Service Provider Privacy Statement

This Privacy Statement was updated on October 8, 2020.

Scope

Ceridian HCM, Inc. and its subsidiaries (herein “Ceridian”) provide human capital management products and related services to organizations to help them manage their workforce. As such, Ceridian processes data about those organizations’ prospective, current and past employees (herein “Employees” or “Individuals”) on behalf of those organizations and as per their instructions. This Privacy Statement (“Statement”) describes our general practices relating to the processing of data about these organizations’ Employees (“Personal Information”). If you are an Individual whose prospective, current or past employer (herein “Employer”) uses a Ceridian application such as Dayforce or Powerpay, and your Employer has asked you to submit Personal Information as part of that service, you should review your Employer’s own privacy statement to understand that Employer’s privacy practices.

Personal Information Processing

In connection with products such as Dayforce and Powerpay, Ceridian will provide your Employer the ability to collect, store, use, transfer, share and disclose your Personal Information in support of a prospective, current or past employment relationship between you and your Employer. When Ceridian processes your data in this manner, it acts as a processor for your Employer, who is the controller. In its capacity as a processor, Ceridian only processes your Personal Information as per the instructions of the controller, for their benefit, and on their behalf. Therefore, Ceridian’s customers- your Employer(s)- are responsible for providing you with a notice of what Personal Information they collect, use and disclose, for what purposes they do so, and with whom it is shared. They are also responsible for obtaining appropriate consent where required or identifying other legal basis upon which they may rely to process your Personal Information.

Ceridian relies on its customers and its customers’ Employees to supply Ceridian with accurate, complete and up-to-date Personal Information where relevant to Ceridian’s delivery of the services. Individuals are asked to review their records on a regular basis and make the appropriate updates or notify their Employer of errors promptly. Ceridian may share Personal Information with service providers to help us provide your Employer with a product or a service, and to other third parties (e.g. banks, government tax agencies, benefit providers) at the instructions of your Employer. In addition, Ceridian may disclose Personal Information to law enforcement or other government authorities if required by law. In the event that Ceridian, or any portion of our assets, are acquired, sold, or transferred, Ceridian will disclose Personal Information with the company involved to complete the business transition, including at the negotiation stage.

Ceridian processes Personal Information that your Employer may collect through the service from or about you, or that your Employer may provide through the service. For example:

Ceridian may process time and attendance-related information on behalf of your Employer collected by timekeeping devices that leverage biometrics such as your fingerprint. Refer to Ceridian’s Biometric Statement to learn more about our related privacy practices.

Cross Border Transfers

To run our business, we may store and process your Personal Information in any country where Ceridian and authorized third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.

Ceridian utilizes the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Ceridian also utilizes Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.

Security

Ceridian has implemented policies and procedures to protect Personal Information. Ceridian uses recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information. Ceridian reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Ceridian provides reasonable security controls for customers to configure in order to protect their Personal Information from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction.

Changes to this Privacy Statement

Ceridian may update this Statement periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Statement.