Insperity’s Business Performance Solutions Privacy Notice
Online Privacy Notice – Effective October 1, 2020
We respect your privacy and have created this Privacy Notice to provide you information about how the personal information that you may provide to us, and that we maintain electronically is used, and to inform you about your privacy-related choices regarding use, access and correction of your personal information as well as the human resources data transferred to us for processing on behalf of companies that are our direct and indirect customers (each a “Customer”).
This Privacy Notice specifically discloses the information gathering and use practices of Insperity Business Services, L.P. (“we”, “us”, or “our”) for our traditional HR technology solution websites, password-protected cloud-based applications (e.g., PerformSmart®, OrgPlus®, ExpensAble® and TimeStar®), and supporting mobile applications (referred to collectively as our “Business Performance Solutions”) that are accessible from our various URLs that allow you to log in to the Business Performance Solutions to provide information required for our services (each, a “Site,” and, collectively referred to as our “Sites”).
We provide our Business Performance Solutions for Customers and permit access and use of our Business Performance Solutions by individuals who are our Customers’ designated users or prospective customers’ evaluation users (each a “User” and, collectively “Users”). Certain of our Customer’s users are provided administrative rights in order to assign and support other Users and communicate with us directly for support services (each an “Administrator” and, collectively “Administrators”). Our Sites also collect information about Site visitors that may or may not be our Customers or Users, but that browse the public portions of our Site. Site visitors that are not Users with appropriate login credentials are not allowed access to our Business Performance Solutions from the Site.
This Privacy Notice only applies to our Business Performance Solutions Sites or service agreements that link to or reference this Privacy Notice. This Privacy Notice does not apply to sites owned or operated by other Insperity companies related by common ownership or control (“Affiliates”) that reference a separate online privacy notice and you should carefully review the privacy notice as referenced on each Site you use. If you login to our Business Performance Solutions from the Individual Solutions pages accessible from within the Insperity.com site, the Insperity Privacy Notice located here will apply to any information you provide at the Insperity.com site prior to accessing any of our Business Performance Solutions.
If you are located in the state of California in the United States, we process your personal information for a specific and limited purpose and in accordance with the California Consumer Privacy Act (“CCPA”). You should carefully review our separate California Privacy Notice by clicking here.
This Privacy Notice does not apply to any information that you may provide to third parties; for example, other sites linked to our Sites. You should review any linked policies at third party sites or contact such third parties directly to determine their respective privacy policies. We do not guarantee and are not responsible for the privacy or security of such third-party sites, including the accuracy, completeness, or reliability of their information.
What information do we collect?
We process information in different contexts. As part of our firm commitment to ethical privacy practices, we respect your privacy when doing so. We collect information when a Customer registers or opens an account for a Business Performance Solution, signs in, pays an invoice, purchases access to a service, calls us for support, or gives us feedback.
We may collect information from or about our prospects and Customers such as:
- company size, revenue, type, and industry codes (SIC and NAIC)
- company name, phone number, physical address and URL
- purchase history with us and billing information/account numbers
- affiliation purchases (lead outs by user)
- contact information for Administrators within your company as needed for us to provide our services
- employee goals and performance evaluations
We may collect information that Users, or Customers on behalf of its Users, provide while using any of our Business Performance Solutions such as:
- name, phone and fax numbers, and address (street and email)
- login credentials (i.e., usernames and passwords)
- security validation questions and answers
- age, marital status and occupation
- job title, job history and employment status
- email preferences
- interests or hobbies
When we collect the above types of information, it is because you or our Customer for which you are a User voluntarily submits the information to us in order to utilize the services we provide.
If you use our time and attendance Business Performance Solution (“TimeStar®”), we may also collect personal information such as information about your salary and time off.
If you use our expense management Business Performance Solution (“ExpensAble®”) as a User, we may collect expense reporting-related activities such as flights, travel, hotel, meals, gifts and other expenses (“ExpensAble Transactional Data”), and the service records related to the processing of this Transactional Data.
If you use our performance management Business Performance Solution (“PerformSmart®”) as a User, we may collect performance management-related activities such as tracking goals and performance evaluations (“PerformSmart Transactional Data”), and the service records related to the processing of the PerformSmart Transactional Data.
While ExpensAble Transactional Data or PerformSmart Transactional Data may relate to you, it is considered to be our Customer’s data, because it relates to the Customer’s business and financial affairs.
We may collect personal information from our Site visitors through methods such as sponsored contests, online surveys, emails, requests for information, or other means available on our Sites. We may also collect personal information from off-line methods such as post-cards or events you attend and request information on our products or services, and from third parties that maintain agreements with us to resell, sublicense or make our products and services available to you. Regardless of how personal information is collected, its use will be governed by this Privacy Notice and we may store and analyze log files from such activities.
We may also collect personal information from our Affiliates or third parties. We sometimes enter into service agreements to integrate or bundle our Business Performance Solutions with those of third-party entities and licensors and we resell, sublicense or make such integrated or bundled services and products accessible to our Customers.
If you are a Customer of our comprehensive human capital management solution powered by the iSolved® third party platform (“Workforce Administration™), we may collect personal information during our provision of services such as Social Security Number or Tax Payer Identification Number.
All other information that you may enter directly into the iSolved® platform is processed by iSolved and governed by their Privacy Notice currently located here.
What information do we collect through automated means?
As is true of most sites, we gather certain personal information automatically. This personal information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer our site.
We collect the following information through automated means:
- IP address
IP addresses are numbers that are automatically assigned to your computer, and, if associated with other individually identifiable information, could be considered personal information. We use your IP address to operate our Sites, help diagnose problems with our server or systems, and to administer and improve our Sites. Your IP address is also used to help identify you and to gather broad demographic information (for example, your region, city, postal zip code), some of which we aggregate and then share with our strategic alliance companies and channel partners, potential strategic alliance companies and channel partners, and other third-party service providers (collectively, “partner organizations“). We may also use your IP address to keep track of the information you have entered, viewed, or used by means of our Sites. We reserve the right to block your IP address if it originates from certain countries located outside of the United States.
- Site access, browser type, operating system, etc.
We may also collect the name of the Internet service that provides you access to the Internet (e.g., Comcast, Verizon, or ATT), your browser type, operating system, the date and time you access a Site, and the Internet address of any web site from which you link directly to one of our Sites, as well as collecting other information in a User’s log file. A User’s log file tells us where a User comes from when entering one of our Sites, which part of our Site the User visits as well as where the User goes when leaving our Site, and how much time the User spends on our Site. We collect and use this information for operation and management of the Site and for analyzing, monitoring and improving its performance. We do not link this automatically collected data to other information we collect about you.
- Tracking technologies
- Behavioral targeting / re-targeting
- Mobile applications
When you download and use one of our mobile applications that allow you to access information from a Business Performance Solution, we may automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”).
We may send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
- Location-based information
Our ExpensAble® and TimeStar® mobile applications will ask you for permission to obtain your location, which the mobile applications may use to pre-populate forms and schedules. If you do not grant permission (or turn off this function), the mobile application will not use your location data. We collect your location-based information for the purpose of locating a place that you may be searching for in your area and calculating mileage between locations if you are using our ExpensAble mobile application. We collect your location-based information for the purpose of locating your site information for timekeeping purposes if you are using our TimeStar mobile application. We will only share this information with our telephony and mapping providers for the sole purpose of providing you this service. You may opt-out of location-based services at any time by editing the setting at the device level or by emailing us at email@example.com.
- Mobile analytics data
We use mobile analytics software to allow us to better understand the functionality of our mobile application software on your phone. This software may record information such as how often you use our mobile application, the events that occur within the mobile application, aggregated usage, performance data, and where the mobile application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within our mobile applications.
- Social media widgets
Our Sites may include social media features, such as the LinkedIn®, Twitter, Facebook, and YouTube™ buttons that are found on our Sites. These features may collect your IP address and the page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these social media features are governed by the Privacy Notice of the company providing them.
What is this information used for?
We use your personal information in the course of providing you with access to our Business Performance Solutions and to operate, study, improve or enhance our Sites. We also use your information in other ways, which may include, but are not limited to the following:
- Contacting you about our sites
We use your personal information to communicate with you and provide support for your use of any of our Business Performance Solutions. The use of information collected through our Sites will be limited to the purpose of providing and supporting the Business Performance Solution for which Customers have engaged us. Please note that email communication will not necessarily be secure; accordingly, you should not include credit card information or other sensitive personal information such as social security numbers in your email correspondence with us.
- Contacting you about commercial offers
We may also contact you to tell you about products and services provided by our Affiliates and partner organizations or to provide you with industry-related news or information. If you do not wish to receive e-mail or mail communications directly from us regarding Affiliate or partner organization offers, products and services, you may opt out of receiving such communications from us by following the procedure set forth in such communications (e.g, by using the unsubscribe link found in the emails we send to you) or by submitting a form online here. You may also call the Insperity Privacy Team at 1-866-824-0505 or contact us via email at firstname.lastname@example.org. Affiliates, partner organizations, or other third parties that communicate with you directly should have their own procedures for opting out of receipt of their communications. Opting out of communications from Affiliates, partner organizations, or other third parties will not affect communications sent directly by us that relate to your use of our Business Performance Solutions; you cannot opt out of these service-related communications.
- Pre-populated forms
Some personal information will be used to pre-populate forms for use on our Sites or when submitting information to third parties, including Affiliates and partner organizations.
- Rewarding use of our sites
We may use information we collect in order to reward or provide incentives to Customers or Users of our Sites for visiting our Sites or the sites of our Affiliates or partner organizations, using services provided on the Sites, or referring Customers.
- Contacting your referrals
You may provide us with contact information such as name, email or phone number for your friends, family members or personnel at prospective client companies. We will identify you as the referring party when contacting such individuals about our products and services. We retain contact information for referrals to provide referrals with information regarding our products and services and to track the success of our referral and loyalty programs. Referred individuals may opt out of further communication from us after receipt of our initial email or phone call by using the mechanism provided in the email communication or by submitting a form online here to request removal of their personal information from our database. They may also call the Insperity Privacy Team at 1-866-824-0505 or contact us via email at email@example.com.
If we choose to use personal information in a manner different than the purpose for which it was collected or as discussed in this Privacy Notice, then we will offer you an effective way to opt out of the use of your personal information for those other purposes.
With whom is this information shared?
We do not sell your personal information to third parties. We share personal information only as described below:
- Our Affiliates and third-party contractors
We may share your personal information with our Affiliates for marketing purposes and to support our provision of services, even if the Affiliate is not a party to your Customer agreement. We may also transfer personal information to companies that help us provide our services, or that market, offer, resell or sublicense our services. Transfers to such subsequent third parties are covered by the service agreements with our Customers. In addition, we may from time to time transfer our database of collected Customer information to third-party contractors who analyze such information on our behalf for the purpose of, among other things, targeting e-mails or mail marketing materials to Customers and Users regarding Affiliate and partner organization offers. Additionally, we may from time to time transfer certain personal information such as credit card and billing information to a third-party contractor who provides payment processing services on our behalf. Such third-party contractors will be contractually bound to hold all such personal information in confidence under the terms of this Privacy Notice and not to share such information with any parties other than us or as required by law.
- Governmental authorities, compliance with law and protection of our Business Performance Solutions and others
We provide personal information to governmental authorities when required to do so by law (for example, we report personal information regarding your compensation and withholding to the U.S. Internal Revenue Service and state taxing authorities, and we disclose personal information to comply with subpoenas, warrants, orders or other legal processes when we believe in good faith that disclosure is necessary to protect our rights or the rights of third parties, protect your safety or the safety of others, investigate fraud, security or technical issues). We will also provide personal information to third parties if compelled to do so by an appropriately empowered governmental or legal authority, or, as necessary, to protect Insperity’s rights or the rights of third parties.
- Benefit plan providers
We will provide personal information to our partner organizations or third-party benefit providers in conjunction with the setup and administration of benefit plans only if you provide information to us for such purposes as a Customer or User of our Business Performance Solutions.
- Partner organizations
Insperity has entered into marketing agreements, channel partner agreements, strategic alliances, service agreements, sponsorships, and other relationships with third-party organizations that may offer or provide products and services to you directly or indirectly through us as the billing agent, sometimes under discounted or preferential terms. We may provide certain personal information including, but not limited to, your email address and other contact information to our partner organizations so that they may contact you directly regarding products and services that may be of particular interest to you.
These partner organizations are contractually bound to hold your personal information in confidence and not to share your personal information with parties other than us. We also sometimes agree to give these third parties (including potential partner organizations under nondisclosure agreements) aggregated information about Customers, Users or visitors to our Sites. If you initiate an inquiry with respect to a partner organization’s product or services by clicking on an icon or link relating to such product or service on one of our Sites, we may also furnish such partner organization with certain personal information for the purpose of, among other things, pre-populating forms or facilitating the exchange of information between you and the partner organization.
- Business transfers
As we and our Affiliates continue to develop our business, various aspects of our business may be sold, including the assets. If we sell, transfer, or assign the entirety or a portion of our business, we reserve the right to transfer all personal information regarding Users associated with our business as part of such a sale, transfer or assignment. You will be notified via email or mail communication or a prominent notice on our Site of any change in ownership, as well as any choices you may have regarding your personal information.
- Reporting to credit bureaus
We may share your personal information with credit bureaus and consumer reporting agencies. Late payments, missed payments, or other defaults on Customer accounts may be reflected in your credit report and consumer report. We may also share your personal information with attorneys, governmental agencies and card associations in connection with issues related to fraud, credit or debt collection.
What access do Users have to information we have collected?
We do not have a direct relationship with Users whose personal information we process as our relationship is with our Customers who serve as the data controllers. However, upon request from a User as to whether we maintain personal information, we will provide the User with information about whether we hold any of the User’s personal information.
If you are a User, you may have access to much of your personal information through logging into our Business Performance Solutions and clicking preferences under the applicable settings, help, or User profile menus. Here, if you have access, you can view, delete, correct, and amend personal information about you that we maintain.
We acknowledge that you have the right to access your personal information. If you are a User that cannot access or modify your personal information, you should check with your Administrator to request a copy of your information or to have changes made and if your Administrator cannot fulfill the request, Customer or your Administrator can request assistance from us. We will typically respond to such request within 30 days. If we are unable to provide the requested information within 30 days we will provide a timeline establishing when the requested information or changes will be provided.
If you are a visitor of our Sites, we do not have a direct relationship with you, but we may hold personal information that you provided to us directly or that we received from a third party such as through a referral. If you contact us at the address listed at the bottom of this Privacy Notice to inquire as to whether we hold any of your personal information or to request a copy, we will typically respond to such request within 30 days. If we are unable to provide the requested information within 30 days we will provide a timeline establishing when the requested information will be provided, and we will allow you the opportunity to have any personal information maintained in our database corrected or deleted.
We take commercially reasonable precautions to keep all information obtained from visitors to the Website secure against unauthorized access and use, and we periodically review our security measures. We are committed to securely processing your data and have put in place specific technical and organizational measures to prevent the personal information we hold from being accidentally or deliberately compromised.
Insperity implements reasonable security measures, including technological controls such as a “firewall,” in accordance with industry standards. No data transmission over the Internet or data storage can be guaranteed to be 100% secure, so while we strive to protect your personal information, we cannot ensure or warrant the security of any information that you transmit to us or that is electronically stored by us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial administrative safeguards. It is your responsibility to protect the security of your login information to our Websites.
Insperity notifies individuals and regulatory authorities, as required by law if we believe that personal information has been stolen, disclosed, altered, or infringed by an unauthorized person. We create and maintain a breach notification and reporting protocol.
We also endorse the concept of privacy by design, which is an approach to application and system development that promotes privacy and data protection compliance from the outset. This means considering the privacy and security implications for any new project or process throughout its lifecycle.
The Website may provide you with links to other websites. We are not responsible for those sites and cannot control the use of information that you submit once you reach those sites, nor can we control the content of what is offered on those sites or on links from those sites. You should contact such third-party websites directly to determine their privacy policies and opt out requirements from any communications you may be receiving directly from third parties.
Disclaimer of responsibility for Privacy Notice and content at linked sites
We may provide you with links to third party sites. We are not responsible for those sites and cannot control the use of information that you submit or that is gathered from your computer once you reach those sites, nor can we control the content of what is offered on those sites or on links from those sites. You should review such third-party web sites directly to determine their privacy policies prior to submitting personal information to such sites.
Use of information from third parties
We may use information about you provided to us by third parties (such as Affiliates, credit reporting agencies, or partner organizations) in order to offer you their services and products, to improve our own services and products or to evaluate your eligibility for our Business Performance Solutions.
This is not a children’s site
We offer business to business commercial services and we do not knowingly solicit data from children or market to children. All Users of our Business Performance Solutions must be of the legal age in their jurisdiction. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, please contact us at firstname.lastname@example.org. If we become aware that a child has registered for a service and has provided us with personal information, we will delete such information from our files.
We may display personal testimonials of satisfied Customers on our Sites in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
We may choose to offer blogs, forums, message boards, and/or news groups to Users. Any information that is disclosed in these areas becomes publicly available information, and you should exercise caution when deciding to disclose any personal information. To request removal of your personal information from our blog or community forums, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We will retain your personal information processed on behalf of our Customers for as long as the Customer’s account is active and non-delinquent or as needed to provide Customer with services. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
General Data Protection Regulation (GDPR)
The GDPR requires processors and controllers of the personal data of individuals located within the European Union to enter into data processing agreements that state the rights and obligations related to the protection and processing of such personal data. Insperity’s requirements for GDPR compliance depend on the nature of the service relationship with our Customers. We will evaluate the need to enter into additional agreements on a case-by-case basis with our Customers.
EU-US Privacy Shield and Swiss-US Privacy Shield
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as invalid the European Commission’s Decision on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Economic Area to the United States. The EU Standard Contractual Clauses remain a valid mechanism. Also, on September 8, 2020, the Federal Data Protection and Information Commissioner of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland’s Federal Act on Data Protection. The U.S. Department of Commerce has expressed that In light of these recent rulings, it will continue to administer the Privacy Shield frameworks and maintain the Privacy Shield List as the U.S. works to resolve the situation with the European Union and Swiss authorities. As such, we will maintain our self-certification and adhere to the EU-US and Swiss-US Privacy Shield Frameworks and will continue to implement the Privacy Shield Principles for personal data maintained within our PerformSmart®, OrgPlus®, and ExpensAble® Business Performance Solutions. To learn more about the Privacy Shield Frameworks, and to review our certification, visit the U.S. Department of Commerce’s Privacy Shield List and search for Insperity Business Services, L.P. We will evaluate the need to enter into EU Standard Contractual Clauses on a case-by-case basis with our Customers.
We are responsible for the processing of personal data we receive, under each Privacy Shield Framework, and any subsequent transfer that may be made to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern, please contact the Insperity Data Privacy Team at email@example.com for assistance and internal dispute resolution. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration and additional recourse options if we do not resolve your concerns.
We commit to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel and/or Commissioner, as applicable with regard to human resources data transferred from the EU and/or Switzerland, as applicable in the context of the employment relationship.
Personal Information Protection and Electronic Documents Act (PIPEDA)
If you are a Canadian resident, we comply with PIPEDA for the processing of your Personal Information on our servers located outside your country of residence within the United States.
Changes to this notice and practices
We may update this Privacy Notice to reflect changes to our information practices and add new features as laws change, and as industry privacy and security best practices evolve. The most current version of the Privacy Notice will always be available on the Website. You can check the “effective date” posted to see when the Privacy Notice was last updated.
If you have any questions about this Privacy Notice and your choices regarding your personal information, please write to:
Insperity Business Services, L.P.
Attn: John Rhoades, Managing Director, Data Privacy and Technology Compliance
Mail Code: C2.1.10
19001 Crescent Springs Drive
Kingwood, TX 77339-3802
Email address: firstname.lastname@example.org