Privacy at ADP

Privacy at ADP

ADP's Privacy Commitment

ADP is committed to privacy and the protection of all personal data related to ADP associates, contingent workers and job applicants, client employees and workers, business contacts such as clients, prospects, website users or vendors. ADP has adopted a set of privacy principles that serve as the foundation for our global privacy program which includes our Global Privacy Policy and our Binding Corporate Rules (BCRs).

Our Global Privacy Policy

Transparency and Notice

Transparency and Notice

Whether you are a prospective or an existing client of ADP, a vendor or any other business contact, a job applicant, a client employee or worker, a website user, an ADP associate or a contingent worker, you will receive information as to how ADP handles your personal data in the relevant ADP Privacy Statement that is made available to you.

Privacy Statement for Business Contacts

Privacy Statement for Client Employees and Workers

Privacy Statement for Job Applicants

Choice and Consent

Choice and Consent

When collecting your personal data, ADP is committed to respecting your choices regarding the processing of such data. We will process your data for the business purpose such data was collected. Under very limited circumstances as described in our Binding Corporate Rules, ADP may process your data for a legitimate secondary purpose that is closely related to the original purpose for which such data was collected. If you are a Client employee or worker, ADP will process your data in accordance with the instructions that we receive from our Clients.

Data Minimization and Access Control

Data Minimization and Access Control

We collect and use only the minimum personal data necessary to achieve the business purpose for which it was collected. When ADP processes your data, access is granted based on specific roles and job functions.

Documented Data Processing Activities

Documented Data Processing Activities

We perform data flow mapping and privacy assessments on our data processing activities, which enable us to hold an inventory of our processing activities.

Privacy by Design

Privacy by Design

ADP has developed Privacy by Design Policies, Standards and Guidelines to assist our Associates and Contingent Workers in using Privacy Enhancing Technologies (PETs), for privacy protection purpose, and in implementing the Seven Foundational Principles of Privacy by Design as adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010.

Our Privacy by Design (PbD) Policies, Standards and Guidelines set forth requirements for the development and implementation of ADP Products and Services throughout our entire product and services development life-cycles.

These requirements enable ADP to make our privacy guidance available upfront during the ideation phases of our products and services. Both Privacy and Security protections are enabled with our Privacy by Design strategy, classifying data at its point of collection through properly destroying that data at the end of its life-cycle. We are transparent with our users and regularly review and update our Privacy Policies. Our products and services enable users to exercise their privacy rights. We have embedded the foundational concepts of Privacy by Design into our products and services, including but not limited to data minimization, purpose specification, collection limitation and use, retention and access control.

Access and Accuracy

Access and Accuracy

Where reasonable or required by law, ADP will provide information that you may request regarding the data that ADP collected from you in accordance with our Binding Corporate Rules. When processing personal data on behalf of its Clients, ADP will provide assistance in addressing individuals’ rights requests, in accordance with applicable law and contractual agreement with our Clients. ADP is committed to provide you with a reasonable opportunity to examine your own personal data and to update it if it is incorrect.

Retention and Disposal

Retention and Destruction of Information

ADP has implemented a Global Records Information Management (RIM) Policy, covering the appropriate retention, maintenance, and destruction of client information and company records.

Learn about Records Information Management

Security

Security

ADP’s Global Security Organization maintains administrative, technical and physical controls to protect personal data entrusted to ADP. ADP’s incident response process is designed to ensure that any incidents involving your personal data are addressed, tracked and reported in a timely and effective manner and in accordance with ADP security policies, procedures, and legal requirements. When necessary, procedures for the notification of Clients, individuals and all other parties who may be impacted by the incident are initiated, and appropriate remedial actions are taken.

Learn more about our Global Security Organization

Supervision of third party providers

Supervision of third party providers

ADP’s vendors must meet our data security and privacy standards. Our vendor assurance process enables ADP to assess its vendors prior to entering into a contract with them. Our vendors are contractually required to comply with ADP’s privacy principles. We do not transfer personal data to third-party providers other than to perform ADP services.

Cross-Border transfers of data

Cross-Border transfers of data

ADP will comply with applicable laws in case of transfer of personal data across country borders. Where applicable, ADP shall also comply with its Binding Corporate Rules for Client Data Processing Services (the Processor Code) which provides the primary legal basis for transfers of personal data of our Clients’ employees from European locations to members of the ADP group located outside of the European Economic Area (EEA).

Learn more

Oversight and Governance

Oversight and Governance

As part of ADP’s enterprise risk assessment and risk management activities, our Audit Committee of the Board of Directors oversees and reviews risk related to privacy.

ADP’s global privacy program is led by its Chief Privacy Officer and the Data Privacy and Governance Team in cooperation with representatives from all of ADP’s business units and functions, the ADP Privacy Stewards, the members of the ADP Legal department and Compliance professionals. Taking into account the sensitivity of the personal data, ADP Associates and contingent workers who access personal data are trained on the appropriate use and handling of personal data as it pertains to their job responsibilities.

See ADP’s Privacy Governance

Learn more about Privacy at ADP

Read how ADP is helping you comply with data protection and privacy laws.

Complying with privacy laws across the globe

Download brochure

How ADP helps companies comply with GDPR

Download brochure