Privacy Policy

Privacy Policy

This Privacy Policy describes how Asure Software, Inc., and its subsidiaries and affiliates (“we,” “us” or “our”) collect, use, disclose and protect personal and other sensitive information. This privacy policy applies to all personal and sensitive information collected or submitted on our website, through the use of our online software products, our mobile based applications, and our product devices (together, the “Services”). The purpose of this Privacy Policy is designed to provide an understanding of how we collect and use this information prior to using and/or purchasing our Services.
We may add to, or amend, this policy with other notices. Additionally, due to changes in technology and development of our business, we may need to modify this policy from time to time as discussed under “Changes to Our Privacy Policy” below.

Information We Collect

Personal and Other Sensitive Information. No information is required to simply visit and browse our website. However, when additional information is requested from us or our customers engage us to provide Services to them, we collect certain personal information and other information as described below. The categories of personal information and other information we may collect include but are not limited to the following, depending on the request or Services selected by our customers:

  • Contact information that allows us to communicate with our customers and their representatives, such as first and last name, company name, mailing address, telephone numbers, email address or other addresses that allow us to send messages and other information regarding our Services.
  • Customer relationship information that helps us do business with customers, such as the types of products and services that may be of interest, information on a company’s size, geographic location, and demographics.
  • Customer employee information necessary to provide our Services related to our online time and attendance and human capital management offerings, including our customers’ employee names, addresses, social security numbers, date of birth, telephone number(s), gender, marital status, email addresses, dependent information, information for payroll, payroll data, biometric facial recognition, geolocation, medical and beneficiary information, as well as any information that can be linked to an individual employee.
  • Customer employee information to necessary provide our Services related to our online meeting room management offerings, including our customers’ employee names, email addresses, work locations, any information entered in meeting request descriptions – as any information can be entered in this free text area – as well as any information that can be linked to an individual employee.
  • Customer and employee information, including financial and bank account information, to provide certain of our payroll and other human capital management benefits administration Services, to the extent authorized by customers or their employees to provide such Services.
  • Credit, debit, or cash/payment card information if used, such as for billing to the extent authorized by customers to provide our Services.
  • Credit or debt history regarding customer creditworthiness or credit history.
  • Customer employee employment history and application information that can be used to determine eligibility for a job opening via our recruiting module.

Any of the foregoing information collected by us may be stored and retained by us and may be used as set forth in this Privacy Policy. Although we do not own any personal or sensitive information, any feedback, comments, submission or information provided to us through an email, public forum, social media page or others similar public forum available through our Services will be and remain our exclusive property. See “Notice Regarding Public Forums” below.
Notice to Employees of our Customers. We collect and receive personal information from our customers about their current, prospective and former employees as well as employee dependents and family members, as needed to provide our Services as selected by them. If you are an employee of one of our customers, this notice explains our practices with regard to all of the personal information we receive as a data processor from our customers (your employer) related to you as their employee.
We collect and process your personal information only as instructed or permitted by our customers (the employer) or you. We will at all times maintain reasonable and appropriate security controls to protect your information as set forth below under the caption “Security”.
Certain of our Services may require employees to submit biometric facial recognition in connection with your employment by your employer. If this applies to you, please see our biometric data policy below under the caption “Biometric Data Policy”.
We will disclose all of your personal information to the employer and to other entities when instructed by the employer. We may disclose your personal information to our affiliates and data processors as needed to provide the Services that your employer and you have requested. These entities are all contractually bound to limit use of your personal information as needed to perform the Services requested by your employer and you. We will also always disclose personal information when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.
If you questions about your individual privacy rights, please contact your employer’s human resources department. You may also contact us at the contact information listed below under the caption “Questions.”
Non-Personal Information We Collect. Non-Personal Information is information that without the aid of additional information cannot be directly associated with a specific person or entity. We use technology to automatically collect this type of non-personal information from our customers and their employees when they access and use our Services. The information we collect through these technologies may include:

  • Information from your Browser or Device. The web servers for our Services automatically record certain non-personally identifiable computer information. For instance, when you use any of our Services, we collect your browser type and IP address. This information is gathered for all visitors and users of our Services. This information is used in aggregate form to help us understand how our customer use our Services.
  • Information from Cookies. We may use “cookies” with our Services. A cookie is a text file that is placed on your hard drive by our web server. Cookies are uniquely assigned to a computer, and your computer will only allow our web servers to access our cookies. Cookies allow is to collect web data and information such as web pages visited by using our Services, time and date information, the web site you came through to reach our Services, and whether or not you clicked on any links while at our website or using our Services. We may collect this non-personal information through the use of cookies and other similar software technologies. You have the right to delete cookies placed on your hard drive, which will erase the data automatically saved during your visit. However, that will mean that our Services will not recognize you when your return or that you may not be able to use our Services. You may also modify your web browser to notify you before accepting cookies, or to decline all cookies.
  • Technical Data. The servers we use also collect usage, viewing and technical data when visiting our website or using our Services through us and our service providers. The data entries in these logs are used for server and network operation and maintenance and to help us understand general usage patterns.
  • Geolocation. Certain of our technologies we use collect information that identifies a device’s location (geolocation information) either provided by a mobile device interacting with our website or our Services or associated with a user’s IP address.

Aggregated, Non-Personal Information. We may collect general, non-personal, statistical information about the users of our Services in order to determine information regarding the use of our Services, and general information about our customers. We may also group this information to provide general aggregated data. The aggregated data will not personally identify any user of our Services.

How We Use Collected Information

We use the information provided or submitted to us to perform the Services requested of us and for purposes related to our business. We limit the collection of information that we need to collect to:

  • Facilitate customer requested Services, technical and other support, training and other services as requested by our customer.
  • Manage our everyday business needs, product development, contract management, business continuity, general research, analytics or statistical purposes.
  • Establish necessary third party provider relationships required for the operation of our Services.
  • Administer and improve our website and Services.
  • Detect fraud or theft to protect our business and customers information identification and authentication purposes and otherwise to protect the security or integrity of our Services and our business.
  • Comply with legal, reporting and regulatory requirements.
  • Financial Information – As noted above, certain financial and bank account information and credit card billing information including mailing address maybe required. That information may be stored by us, and, may also be collected and stored by our payments processing vendor(s) for the purpose of processing payments made to us or to you depending on our customer requested Services. We (and our vendors) will not use that information for any other purposes.
  • Contact you with information on Services, new Services or products, or upcoming events.

How We Disclose the Information We Collect

We do not share, sell, rent, or transfer personal information other than as described in this Privacy Policy. We may disclose or share the information we collect as follows:

  • To third party vendors, suppliers and affiliates who process information on our behalf so that we can provide and operate the Services and our business, such as hosting providers and payment processing providers and who are bound by law or contract to protect information and only use information in accordance with our instructions. These service providers are only given the information needed to perform their specialized services and not to use or disclose the information for any other purpose.
  • As needed to support external auditing, legal compliance and corporate governance functions.
  • If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, their employees or others, to protect the safety and security of our website and Services, to enable us to take precautions against liability, or to law enforcement agencies or for an investigation related to public safety. In some cases, disclosure may be required by law to be without notice.
  • In addition, if we or our subsidiaries are involved in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain to the buyer or other successor.
  • Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our customers and their employees. These reports do not contain any information that would enable the recipient to contact, locate or identify you. These reports also do not contain any identifiable company information. We may disclose aggregated information about many of our users, and information that does not identify any individual or device.

Third-Party Websites

Our website and Services may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites as they may differ from our privacy practices. We recommend that you read the privacy statement of each website that collects personal information, as their privacy statement will govern any personal or sensitive information you submit to those sites. This Privacy Policy applies only to information collected by us through our Services.
Additionally, if you choose to click on a third party link, we may provide non-personally identifiable information to the third party. Also, the third party may use cookies or other technologies to collect information when you are visiting their websites. The information advertisers or other third parties collect is governed by their individual privacy policies, not by our privacy policy.

Security

The security, integrity and confidentiality of collected information is important to us. We have implemented reasonably commercial technical, administrative and physical security measures that are designed to protect information from unauthorized access, disclosure, use and modification. For example, we use industry-standard encryption technology to secure personal and sensitive information when it is being collected and transmitted over the Internet as well as firewalls, site monitoring and intrusion detection software. Please be aware though that, despite our efforts, no security measures are perfect or impenetrable. Users of our Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. In order to protect you and your information, we may suspend your use of our Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area of our Services is restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Notice Regarding Public Forums

Our websites and Services may provide forums and other areas where you can communicate with others and publicly post information. You have no privacy rights in public postings. All the information posted will be accessible to anyone with Internet access, and any information include in a posting may be read, collected, and used by others. For example, if you post an mail address, you may receive unsolicited messages. Please use caution when posting any information.

Opt-Out

If at any time after registering for information, your personal information changes or you change your mind about receiving information from us, send us a request specifying updated information or your new choice. Simply send your request to http://asure-backup.cambiostage.com/support or postal mail at the contact information listed below under the caption “Questions.”

Data Retention Policy

We will retain personal and sensitive information for the length of time needed to fulfill our Services obligations to our customers or for the purposes outlined in this privacy policy unless a longer or shorter retention period is required or permitted by law.

Biometric Data Policy

Our Facial Recognition Products. We offer to our customers the ability to use facial recognition technology software through our GeoPunch® mobile time collection application and our AirClock™ time collection device. We offer these products for use with our AsureForce® time and attendance on demand Services to more efficiently capture time collection as well as effectively prevent buddy punching and other deceptive employee practices. These products create a facial biometric scan (a “face scan”) of a person’s facial features, like the distance between the eyes, nose and ears, based on a photo submitted to us through the use of these products. The photo and face scan are submitted to us solely in connection with such person’s employment with our customer. We collect, use and store these photos and face scans on our customer’s behalf to validate and authenticate an employee’s time punch (in and out). We use these face scans solely for the purposes as requested by our customer (the employer) to perform the time and attendance Services we have been engaged for. All transmission of face scans are encrypted and we cannot use a face scan to recreate an image of any person.

Policy Applies to Persons in Jurisdictions with Biometric Data Privacy Laws. Our policy applies to persons residing in jurisdictions with biometric data privacy laws which include Illinois and Texas, or any future jurisdiction that adopts such a law. The purposes of this policy is to inform those persons residing in such states who use our GeoPunch and AirClock products in connection with their employment with our customer (the employer) who have engaged us to provide such Services that:

  • a biometric identifier (face scan) is being collected and stored by us;
  • we collect, use and store this information solely in connection with a person’s employment with our customer (the employer) and as directed by our customer (the employer);
  • the purpose for collecting this information on our customer’s (the employer’s) behalf is to provide time and attendance Services to our customer (the employer) that improves time collection, and to prevent buddy punching and other deceptive employee practices within our customer’s organization;
  • we collect, use and store this information for an individual employee for the period of time as directed by our customer under our service agreement with them, subject to a shorter or longer time period as required under applicable law;
  • we will retain this information for as long as needed to fulfill the purposes outlined above or for a longer period of time as may be permitted or required under law, after which the face scan will be permanently destroyed;
  • we may disclose, redisclose or disseminate a person’s face scan in limited ways as permitted under applicable law such as with the person’s consent, the disclosure or redisclosure is required by state or federal law or municipal ordinance; the disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction, or the disclosure is consistent with our general Privacy Policy (and permitted under applicable law).

Informed Consent. By using one of our facial recognition technologies, such person who is using the technology consents to our and our service provider’s who assist in performing our Services, collection, use and storing of such person’s photos and face scans in accordance with the terms of this policy or applicable law. Our customer is initially responsible for obtaining its employees consent to the collection, use, and storing of a face scan. This is typically done upon initial employment or through enrollment and training in the use of our products. We will also endeavor to obtain through our technology where possible a minimum one time consent from each person to the collection, use and storing of such person’s face scan in connection with providing our Services to our customer and such person as an employee of our customer.

Do Not Track

Without a common industry or legal standard for interpreting Do Not Track (DNT) signals, we do not respond to browser DNT signals. We will continue to monitor further development of a DNT standard by the privacy community and industry.

Children Under 13

We do not knowingly collect personal information from children under 13. If you are under 13, do not submit any information to us through our general website or otherwise. If we learn we have collected or received personal information from a child under 13 we will endeavor to delete that information from our databases. If you have reason to believe that a child under 13 has provided personal information to us through our website or Service, please contact us, so we can endeavor to delete that information from our databases.

Your California Privacy Rights

Under California Civil Code 1798, California residents with an established business relationship can request information about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like more information, please contact us below under the caption “Questions.”

Changes To Our Privacy Policy

We may periodically update this policy due to legislative changes, changes in technology or our privacy practices or new uses of customer information not previously disclosed herein. Revisions are effective upon posting and the continued use of this website and our Services will indicate your acceptance of those changes. Please refer to this policy regularly.

Questions

Any questions about this Privacy Policy should be emailed to:
http://asure-backup.cambiostage.com/support
or sent by regular mail addressed to:
Asure Software, Inc.
110 Wild Basin Road, Suite 100
Austin, Texas 78746
United States
Attn: COO

Last Updated: September 1, 2016