Online Privacy Notice – Effective August 17, 2017
We provide our Business Performance Solutions for Customers and permit access and use of our Business Performance Solutions by individuals who are our Customers’ designated users or prospective customers’ evaluation users (each a “User” and, collectively “Users”). Certain of our Customer’s users are provided administrative rights in order to assign and support other Users and communicate with us directly for support services (each an “Administrator” and, collectively “Administrators”). Our Sites also collect information about Site visitors that may or may not be our Customers or Users, but that browse the public portions of our Site. Site visitors that are not Users with appropriate login credentials are not allowed access to our Business Performance Solutions from the Site.
What information do we collect?
We collect information when a Customer registers or opens an account for a Business Performance Solution, signs in, pays an invoice, purchases access to a service, calls us for support, or gives us feedback.
We may collect information from or about our Customers such as:
- company size, revenue, type, and industry codes (SIC and NAIC
- company name, phone number, physical address and URL
- purchase history with us and billing information/account numbers
- affiliation purchases (lead outs by user)
- contact information for Administrators within your company as needed for us to provide our services
- employee goals and performance evaluations
We may collect information that Users, or Customers on behalf of its Users, provide while using any of our Business Performance Solutions such as:
- name, phone and fax numbers, and address (street and email)
- login credentials (i.e., usernames and passwords)
- security validation questions and answers
- age, marital status and occupation
- job title, job history and employment status
- email preferences
- interests or hobbies
When we collect the above types of information, it is because you or our Customer for which you are a User voluntarily submits the information to us in order to utilize the services we provide.
If you use our time and attendance Business Performance Solution (“TimeStar®”), we may also collect personal information such as information about your salary and time off.
If you use our expense management Business Performance Solution (“ExpensAble®”) as a User, we may collect expense reporting-related activities such as flights, travel, hotel, meals, gifts and other expenses (“ExpensAble Transactional Data”), and the service records related to the processing of this Transactional Data.
If you use our performance management Business Performance Solution (“PerformSmart®”) as a User, we may collect performance management-related activities such as tracking goals and performance evaluations (“PerformSmart Transactional Data”), and the service records related to the processing of the PerformSmart Transactional Data.
While ExpensAble Transactional Data or PerformSmart Transactional Data may relate to you, it is considered to be our Customer’s data, because it relates to the Customer’s business and financial affairs.
We may also collect personal information from our Affiliates or third parties. We sometimes enter into service agreements to integrate or bundle our Business Performance Solutions with those of third party entities and licensors and we resell, sublicense or make such integrated or bundled services and products accessible to our Customers.
If you are a Customer of our comprehensive human capital management solution powered by the iSolved® third party platform (“Workforce Administration™“), we may collect personal information during our provision of services such as Social Security Number or Tax Payer Identification Number.
What information do we collect through automated means?
As is true of most sites, we gather certain personal information automatically. This personal information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer our site.
We collect the following information through automated means:
- IP address
IP addresses are numbers that are automatically assigned to your computer, and, if associated with other individually identifiable information, could be considered personal information. We use your IP address to operate our Sites, help diagnose problems with our server or systems, and to administer and improve our Sites. Your IP address is also used to help identify you and to gather broad demographic information (for example, your region, city, postal zip code), some of which we aggregate and then share with our strategic alliance companies and channel partners, potential strategic alliance companies and channel partners, and other third-party service providers (collectively, “partner organizations“). We may also use your IP address to keep track of the information you have entered, viewed, or used by means of our Sites. We reserve the right to block your IP address if it originates from certain countries located outside of the United States.
- Site access, browser type, operating system, etc.
We may also collect the name of the Internet service that provides you access to the Internet (e.g., Comcast, Verizon, or ATT), your browser type, operating system, the date and time you access a Site, and the Internet address of any web site from which you link directly to one of our Sites, as well as collecting other information in a User’s log file. A User’s log file tells us where a User comes from when entering one of our Sites, which part of our Site the User visits as well as where the User goes when leaving our Site, and how much time the User spends on our Site. We collect and use this information for operation and management of the Site and for analyzing, monitoring and improving its performance. We do not link this automatically collected data to other information we collect about you.
- Tracking technologies
- Behavioral targeting / re-targeting
- Mobile applications
When you download and use one of our mobile applications that allow you to access information from a Business Performance Solution, we may automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”).
We may send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
- Location-based information
Our ExpensAble® and TimeStar® mobile applications will ask you for permission to obtain your location, which the mobile applications may use to pre-populate forms and schedules. If you do not grant permission (or turn off this function), the mobile application will not use your location data. We collect your location based information for the purpose of locating a place that you may be searching for in your area and calculating mileage between locations if you are using our ExpensAble mobile application. We collect your location based information for the purpose of locating your site information for timekeeping purposes if you are using our TimeStar mobile application. We will only share this information with our telephony and mapping providers for the sole purpose of providing you this service. You may opt-out of location based services at any time by editing the setting at the device level or by emailing us at firstname.lastname@example.org..
- Mobile analytics data
We use mobile analytics software to allow us to better understand the functionality of our mobile application software on your phone. This software may record information such as how often you use our mobile application, the events that occur within the mobile application, aggregated usage, performance data, and where the mobile application was downloaded from. We do not link the information we store within the analytics software to any personal information you submit within our mobile applications.
- Social media widgets
What is this information used for?
We use your personal information in the course of providing you with access to our Business Performance Solutions and to operate, study, improve or enhance our Sites. We also use your information in other ways, which may include, but are not limited to the following:
- Contacting you about our sites
We use your personal information to communicate with you and provide support for your use of any of our Business Performance Solutions. The use of information collected through our Sites will be limited to the purpose of providing and supporting the Business Performance Solution for which Customers have engaged us. Please note that email communication will not necessarily be secure; accordingly, you should not include credit card information or other sensitive personal information such as social security numbers in your email correspondence with us.
- Contacting you about commercial offers
We may also contact you to tell you about products and services provided by our Affiliates and partner organizations or to provide you with industry-related news or information. If you do not wish to receive e-mail or mail communications directly from us regarding Affiliate or partner organization offers, products and services, you may opt out of receiving such communications from us by following the procedure set forth in such communications (e.g, by using the unsubscribe link found in the emails we send to you). Affiliates, partner organizations, or other third parties that communicate with you directly should have their own procedures for opting out of receipt of their communications. Opting out of communications from Affiliates, partner organizations, or other third parties will not affect communications sent directly by us that relate to your use of our Business Performance Solutions; you cannot opt out of these service-related communications.
- Pre-populated forms
Some personal information will be used to pre-populate forms for use on our Sites or when submitting information to third parties, including Affiliates and partner organizations.
- Rewarding use of our sites
We may use information we collect in order to reward or provide incentives to Customers or Users of our Sites for visiting our Sites or the sites of our Affiliates or partner organizations, using services provided on the Sites, or referring Customers.
- Contacting your referrals
You may provide us with contact information such as name, email or phone number for your friends, family members or personnel at prospective client companies. We will identify you as the referring party when contacting such individuals about our products and services. We retain contact information for referrals to provide referrals with information regarding our products and services and to track the success of our referral and loyalty programs. Referred individuals may opt out of further communication from us after receipt of our initial email or phone call by using the mechanism provided in the email communication or by contacting us at email@example.com to request removal of their personal information from our database.
With whom is this information shared?
We do not sell your personal information to third parties. We share personal information only as described below:
- Our Affiliates and third-party contractors
- Governmental authorities, compliance with law and protection of our Business Performance Solutions and others
We provide personal information to governmental authorities when required to do so by law (for example, we report personal information regarding your compensation and withholding to the U.S. Internal Revenue Service and state taxing authorities, and we disclose personal information to comply with subpoenas, warrants, orders or other legal processes when we believe in good faith that disclosure is necessary to protect our rights or the rights of third parties, protect your safety or the safety of others, investigate fraud, security or technical issues). We will also provide personal information to third parties if compelled to do so by an appropriately empowered governmental or legal authority, or, as necessary, to protect Insperity’s rights or the rights of third parties.
- Benefit plan providers
We will provide personal information to our partner organizations or third-party benefit providers in conjunction with the setup and administration of benefit plans only if you provide information to us for such purposes as a Customer or User of our Business Performance Solutions.
- Partner organizations
Insperity has entered into marketing agreements, channel partner agreements, strategic alliances, service agreements, sponsorships, and other relationships with third-party organizations that may offer or provide products and services to you directly or indirectly through us as the billing agent, sometimes under discounted or preferential terms. We may provide certain personal information including, but not limited to, your email address and other contact information to our partner organizations so that they may contact you directly regarding products and services that may be of particular interest to you.
These partner organizations are contractually bound to hold your personal information in confidence and not to share your personal information with parties other than us. We also sometimes agree to give these third parties (including potential partner organizations under nondisclosure agreements) aggregated information about Customers, Users or visitors to our Sites. If you initiate an inquiry with respect to a partner organization’s product or services by clicking on an icon or link relating to such product or service on one of our Sites, we may also furnish such partner organization with certain personal information for the purpose of, among other things, pre-populating forms or facilitating the exchange of information between you and the partner organization.
- Business transfers
As we and our Affiliates continue to develop our business, various aspects of our business may be sold, including the assets. If we sell, transfer, or assign the entirety or a portion of our business, we reserve the right to transfer all personal information regarding Users associated with our business as part of such a sale, transfer or assignment. You will be notified via email or mail communication or a prominent notice on our Site of any change in ownership, as well as any choices you may have regarding your personal information.
- Reporting to credit bureaus
We may share your personal information with credit bureaus and consumer reporting agencies. Late payments, missed payments, or other defaults on Customer accounts may be reflected in your credit report and consumer report. We may also share your personal information with attorneys, governmental agencies and card associations in connection with issues related to fraud, credit or debt collection.
We do not have a direct relationship with Users whose personal information we process as our relationship is with our Customers who serve as the data controllers. However, upon request from a User as to whether we maintain personal information, we will provide the User with information about whether we hold any of the User’s personal information.
If you are a User, you may have access to much of your personal information through logging into our Business Performance Solutions and clicking preferences under the applicable settings, help, or User profile menus. Here, if you have access, you can view, delete, correct, and amend personal information about you that we maintain.
We acknowledge that you have the right to access your personal information. If you are a User that cannot access or modify your personal information, you should check with your Administrator to request a copy of your information or to have changes made and if your Administrator cannot fulfill the request, Customer or your Administrator can request assistance from us. We will typically respond to such request within 30 days. If we are unable to provide the requested information within 30 days we will provide a timeline establishing when the requested information or changes will be provided.
We make access to your personal information subject to certain reasonable security measures, including technological controls such as a “firewall”, in accordance with industry standards. When the use of our Sites involves the internet transmission of confidential information about you or us (such as log-in credentials), we use Secure Socket Layer (“SSL”) technology to establish a secure connection between your PC and our server. SSL allows the transmission of encrypted information from your PC to our server and back again. Use of SSL is the industry standard for internet platform security. No data transmission over the Internet or data storage can be guaranteed to be 100% secure, so while we strive to protect your personal information, we cannot ensure or warrant the security of any information that you transmit to us or that is electronically stored by us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information to our Sites.
We may provide you with links to third party sites. We are not responsible for those sites and cannot control the use of information that you submit or that is gathered from your computer once you reach those sites, nor can we control the content of what is offered on those sites or on links from those sites. You should review such third party web sites directly to determine their privacy policies prior to submitting personal information to such sites.
Use of information from third parties
We may use information about you provided to us by third parties (such as Affiliates, credit reporting agencies, or partner organizations) in order to offer you their services and products, to improve our own services and products or to evaluate your eligibility for our Business Performance Solutions.
This is not a children’s site
We offer business to business commercial services and we do not knowingly solicit data from children or market to children. All Users of our Business Performance Solutions must be of the legal age in their jurisdiction.
We may display personal testimonials of satisfied Customers on our Sites in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
We may choose to offer blogs, forums, message boards, and/or news groups to Users. Any information that is disclosed in these areas becomes publicly available information, and you should exercise caution when deciding to disclose any personal information. To request removal of your personal information from our blog or community forums, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We will retain your personal information processed on behalf of our Customers for as long as the Customer’s account is active and non-delinquent or as needed to provide Customer with services. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
California Residents – Your Privacy Rights
EU-US Privacy Shield and Swiss-US Privacy Shield
We participate in and have certified our compliance with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to review our certification, visit the U.S. Department of Commerce’s Privacy Shield List and search for Insperity Business Services, L.P. [https://www.privacyshield.gov/list]
We are responsible for the processing of personal data we receive, under each Privacy Shield Framework, and any subsequent transfer that may be made to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
We commit to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and comply with the advice given by the panel and/or Commissioner, as applicable with regard to human resources data transferred from the EU and/or Switzerland, as applicable in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
We comply with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) for the processing of your personal information on our servers located outside your country of residence within the United States.
Changes in these policies and practices
Insperity Business Services, L.P.
Attn: Linda Jones, Director, Corporate Communications
Mail Code 1-3210
19001 Crescent Springs Drive
Kingwood, Texas 77339-3802
Email address: firstname.lastname@example.org