Dayforce, Inc., and all of its affiliates and subsidiaries (herein “Dayforce”) provide human capital management products and related services to organizations to help them manage their workforce. As such, Dayforce processes data about those organizations’ prospective, current and past employees (herein “Employees” or “Individuals”) on behalf of those organizations and as per their instructions. This Privacy Statement (“Statement”) describes our general practices relating to the processing of data about these organizations’ Employees (“Personal Information”). If you are an Individual whose prospective, current or past employer (herein “Employer”) uses a Dayforce application such as the Dayforce product or Powerpay, and your Employer has asked you to submit Personal Information as part of that service, you should review your Employer’s own privacy statement to understand that Employer’s privacy practices.
In connection with products such as Dayforce and Powerpay, Dayforce will provide your Employer the ability to collect, store, use, transfer, share and disclose your Personal Information in support of a prospective, current or past employment relationship between you and your Employer. When Dayforce processes your data in this manner, it acts as a processor for your Employer, who is the controller. In its capacity as a processor, Dayforce only processes your Personal Information as per the instructions of the controller, for their benefit, and on their behalf. Therefore, Dayforce’s customers- your Employer(s)- are responsible for providing you with a notice of what Personal Information they collect, use and disclose, for what purposes they do so, and with whom it is shared. They are also responsible for obtaining appropriate consent where required or identifying other legal basis upon which they may rely to process your Personal Information.
Dayforce relies on its customers and its customers’ Employees to supply Dayforce with accurate, complete and up-to-date Personal Information where relevant to Dayforce’s delivery of the services. Individuals are asked to review their records on a regular basis and make the appropriate updates or notify their Employer of errors promptly. Dayforce may share Personal Information with service providers to help us provide your Employer with a product or a service, and to other third parties (e.g. banks, government tax agencies, benefit providers) at the instructions of your Employer. In addition, Dayforce may disclose Personal Information to law enforcement or other government authorities if required by law. In the event that Dayforce sells or divests assets or any portion thereof, Dayforce may disclose Personal Information to the company involved in the business transaction in support of the sale, or divestiture, and where applicable, in support of integration activities. It is Dayforce’s practice to require appropriate protection for Personal Information in these types of transactions.
Dayforce processes Personal Information that your Employer may collect through the service from or about you, or that your Employer may provide through the service. For example:
Dayforce may process time and attendance-related information on behalf of your Employer collected by timekeeping devices that leverage biometrics such as your fingerprint. Refer to Dayforce’s Biometric Statement to learn more about our related privacy practices.
When you use our mobile applications, Dayforce collects Personal Information in its capacity as a data controller to understand how these applications are used and to make improvements. For example, the Dayforce Mobile application gathers information for analytics, troubleshooting, and improvement. We use third-party services, such as Google Analytics, to view aggregated information about end-users’ usage and interactions. Please refer to Dayforce’s Global Privacy Statement for additional information.
To run our business, we may store and process your Personal Information in any country where Dayforce and authorized third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.
Dayforce utilizes the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Dayforce also utilizes Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.
Dayforce, Inc., and all its U.S. affiliates and subsidiaries using the Dayforce brand name, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Dayforce has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Dayforce also utilizes SCCs and the UK Addendum to the SCCs for the transfer of Personal Information from the EU, Switzerland and UK to other countries.
If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view Dayforce’s certification, please visit https://www.dataprivacyframework.gov/.
Dayforce has implemented policies and procedures to protect Personal Information. Dayforce uses recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information. Dayforce reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Dayforce provides reasonable security controls for customers to configure in order to protect their Personal Information from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction.
If you have any inquiries or complaints about our handling of your Personal Information under the Data Privacy Framework, or about our privacy practices generally, please contact us at:
Chief Privacy Officer
Dayforce US, Inc.
3311 E. Old Shakopee Road
Bloomington, MN 55425
Telephone: 1-888-975-7674
Email: privacy@dayforce.com
If you have unresolved issues, you may contact your local privacy regulator.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Dayforce commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain circumstances, you may invoke binding arbitration. To learn more visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
The Federal Trade Commission has jurisdiction over Dayforce’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Dayforce may update this Statement periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Statement.