Data privacy, and the privacy of the information provided, is important to us. We use reasonable care to protect data provided to us by or on behalf of our clients or prospective clients (“Clients”) and their workers or from visitors of our Site (collectively “You” or “Your”) from loss, misuse, unauthorized access, disclosure, alteration and untimely destruction. This Policy governs personal information collected, processed, or disclosed by Paychex for its own purposes as well as information provided to us as a service provider for our Clients. It protects information collected online as well as offline. We may receive personal data from our Clients about their current and/or prospective workers, as well as workers’ dependents and/or family members as needed to provide Services. Paychex will collect and process Your personal information as instructed or permitted by our Clients or in accordance with this Policy.
We do not grant access to personal information except as set forth herein. We do not share or sell personal information provided or transmitted to our Site with any third parties for their own marketing purposes. At times, we will provide links to other websites not affiliated with Paychex. We encourage You to be aware when You leave our Site, and to read privacy policies regarding how third parties may use or process Your information.
What Information is Collected
We limit the information that we collect, to the information that we need to provide our Services, to administer and improve the Site or our Services, and to fulfill any legal and regulatory requirements.
The categories of personal information that we may collect include the following:
- Contact information to allow us to communicate with You or to provide the Services
- Financial and bank account information as needed to provide the Services
- Social security number, date of birth, name, address, email address, phone number, including mobile phone number, and other details as needed to provide the Services
- Credit, debit, or payment card information if used
- Credit or debt history regarding creditworthiness or credit history, with proper disclosures
- Health and benefits information, which may include health plan numbers, beneficiary or dependent identification and contact information, and other health information as needed to provide the Services
- Employment history and application information submitted through our recruiting and applicant tracking Service
- Geolocation data, including your IP address, to provide Services or if geolocation Services are enabled for time and attendance tracking
- Other personal information as needed to provide specific Services
- Other information and documentation provided as part of Paychex’ customizable fields or Services, to be stored within the Site and Services, which may include other personal information, personal health information, and/or other human resource information Client seeks to collect and retain through the Site. Clients are responsible for the maintenance and retention of any information or documentation stored with Paychex’ customizable features.
How Personal Information is Collected or Transmitted
To access or use certain information, features, or Services, You may be required to provide personal information. Personal information is primarily collected, submitted, and/or transmitted:
- When a Client provides it to Paychex to facilitate the processing of the Services
- From You when You utilize the Site or Services
- From applications, forms, webinars, surveys, and other information You provide us
- If You provide us with comments or suggestions, request information about our Services, or contact our customer service or support departments via phone, email, chat or other forms of communication
- From consumer and business reporting agencies regarding Your creditworthiness or credit history
- Between Paychex and third party vendors
- From information You may provide via Social Media. For information regarding safe and productive participation in our social media community, view our Social Media Guidelines
How Personal Information is Used
We may use personal information to:
- Facilitate current, prospective, or former employer requested Services, transactions, investments, distributions and/or benefits
- Administer and improve our Site
- Facilitate applicant tracking and recruitment
- Facilitate billing and collections
- Contact Clients and consumers with information on Services, new Services or products, or upcoming events, including via SMS or MMS text messaging if mobile phone number is provided for that purpose
- Offer advanced analytics and insights to help Clients with business planning and decision making
- Market our Services to Clients and consumers or for auditing our interactions
- Detect fraud or theft or for other security purposes
- Comply with legal, reporting, and regulatory requirements
- Maintain, manage, or service accounts
- Provide customer service or support
- Verify consumer identity as well as eligibility to receive Services, information, and products
- Research and develop technological improvements
- Send transactional communications as part of our Services
- Improve, upgrade, or enhance our Services
- Administer quality and safety maintenance for our Site or Services
- In any other way we may describe when You provide the information, or for which You provide authorization
Parties with Whom Information May Be Shared
Information is shared to facilitate the Services requested by or on behalf of our Clients or for our business operations. We may share information with:
- Our affiliates, partners, or subsidiary organizations
- Government agencies to fulfill legal, reporting and regulatory requirements
- Attorneys, accountants and auditors
- Credit reporting agencies to supply vendor references on Client’s behalf or to provide credit related Services as requested by You
- Our employees, affiliated companies, subsidiaries, contractors, agents and third-party vendors to perform Services related to your account, to offer additional Services, perform analysis to determine qualification to receive future services, collect amounts due, or for our business operations
- Third-party providers for services that You may sign-up for via our Site or Services
- Banking and brokerage firms to process payroll-related and/or securities transactions
- To a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred
- Credit bureaus and similar organizations, law enforcement or government officials. We reserve the right to release information if we are required to do so by law or if, in our business judgment, such disclosure is reasonably necessary to comply with any court order, law, or legal process, in a fraud investigation, an audit or examination
- Health and welfare providers in support of benefit Services
- Cloud providers, customer management platforms, security providers, and similar Services in connection with providing products, Services and in the support of daily operations
- Any other entity disclosed by Paychex when You provide the information, or for which You provide authorization
We retain personal information for as long as necessary to provide the Services and fulfill the transactions requested by or on behalf of Clients, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, enforcing our agreements, and for any other necessary business purpose.
Biometrics – Collection, Transmission, Retention and Destruction
For the purposes of this Policy, “biometrics” may include an individual’s physiological characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Examples of biometrics include, but are not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted.
In addition, the workers of Clients that use Paychex timekeeping devices may provide an iris, finger or facial scan as part of the timekeeping process, which the technology converts into a mathematical, encrypted algorithm, or template. These templates are sometimes called “biometrics.” For purposes of this Policy, Paychex broadly includes within the term “biometrics” the templates created in the timekeeping process and treats the templates as if they are considered “biometrics” under applicable laws. Paychex complies with all laws applicable to it related to the use of biometrics. Clients are solely responsible for their own compliance with all applicable laws and regulations relating to the collection, storage, and use of biometric information, including with respect to Client’s use of Paychex products and Services for which Client’s workers provide biometrics. Some details about biometrics:
- Biometrics are collected by Clients from workers using Paychex’s timekeeping technology
- Some laws require employers to provide workers with notice of the use of biometrics in timekeeping, and to obtain worker consent
- Paychex timekeeping devices have “notice and consent” screens that Clients can use to provide notice and obtain consent during the enrollment process, or Clients can choose to obtain consent from workers through other means. Newer Paychex timekeeping devices require the use of Paychex notice and consent screens.
- If a Client’s worker is using biometrics to record time, Paychex will presume one or more of the above notices and consent processes are being followed at Client’s worksite
- Note: Some applications allow the use of a smartphone device, and the device itself collects biometrics for access to the application. The consent process is part of the smartphone and is controlled by the user/worker. When smartphone devices are used, geolocation information may be provided to Client to ensure that workers are located at their appropriate work location.
Biometric Transmission and Storage
- Following collection at Client’s worksite, the resulting templates are stored in the timekeeping device, and are also transmitted for storage on a database hosted by either the Client, Paychex, or a third-party web hosting service
- Paychex requires that reasonable care be used for transmission of biometrics to storage on any Paychex-hosted or third-party database
- Paychex provides secure transmission and storage for biometrics, which use reasonable standards of care within Paychex’ industry, and which are the same as the manner in which other confidential and sensitive information is transmitted and stored
- Paychex does not sell, lease, trade, or otherwise profit from biometrics
- Paychex collects latitude and longitude coordinates from the device as part of the timekeeping process when geolocation services are enabled
- Biometric templates are and shall remain the property of Client, which is responsible for biometric template destruction when the biometric template is no longer needed, or within (1) year from Client’s last contact with a worker, whichever is first
- When instructed by its Clients to destroy biometric templates, Paychex will promptly comply with that request
- Paychex will destroy the biometric templates of former or inactive Clients who fail to destroy such data, within a reasonable time period after Paychex’ last interaction with the Client
How Aggregated, Non-Personal Information is Used
We may collect general, non-personal, statistical information about the users of the Site and our Services to determine information regarding the use of our Site and general information about our Clients and Service interactions. We also use aggregated, non-identifiable information to provide statistical data, such as in the Paychex Small Business Jobs Index, or to provide insights to our Clients associated with their workforce as part of our Services.
How Cookies and Other Related Technologies are Used
A “cookie” is a piece of data that our Site may provide to Your browser while You are at our Site. The information stored in a cookie is used for user convenience purposes, such as reducing repetitive messages, tracking helper tool versions, and retaining user display preferences. If a user rejects the cookie, they will be able to browse the Site but will be unable to use our online application.
During Your interaction, a Service may automatically collect information from Your activity or device including:
- Computer, device, and connection information, such as browser type and version, operating system and other software installed on Your device, mobile platform and unique device identifier and other technical identifiers, including IP addresses, error reports and performance data
- Usage data such as user preferences including features, settings, date and time stamps, and pages visited
Children Under 13 Years of Age
This Site is not intended for children under 13 years of age. We do not knowingly collect and/or transmit personal information from children under 13 years of age. All dependent data needed for benefits enrollment shall be provided by the employee/guardian and kept secure as indicated in this Policy.
Paychex uses reasonable care to protect the confidentiality, integrity, and availability of Your information and we continue to invest in our award-winning security capabilities, including personnel security and physical security; system security, access control, and monitoring; data backup and business continuity management; and vulnerability and intrusion detection. Specifically, we:
- Maintain policies and procedures covering physical and logical access to our workplaces, systems, and records
- Apply physical, electronic, and procedural safeguards aligned with industry-recognized best practices
- Use technology such as backups, virus detection and prevention, firewalls, and other computer hardware and software to protect against unauthorized access to or alteration of Your information
- Encrypt sensitive information transmitted over the internet
- Through formal approval processes, access controls, and internal auditing, limit our employee’s access to Client information to those who have a business reason to know
- Require our employees to take information security awareness training upon hire and annually thereafter and apply this training to their jobs every day
- Provide ongoing training and awareness to our employees about security best practices, including internal phishing simulations for education and testing purposes
- Use advanced technologies for the backup and recovery of Your information
- Monitor compliance with established policies through ongoing security risk assessments and internal audits
While we help protect the security and integrity of Your information through procedures and technologies designed for this purpose, the safety and security of Your information also depends on You. We may give You, or You may choose, account credentials to access certain parts of our Site or Services. It is solely Your responsibility to maintain the security and confidentiality of Your account credentials and the information and Services accessible through Your account and the Site. You are not permitted to share or sell Your account credentials to any third-party, unless authorized. If You suspect fraudulent or abusive activity relating to Your account, or if Your credentials have been lost, stolen or compromised in any way, You should immediately change Your potentially compromised credentials and notify Paychex and your employer.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect Your personal information, Paychex cannot guarantee the security of Your personal information transmitted to us. Any transmission of personal information is at Your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
For additional information about our commitment to protecting the security and integrity of Your information, please refer to our Security page.
Meaningful inclusion is very important to us, including providing reasonable accommodations for persons with disabilities. If You need assistance or have any questions, please send them to firstname.lastname@example.org.
How to Access and Correct Your Information
Keeping Your information accurate and up-to-date is very important. Clients can review or correct account information on the Site or by contacting a customer service representative. If You have an account on the Site, You may be able to make changes to Your information after You login to the Site using the online tools. Changes to information regarding a worker’s dependent(s) or family member(s) must be completed by worker and/or the worker’s employer.
California Consumer Privacy Rights
This Policy may be revised from time to time due to legislative changes, changes in technology, our privacy practices, or new uses of Your information not previously disclosed in this Policy. Revisions are effective upon posting and Your continued use of this Site or our Services will indicate Your acceptance of those changes. Please refer to this Policy regularly.
Last Updated November 21, 2022
911 Panorama Trail South, Rochester, NY 14625.