Job Applicant Privacy Statement

This Privacy Statement was updated on June 23, 2020.

Scope

Ceridian HCM, Inc., and its subsidiaries (herein “Ceridian”) are committed to protecting your Personal Information and processing it responsibly. This Privacy Statement (“Statement”) describes our general practices relating to the collection, use and disclosure of data relating to Ceridian’s job applicants (“Personal Information”).

Table of Contents

The Personal Information Ceridian Collects

Directly from You

Ceridian collects Personal Information directly from you when you interact with us online, through our mobile app or through other communication channels such as telephone, email or in person. For example:

From Other Sources

Ceridian obtains Personal Information from third parties. For example:

How Personal Information is Used

Ceridian uses Personal Information to, among other things:

Depending on the circumstances and applicable law, Ceridian processes Personal Information on a number of lawful bases, including obtaining your consent, performance of a contract, compliance with a legal obligation, to protect yours or someone else’s vital interests, to perform a task in the public interest or for other legitimate interest. In Europe and other jurisdictions where this is permitted, we rely on “legitimate interest” for example, for fraud prevention and network security.

In some cases, Ceridian de-identifies or anonymizes Personal Information in support of legitimate business purposes. Once deidentified or anonymized, such data is no longer considered Personal Information. When using deidentified or anonymized data, Ceridian does not attempt to reidentify the data.

How Personal Information is Shared

Within Ceridian

Ceridian allows access to applicant Personal Information to people within the Ceridian family of companies who have a “need to know” that information in relation to the recruitment process and other legitimate business purposes. For example, your recruiter will share your resume information with Ceridian employees who will be interviewing you for an open position.

Service Partners

We share Personal Information with companies or individuals that provide us with services. These services include pre-employment screening and office security. Service providers can only process Personal Information as instructed by Ceridian.

Business Transition

In the event that Ceridian, or any portion of our assets, are acquired, sold, or transferred, Ceridian will disclose Personal Information with the company involved to complete the business transition, including at the negotiation stage.

Applications and Tools

We offer tools, widgets and applications on our website such as search engine functionalities, that are powered by third parties. If you use those applications or tools, any Personal Information that you provide will be shared with the third party that provides that functionality. The third party’s use of that Personal Information is subject to their Privacy Statement.

Law Enforcement

We may report to law enforcement agencies any activities that we reasonably believe to be unlawful, or that we reasonably believe will aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release your Personal Information to law enforcement agencies if we determine, in our sole judgment, that either you have violated our policies, or the release of your Personal Information will protect the rights, property, or safety of Ceridian, or another person.

Legal Process

We may share your Personal Information with others as required by, or permitted by, law. This includes sharing your Personal Information with governmental entities, or third parties in response to subpoenas, court orders, other legal process, or as we believe is necessary to exercise our legal rights, to defend against legal claims that have been brought against us, or to defend against possible legal claims that we determine in our sole discretion might be brought against us.

Cross Border Transfers

To run our business, we may store and process your Personal Information in any country where Ceridian and authorized third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.

Ceridian utilizes the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Ceridian also utilizes Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.

How Personal Informatios is Protected

Ceridian has implemented policies and procedures to protect Personal Information. Ceridian uses recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information. Ceridian reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Ceridian makes reasonable security arrangements to protect Personal Information from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction. The methods of protection include physical measures, organizational measures and technological measures. Ceridian requires all third parties to whom it transfers Personal Information to maintain adequate safeguards in compliance with applicable laws and standards to protect Personal Information. In the event that Ceridian is required by law to inform you of a breach of your Personal Information, we will notify you electronically, in writing or by telephone, if permitted by law.

Retention of Personal Information

Ceridian will retain your Personal Information for as long as necessary to fulfill the purpose for which it was collected or as required to comply with legal obligations. These legal obligations are reflected in an internal retention policy and schedule. At the end of the retention period, Ceridian will securely delete the Personal Information. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

Do Not Track Disclosure

Do Not Track (DNT) is a preference that users can set for their browsers to opt out of the online tracking activities by some websites. Ceridian does not respond to DNT signals in browsers.

Information for California Residents

California Civil Code Sections 1798.115(c), 1798.130(a)(5)(c), and 1798.140 indicate that organizations should disclose whether certain categories of Personal Information are collected, “sold” or transferred for an organization’s “business purpose” (as those terms are defined under California law). Ceridian does not sell Personal Information. You can find a list of the categories of Personal Information that we collect and share below. Please note that because this list is comprehensive it refers to types of Personal Information that we collect and share about people other than yourself. If you would like more information concerning the categories of Personal Information (if any) we share with third parties or affiliates, please submit a written request to us using the information in the “How to Exercise Your Rights” or “How to Contact Ceridian” sections. We do not discriminate against California residents who exercise any of their rights described in this Statement.

Categories of Personal Information Collected

Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes

Personal identifiers such as name, signature, postal address, telephone number, email address or other unique personal identifiers
  • Subsidiaries and affiliates of Ceridian HCM, Inc.
  • Third parties who assist with information technology and security programs
  • Third parties who assist with fraud prevention, detection and mitigation
  • Third parties who provide us with technology services, such as internet service providers, operating systems and platforms, data centers/hosts/cloud service providers
  • Third parties to create or maintain our databases
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by, or permitted by, law, including for litigation purposes
Education, professional or employment-related information
  • Subsidiaries and affiliates of Ceridian HCM, Inc.
  • Third parties who assist with information technology and security programs
  • Third parties who assist with fraud prevention, detection and mitigation
  • Third parties who provide us with technology services, such as internet service providers, operating systems and platforms, data centers/hosts/cloud service providers
  • Third parties to create or maintain our databases
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by, or permitted by, law, including for litigation purposes
Online information such as electronic network activity (e.g., browsing history), internet protocol (IP) address, device ID, account name, or other similar identifiers
  • Subsidiaries and affiliates of Ceridian HCM, Inc.
  • Third parties who assist with information technology and security programs
  • Third parties who assist with fraud prevention, detection and mitigation
  • Third parties who provide us with technology services, such as internet service providers, operating systems and platforms, data centers/hosts/cloud service providers
  • Third parties to create or maintain our databases
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by, or permitted by, law, including for litigation purposes
Audio, electronic, visual, thermal, olfactory or similar information
  • Subsidiaries and affiliates of Ceridian HCM, Inc.
  • Third parties who assist with information technology and security programs
  • Third parties who assist with fraud prevention, detection and mitigation
  • Third parties who provide us with technology services, such as internet service providers, operating systems and platforms, data centers/hosts/cloud service providers
  • Third parties to create or maintain our databases
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by, or permitted by, law, including for litigation purposes

How to Exercise Your Rights

Ceridian makes reasonable efforts to keep Personal Information as accurate, complete and up-to-date as is necessary to fulfill the purposes for which the information is to be used. Unless Ceridian is permitted or required by law to prohibit access, you can view and if necessary, update and correct your Personal Information. Depending on the jurisdiction in which you are, you may have additional rights such as the right to request deletion of your Personal Information, the right to restrict or object to processing your Personal Information by Ceridian or the right to transfer your Personal Information to another organization. Individuals can submit requests for any of these rights here or by using the information in the “How to Contact Ceridian” section.

Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name and contact information. We may also ask you to provide a signed declaration confirming your identity. In some circumstances, you may designate an authorized agent to submit requests on your behalf here. We will require verification that you provided the authorized agent permission to make a request on your behalf.

Individuals can raise concerns or file complaints here. Ceridian will investigate all complaints and take appropriate action to remedy any issues.

How to Contact Ceridian

For privacy-related questions, comments, or concerns, contact Ceridian at:

Changes to this Privacy Statement

Ceridian may update this Statement periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Statement.