Last Updated January 21, 2020.
Please note this Policy does not cover the practices of companies We don’t own or control, or people We don’t manage. For clarity, this policy applies when PerformYard acts as a “Controller” (as defined in the General Data Protection Regulation (the “GDPR”) or “Business” as defined under the California Consumer Privacy Act of 2018 (the “CCPA”)). Note that we may also process Personal Data of our customers’ employees in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor or service provider for your Personal Data (i.e., not the controller or business), please contact the controller/business party in the first instance to address your rights with respect to such data. Please read the following carefully to understand our views and practices regarding your Personal Data and how We will treat it.
For the purpose of the GDPR and the CCPA:
In connection with your access to our Site and/or use of our Service, we collect and store certain information about you. Some of this information can be used on its own or in combination with other information to identify you individually. This includes:
This document details the categories of Personal Data that we collect and have collected over the past twelve (12) months.
Like many standard web servers, the Site may collect log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. We may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We may use other types of cookies to enable certain Site features, to better understand how you interact with the site and to monitor aggregate usage and web traffic on the Site.
Where you are using our Services on behalf of our Customer, we rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your Personal Data.
We use information held about you in the following ways:
We may share your Personal Data as follows:
PerformYard does not and will not sell personal information of any Customer.
In compliance with the Children’s Online Privacy Protection Act (COPPA), PerformYard does not knowingly collect personally identifiable information from anyone we know to be under 13 years of age. Please contact us if you believe a child may have provided us Personal Data for prompt resolution.
We use reasonable technological, physical, and other measures to keep your information protected from unauthorized access. No method of data transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:
To exercise your rights, please contact us by using the information outlined below. We try to respond to all legitimate requests promptly and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer to respond, taking into account the complexity and number of requests we receive.
Some users may update their user settings, profiles, and organization settings by logging into their accounts and editing their settings or profiles. If you are an employee of a PerformYard customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
As described above, we may also process Personal Data submitted by or for a customer to our Services. To this end, if not stated otherwise in this Privacy Statement or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer who is the controller of the Personal Data (see the introductory section above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Statement. If your data has been submitted to us by or on behalf of a PerformYard customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the PerformYard customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
The California Consumer Privacy Act (“CCPA”) requires businesses to disclose whether they sell Personal Data. As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties as detailed above. California law requires that we detail the categories of Personal Data that we share or disclose for certain “business purposes,” such as disclosures to service providers that assist us with securing our services or marketing our products.
California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights. You have the right to request certain information about our collection and use of your Personal Data over the past 12 months to include:
You have the right to request that we delete the Personal Data that we have collected from you. To do so, please contact us at firstname.lastname@example.org or 888-745-0761. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against internal records. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to continue to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
You have the right not to receive discriminatory treatment by PerformYard for exercising the privacy rights granted by the CCPA. PerformYard does not and will not sell personal information of any consumer.
PerformYard Services are hosted and operated in the United States (“U.S.”), and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to PerformYard in the U.S. and will be hosted on U.S. servers, and you authorize PerformYard to transfer, store and process your information to and in the U.S.
PerformYard's Services comply with the EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of HR-related personal information transferred from the European Union and Switzerland to the United States, respectively. You can view a description of how we comply with the Privacy Shield Principles in our Master Subscription Agreement. PerformYard has certified to the Department of Commerce that the Services described in our Privacy Shield Notice adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website here.