Recruitment Privacy Statement

Workday respects individual privacy rights and we process personal information fairly, responsibly and in accordance with applicable local laws.

This Global Recruitment Privacy Statement (“Privacy Statement”) describes how Workday processes personal information when considering candidates for roles with the Workday group. This Privacy Statement:

• Applies to any individual we are considering hiring for a job, whether we identified them in the job market or they shared their information with us
• Applies to all types of Workday roles including full-time employment, contract work, or internship opportunities
• Explains how individuals can exercise their privacy rights with Workday

Workday has offices all over the world. How Workday processes personal information varies based on local laws in our recruiting locations. In addition to this Privacy Statement, Workday or authorized third parties may provide further supplementary transparency information to keep you informed about our information processing practices.

Workday is a leading provider of enterprise cloud applications for finance and human resources. This means Workday customers (companies, schools, governments and other organizations) use our software applications to manage their recruitment, workforces, and finances.

• This Privacy Statement doesn’t apply if you applied for a role with a Workday customer or another organization that is not part of the Workday group.
• As a cloud service provider, Workday does not control or make recruiting decisions for customers or other organizations that use Workday applications.
• Workday cannot respond directly to a request where the personal information processed relates to another organization's recruitment.
• If you have a recruitment question regarding another organization, you should refer to the recruiting organizations' privacy statement and contact information.

Quick Links

We recommend that you read this Privacy Statement completely to understand how Workday processes personal information in connection with our recruitment practices. You can also easily jump to specific sections of interest if you prefer:

What personal information do we collect and process?

Information provided by you

Information will be collected directly from you when you:

• Introduce yourself to Workday at an event or ask to join the Workday Talent Community to be considered for potential future roles
• Create a candidate account to apply for roles
• Apply for a role at Workday
• Meet with us during in-person, telephone, or online meetings as a job applicant

Information obtained from other sources

Information is generated about you during your applications by recruiting teams and Workday systems.

You can also apply for a role at Workday using various third-party career and recruitment sites, such as LinkedIn and SeekOut. Doing so connects your profile from these and similar platforms with Workday and a Workday job application process.

We collect personal information from external sources outside of Workday, when considering applications or searching for talented personnel, including:

• Recruiting agencies, academic institutions, professional organizations, alumni and resume sharing platforms and similar parties supporting job searches
• Workday personnel who refer you
• Independent background checking and verification suppliers
• Referees in response to reference requests
• Publicly available sources, including any professional platforms you use and other relevant professional information available online, such as articles you may have written, research contributions or similar citations
• Future group companies that join the Workday global structure through a merger, acquisition or purchase of assets.

The table below provides a summary of the typical talent and recruitment purposes for which we collect and process personal information, with examples of the personal information processed in each case.

You can read more about the “legal bases” we rely on to process personal information for these purposes under the “Legal basis for processing” section if you are from the EU or UK or another location with similar legal requirements.

We process the following personal information for this purpose:

• Recruitment site account information: registration details, residential address, email address, phone number and other contact information and site account passwords.
• Information about use of our recruitment site: we may deploy tools and cookie technologies to assess website usage. This includes information about how many individuals are visiting job posts, how long they are staying on the sites, which pages are most popular, devices and IP addresses.

We process the following personal information for this purpose:

• Information concerning your job application(s): application letters, CVs, skills, education and academic records, employment experience, roles, reasons for moving, notice periods, professional qualifications and certifications, details of any memberships or professional and private interests, hobbies (which may include information revealing “Sensitive Personal Information” described below).
• Information that identifies you: including your full and known names, gender, date of birth, age, your generation, national identifiers, government identification numbers, photographs, codes and documentation, citizenship, nationality and passport information.
• Information connected with your current location: residency information, distances from offices and work preference types, including remote, onsite or flex work options.
• Information from online research: professional profiles online, publications, interviews, blogs, registrations, certifications and citations.
• Verifying contact information: email, address or phone numbers, in connection with out-reach to prospective individuals who have not registered a careers account with us.

We process the following personal information for these purposes:

• Information about your schedule: meeting availability or geographic location and mobility that you provide to your talent acquisition contact within your application information or via automated scheduling invites, virtual assistant, or chatbot technology functions and communications tools.
• Information about the roles you are interested in, future jobs, and professional goals
• Information about your required adjustments to working arrangements: To the extent required or permitted by local law, we process information concerning health and any disabilities in connection with any adjustments to interview and working arrangements you require (which may include information revealing “Sensitive Personal Information” described below).
• Information about your compensation: current and future compensation, package and benefits aspirations.
• Information about your travel expenses: current and future data on your travel expenses and banking details so that Workday can reimburse approved travel expenses.
• Assessment information: the results of a candidate assessment or certified skills test with Workday or a third-party provider if we ask you to complete a role- specific assessment during the recruitment process.
• Information about your referees and reference providers: their name and contact details, employer, job role, relationship to you and their views about your previous roles and suitability.
• Video: images if you attend an interview or assessment at a Workday office, including images captured by video surveillance cameras used for safety and crime prevention purposes. For more information, see our Video Surveillance Privacy Statement.

We process the following personal information for this purpose:

• Information relating to our assessment of your application: including our interview notes and confidential interviewer opinions, your references, role relevant public information, as well as records of our decision-making process.

Verifying your information and carrying out necessary background checks.

• Once you have signed a job offer or agreement, Workday or our independent supplier will reach out to you to begin the background check process.
• Designated hiring service team members are informed if a check meets or does not meet company standards, but Workday does not hold the underlying information verified. If there is a discrepancy, we will notify you of next steps.

We process the following personal information for this purpose in connection with the relevant activities:

• Verifying the accuracy of the information you or referees provide: evidence of prior employment history, roles, locations and dates, education and professional qualifications or registrations.
• Background checks: To the extent required or permitted by local law, verifying your identity, security clearances and other background or consumer reports applicable to the role, Workday or customer projects, assignments or secondments (which may include information revealing “Sensitive Personal Information” described below).
• Information about your right to work: To the extent required or permitted by local law, we process personal information to verify your eligibility to work in a given location, assisting you with obtaining a migrant visa or work permits, details of your work permit applications, permit status, expiration dates, permitted work categories, visas and visa numbers, passports, citizenship or nationality, ID card information including numbers, photographs, social or tax codes.

We process the following personal information for this purpose:

• Information necessary to monitor Workday’s diversity and inclusivity, or to meet local regulatory reporting requirements: To the extent required or permitted by local law, information on your nationality, racial and ethnic origin, gender including gender identity, sexual orientation, religion, disability and age which may be aggregated (see more on this below). This may include information revealing “Sensitive Personal Information” described below.

We process the following personal information for this purpose:

• Complaint and legal response information: your own and third-party views about you or the concern raised, comments regarding suitability, and other responses in connection with your application and our handling of this.

The specific information processed depends on the nature of the complaint, inquiry, or request and who raises it.

We process the following personal information for this purpose:

• Feedback information: any information on the Workday recruitment process provided to Workday talent acquisition or other Personnel, Workday staff or via voluntary surveys initiated by Workday.

We process the following personal information for this purpose:

• Talent Community Information: your contact details, and contact preferences, prior applications, role, events and news interests, skills.

See more on the “Workday Talent Community” pool below.

Does Workday process sensitive personal information?

The meaning of sensitive or special category personal information differs globally, but typically includes information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data, data concerning health, sexual orientation, and criminal history. It can also include the contents of your communications where Workday is not an intended recipient, or your precise geolocation.

As a general rule, we try not to process sensitive personal information about you unless it’s needed to operate our business, for legitimate recruitment and employment-related purposes, or where otherwise permitted or needed to meet local laws that apply to Workday, including:

• Information about your racial or ethnic origin, gender (including gender identity), sexual orientation, and disabilities can be collected to assess fairness and diversity, to create and cultivate a diverse and inclusive work environment, including where required:
  • To comply with equal employment opportunity obligations or goals, anti-discrimination laws and applicable authority reporting obligations
  • In connection with Workday Value, Inclusion, Belonging and Equity (“VIBE”) initiatives.
  • Information about your physical or mental condition to provide work-related accommodations, such as during fitness to work dialogue or in the context of health and insurance benefits provided or arranged for you and your beneficiaries, to promote a healthy workforce as well as to support and manage work upcoming absences.

  Information collected automatically.

  When you visit the Workday Recruitment site, we use cookies, tracking pixels, and scripts. For more information about the technologies we use, why we use them, and how you can control these technologies, please review the Workday Recruitment Site Cookie Notice.

  Aggregating and analyzing personal information- recruitment and product technology research

  Workday and authorized third parties may use de-identified and/or aggregated personal information for privacy and security purposes, people analytics research, learning, recruitment and product improvement.
  

  For example, this includes removing individual candidate identifiers (such as name and address etc.) and producing summary reports for Workday’s talent acquisition teams and leaders. These teams may use the de-identified information and reports to plan recruiting exercises or to understand recruitment metrics, such as candidate pool diversity, volumes, and geographies. De-identified reports are also used to analyze overall progression, consider trends, future recruitment and people strategies and third-party learning opportunities.

  Our product and technology teams may also use de-identified data to consider potential improvements to Workday’s products and cloud applications or future product developments for workforces.

  De-identified information can be compared and pooled with other relevant data sets, such as information on past or future recruitment exercises, aggregated data about other candidates, responses and industry benchmarks.

  Workday Talent Community, unsuccessful and successful applicants.

  If you apply to be a member of the Workday Talent Community or agree to be added to the pool at any point, we’ll send you email updates about potential job openings, relevant Workday recruitment activities and events. You can replace your CV with an updated version at any time. During future recruitment initiatives, our talent acquisition teams may assess your CV, qualifications and experience when shortlisting and reach out to you if there is a potential match with new and emerging Workday roles, inviting you to apply. We will keep the information for a reasonable period. You can advise your talent acquisition contact if you’d prefer not to be contacted for future roles. You can also update your contact preferences with Workday at any time. See “What are your privacy rights?”.

  We can receive a large number of applications for specific job roles. If your initial application is not successful, we retain information for a reasonable period to respond to queries or complaints, assess compliance with local employment laws (see “How long does Workday retain your personal information?”) and/or send to Workday Talent Community updates if you become a member.

  If you accept a role at Workday, the information collected during the recruitment process will form part of your personnel file and Workday profile and will be processed in accordance with our Employment Privacy Statement, which will be provided to you during onboarding.

  Does Workday share your personal information?

  Workday takes care to disclose personal information to only those recipients who require access to perform their legitimate tasks and duties in line with the purposes outlined above.

  We’ll disclose your personal information to the following categories of internal and external recipients:

  • Members of the Workday Group around the world:
    • Including for purposes 1-9.
    • Workday-contracted third-party suppliers and service providers, such as IT and recruiter systems and software, recruitment and search agencies, testing or assessment institutions, survey tool providers, payment processors, travel management and our background checks provider, virtual assistant and chatbot technology and other software providers
      • Including for purposes 1-9.
      • Any other third parties where you’ve consented or instructed Workday to share your personal information or where disclosure is reasonable.

      Workday personnel authorized to access or discuss personal information must comply with confidentiality, privacy and security policy requirements.

      When we engage third parties and suppliers to process personal information on Workday’s behalf, we implement appropriate measures to provide assurance that third-party organizations do so in a manner consistent with this Privacy Statement and applicable law, and that the security and confidentiality of the information is maintained. This is in addition to the privacy and security obligations applicable to the third party in connection with their processing and services.

      Third-party recipients also have their own privacy statements outlining their data processing approach, that you may wish to consult where the third party has their own business purposes or if you have a direct relationship with them.

      When personal information is required

      Workday will inform you if there’s a legal, business or recruitment requirement to provide personal information. Generally, we’ll only ask for what is necessary and proportionate to consider you for a role. If you’re unable to provide the information required, we’ll explain any consequences or delays to your application(s).

      When we ask you to consent to a collection or use of your personal information by Workday or a third party, you’re not obliged to give consent - you can choose freely whether you wish to consent to that specific collection or use.

      Does Workday transfer your personal information internationally?

      Yes. Workday is headquartered in the U.S. and operates as a global business. We transfer, store, access and process your personal information in various international locations, including countries:

      • Where you are applying or being considered for a role
      • Outside your jurisdiction
      • Where Workday or Workday-contracted third-party suppliers, customers or relevant third-party recipients have operations.

      How long does Workday retain your personal information?

      Workday securely stores and retains your personal information for as long as needed to fulfill legitimate business purposes, including those described in this Privacy Statement and in accordance with applicable local laws.

      In summary, we keep personal information for a reasonable period:

      • Following the completion of a recruitment process and hiring decision so that we can consider and respond to potential enquiries, complaints, legal or compliance matters involving Workday’s recruitment operations and
      • To keep you informed of future vacancies if you wish and maintain accurate records of your contact preferences.

      You can update your preferences regarding future contact at any time, but please be aware that we’ll need to retain other information if we have lawful bases and purposes at the time of the request.
      

      To determine the appropriate retention period for personal information within our records, we consider many factors relevant to the Workday business and your recruitment, including:

      • Our legal and regulatory obligations or any available guidance
        
      • Claims risk and limitation periods
        
      • Prevailing legitimate business needs
        
      • The amount, nature, and sensitivity of the personal information
        
      • The potential risk of harm from unauthorized use or disclosure of your personal information considering our technical security controls
        
      • If we can achieve any prevailing purposes through other means.

      What are your privacy rights?

      You may have certain legal rights over the personal information we hold about you. Laws and the rights vary in different role locations, but in summary, the privacy rights can include the right to:

      • Obtain access to your personal information that is being processed by us, have inaccurate personal information corrected and request the deletion of your personal information.
      • Object to the processing of your personal information carried out based on our legitimate interests.
      • Ask us to restrict the processing of your personal information.
      • Request the portability of your personal information in a structured, commonly used and machine-readable format if the processing is carried out based on consent or a personal contract.
      • Withdraw your consent at any time, if we have collected and processed your personal information for a specific activity with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
      • Lodge a complaint with a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work, or the registered office of the “data controller”. You can also request the details of your competent supervisory authority by using the details in the “Want to Contact Us?” section. The ”Additional region specific disclosures" section below provides further information about how to complain to your local data protection supervisory authority.

      We may need to ask you to provide information so that we can confirm your identity before responding to a request.
      

      Workday will not discriminate against you for exercising your rights. We’ll explain how any of the rights operate in your situation, including:

      • If the right differs in your location or because of the legal basis for the processing activity
      • If Workday has prevailing processing needs and what they are
        
      • How the rights of other individuals or parties interact with your specific request.

      Workday does not make decisions based solely on automated processing that produce legal or similarly significant effects as part of the recruitment activities covered by this Privacy Statement.
      

      You, or an authorized individual who we can verify is acting on your behalf, can exercise your rights by contacting us using the details in “Want to Contact Us?” below or by submitting your request through our Request Portal.

      If you can provide details of your concern, this may assist Workday expedite the response. In any event, we will respond without undue delay and keep you updated. This is usually within one month of your request but may be extended to three months in some cases.

      How does Workday protect your personal information?

      We maintain appropriate security arrangements. This includes implementing technical, organizational, and contractual measures to protect the personal information against accidental loss, destruction, or other incidents and the risks involved.

      Please note security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured areas of any Workday recruitment web page. Access to and use of password-protected and/or secure areas of any ​Workday recruitment web pages​ is restricted to authorized users only.

      Certifications

      U.S. Data Privacy Framework

      Workday adheres to the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the “UK Extension” to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Workday relies on the EU-U.S. DPF and the UK Extension as a legal basis for transfers of personal information. To learn more, visit our Data Privacy Framework Notice here.

      Workday will rely on the E.U.-U.S. DPF and the Swiss-U.S. DPF as a legal basis to transfer personal information from Switzerland once the applicable local authorities approve the DPF. In the meantime, Workday continues to rely on the standard contractual clauses for transfers under Swiss data protection law.

      APEC Cross-Border Privacy Rules System

      The Workday privacy practices, described in this Privacy Statement, comply with the APEC Cross-Border Privacy Rules (“CBPR”) system. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.

      Will Workday make changes to this Privacy Statement?

      We may update this Privacy Statement from time to time in response to changing legal, technical, or business developments. When we update this Privacy Statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

      You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the top of this Privacy Statement.

      Want to contact us?

      If you have any questions about this Privacy Statement, or wish to exercise your rights, please submit your request through our Request Portal or through one of the mailing addresses below:

      If you are applying to a role located in the EEA, UK or Switzerland, contact:

      Kings Building, May Lane

      If you are applying to a role located anywhere else, contact:

      6110 Stoneridge Mall Road

      Pleasanton, CA 94588

      To contact Workday’s Data Protection Officer, please email privacyofficer@workday.com.

      You can also contact the Workday affiliate in the country in which you applied for a role or responded to a recruitment search process with any questions about the protection of your personal information. For a list of Workday affiliates and their contact details, please see here.

      If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request.

      Additional region-specific disclosures

      California

      If you’re located in California, please note the following additional disclosures:

      Workday does not “sell” to third parties, or “share” with third parties for targeted advertising purposes, the personal information that it collects or processes as part of the recruitment, employment, or personnel management process or any related processes (including as those terms are defined under the California Privacy Rights Act).

      For California residents, if you are submitting a request to access, please specify if you would like to access personal information categories or specific pieces of personal information. In addition to many of the rights described above, California residents have the right to opt out of a business’s sale of your personal information or sharing of your personal information to third parties for targeted advertising. Workday does not sell your personal information or share your personal information with third parties for targeted advertising. Workday also does not use your Sensitive Personal Information for any purpose other than to operate our business, for legitimate recruitment-related purposes, or where otherwise permitted by, or necessary to comply with, applicable laws, and therefore does not provide a right to limit the use of Sensitive Personal Information.

      When you submit a request, we will first acknowledge receipt of your request within 10 business days after receipt of your request. We will provide a substantive response to your request within 45 calendar days after its receipt. If we require more time (up to 90 days or the permitted time frame), we will inform you of the reason and extension period in writing.

      Only you or an authorized agent (as described below) may make a verifiable consumer request related to your personal information.

      • How to Authorize an Agent. You may designate an authorized agent to submit your verifiable consumer request on your behalf only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.
      • How We Verify Your Request. To respond to your request, we must verify your identity and/or the authority of your authorized agent. We will only use the personal information provided to us in that context to verify your identity or the authority of your authorized agent to make the request. Making a verifiable consumer request does not require you to create an account with us. To allow us to verify your request, we may require that you provide at least two pieces of personal information that we already have in our possession, if we cannot already verify you. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud.

      European Economic Area, United Kingdom and Switzerland

      If you’re located in the EEA, UK and Switzerland, please note the following additional disclosures:

      Data controller

      Workday Limited is the data controller primarily responsible for protecting your personal information, although it shares responsibility for protecting your personal information with the European Workday affiliate to whom you have applied, or that has contacted you, for a role (the “Local Workday Affiliate”). Workday Limited and the Local Workday Affiliate are joint data controllers.

      We encourage you to contact Workday Limited with any questions you have about the protection of your personal information, although you can also contact your Local Workday Affiliate if you prefer. As between Workday Limited and your Local Workday Affiliate, Workday Limited is primarily responsible for:

      • Preparing and providing you with this Privacy Statement
      • Fulfilling any requests you make to exercise your data protection rights
      • Determining the lawful bases for processing of your personal information
      • Ensuring appropriate technical and organizational security measures are implemented to protect your personal information
      • Reporting any personal data breaches that may occur in accordance with data protection law
      • Conducting data protection impact assessments, where required
      • Engaging a third party supplier or data processor
      • Ensuring appropriate safeguards have been implemented in respect of any international transfers of personal information

      Workday Limited is based in Ireland and is Workday’s main establishment and European headquarters. Workday Limited is regulated by the Irish Data Protection Commissioner, whose contact details are available here.

      Workday Limited and your Local Workday Affiliate will cooperate as necessary to ensure the proper fulfillment of the responsibilities described above, in addition to any other requirements that apply under this Privacy Statement and data protection law. Both will ensure compliance with the data protection principles at all times.

      Contact details for Workday Limited and your Local Workday Affiliate are provided under the “Contact us” heading above.

      Lodging a complaint

      You may lodge a complaint with a data protection authority such as the supervisory authority of your usual place of residence. A full list of EEA data protection authorities is available here. Contact details for the Irish Data Protection Commissioner are available here. In the UK, the data protection authority is the Information Commissioner’s Office and in Switzerland the Federal Data Protection and Information Commissioner.

      Legal basis for processing

      Under local laws, there are various grounds which we need to rely on when processing your personal information. The legal basis will depend on the information concerned and the specific context and purposes for the collection.

      For individuals in the EEA and UK or another jurisdiction which prescribes similar legal basis requirements, our legal basis for collecting and using the personal information, including sensitive personal information, is described in the following tables.