Privacy Notice for OccupEye®, An Asure Software Company
Last Updated May 2018
Thank you for visiting one of our Asure Software, Inc. Companies (“Asure”) sites.
We at Asure are committed to protecting the information that you share with us, and explaining how we collect, process, and share that information online.
What information does this Privacy Notice cover?
This Privacy Notice applies to Personal Data collected on our websites, mobile applications, cloud-based services, or controlled widgets embedded in communication platforms with a link to this Privacy Notice (“Sites”). It does not apply to any other information collected by Asure through any other means. This Notice also doesn’t apply to any sites maintained or operated by other companies or linked to our Sites. By “Personal Data,” we mean information that identifies you personally. It covers how we collect, use, and share that Personal Data as of the date that this Privacy Notice is posted.
End Users of Asure Enterprise Products and Services. Asure is a leader in helping global organizations optimize their workforce and workspace utilization through innovative SaaS-based cloud technology and other solutions. In this capacity, Asure may obtain and process on behalf of our corporate customers (“Clients “) certain Personal Data about our Clients’ employees, representatives, consultants, contractors, agents, or other end users who are authorized to use our Enterprise Products and Services (“End User Data“). If you are an employee or other end user of a Client, please contact your employer with any questions about how your End User Data is collected and processed, or to seek clarification or exercise any rights you may be offered under data protection laws in your jurisdiction. Asure is a processor or agent that processes End User Data on behalf of our Client, which is the controller or owner of such data under applicable data protection laws. As such, Asure assists our Clients to address data protection inquiries from end users to the extent applicable to our services, but typically does not respond directly to such inquiries from end users.
What types of Personal Data do we collect and process about you?
We receive and store certain types of information from you when you interact with our Sites to deliver the products you request from us and help improve your overall online experience. For example, like many other websites, we store “cookies” and other web-based files on user devices to get certain types of information when your web browser accesses our Site.
For secure areas of our Site, however, we require you to provide Personal Data, including your login credentials. If you choose not to provide us with the Personal Data that we legitimately require, we may be unable to provide you with the information or services you have requested.
Public areas of our Sites ask for Personal Data from you when you engage in the following activities:
- Register for an account with us;
- Sign up for newsletters;
- Apply for a job;
- Submit comments, reviews, or other user-generated content;
- Connect or interact with us through social networks (e.g., Facebook, Google+, Twitter);
- Register for an Asure-sponsored event; and/or
- Request customer or technical support.
This Personal Data may include:
- Postal or billing address;
- E-mail address;
- Telephone or mobile number;
- Payment card information;
- Location via IP address;
- Device being used (for our mobile site);
- Previous login history with Asure; and
- Other relevant data.
Information Collected Through Technology. We may also obtain information in other ways through technology. Some of this information may be linked to you personally. We process this information to help our Sites function correctly, and better understand the needs of our customers.
Device Information. Depending on the permissions you’ve granted and other factors, we may receive information about your location and your mobile device when you download or use apps created by our Sites, including a unique identifier for your device. Examples of the device information we collect include:
- Attributes such as the operating system, hardware version, device settings, battery and signal strength, and device identifiers.
- Certain device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals are gathered if you enabled the functionality within the Asure product configuration.
- Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
Most mobile devices allow you to turn off location services, and we encourage you to contact your device manufacturer for detailed instructions on how to do that.
Payment Information. If you pay for a service, product, or event registration on our Site, we may collect payment card information from you through our third-party service provider, including your name, expiration date, authentication code, and billing address. This information will be securely transmitted consistent with payment card industry rules to the appropriate payment facilitators.
Use of metadata and other advertising activities online
We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, we may collect certain information via our Sites through our advertising service providers. We, or our vendors, use several common online tracking tools to collect this information, such as browser cookies, web beacons and other, similar technologies. The information we collect includes IP addresses, the number of page visits, pages viewed via our Sites, search engine referrals, browsing activities over time and across other websites following your visit to one of our Sites or applications, and responses to advertisements and promotions on the websites and applications where we advertise.
We also use certain information to:
- Identify new visitors to our Sites;
- Recognize returning visitors;
- Advertise on other websites and mobile applications not affiliated with us;
- Analyze the effectiveness of our advertisements;
- Better understand our audience, customers, or other Site visitors; and
- Determine whether you might be interested in new products or services.
Controlling Our Tracking Tools. Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features, and limit the functionality we can provide when you visit or use our Sites. If you block or delete cookies, not all of the tracking that we have described in this notice will stop. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this Site. You can change your cookie settings at any time. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
Controlling Online Interest-Based Ads. We sometimes work with online advertising vendors to provide you with relevant and useful ads. This may include ads served on or through our Sites. This may also include ads served on other companies’ websites. These ads may be based on information collected by us or third parties. For example, your postal code may be used to target an ad for people in your area. These ads may also be based on your activities on our Sites or on third party websites.
For more information about our ad service provider and its cookies, including information about how to opt out of these technologies, you may visit http://optout.aboutads.info In addition, users may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
How we use and share your Personal Data?
We do not share your Personal Data with unaffiliated third parties for their own direct marketing purposes. Whatever the purpose may be – whether we share with service providers or other external entities – we only process and share your Personal Data to the extent reasonably necessary to fulfill your requests and meet our legitimate business and legal objectives. When we disclose Personal Data to external entities to perform support services for us, we establish by contract that they may access your Personal Data only for the purposes of performing those support services. Where the purpose for using and sharing your personal data is allowed by law we may also use what we know about you to offer you other products and services. We may combine your online information with information collected from offline or online sources, or information we already have. We may also use and disclose certain Personal Data to our affiliated companies and others for any purpose allowed by law.
Asure Business Activities. We process and disclose your Personal Data to others to:
- Provide you with specific products and services covered under the terms of a contract with one or more of our corporate customers, including processing transactions, authenticating authorized users;
- Perform certain benefit administration or other transactions initiated by you;
- Respond to your questions, complaints, or reviews of our product or services;
- Send you communications about online transactions, product information, ads and promotions, electronic newsletters, or other notices or offers tailored to you which you have requested or consented to receive;
- Enable our advertisers to provide you with more personalized content, and track the effectiveness of certain advertising campaigns;
- Comply with applicable law, obey judicial orders, cooperate with law enforcement authorities, or prevent any suspected illegal activities
What are Asure’s legal grounds for the collection, use, sharing and other processing of Personal Data?
Certain jurisdictions, including those in the European Union, require the identification of the legal grounds for the collection, use, sharing, and other processing of Personal Data. Asure relies on the following legal grounds for the collection, use, sharing, and processing of Personal Data as described in this Privacy Notice:
- Necessary to provide information or otherwise carry out the performance of a contract with you as an individual;
- Our legitimate interests, including:
- Performance of the contract with our Clients;
- Implementation and operation of a group-wide matrix structure and group-wide information sharing;
- Client relationship management and marketing and analytics directly related to these;
- Product development and site administration
- Fraud prevention, misuse of company IT systems, or money laundering;
- Whistleblower scheme operations;
- Physical, IT, and network perimeter security;
- Internal investigations; and
- Intended mergers and acquisitions;
- Compliance with legal obligations and/or defense against legal claims, including those in the area of labor law, social security, and data protection, tax, and corporate compliance laws.
- Protection of the vital interests of any individual;
- Performance of a task carried out in the public interest or in the exercise of official authority vested in Asure; and
- Consent, as permitted by applicable law for marketing and client relationship purposes
Authorized Service Providers. We use other companies and individuals to perform certain functions on our behalf. Those functions include payment card processors, shipping vendors, call-center support, analyzing or hosting data on cloud-based servers, and other companies that help us improve our products and services. We may disclose certain Personal Data to these companies and other individuals performing services in the United States or other locations where Asure conducts business where this is allowed by applicable law.
Location-based services. We offer to our Clients the ability to use location-based tracking on certain mobile technologies as part of Asure’s Services. To provide location-based services on these Asure products, we and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your device. Where available and enabled within the Asure product configuration, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location.
Sale of the Businesses. If we sell all or part of our business, Personal Data may be transferred to the purchaser in connection with that transaction. We will use reasonable efforts to include contractual provisions that require the purchaser to treat your Personal Data consistent with the terms of this Privacy Notice.
What is Asure’s policy for the collection, use, and storage of Biometric Data?
We offer certain Clients the ability to use biometrics, including fingerprint and facial recognition technology software, through Asure’s Time and Attendance applications. We rely on the terms and performance of the contract with our Clients to lawfully process Biometrics (as defined below) on our Client’s behalf to authenticate an individual and prevent fraud in the context of his or her employment or contractor relationship with our Client. We use Biometrics solely for the purposes requested by our Client (the employer or customer) to perform the applicable Asure Services. Asure transmits Biometrics securely using encryption, and we take other reasonable steps to safeguard this data against unauthorized access, use, or disclosure. We retain this information until the termination of our services agreement with our Clients (we routinely delete the information within 90 days following the termination of our services agreement), unless otherwise required by the terms of our agreement with our Clients, or unless we have a legal reason to retain it to comply with applicable law, judicial demands, resolve disputes, or otherwise defend or enforce our agreements.
In light of the sensitive and developing nature of the requirements for the collection, use, and storage of Biometrics, Asure’s Clients are responsible for developing and implementing their own biometric privacy policies. To the extent required by law, Asure’s Clients must obtain written authorization from each employee or contractor before implementing any Asure Services that collects, stores, or processes Biometrics. Asure Clients should also:
- Inform employees or contractors in writing that Biometrics are collected, stored, and used;
- Indicate the specific purpose(s) for collecting Biometrics, and length of time for which it is being collected, stored, and used; and
- Receive written consent from the employee or contractor (or his or her legally authorized representative) authorizing the Client and Asure to collect, store, and use Biometrics.
Asure uses facial recognition technology as an optional component for mobile and time clock solutions, and fingerprint scanning is an option on our time clocks. Via a photograph (“Photo”) submitted to our Sites via our solution, algorithms create a biometric identification index (“Facial Index”), which is a numeric interpretation of a person’s facial features, like the distance between the eyes, nose and ears. Similarly, we convert a fingerprint scan into an algorithm that creates a fingerprint identification index (“Print Index”), which again is a numeric interpretation of various distances and angles found on a human fingerprint. We refer collectively to the Photo, Facial Index and Print Index, as “Biometrics.”
Other requirements or restrictions may apply to Biometrics beyond those mentioned in this section in accordance with applicable law in your jurisdiction. If you are an employee or contractor who accesses the Asure Services in connection with your employment or contractor status with our Client, please contact your employer or customer for further information about your data.
How do we protect international transfers of Personal Data?
Asure is based in the United States. If you are located in a jurisdiction outside the US, such as the European Union, the data protection laws in the US may not be considered to provide an adequate level of protection under your local data protection laws. If you are a visitor to this Site and prefer not to have your Personal Data transferred to the United States, do not use this Site. Otherwise, by using this Site or providing any information, you consent to the transfer of Personal Data to the US and other destinations outside your home country. However, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, and approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can request a copy of the appropriate safeguards by contacting your employer or Asure as set out below.
For transfers of End User Data, Asure Software, Inc. commits to submit to the principles of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework all personal data that constitutes European End User Data submitted by Asure Software’s customers in reliance on the Privacy Shield to the following cloud based services: Time and attendance and workforce management product offerings, online meeting room and space management product offerings, and payroll and other human capital management (HCM) services. Product names include Resource Scheduler®, Meeting Room Manager®, Asure Force, and OccupEye®.
If you are located in the European Union or other jurisdictions outside the US, what are your rights concerning your Personal Data?
The European Union and certain other non-US jurisdictions maintain local data protection regulations that confer certain data protection rights on individuals. Asure will address such rights as required by applicable laws. Note that if you are an employee or contractor to our Client, and we obtain access or otherwise process End User Data about you in that context, you should contact your employer/customer which will be in the best position to respond to your inquiry. If you wish to exercise any of these rights, please contact us as specified in the “How to contact us” section below.
- Right of access: You may have the right to obtain from us confirmation as to whether or not Personal Data concerning you is processed, and, to request access to the Personal Data. The access information includes, among other things, the purposes of the processing, the categories of Personal Data concerned, and the recipients or categories of recipient to whom the Personal Data have been or will be disclosed. This is not, however, an absolute right, and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of their Personal Data undergoing processing.
- Right to rectification: You may have the right to obtain from us the rectification of inaccurate Personal Data about you. Depending on the purposes of the processing, you may have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Personal Data concerning you, and we may be obligated to erase that Personal Data.
- Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your Personal Data. In that case, your data will be marked and may only be processed by us for certain limited purposes. As Asure processes and uses your Personal Data primarily for purposes of carrying out the contract for services relationship with your employer, Asure will have a legitimate interest for the processing which will override your restriction request, unless the restriction request relates to marketing activities.
- Right to data portability: Under certain circumstances, you may have the right to receive the Personal Data about you, which you have provided to us, in a structured, commonly used and machine-readable format, and you may have the right to transmit that data to another entity without hindrance from us.
- Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data by us, and we can be required to no longer process your Personal Data.
You also have the right to lodge a complaint with a competent data protection supervisory authority. To exercise your rights, please contact us as set out below.
In addition, if you voluntarily signed up to receive certain communications from us, you can opt-out by clicking the unsubscribe link at the bottom of the message. Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. It may take up to 10 days to process your e-mail related requests, and up to 30 days for all other marketing-related requests. And even after you’ve opt-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, surveys or recalls, or any questions regarding a specific order.
What kinds of security measures do we take to safeguard your Personal Data?
The security and confidentiality of your Personal Data matters to us. That’s why we have adequate technical, administrative, and physical controls in place to protect your Personal Data from unauthorized access, use, and disclosure. For example, we provide the option to encrypt all information you submit to us using Secure Sockets Layer (“SSL”) technology that helps protect information during transport to our Site. We also review our security procedures periodically to consider appropriate new technology and updated methods. Even so, despite our reasonable efforts, no security measure is ever perfect or impenetrable.
How long do you retain my Personal Data?
Depending on the product or service, we will retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Privacy Notice
or as set out in our Client agreement, unless a longer retention period is required or permitted by a law that applies to us.
What about Minors and Children Under 13?
Our Sites are not intended for minors. We do not knowingly collect any Personal Data from children under the age of 13 or knowingly track the use of our Sites by minors.
How can you contact us to update your Personal Data, file a complaint, ask questions, or send us comments about this Privacy Notice?
If you wish to update your Personal Data, have any questions, have a complaint, or wish to send us comments about this Privacy Notice or exercise any rights, e-mail us at firstname.lastname@example.org or call or write to us. We will investigate your complaint and use reasonable efforts to respond to you as soon as possible.
Our US postal address is:
Asure Software, Inc.
Attn.: Privacy Office
3700 N. Capital of Texas Highway
Austin, Texas 78746
Our postal address in the United Kingdom is:
Asure Software, Inc.
3 Waterhouse Square
London, EC1N 2SW
+44 (0) 208.328.9460
For Australian consumers: If we fail to respond to your complaint within a reasonable period of receiving it in writing, or if you are dissatisfied with the response that you receive from us, you may lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”). Details of how to contact the OAIC are located at www.oaic.gov.au
How will you know if we amend this Privacy Notice?
We may amend this Privacy Notice at any time. If we make any material change in how we collect, use, disclose, or otherwise process Personal Data, we will prominently post an updated Privacy Notice on our Sites. Any material changes to this Privacy Notice will be effective 10 days after our posting of the updated Privacy Notice. Where required to do so by law, we may seek your prior consent to any material changes we make to this Privacy Notice.