- California Consumer Privacy Act Notice
- EU-U.S. and Swiss-U.S. Privacy Shield Policy
Last updated: December 4, 2020
Employee Cycle (“we”, “our” or “us”) has subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). Employee Cycle adheres to the Privacy Shield Principles including the Supplemental Principles, (collectively, the “Privacy Shield Principles”) for Personal Data received from entities in the European Economic Area (the “EEA”), the United Kingdom (“UK”) and Switzerland.
We store and process all Personal Data of United States citizens in accordance with the California Consumer Privacy Act (“CCPA”), and related regulations, as such laws may be amended from time to time.
In addition, the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) governs the processing of personal data of citizens of the European Union. To the extent applicable, we will enter into data transfer agreements under terms and conditions substantially similar to those contained in the standard contractual clauses promulgated by the European Commission or expressly required by the GDPR.
Pursuant to the CCPA, Employee Cycle is providing this California Consumer Privacy Act Notice (“CCPA Notice”). Terms used but not defined shall have the meaning ascribed to them in the CCPA.
1.Notice and Choice
Information That You Give Us
We collect personal information from you when you submit it to us, including by: (1) signing up for our newsletter; (2) contacting us; or (3) participating in a Site promotion or survey. This information may include, for example, your name, email address, mailing address, and telephone number. We may combine the information we collect from you with information we receive about you from other sources.
We may collect personal information from you when you write a review on our Sites. However, we do not ask, and you should not enter, your full name anywhere in your review.
In some jurisdictions, individuals may have the right to opt-in or withdraw consent for certain uses. If you reside in such jurisdictions, you may have additional rights which are detailed below, “Access, Correction and Deletion.”
Information We Collect from or for Employers
If applicable, we may collect personal information from your employer (or from your employer’s human resource-related service providers with your employer’s authorization), solely in connection with and for the purpose of our providing services to your employer. Contact your employer for more information about the information that it shares with us or authorizes us to collect on its behalf.
Information We Collect Automatically
When you visit the Sites, we may collect certain information from you, including your Internet Protocol (IP) address, MAC address, browser type, operating system, device-identifying information, the specific web pages visited during your connection, and the domain name from which you accessed the Sites. In addition, we may collect information about your browsing behavior, such as the date and time you visit the Sites, the areas or pages of the Sites that you visit, the amount of time you spend viewing the Sites, the number of times you return to the Sites and other clickstream data. We may also use non-personal or aggregated information for statistical analysis, research, and other purposes.
We may also use web beacons on the Sites, in our emails, and in our advertisements on other websites. Web beacons are tiny graphic images that are used to collect information about your visit to the Sites, such as the pages you view and the features you use, as well as information about whether you open and/or act upon one of our emails or advertisements. We may also collect the URL of the website you visited immediately before coming to the Sites. Web beacons help us analyze our Site visitors’ behavior and measure the effectiveness of the Sites and our advertising. We may work with service providers that help us track, collect and analyze this information.
We may combine the information we collect through cookies and web beacons with other information we have collected from you or from other sources.
Employee Cycle only collects Personal Data information that is relevant for the purposes of processing in it’s role of providing Human Resources dashboards to Employers. Employee Cycle pulls customer data from the customer, or authorized third party payroll or human resource providers to create the dashboards. This data is authorized to be provided to Employee Cycle by employers.
Employee Cycle only receives the data that is provided by an individual’s employer. If sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual) is provided to Employee Cycle by an employer, the individual has consented for this information to be shared. Access to this information is restricted within the Employee Cycle system. Sensitive information is only processed by Employee Cycle as part of its service offerings and is not used for a purpose other than that for which it was originally collected.
We collect the following specific categories of personal information
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, address, telephone number, education, employment, employment history,
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, marital status, sex (including gender, gender identity, gender expression, sexual orientation, veteran or military status,
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Bases for processing your data. We collect and use the personal data described above in order to provide you and your employer with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that our partners obtain such consent. Employee Cycle processes your data (1) to provide the Employee Cycle Services to you pursuant to our contract with you; (2) in furtherance of its legitimate interests in operating our Services and business; and (3) with your consent. In some cases, Employee Cycle may process your data to comply with applicable law, legal process, or regulation; protect any person from death or serious bodily injury; or to carry out a task in the public interest.
In its role as a controller and as required by applicable law, Employee Cycle generally offers individuals the opportunity to choose whether their Personal Data may be (i) disclosed to third-party controllers or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the Consumer. To the extent required by the Privacy Principles, Employee Cycle obtains opt-in consent for certain uses and disclosures of sensitive data. Consumers may contact Employee Cycle as indicated below regarding the Employee Cycle’s use or disclosure of their Personal Data. Unless Employee Cycle offers Consumers an appropriate choice, Employee Cycle uses Personal Data only for purposes that are materially the same as those indicated in this Policy.
Use of Information
If you sign up for our mailing list, we will send you informational emails about offers of services. At any time, you can ‘unsubscribe’ yourself from our email list simply by clicking the ‘unsubscribe’ button.
If you do not wish to receive communications from us about special offers and promotions, you can opt-out of receiving these communications by following the instructions contained in the messages you receive. Even if you opt-out of receiving these messages, we reserve the right to send you certain communications relating to the services we provide, and we may send you service announcements and administrative messages. We do not offer you the opportunity to opt-out of receiving those communications. For more information about interest-based advertising, including how you can manage advertising, please see below “Interest-Based Advertising.”
Subject to applicable law, we assume no responsibility for validating that appropriate consent has been obtained or that information contained in communications we send on behalf of employers is accurate, true, current, and complete. If you have any questions or concerns, we recommend that you contact your employer for more information about how your personal information may be shared and used in connection with the services we provide to your employer.
2. Data Integrity and Purpose Limitation
Employee Cycle only collects Personal Data that is relevant to providing our Services. Employee Cycle process Personal Data compatible with us providing the Services or as otherwise notified to you. Employee Cycle takes reasonable steps to ensure that the Personal Data received is needed for Employee Cycle’s Services, accurate, complete, and current.
Employee Cycle does not sell personal information to third parties.
3. Accountability for Onward Transfers
Except as permitted or required by applicable law and in accordance with Employee Cycle’s role as a controller or processor, Employee Cycle provides Consumers with an opportunity to opt out of sharing their Personal Data with third-party controllers. Employee Cycle requires third-party controllers to whom it discloses the Personal Data of Consumers to contractually agree to:
- only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant Consumer,
- provide the same level of protection for Personal Data, and
- notify Employee Cycle and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party controller determines that it cannot meet its obligation to provide the same level of protection for Personal Data.
Employee Cycle shares this personal information with: our vendors, service providers, suppliers, agents and representatives; the administrators authorized by your organization and other parties where required by law or to protect our rights.
Employee Cycle may use this personal information to operate, manage, and maintain our business, to provide our products and services, to communicate with you, for our vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using personal information to: develop, improve, repair, and maintain our products and services; process or fulfill a request or other transactions submitted to us; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions; comply with law, legal process, and internal policies; maintain records; exercise and defend legal claims; and fulfill legal obligations.
Employee Cycle may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or appropriate government request; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Employee Cycle or our users; (d) protect Employee Cycle’s rights, property, safety, or interest; or (e) perform a task carried out in the public interest.
Stewardship of your data and information is critical to us and a responsibility that we embrace. We believe that your data and information should receive the same legal protections regardless of whether it’s stored on our Services or on your own computer’s hard drive. We’ll abide by the following Government Request Principles when receiving, scrutinizing, and responding to government requests (including national security requests) for your data and information:
- Be transparent
- Fight blanket requests
- Protect all users, and
- Provide trusted services.
We publish a Transparency Report as part of our commitment to informing you about when and how governments ask us for information. This report details the types and numbers of requests we receive from law enforcement. We encourage you to review our Government Request and Transparency Report for more detailed information on our approach and response to government requests..
4. Data Security
We use commercially available, reasonable, and appropriate physical, electronic, and administrative safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.
5.Access to Personal Data
When Employee Cycle acts on behalf of its Users, Employee Cycle will assist Users in responding to individuals exercising their rights under the Privacy Shield Principles. If you are an Employee of a User, please contact the User directly with your request to access or limit the use or disclosure of your Personal Data. If you contact us with the name of the User to which you provided your Personal Data, we will refer your request to that User and support them in responding to your access request.
5.1 Consumer Rights
5.1.1 You have the right to request that we disclose to you (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the specific pieces of personal information we collected about you; (iii) the business or commercial purpose for collecting personal information about you; and (iv) the categories of personal information about you that we shared or disclosed and the categories of third parties with whom we shared or to whom we disclosed such information in the preceding 12 months. You also have the right to request that we delete personal information we collected from you subject to certain exceptions.
5.1.2 You also have the right to not be discriminated against in pricing and services because you exercise any of your rights
5.2 How to Make a Request
5.2.1 You may make a request for the disclosures or to review, correct, update, suppress, or delete Personal Data by contacting privacy@EmployeeCycle.com.
5.2.2 You may be required to submit proof of your identity for these requests to be processed as a verifiable consumer request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.
5.2.3 We will respond to your request consistent with the CCPA, which does not apply to certain information, such as information made available from government records, certain data subject to the Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA) and certain other laws, and where its application is preempted by, or in conflict with, federal law or the United States or California Constitution.
5.2.4 We may limit or deny access to Personal Data where providing such access is unreasonably burdensome, expensive under the circumstances, or as otherwise permitted by the Privacy Shield Principles.
6. Recourse, Enforcement and Dispute Resolution
If you have any questions or concerns, please contact us at privacy@EmployeeCycle.com.. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data
In the event we are unable to resolve your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Employee Cycle is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
Employee Cycle commit’s to cooperate with European Union data protection authorities (“DPAs”). Employee Cycle will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield. Employee Shield will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.
Employee Cycle, Inc.
1608 Walnut Street, Floor 12
Philadelphia, PA 19103
Attention: Employee Cycle Privacy Team
If we’re involved in a reorganization, merger, acquisition, or sale of our assets, your data may be transferred as part of that deal. We’ll notify you (for example, via a message to the email address associated with your account) at least thirty (30) days before any such transaction and outline your choices in that event.