Date Posted and Effective Date: December 31, 2019
Last Modified: June 6, 2022
I. Personal Information
A. Active Collection and Use:
In order to access the Sites, services and the information available on the Sites, you may be required to register with the Sites and provide some personal information, such as your name and email address or other contact information. If you provide us with personal information, we will retain and may use that information to contact or respond to you. We also may retain or use your information for the period of time needed to pursue legitimate business interests. Legitimate business interests may include customizing the services we provide to you and to ensure compliance with Workiva policies and applicable laws, ensuring you are satisfied with Workiva's support and services, authentication confirmation for secure handling of Workiva's clients' accounts, etc. We may share your personal information with our partners that provide similar products or services so they may promote such products and services for sale in conjunction with Workiva’s products and services. If you do not want us to share your personal information with these companies, contact us at email@example.com. Our Sites and Services collect, store and process this personal information on servers in the United States of America.
When you provide us with personal information about your contacts, we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org.
We may use information collected via these Sites to improve the content of our Sites and Services, to customize the Sites and Services to your preferences, to communicate information to you (if you have requested it), for our marketing and research purposes, to ensure you are no longer contacted in the event you unsubscribe from marketing campaigns, to market future available software and Services of relevant interest to you, to measure your interest in our Services, to assess and identify new customers and potential customer opportunities, when necessary to the administration of our general business, accounting, record keeping, and legal functions, and for any other purpose specified.
B. Aggregate Information and Passive Information Collection:
From time to time, we may collect general, non-personal, statistical information about the use of the Sites, such as how many visitors visit a specific page on the Sites, how long they stay on that page, and which hyperlinks, if any, they “click” on. We collect this information through the use of technologies such as “cookies” and “IP addresses,” which are discussed in greater detail below. Our system may also automatically collect operational information about the technology you use, such as your browser, type of computer, operating systems, internet service providers and the domain name of the websites from which you linked to our Sites. We collect this information in order to determine which areas of the Sites are most popular and to enhance the Sites for visitors. We may use this information for security purposes, to detect and to block security breaches and to provide you with a safe online environment. We may also share this information with our partners.
C. IP Addresses:
An IP address is a number that's automatically assigned to your computer whenever you're surfing the web. Web servers, the computers that “serve up” web pages; automatically identify your computer by its IP address. Workiva collects IP addresses for purposes of system administration, to report aggregate information to third parties and to track the use of the Sites. When visitors request pages from the Sites, our servers log the visitors' IP addresses. It is not our practice to link IP addresses to anything personally identifiable, which means that a visitor's session will be logged. However, we reserve the right to use IP addresses to identify a visitor when we feel it is necessary to enforce compliance with the Site's policies or to protect Workiva, the Sites, its visitors, or others.
D. Cookies, Beacons and Successor Technologies:
Sites pages may contain electronic images known as web beacons-also referred to as single- pixel gifs-that permit Workiva to count users who have visited those pages and for other related website statistics-(e.g., recording the popularity of certain website content and verifying system and server integrity). Web beacons are used to compile aggregated statistics concerning the use of the Sites. Web beacons collect only a limited set of information including a cookie number, the time and date of a page view, and a description of the page on which the web beacon resides. Web beacons/pixels may also be used by advertising partners to infer the presence of a common user across multiple devices or browsers – also known as cross device tracking-in order to provide personalize advertising on devices inferred from browsing patterns.
In addition to the foregoing, we use Google Analytics Demographics and Interest Reporting (implemented based on Display Advertising), which will track certain personal information of yours. Information collected about you is limited to age, gender and affinity categories. If you would like to opt out of the collection of such information you may do so by clicking here. Further, Google has a browser plugin (for Internet Explorer, Firefox, Chrome, Safari, Opera) that prevents your data from being collected and used by Google Analytics. You can download the plugin by clicking here.
For a listing of some of the types of cookies utilized for our Sites and services, please click here.
E. User Data Supplementation:
We may receive information about you from other sources, including publicly available databases or social media sites, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, assess and identify new customers and potential customer opportunities, and provide products and services that may be of interest to you.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you (for the purpose of creating more tailored advertising and products), may include:
- Purchased marketing data about our customers from third parties
- Data and other information available publicly on social media sites
F. Do Not Track Signals:
At this time we do not have the ability to comply with any setting within your web browser that would send “do not track” signals.
G. Processor Disclosure:
Any personal information we obtain on the Workiva (Wdesk) platform service is conducted under the direction of its clients, and we have no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our Service, please contact the client that you interact with directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our client (the data controller). If requested to remove data, we will respond within a reasonable timeframe. We may transfer personal information to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreements with our clients.
II. Disclosure of Personal Information
A. Personally Identifiable Information:
B. Legal Notice:
In certain situations, Workiva may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If Workiva is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
As Workiva develops, we may buy other businesses or their assets or sell our business assets. Customer information is generally one of the business assets involved in such transactions. Thus, in the event that Workiva or all of its assets are acquired, or in cases of liquidation, dissolution, reorganization or other transfer of the business, customer information, including any visitor information collected through the Sites, may be one of the transferred assets.
Finally, Workiva reserves the right to disclose visitor information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) Workiva rights or property, other visitors, or anyone else that could be harmed by such activities. Workiva also reserves the right to disclose visitor information when we believe in good faith that the law requires it.
C. Aggregate Information:
We may group information into aggregate visitor data in order to describe the use of the Sites to our existing or potential business partners or other third parties, or in response to a government request.
III. Links to Other Sites
Protecting the security of your personal information is very important to us. When you transmit personal information from your computer to our servers, your information is protected by both a “firewall” (a combination of computer hardware and software that helps keep unauthorized visitors from accessing information within our computer network) and industry standard SSL (secure socket layer) encryption. Once we receive your transmission, we will take reasonable precautions to ensure its security on our systems. While we utilize all of our security and data protection preventative measures, the internet is inherently insecure. As a result, while Workiva strives to protect your personal information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online.
Users are required to sign-in to specific secured areas of Workiva Sites and services using a user ID and password. These authenticate the user and are designed to safeguard against unauthorized access and use of a user's account. The user ID and password are used on a secure web page and encrypted when transmitted over the internet.
The safety and security of your information also depends on you. If you have access to password-protected features, never share your password with anyone else, notify us promptly if you believe your password security has been breached, and remember to log off of this site before you leave your computer. Similarly, any personally identifiable information or personally sensitive data that you disclose through online forums hosted on the Sites, may be collected and used by others. We recommend caution when giving out personal information to others in these public online forums.
If at any point you suspect or become aware of a security incident (i.e. your password is stolen or you receive suspicious communication from someone holding themselves out to be a Workiva employee or from a fake website claiming to be affiliated with Workiva), please forward the communication to us or report the incident by email to email@example.com, or in writing to Workiva at Workiva Inc., Attn: Legal, 2900 University Blvd., Ames, Iowa 50010, as soon as possible.
We do not knowingly collect information from children under the age of 13 on the Sites. If you are under the age of 13, please do not provide any personal information to us. If we become aware that we have collected personal information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
VI. Changes to These Terms:
VII. Access and Review of Your Personal Information:
When using our Sites and Services, we make a good faith effort to provide you with access to your personal information and either correct this data if it is inaccurate or delete inaccurate data at your request if it is not otherwise required to be retained by law or for legitimate business purposes.
Upon request, Workiva will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org.
You may access, correct, or request deletion of your personal information by contacting us at email@example.com. Your personal information is retained for only as long as is necessary for the purpose for which it was collected. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
We will respond to these requests within a reasonable timeframe.
Users must identify themselves and the information requested to be accessed, corrected or removed prior to processing such requests, and we may decline to process such requests that are deemed unreasonable or inappropriate. In any case, the information access and data corrections are performed free of charge, except if doing so would require a disproportionate effort. Due to the methods that we maintain certain services, once your information is corrected or deleted; residual copies may take a period of time before they are deleted from our active systems and may remain in our backup systems.
IF YOU ARE A CALIFORNIA RESIDENT, you can learn more about your rights under California law, including how to exercise these rights, in the Supplemental Notice for California Residents found here.
VIII. International Privacy Principles
Workiva is a global business. Personal information may be stored and processed in any country where Workiva has operations or where Workiva engages service providers. In particular, Workiva collects and transfers to the United States personal information pursuant to the following legal bases (i) with your consent, (ii) to perform a contract with you, or (iii) to fulfill a legitimate interest of Workiva in a manner that does not outweigh your rights and freedoms.
Workiva may transfer, access, or store personal information about you outside of the European Economic Area (“EEA”), Switzerland, United Kingdom, or another country that requires legal protections for international data transfer. Those countries (including the United States) may have data protection rules that are different from those of your country and may not have received a finding of “adequacy” from the European Union under Article 41 of the GDPR. For such transfers, Workiva will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:
- Workiva may transfer personal information to countries that have privacy laws that have been recognized by the country from which the data are transferred as providing similar protections for the data.
- Workiva may enter into written agreements, such as standard contractual clauses, with recipients that require them to provide the same level of protection for the data.
Workiva may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred.
A. EU-U.S. and Swiss-U.S. Privacy Shield:
Workiva participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
Workiva is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Workiva complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Workiva is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Workiva may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) by clicking here.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
IX. Email or Newsletter Preferences
You may also be provided an option to choose to subscribe to an email list. If you subscribe to our electronic mailing list and later decide to opt-out, simply follow the instructions that are included in each email.
At any time, if you believe that Workiva has willingly violated the above Policy, please let us know by sending an email to firstname.lastname@example.org. Workiva values your trust and will take the appropriate measures to ensure that the Sites and services we provide to you are secure.
© 2019-2022 Workiva All rights reserved.