EFFECTIVE DATE: February 20, 2020
COLLECTION AND USE OF PERSONAL INFORMATION
Paycor collects personal information from you or about you when:
(1) you visit our Website
(2) you are asked to register before entering a limited access site
(3) you request information or contact from Paycor
(4) you voluntarily provide it via the Website
(5) you sign up to receive alerts or notifications
(6) you make a purchase, and
(7) your current, prospective, or former employer or a similarly affiliated entity (referred to as “Employer”) provides it to Paycor to facilitate the processing of benefits management, payroll services, tax compliance, scheduling and timekeeping, onboarding, related human resources-related services, and data analytics, (collectively “Services”).
Personal Information collected may include:
- Date of birth
- Street address
- Phone number
- E-mail address
- Employer names
- Employment history
- Job title
- Unique personal identification number (for example: Social Security Number)
- Direct deposit account number
- Contact information
- Profile photo and related photos
- Job application information
- Job openings that you share via the Gravity application
- Correspondence or communication sent via the Website
- Preferred language and country information
- User name
- Device identification information
- Browser fingerprint
- Geolocation information
- IP address
- Other reasonably relevant information pertaining to your use of the Website, including without limitation, standard web log information and content provided to Paycor or its designated third-parties when contacted for assistance
- and any other information you may voluntarily provide (“Personal Information”).
These categories of information may be disclosed to authorized third parties to facilitate the provision of Services.
LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION AND ROLE OF EMPLOYERS
Paycor only processes your Personal Information where a lawful basis exists and does so under a legal or contractual obligation, your consent, or for legitimate interests pertaining to Paycor’s business and operations. In many instances, including for the purposes listed in the preceding paragraph, your Personal Information is collected, either directly or indirectly, as a result of your employment with an Employer. In such instances, your Employer is also a Paycor customer and has contracted with us to assist with these Services. In such cases, your Employer may provide us the Personal Information necessary to provide the Services to you and we are merely processing this Personal Information on behalf of you and your Employer. Therefore, in addition to this Policy, you should also familiarize yourself with any policies your Employer may have regarding your Personal Information.
For more information regarding the disclosure of information with authorized third parties, see “Sharing of Information” below.
- To join Paycor’s text messaging program, you can opt-in and configure your text-based notifications and security settings through the Website directly.
- To discontinue receiving SMS messages from Paycor, you can opt-out of your text-based notifications and security settings through the Website.
This Text Messaging section is not applicable to the Recruiting application.
COOKIES AND OTHER AUTOMATED INFORMATION COLLECTION
SHARING OF INFORMATION
We may share Personal Information with third parties under any of the following circumstances:
- With your Employer or as instructed by your Employer.
- In connection with a court order, subpoena, government investigation, or when otherwise required by law, rule or regulation.
- In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- In the event of a corporate sale, merger, acquisition, or similar event.
- Working with contracted third party entities to support the Website’s operation and administration.
- Working with contracted third party entities to perform certain business-related functions (e.g., mailing campaigns to customers, maintaining databases, providing products or services to you on our behalf, fulfilling or responding to your requests or purchases) to the extent needed for such third parties to perform their specific functions.
- Working with companies that we own or control, that are owned or controlled by Paycor, or that are under common ownership or control. Data collected by these entities are subject to their respective privacy policies and applicable terms and conditions. These companies may include, but are not limited to, Nimble Software Systems, Inc. (data may be shared and used as part of the Perform Time service) and Paltech Solutions, Inc. dba 7Geese (data may be shared and used as part of the Perform HR service).
- In connection with providing aggregated anonymous information concerning member usage of the Services to third parties, such as for advertisers, for purposes that we deem appropriate for service administration.
CHOICE AND PREFERENCES
We want to provide you with relevant information that you have requested. If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Any transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.
Paycor retains the Personal Information of European Union, Swiss, and United Kingdom residents only for as long as it is necessary to fulfill the stated purposes or as legally required and thereafter appropriately disposes of such information. Paycor has retention periods for the various records containing Personal Information. When Personal Information is no longer necessary or relevant for the identified purpose or to fulfill a legal or business requirement, it is securely destroyed. Paycor will either physically or electronically erase the Personal Information or otherwise render it incapable of individually identifying you.
TRANSFERS OF DATA TO THE U.S.
We are EU-U.S. and Swiss-U.S. Privacy Shield certified. Nonetheless, in accordance with the decision by the Court of Justice of the European Union (C-311/18, also known as “Schrems II“), on July 16, 2020, we ceased relying on our EU-U.S. and Swiss-U.S. Privacy Shield certifications as a legal basis for international data transfers from the EEA or Switzerland to the U.S.
PRIVACY SHIELD PRINCIPLES
Paycor is committed to ensuring that your Personal Information is correct, up-to-date, and as publicly available as you wish it be when displayed on the Website.
Paycor affirms the following in compliance with the Privacy Shield Principles:
- Paycor is subject to the jurisdiction and enforcement authority of the US Federal Trade Commission
- EU, Swiss, and UK individuals whose personal data has been transferred into the United States pursuant to the Privacy Shield have the right to access their data and to correct, amend or erase data that is incorrect or has not be processed in accordance with the Privacy Shield principles.
- For Personal Information that Paycor processes as a controller, individuals wishing to exercise this right may do so by utilizing Paycor’s Access Request Portal or as otherwise disclosed in this Policy
- If your Personal Information has been provided to Paycor by your Employer we may not have the authority to grant you access to that data. In that case we will either refer you back to your Employer or pass on your request to the appropriate party.
- Paycor may be required to release personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements
- Paycor’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Paycor remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Paycor proves that it is not responsible for the event giving rise to the damage.
- Paycor does not transfer data to non-agent third parties nor do we permit the use of such information for reasons other than those for which the data was originally provided. If this practice should change in the future, we will update this policy accordingly and provide individuals with appropriate opt-in or opt-out choice prior to releasing that information.
- We will provide an individual opt-out choice, or opt-in for sensitive data, before we use your data for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please do so by utilizing Paycor’s Access Request Portal or emailing the Privacy Team.
In compliance with the Privacy Shield Principles, Paycor commits to resolve complaints about your privacy and our collection or use of your Personal Information. If you have inquiries or complaints regarding this Policy or would like to access your Personal Information, you should first contact Paycor via: (1) utilize Paycor’s Access Request Portal or email the Privacy Team; or (2) mail to Attn: Privacy Request, Paycor Inc., 4811 Montgomery Rd., Cincinnati, Ohio 45212.
Paycor has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you are an individual in the European Union, Switzerland or United Kingdom and do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Paycor’s Performance Management service allows Employers to engage its employees through surveys or similar feedback mechanisms which may utilize Artificial Intelligence (AI) in the form of Natural Language Processing (NLP) for the synthesis of qualitative question responses. In no case does Paycor use this information for automated decision-making or profiling. Employers, as the data controller, are responsible for any prior and subsequent use of data provided to Paycor or through the Services and should provide notice to, collect consent from, and provide recourse mechanisms to individuals if required and as appropriate.
If you reside in California, pursuant to California Civil Code Section 1798 and/or the California Consumer Privacy Act you may be entitled to request that Paycor delete your Personal Information and/or provide a notice describing the categories of Personal Information Paycor collects and how that data is used and shared. Paycor does not share any California consumer Personal Information with third parties for marketing purposes without consent and requests about data processed for payroll, HR, or other employment purposes should be addressed by your Employer. If you reside in California and would like a copy of this notice, please submit a written request via: (1) utilize Paycor’s Access Request Portal or email the Privacy Team; or (2) mail to Attn: California Privacy Rights Notice Request, Paycor Inc., 4811 Montgomery Rd., Cincinnati, Ohio 45212. Please allow 30 days for a response.
Do Not Track Disclosure
This site contains links to other sites. Paycor is not responsible for the privacy practices or the content of such websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
This Website has security measures in place to protect the loss, misuse, and alteration of the information under our control. We take a number of security precautions to ensure the integrity and confidentiality of our data. These precautions can be categorized as internal security and external security. At Paycor, we use these security categories to limit the individuals or groups authorized to access and/or change data in such categories. This prevents unauthorized individuals from accessing, copying, editing, or deleting data. We also implement an audit system that tracks access, both successful and unsuccessful, to confidential data. This audit information is used to constantly evaluate and refine our security measures and to identify individuals who might attempt to inappropriately access data and to take remedial action. Paycor uses industry-standard technology to encrypt and authenticate transactions. Learn more about Paycor’s Security practices at https://www.paycor.com/security.
As you know, however, the Internet is not a 100% secure environment, and as a result, we cannot ensure or warrant the security of any information that you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, technical, or physical safeguards. It is your responsibility to protect the security of your login information and computing device. Please help keep your account safe by using a strong, confidential password and utilizing multi-factor authentication. Depending on the situation, other you may want to implement security measures in addition to those provided by Paycor.
INFORMATION OF MINORS
The Website is not intended for use by children under 16 years old and we do not knowingly collect any information from children under 16 years old through the Website. If you are under 16 years old, you may not use our Website.
UPDATING PERSONAL INFORMATION
You control the accuracy of your Personal Information. If your Personal Information changes, please have your Employer correct, update or delete it from our Website.
Outside of its legal obligations to your Employer, Paycor has no obligation to maintain or provide any of your Personal Information and may, unless legally prohibited, delete all of your Personal Information in our systems or otherwise in our possession or under our control. We may also retain all or a subset of your Personal Information for business or legal purposes.
Paycor responds to requests within the time limit set out by the applicable privacy legislation and, if applicable, provides the individual with an estimate of any cost associated with administering and responding to the request. Paycor requires sufficient information to authenticate requests for access.
The Recruiting application is used by companies to post job openings, collect potential job applicant information and track applicants through the hiring process. The Recruiting application is accessed and used by two distinctly different types of users:
(1) companies that post job openings and review candidates who apply for those job openings;
(2) candidates for those job openings who use the Recruiting application to apply for them (“Applicants”).
- Applicants can opt-in through the Recruiting application directly or by requesting that the Employer enable this service.
- To discontinue receiving SMS messages from Paycor, reply STOP to any message you have received from Paycor.
The Gravity application is used by individuals and Employers (as applicable, “you”) to share jobs on socials networks, manage employee referral programs, and incent people to share jobs and generate applicants.
When you sign in through the Gravity application, Paycor will assign you a unique identifier and send such information to your computer or device hard drive in the form of a cookie, which is a very small bit of code. This code is uniquely yours and allow you to use the Gravity application’s functionality with minimal subsequent registration procedures. Cookies are also used to record you as the source of any candidate or job referrals on the Gravity application. If you apply for a job opening that has been shared through the Gravity application, Paycor will assign you a unique identifier and send such information to your computer or device hard drive in the form of a cookie. This code is unique to you and will correlate your job application to the person that posted such job opening on the Gravity application. It does not contain any of your Personal Information.
Personal Profile Information
When you register on the Gravity application, Paycor uses a third-party provider, Akamai, to manage the Gravity application login registration process and create a personal profile for you on the Gravity application (“Personal Profile”). Each Personal Profile is assigned a unique personal identification number and requires that you choose a username and password to access your Personal Profile on the Gravity application, which helps Paycor to ensure that only you can access your Personal Profile and Personal Information on the Gravity application. Because you assist Paycor in developing your Personal Profile username and password, you have a significant role in protecting your Personal Profile and Personal Information. No one can access or edit your Personal Profile without knowing your Personal Profile username and password, so do not share these with others.
Paycor acknowledges an individual’s right to access their Personal Information. If you want to review or update your Personal Information, you may do so on the Gravity application by visiting your Personal Profile. Note that if you are a candidate (and not a user of the Gravity application) who would like to access your Personal Information, you will need to request this information from your Employer.
Social Network Profiles
Paycor may ask you to vouch for people that have applied to job openings you have shared on the Gravity application. Your Employer will be responsible for determining who is allowed to view your responses to such vouching requests.
Sharing Of Information – Gravity
- Your Employer, solely in regards to the existence of your Gravity application account, information on job openings you share using the Gravity application, your Gravity application account point totals, and vouching recommendations (pursuant to the Vouching Content section); and
- Any other parties to whom you permit disclosure, including, without limitation, social network websites.
Security – Gravity
The security of your Personal Information is important to Paycor. With the exception of Personal Profile login information stored by Akamai, as detailed under the Assigning Cookies section above, your Personal Information may be stored locally on your device and may be transmitted to servers owned, leased or utilized by Paycor in the United States.
GENERAL CONTACT INFORMATION
If you have any questions about this privacy statement, the practices of this Website, or your dealings with this Website, you can contact our Data Protection Officer and privacy team through the following methods.
Send mail to:
Attn: Privacy Request
4811 Montgomery Road
Cincinnati, OH 45212
If you are a Paycor client, contact your Paycor Specialist