PeopleDoc Services Data Privacy Notice
Last Updated: February 2020
PeopleDoc and its subsidiaries (“PeopleDoc and/or “we”) is committed to protect the privacy of the individuals (“Users” and/or “you”) who register to use PeopleDoc Services (“Services”) on behalf of PeopleDoc’ Customers (“Customer”).
IF YOU ARE AN EMPLOYEE OF A CUSTOMER THAT USES THE PEOPLEDOC SERVICES: YOUR USE OF THE SERVICES IS GOVERNED BY YOUR EMPLOYER’S POLICIES. PLEASE DIRECT YOUR PRIVACY RELATED QUESTIONS OR REQUESTS TO THE DESIGNATED CONTACT AT YOUR EMPLOYER.
PeopleDoc processes your data in connection with your use of the PeopleDoc services only in accordance with the instructions given by your employer. Your employer is the controller for this processing. For more information on this, please refer to the data protection policies and/or practices for employees put out by your employer and made known or accessible to you.
This Privacy notice applies to you and your direct use of the MyPeopleDoc® Services for which PeopleDoc is the Controller. More specific conditions can be found at the MyPeopleDoc® Terms and Conditions.
To enable easy reading of this document, we have separated this text in two:
1) the binding text in ‘legal speak’, and
2) the non-binding text in simple speak. We hope this helps you to get a good understanding of what we offer you, what you can expect from us, and what we expect from you.
This policy describes what information we receive and process (“Data”) and how it is used. While you review this policy, please keep in mind that the use of Data received and processed through the Services is and shall always be limited to the purpose of providing the Services for which the Customer has engaged PeopleDoc. We will not sell your Data for marketing purposes.
1. The Data we receive
Depending on which Services you use, different kinds of information will be processed from or about you.
Except for MyPeopleDoc services, we collect Data according to our Customers’ instructions, and, we do not have direct relationship with the individuals whose Data we process.
We also process Data that other Users provide when they use our Services, for example when they use the document sharing tools to send you a document, when they send a message to you, or upload, sync or import your contact information.
We may send you service-related emails, this may be a part of the Service you are using.
If you wish to subscribe to our newsletter(s), we will use your name and email address to send you the newsletter. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in each of these emails, or you can contact us.
2. Sensitive Data
We will not intentionally collect or maintain, and do not want you to provide, any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information. If, by any chance, you chose to send us sensitive data solely at your own risk and responsibility, you explicitly agree that we may process this data in the EEA, US and in other countries and that you will not hold PeopleDoc accountable for any potential non-observance to sensitive data specific local regulations.
3. How Data is used
We use the Data to help us provide and support our Services. That means, we use the information we receive to help verify accounts and activity, and to promote safety and security on and off of our Services, such as investigating suspicious activity or violations of our terms or policies. We work hard to protect your account using teams of engineers, automated systems, and advanced technology as encryption.
We use the Data mainly to:
You should never share your PeopleDoc account information with anyone, including your username and password. We recommend that you use a unique password for your PeopleDoc account that is not associated with other Services. You should check your PeopleDoc account regularly to ensure that your Data has not been tampered with or altered.
Any suspicious activity regarding your account, including automated messages or calls from parties you cannot identify, should be reported to your employer and to PeopleDoc following the information on How to contact PeopleDoc, below.
4. How and why we share the Data we receive
We will not make your Data, including Personal Data, available to any other parties except as provided in this Policy and inside the scope of the Services. To be even more specific, we will not sell, rent, exchange or share your Data, including Personal Data with any third-parties, without your prior permission, for any other purpose than the ones you requested or signed-up for.
If we are ever involved in a merger, acquisition, or sale of all or a portion of its assets, your Data may be transferred to the acquiring person or entity and you will be notified of any impact of that change in ownership on the processing or uses of your Data, as well as any choices you may have regarding such changes.
5. Data Retention
We will retain Data we process on your behalf for as long as needed to provide the Services or respond to requests. We only retain and use this Data as necessary to comply with PeopleDoc’ agreements, legal obligations, and resolution of disputes. No Data is kept outside the scope from which we have received it in the first place.
If you are an employee of one of our Clients and would no longer like to be involved with one of our Clients that use our Services, please contact the Client with whom you interact directly.
6. How can you manage or delete your Data
If you seek access, correction, amendment, or deletion of inaccurate data, you should direct your request to your employer. If you seek to access, correct, amend or delete any Data on your e-vault that is no longer related to your employer you can contact us on How to contact PeopleDoc. Users are usually able to remove the Data without our involvement, however, if you request PeopleDoc to remove the data, we will respond to this request within a reasonable period of time, considering the risk on the maintenance of such Data.
7. Legal requests concerning your Data
8. Information Collected Automatically
When you are using the Services, information may be recorded or read on your terminal using cookies/tracking tools, based on the choices selected in your browser.
We use web analysis services that use "cookies", text files that are saved on your computer and analyze the use of a site. Information about your use of this site (including your IP address) generated by the cookie is transferred and stored on a server. These services use this information to evaluate your use of the Services to compile reports on the site activities for PeopleDoc. Such services may also transfer such information to third parties, to the extent legally specified or to the extent that third parties process such data.
You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies or any other tracking tool.
9. European Economic Area
Data collected within the European Economic Area (“EEA”) may be transferred to countries outside of the EEA for the purposes described in this Policy. We believe and follow the principles under European Union law, and in order to legitimize data transfers from the EEA to the United States and other countries we ensure to have in place agreements containing Standard Contractual Clauses or any other appropriate safeguard as established by the European Commission. You can contact us with questions or concerns regarding the transfer of Data outside the EEA.
10. Security and Breach Notification
We are committed to the security of our Services, and we have in place physical, administrative and technical measures designed to prevent unauthorized access to your Data. Our security policies cover the management of security for both internal and Services operations. These policies, which are ISO/IEC 27001:2013 certified, govern all areas of security applicable to the Services and apply to all PeopleDoc employees. You can check our ISO/IEC 27001:2013 certificate here.
We promptly evaluate and respond to incidents that create suspicions of unauthorized handling of Data. PeopleDoc' Global Information Security Team and Legal Team are informed of such incidents and, depending on the nature of the activity, shall define escalation paths and response teams to address the incidents. If we determine that your Data has been misappropriated or otherwise wrongly acquired by a third party, we will promptly report such breach to you.
We may update – and mostly upgrade – this Policy from time to time, having in mind never to downgrade the levels of security already provided to you. You will be notified of any significant changes in the way we treat any of your Data and we will give you the opportunity to review and comment on the revised Policy before continuing to use our Services.
We also encourage you to periodically review this page for the latest information on our privacy practices.
12. How to contact PeopleDoc
If you have questions about this policy, here’s how you can reach us at firstname.lastname@example.org.