Dayforce's Service Provider Privacy Statement

This Privacy Statement was last updated on July 3, 2024.

Scope

Dayforce, Inc. and all of its affiliates and subsidiaries (herein “Dayforce”) provide human capital management products and related services to organizations to help them manage their workforce. As such, Dayforce processes data about those organizations’ prospective, current and past employees (herein “Employees” or “Individuals”) on behalf of those organizations and as per their instructions. This Privacy Statement (“Statement”) describes our general practices relating to the processing of data about these organizations’ Employees (“Personal Information”). If you are an Individual whose prospective, current or past employer (herein “Employer”) uses a Dayforce application such as the Dayforce product or Powerpay, and your Employer has asked you to submit Personal Information as part of that service, you should review your Employer’s own privacy statement to understand that Employer’s privacy practices.

Personal Information Processing

In connection with products such as Dayforce and Powerpay, Dayforce will provide your Employer the ability to collect, store, use, transfer, share and disclose your Personal Information in support of a prospective, current or past employment relationship between you and your Employer. When Dayforce processes your data in this manner, it acts as a processor for your Employer, who is the controller. In its capacity as a processor, Dayforce only processes your Personal Information as per the instructions of the controller, for their benefit, and on their behalf. Therefore, Dayforce’s customers- your Employer(s)- are responsible for providing you with a notice of what Personal Information they collect, use and disclose, for what purposes they do so, and with whom it is shared. They are also responsible for obtaining appropriate consent where required or identifying other legal basis upon which they may rely to process your Personal Information.

Dayforce relies on its customers and its customers’ Employees to supply Dayforce with accurate, complete and up-to-date Personal Information where relevant to Dayforce’s delivery of the services. Individuals are asked to review their records on a regular basis and make the appropriate updates or notify their Employer of errors promptly. An Employee that contacts Dayforce and wants to make updates or changes to its records is directed by Dayforce to its Employer who is responsible for giving effect to such requests.

Dayforce may share Personal Information with its service providers to help it provide your Employer with a product or a service. When we make such onward transfers, we ensure that adequate contractual protections are put in place with these service providers. Dayforce’s liability for service provider’s performance of its obligations is set forth in the contract between Dayforce and your Employer, where Dayforce remains liable if its service providers fail to meet their obligations and Dayforce is responsible for the event giving rise to damage.

Dayforce may also share Personal Information with other third parties (e.g. banks, government tax agencies, benefit providers) at the instructions of your Employer. In addition, Dayforce may disclose Personal Information to law enforcement or other government authorities if required by law. In the event that Dayforce sells or divests assets or any portion thereof, Dayforce may disclose Personal Information to the company involved in the business transaction in support of the sale, or divestiture, and where applicable, in support of integration activities. It is Dayforce’s practice to require appropriate protection for Personal Information in these types of transactions.

Dayforce processes Personal Information that your Employer may collect through the service from or about you, or that your Employer may provide through the service. For example:

Dayforce may process time and attendance-related information on behalf of your Employer collected by timekeeping devices that leverage biometrics such as your fingerprint. Refer to Dayforce’s Biometric Statement to learn more about our related privacy practices.

When you use our mobile applications, Dayforce collects Personal Information in its capacity as a data controller to understand how these applications are used and to make improvements. For example, the Dayforce Mobile application gathers information for analytics, troubleshooting, and improvement. We use third-party services, such as Google Analytics, to view aggregated information about end-users’ usage and interactions. Please refer to Dayforce’s Global Privacy Statement for additional information.

Cross Border Transfers

To run our business, we may store and process your Personal Information in any country where Dayforce and authorized third parties operate. When we transfer your Personal Information in this manner across country borders, we implement adequate measures for its protection, and for compliance with applicable laws.

Dayforce utilizes the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU. Dayforce also utilizes Standard Contractual Clauses (SCCs) for the transfer of Personal Information from the EU and Switzerland to other countries.

Data Privacy Framework

Dayforce US, Inc. and all its U.S. affiliates and subsidiaries using the Dayforce brand name, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Dayforce has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Dayforce also utilizes SCCs and the UK Addendum to the SCCs for the transfer of Personal Information from the EU, Switzerland and UK to other countries.

Dayforce is responsible for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting on our behalf. Dayforce complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.

If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view Dayforce’s certification, please visit https://www.dataprivacyframework.gov/.

Security

Dayforce has implemented policies and procedures to protect Personal Information. Dayforce uses recognized industry standard security safeguards appropriate to the sensitivity of the Personal Information. Dayforce reviews its security policies and procedures on a regular basis and updates them as needed to maintain their relevance. Dayforce provides reasonable security controls for customers to configure in order to protect their Personal Information from and against risks, such as loss or theft, as well as unauthorized access, collection, use, disclosure, copying, modification, disposal and destruction.

How to Contact Dayforce and Dispute Resolution Mechanism

If you have any inquiries or complaints about our handling of your Personal Information under the Data Privacy Framework, or about our privacy practices generally, please contact us at:

Chief Privacy Officer
Dayforce US, Inc.
3311 E. Old Shakopee Road
Bloomington, MN 55425
Telephone: 1-888-975-7674
Email: [email protected]

 

If you have unresolved issues, you may contact your local privacy regulator.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Dayforce commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain circumstances, you may invoke binding arbitration. To learn more visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

The Federal Trade Commission has jurisdiction over Dayforce’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).


Changes to this Privacy Statement

Dayforce may update this Statement periodically to reflect changes to our privacy practices. We will provide notice online when we make any material changes to this Statement.