s features) or to assist us in analyzing how our Site and services are used. These third parties have access to your personally identifiable information only for these purposes of performing these tasks on our behalf.
- Compliance with Laws and Law Enforcement: PerformYard may preserve and has the right to disclose any information about you or your use of our site without your prior permission if we have a good faith belief that such action is necessary to: 1) protect and defend the rights, property or safety of PerformYard or its employees, affiliates, other users of the site, or the public; or 2) enforce the Master Subscription Agreement for the site. We may also disclose information we deem necessary to satisfy any applicable law, regulation, legal process, court order, subpoena or a law enforcement agency or other governmental request.
- Business Transfers: PerformYard may transfer or otherwise share some or all of its assets, including your personal identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
PerformYard does not and will not sell personal information of any Customer.
In compliance with the Children’s Online Privacy Protection Act (COPPA), PerformYard does not knowingly collect personally identifiable information from anyone we know to be under 13 years of age. Please contact us if you believe a child may have provided us Personal Data for prompt resolution.
We use reasonable technological, physical, and other measures to keep your information protected from unauthorized access. No method of data transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:
- Access your Personal Data held by us;
- Know more about how we processed your Personal Data;
- Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
- Erase or delete your Personal Data to the extent permitted by applicable data protection laws;
- Transfer your Personal Data to another controller, to the extent possible (right to data portability);
- Not be discriminated against for exercising your rights described above; and
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Website or in our services.
To exercise your rights, please contact us by using the information outlined below. We try to respond to all legitimate requests promptly and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer to respond, taking into account the complexity and number of requests we receive.
Some users may update their user settings, profiles, and organization settings by logging into their accounts and editing their settings or profiles. If you are an employee of a PerformYard customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
As described above, we may also process Personal Data submitted by or for a customer to our Services. To this end, if not stated otherwise in this Privacy Statement or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer who is the controller of the Personal Data (see the introductory section above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Statement. If your data has been submitted to us by or on behalf of a PerformYard customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the PerformYard customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
If you are a California resident, you have the rights outlined in this section.
The California Consumer Privacy Act (“CCPA”) requires businesses to disclose whether they sell Personal Data. As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties as detailed above. California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our products.
California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights. You have the right to request certain information about our collection and use of your Personal Data over the past 12 months to include:
- The categories of Personal Data that we have collected about you as described above.
- The categories of sources from which that Personal Data was collected.
- The business or commercial purpose for collecting your Personal Data.
- The categories of third parties with whom we have shared your Personal Data.
- The specific pieces of Personal Data that we have collected about you.
You have the right to request that we delete the Personal Data that we have collected from you. To do so, please contact us at firstname.lastname@example.org or 888-745-0761. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against internal records. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to continue to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
You have the right not to receive discriminatory treatment by PerformYard for exercising the privacy rights granted by the CCPA. PerformYard does not and will not sell personal information of any consumer.
Data storage and Privacy Shield
PerformYard Services are hosted and operated in the United States (“U.S.”), and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to PerformYard in the U.S. and will be hosted on U.S. servers, and you authorize PerformYard to transfer, store and process your information to and in the U.S.
PerformYard's Services comply with the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of HR-related personal information transferred from the European Union and Switzerland to the United States, respectively. You can view a description of how we comply with the Privacy Shield Principles in our Master Subscription Agreement. PerformYard has certified to the Department of Commerce that the Services described in our Privacy Shield Notice adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website here.