Last Updated: November 1, 2023
What types of Personal Information do we collect and process about you?
Information You Provide. For public areas of our Site, we generally collect and process only Personal Information you voluntarily provide to us. We do not require you to give us Personal Information to access certain public areas of our Site. This is true unless you live in a country that defines Personal Information to include network identifiers like your Internet Protocol addresses. For some secure areas of our Site, however, we require you to provide Personal Information, including your login credentials. If you choose not to provide us with the Personal Information that we legitimately require, we may be unable to provide you with the information or services you have requested.
Public areas of our Sites ask for Personal Information from you when you engage in the following activities:
- Register for an account with us
- Sign up for newsletters
- Apply for a job
- Submit comments, reviews, or other user-generated content
- Connect or interact with us through social networks (e.g., Facebook, Google+, Twitter)
- Register for an Asure-sponsored event
- Request customer or technical support
This Personal Information may include:
- Postal or billing address
- E-mail address
- Telephone or mobile number
- Payment card information
- Location via IP address
- Device being used (for our mobile site)
- Previous login history with Asure
- Activity while on the Site
What Information Is Collected in Connection with our Services?
“Services” refers to the suite of services we provide through our Site, cloud-based services, on-line software products, and other applications. We collect nonpublic personal data from Asure Clients and Asure Client’s employees to provide our Services to our Clients and to fulfill any legal and regulatory requirements related to our Services.
The categories of Personal Information that we may request that Clients or the employees of Clients provide includes the following:
- Contact information
- Employer information, including financial and bank account information, to provide the Services
- Employee information, including social security number, gender, marital status, dependent information, date of birth, address, financial, bank account, geolocation data, medical, health, and beneficiary information, to provide the Services
- Credit, debit, or cash/payment card information if used, such as for billing
- Credit or debt history regarding Client creditworthiness or credit history, with proper disclosures
- Employment history if necessary for Services we provide
- Biometric Data (as further detailed below)
How We Collect Information. To access public features of our Site, Personal Information may not be required. However, to access or use features or Services at the Site, you may be required to provide Personal Information. With respect to Client employees, such Personal Information is submitted and or transmitted to us when you or a Client utilize the Services or when you establish an account or an account is established for you by a Client.
We may also obtain information in other ways through technology. Some of this information may be linked to you personally. We process this information to help our Sites function correctly and better understand the needs of our Clients. These methods may include:
- Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
Device Information. Depending on the permissions you have granted and other factors, we may receive information about your location and your mobile device when you download or use apps created by our Sites, including a unique identifier for your device. Examples of the device information we collect include:
- Attributes such as the operating system, hardware version, device settings, battery and signal strength, and device identifiers.
- Certain device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals are gathered if you enabled the functionality within the Asure product configuration.
- Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
Most mobile devices allow you to turn off location services, and we encourage you to contact your device manufacturer for detailed instructions on how to do that.
Payment Information. If you pay for a service, product, or event registration on our Site, we may collect payment card information from you through our third-party service provider, including your name, expiration date, authentication code, and billing address. This information will be securely transmitted consistent with payment card industry rules to the appropriate payment facilitators.
Use of metadata and other advertising activities online
We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, we may collect certain information via our Sites through our advertising service providers. We, or our vendors, use several common online tracking tools to collect this information, such as browser cookies, web beacons and other, similar technologies. The information we collect includes IP addresses, the number of page visits, pages viewed via our Sites, search engine referrals, browsing activities over time and across other websites following your visit to one of our Sites or applications, and responses to advertisements and promotions on the websites and applications where we advertise.
We also use certain information to:
- Identify new visitors to our Sites;
- Recognize returning visitors;
- Advertise on other websites and mobile applications not affiliated with us;
- Analyze the effectiveness of our advertisements;
- Better understand our audience, customers, or other Site visitors; and
- Determine whether you might be interested in new products or services.
Controlling Our Tracking Tools. Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features and limit the functionality we can provide when you visit or use our Sites. If you block or delete cookies, not all of the tracking that we have described in this policy will stop. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this Site. You can change your cookie settings at any time. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
Controlling Online Interest-Based Ads. We sometimes work with online advertising vendors to provide you with relevant and useful ads. This may include ads served on or through our Sites. This may also include ads served on other companies’ websites. These ads may be based on information collected by us or third parties. For example, your postal code may be used to target an ad for people in your area. These ads may also be based on your activities on our Sites or on third-party websites.
For more information about our ad service provider and its cookies, including information about how to opt out of these technologies, you may visit http://optout.aboutads.info In addition, users may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
How do we use and share your Personal Information?
We use information that we collect about you for the following purposes:
- To develop and provide you with the Services, including to: (i) operate the Site, manage accounts and provide the Services; (ii) determine your eligibility for our Services and our partners’ programs; (iii) improve, personalize, and enable your use of the Site and Services; (iv) develop new products and features.
- To protect Asure, our users, and the public, and comply with applicable law, regulation, or legal process, including to: (i) validate user information for fraud and risk detection purposes; (ii) resolve disputes and protect the rights of users and third parties; (iii) respond to claims and legal process (such as subpoenas and court orders); (iv) monitor and enforce compliance with the applicable Asure terms of service; prevent or stop any activity that may be illegal, unethical, or legally actionable.
- To operate our business, including to: (i) process payment transactions; (ii) manage and enforce contracts with you or with third parties; (iii) manage our corporate governance, compliance and auditing practices; (iv) recruit new hires, if you submit an application for employment with Asure generate anonymized or aggregated data.
- To communicate with you as part of your use of Services, including to: (i) respond to requests or questions you submit to our support staff; (ii) send you surveys and get your feedback about the Services; (iii) otherwise contact you with Services-related notices.
- To advertise and market to you, including to: (i) determine your eligibility for certain programs, events, and offers; (ii) inform you of our or our partners’ products, services, features or promotions; (iii) provide you with newsletters, articles, reports, and announcements; (iv) develop “interest-based” or “personalized advertising,” including through cross-device tracking.
For any other purpose for which you, your employer, or your employer’s agent expressly authorize us to use your information.
What are Asure’s legal grounds for the collection, use, sharing, and other processing of Personal Information?
- Necessary to provide information or otherwise carry out the performance of a contract with you as an individual.
- Our legitimate interests, including:
- Performance of the contract with our Clients
- Implementation and operation of a group-wide matrix structure and group-wide information sharing
- Customer relationship management and other forms of marketing and analytics
- Fraud prevention, misuse of company IT systems, or money laundering
- Whistleblower scheme operations
- Physical, IT, and network perimeter security
- Internal investigations
- Intended mergers and acquisitions
- Compliance with legal obligations and/or defense against legal claims, including those in the area of labor law, social security, and data protection, tax, and corporate compliance laws.
- Protection of the vital interests of any individual
- Performance of a task carried out in the public interest or in the exercise of official authority vested in Asure.
- Consent, as permitted by applicable law.
Authorized Service Providers. We use other companies and individuals to perform certain functions on our behalf. Those functions include payment card processors, shipping vendors, call-center support, analyzing or hosting data on cloud-based servers, and other companies that help us improve our products and services. We may disclose certain Personal Information to these companies and other individuals performing services in the United States or other locations where Asure conducts business.
Business Partners. Companies and individuals with whom we jointly offer products or services.
Location-based services. We offer to our Clients the ability to use location-based tracking on certain mobile technologies as part of Asure’s Services. To provide location-based services on these Asure products, we and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your device. Where available and enabled within the Asure product configuration, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location.
What is Asure’s policy for the collection, use, and storage of Biometric Data?
We offer certain Clients the ability to use biometrics, including fingerprint and facial recognition technology software, through Asure’s Time and Attendance applications. We rely on the terms and performance of the contract with our Clients to lawfully process Biometrics (as defined below) on our Client’s behalf to authenticate an individual and prevent fraud in the context of his or her employment or contractor relationship with our Client. We use Biometrics solely for the purposes requested by our Client to perform the applicable Asure Services. Asure transmits Biometrics securely using encryption and we take other reasonable steps to safeguard this data against unauthorized access, use, or disclosure. We retain this information until the termination of our services agreement with our Clients (we routinely delete the information within 90 days following the termination of our services agreement) or earlier at our Clients’ direction, as required by the terms of our agreement with our Clients, or unless we have a legal reason to retain it to comply with applicable law, judicial demands, resolve disputes, or otherwise defend or enforce our agreements.
In light of the sensitive and developing nature of the requirements for the collection, use, and storage of Biometrics, Asure’s Clients are responsible for developing and implementing their own biometric privacy policies. To the extent required by law, Asure’s Clients must obtain written authorization from each employee or contractor before implementing any Asure Services that collects, stores, or processes Biometrics. Asure Clients should also:
- Inform employees or contractors in writing that Biometrics are collected, stored, and used;
- Indicate the specific purpose(s) for collecting Biometrics, and length of time for which it is being collected, stored, and used; and
- Receive written consent from the employee or contractor (or his or her legally authorized representative) authorizing the Client and Asure to collect, store, and use Biometrics.
Asure uses facial recognition technology as an optional component for mobile and time clock solutions and fingerprint scanning is an option on our time clocks. Via a photograph (“Photo”) submitted to our Sites via our solution, algorithms create a biometric identification index (“Facial Index”), which is a numeric interpretation of a person’s facial features, like the distance between the eyes, nose, and ears. Similarly, we convert a fingerprint scan into an algorithm that creates a fingerprint identification index (“Print Index”), which again is a numeric interpretation of various distances and angles found on a human fingerprint. We refer collectively to the Photo, Facial Index and Print Index, as “Biometrics.”
Other requirements or restrictions may apply to Biometrics beyond those mentioned in this section in accordance with applicable law in your jurisdiction. If you are an employee or contractor who accesses the Asure Services in connection with your employment or contractor status with our Client, please contact your employer or customer for further information about your data.
How do we protect international transfers of Personal Information?
Asure is based in the United States. If you are located in a jurisdiction outside the US, such as the European Union, the data protection laws in the US may not be considered to provide an adequate level of protection under your local data protection laws. If you are a visitor to this Site and prefer not to have your Personal Information transferred to the United States, do not use this Site. Otherwise, by using this Site or providing any information, you consent to the transfer of Personal Information to the US and other destinations outside your home country. For transfers of Personal Data, we may base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can request a copy of the appropriate safeguards by contacting your employer or Asure as set forth below.
If you are located in the European Union or other jurisdictions outside the US, what are your rights concerning your Personal Information?
The European Union and certain other non-US jurisdictions maintain local data protection regulations that confer certain data protection rights on individuals. Asure will address such rights as required by applicable laws. Note that if you are an employee or contractor to our Client, and we obtain access or otherwise process Personal Data about you in that context, you should contact your employer which will be in the best position to respond to your inquiry. If you wish to exercise any of these rights, please contact us as specified in the “How to contact us” section below.
- Right of access: You may have the right to obtain from us confirmation as to whether or not Personal Information concerning you is processed, and, to request access to the Personal Information. The access information includes, among other things, the purposes of the processing, the categories of Personal Information concerned, and the recipients or categories of recipient to whom the Personal Information have been or will be disclosed. This is not, however, an absolute right, and the interests of other individuals may restrict your right of access. You may have the right to obtain a copy of their Personal Information undergoing processing.
- Right to rectification: You may have the right to obtain from us the rectification of inaccurate Personal Information about you. Depending on the purposes of the processing, you may have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement.
- Right to erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Personal Information concerning you, and we may be obligated to erase that Personal Information.
- Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your Personal Information. In that case, your data will be marked and may only be processed by us for certain limited purposes. As Asure processes and uses your Personal Information primarily for purposes of carrying out the contract for services relationship with your employer, Asure will have a legitimate interest for the processing which will override your restriction request, unless the restriction request relates to marketing activities.
- Right to data portability: Under certain circumstances, you may have the right to receive the Personal Information about you that you have provided to us, in a structured, commonly used, and machine-readable format, and you may have the right to transmit that data to another entity without hindrance from us.
- Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Information by us, and we can be required to no longer process your Personal Information.
You also have the right to lodge a complaint with a competent data protection supervisory authority. To exercise your rights, please contact us as set forth below.
In addition, if you voluntarily signed up to receive certain communications from us, you can opt-out by clicking the unsubscribe link at the bottom of the message. Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. It may take up to 10 days to process your e-mail related requests and up to 30 days for all other marketing-related requests. And even after you have opted-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, surveys or recalls, or any questions regarding a specific order.
What kinds of security measures do we take to safeguard your Personal Information?
The security and confidentiality of your Personal Information matters to us, that is why we have implemented industry standard technical, administrative, and physical controls in place to protect your Personal Information from unauthorized access, use, and disclosure. For example, all information you submit to us is encrypted using transport layer security (“TLS”) technology that helps protect information during transport to our Site. We also review our security procedures periodically to consider appropriate new technology and updated methods. Even so, despite our reasonable efforts, no security measure is ever perfect or impenetrable. Additionally, you are responsible for keeping your username, password, and other login credentials or user verification information confidential. You should not share this information with anyone. The transmission of information over the internet is not completely secure, so we cannot guarantee the security of your personal information transmitted to our Site. Any transmission of personal data is at your own risk.
How long do you retain my Personal Information?
What about Minors and Children Under 13?
Our Sites are not intended for minors. We do not knowingly collect any Personal Information from children under the age of 13 or knowingly track the use of our Sites by minors.
Notice to California Consumers
This Section applies to our collection and use of “Personal Information” if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (the “CPRA”). This Section describes (1) the categories of Personal Information, collected and disclosed by us, subject to CPRA, (2) your privacy rights under CPRA, and (3) how to exercise your rights.
When we use the term “Personal Information” in the context of the CPRA, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.
Categories of Personal Information Collected, Used, and Disclosed
Asure discloses the following categories of Personal Information for business purposes to Service Providers and Business Partners:
- Identifiers (ex: name, email address, mailing address, phone number, signature)
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, financial information, medical information, or health insurance information)
- Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, sexual orientation, veteran or military status, genetic information (including familial genetic information)
- Commercial information (ex: sales engagement history)
- Biometric information (ex: photographs of office visitors for identification badges)
- Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history)
- Geolocation data (ex: the location from which you’re logging in)
- Employment-related information (ex: employment history, employer name)
- Education information (ex: education history)
Your California Privacy Rights
If you are a resident of California, you have the following rights:
- Notice: The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.
- Access: The right to request the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You may also have the right to request the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information.
- Data Portability: The right to receive the Personal Information you have previously provided to us.
- Erasure: The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.
- Correction: You have the right to request that we correct any incorrect Personal Information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your Personal Information from our records, unless an exception applies. We may deny your correction request if (a) we believe the Personal Information we maintain about you is accurate; (b) correcting the information would be impossible or involve disproportionate; or (c) if the request conflicts with our legal obligations.
- Automated Decision Making: You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. We do not currently engage in any automated decision-making practices.
- To Opt Out of Sales or Sharing of Personal Information: You have the right to opt out of below.
- Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive Personal Information (e.g., Social Security number and driver’s license information) to only that which is necessary for providing our Services.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
You may only make a request for access or data portability twice within a 12-month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Exercising your individual privacy rights
To exercise any of the privacy rights afforded to you under applicable data protection law, please submit a request to us by emailing us at email@example.com or submit your request through the following web form: https://privacy.platformui.app.asurehcm.com/
US Residents: If you would like to opt out of the sharing or sale of your Personal Information, you may submit your opt-out request at the following link: https://privacy.platformui.app.asurehcm.com/ or if you would like to limit the use of your sensitive Personal Information, you may submit your request by emailing us at firstname.lastname@example.org.
Verification: We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. If you are an authorized agent making a request on behalf of a US consumer, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.
We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us.
We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive discriminatory treatment from Asure for exercising the privacy rights granted by applicable law.