ADP is committed to privacy and the protection of all personal data related to ADP associates, contingent workers and job applicants, client employees and workers, business contacts such as clients, prospects, website users or vendors. ADP has adopted a set of privacy principles that serve as the foundation for our global privacy program which are included in our Global Privacy Policy and our Binding Corporate Rules (BCRs).
We are proud to have also achieved certification to ISO 27701, an international standard for privacy information management. This represents another significant milestone in our privacy commitment, by providing third party validation of our implementation of privacy controls.
ADP’s Global Chief Privacy Officer is charged with leading and overseeing ADP’s Global Privacy Programs, along with the members of the global privacy team. The global privacy team may be contacted at privacy@adp.com.
ADP is also committed to upholding strong ethics as part of our core business approach. ADP has adopted rigorous principles and processes to govern its use of newer technologies, including real-time, operational monitoring of automated decisions. We reflect this every day in our actions and commitments, including placing a great focus on Privacy.
Automation fueled by artificial intelligence (AI) is helping transform organizations, the way we work, and even the nature of the work itself. At ADP, we’ve adopted a set of principles and processes to govern our use of newer technologies like AI and machine learning.
Our ISO 27701 certification is an extension of our ISO 27001 security certification and covers the same scope for our infrastructure in the U.S. and EMEA.
For more information on our ISO 27001 certification, please see our Data Security site.
ISO/IEC 27701: 2019 - SRI Certificate for US #4996-01/02/06
ISO/IEC 27701: 2019 - SRI Certificate for EMEA #4996-00-EUR-ISMS
Whether you are a prospective or an existing client of ADP, a vendor or any other business contact, a job applicant, a client employee or worker, a website user, an ADP associate or a contingent worker, you will receive information as to how ADP handles your personal data in the relevant ADP Privacy Statement that is made available to you.
Privacy Statement for Business Contacts
When collecting your personal data, ADP is committed to respecting your choices regarding the processing of such data. We will process your data for the business purpose such data was collected. Under very limited circumstances as described in our Binding Corporate Rules, ADP may process your data for a legitimate secondary purpose that is closely related to the original purpose for which such data was collected. If you are a Client employee or worker, ADP will process your data in accordance with the instructions that we receive from our Clients.
We collect and use only the minimum personal data necessary to achieve the business purpose for which it was collected. When ADP processes your data, access is granted based on specific roles and job functions.
We perform data flow mapping and regular privacy risk assessments (Privacy Impact Assessments) on our data processing activities. We monitor and regularly assess our company’s technology tools against industry standards. This enables us to comply with privacy-related regulatory requirements, and keep an inventory of our processing activities.
ADP has developed Privacy by Design Policies, Standards and Guidelines to assist our Associates and Contingent Workers in using Privacy Enhancing Technologies (PETs), for privacy protection purpose, and in implementing the Seven Foundational Principles of Privacy by Design as adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010.
Our Privacy by Design (PbD) Policies, Standards and Guidelines set forth requirements for the development and implementation of ADP Products and Services throughout our entire product and services development life-cycles.
These requirements enable ADP to make our privacy guidance available upfront during the ideation phases of our products and services. Both Privacy and Security protections are enabled with our Privacy by Design strategy, classifying data at its point of collection through properly destroying that data at the end of its life-cycle. We are transparent with our users and regularly review and update our Privacy Policies. Our products and services enable users to exercise their privacy rights. We have embedded the foundational concepts of Privacy by Design into our products and services, including but not limited to data minimization, purpose specification, collection limitation and use, retention and access control.
Where reasonable or required by law, ADP will provide information that you may request regarding the data that ADP collected from you in accordance with our Binding Corporate Rules. When processing personal data on behalf of its Clients, ADP will provide assistance in addressing individuals’ rights requests, in accordance with applicable law and contractual agreement with our Clients. ADP is committed to provide you with a reasonable opportunity to examine your own personal data and to update it if it is incorrect.
ADP has implemented a Global Records Information Management (RIM) Policy, covering the appropriate retention, maintenance, and deletion and/or destruction of individuals’ personal data, Client information and company records.
ADP’s Global Security Organization maintains administrative, technical and physical controls to protect personal data entrusted to ADP. ADP’s incident response process is designed to ensure that any incidents involving your personal data are addressed, tracked and reported in a timely and effective manner and in accordance with ADP security policies, procedures, and legal requirements. When necessary, procedures for the notification of Clients, individuals and all other parties who may be impacted by the incident are initiated, and appropriate remedial actions are taken.
ADP’s vendors must meet our data security and privacy standards. Our vendor assurance process enables ADP to assess its vendors prior to entering into a contract with them. Our vendors are contractually required to comply with ADP’s privacy principles. We do not transfer personal data to third-party providers other than to perform ADP services.
ADP will comply with applicable laws in case of transfer of personal data across country borders. Where applicable, ADP shall also comply with its Binding Corporate Rules for Client Data Processing Services (the Processor Code) which provides the primary legal basis for transfers of personal data of our Clients’ employees from European locations to members of the ADP group located outside of the European Economic Area (EEA).
As part of ADP’s enterprise risk assessment and risk management activities, our Audit Committee of the Board of Directors oversees and reviews risk related to privacy.
ADP’s Global Chief Privacy Officer is charged with leading and overseeing ADP’s Global Privacy Programs, along with the members of the global privacy team. The team works in cooperation with the representatives of our ADP business units and functions, the ADP Privacy Stewards, the members of the ADP Legal department and Compliance Professionals. Taking into account the sensitivity of the personal data, ADP Associates and contingent workers who access personal data are trained on the appropriate use and handling of personal data as it pertains to their job responsibilities.
MEET OUR CLIENTS
We appreciate how ADP’s Next Gen HCM platform handles secure information. Our clients require that we adhere to website content accessibility guidelines, and we must be HIPAA compliant. Working in this platform provides all of that right out of the box. We don’t have access to any personal data for the employees. Everything lives on ADP’s platform and we’re able to provide functionality based on attributes of that data, without actually seeing the data.
Alex Sherman General Manager, LifeMart (a division of Care.com)
