Information We Collect
Personal and Other Sensitive Information. No information is required to simply visit and browse our website. However, when additional information is requested from us, our customers engage us to provide Services to them, or individuals seek employment or are employed by us, we collect certain personal information as described below. The categories of personal information we collect depends on the request or Services and includes:
- Contact information that allows us to communicate with our customers and their representatives/employees, such as first and last name, company name, mailing address, telephone numbers, email address that allow us to send messages necessary to provide our Services.
- Customer employee information necessary to provide our Services related to our online time and attendance and human capital management offerings, including our customers’ employee names, addresses, social security numbers (where permitted), date of birth, telephone number(s), gender, marital status, email addresses, dependent information, information for payroll, payroll data, biometric facial recognition, geolocation, medical and beneficiary information, as well as any personal information that can be linked to an individual employee.
- Customer employee information to necessary provide our Services related to our online meeting room and space management offerings, including our customers’ employee names, email addresses, work locations, any personal information entered in meeting request descriptions – as any information can be entered in this free text area – as well as any personal information that can be linked to an individual employee.
- Customer and employee information, including financial and bank account information necessary to provide certain of our payroll and other human capital management and benefits administration Services, to the extent authorised by customers or their employees to provide such Services.
- Credit, debit, or cash/payment card information if used, such as for billing and payment to us to the extent authorised by customers to provide our Services.
- Credit or debt history regarding customer creditworthiness or credit history.
- Customer employee employment history and application information that can be used to determine eligibility for a job opening via our recruiting module.
- Personal information relating to our own employees for employment purposes with us.
- Personal information voluntarily submitted through an email to us or public forum. See “Notice Regarding Public Forums” below.
- IP addresses automatically collected by our web servers which may also be personal information in certain countries. See “Information We Automatically Collect Through Tracking Technologies” below.
- We may also collect personal information from other sources, either with the consent of the individual or where permitted or required by law. Examples of indirect sources of personal information include background cheques, employers or personal references.
Notice to Customers. In most cases, our customers are responsible to notify their employees why personal information is being collected and for obtaining appropriate consent when they collect personal information from their employees. Personal information transferred to us by our customers to be processed using our Services shall be deemed to have been collected with appropriate notification. We assume no responsibility for obtaining or validating that appropriate consent has been obtained in respect of data transferred to us by organisation(s)/customers.
- We collect and process your personal information only as instructed or permitted by our customers (the employer) or you. We will at all times maintain reasonable and appropriate security controls to protect your personal information as described under “Security” below.
- You may also access to your personal information or withdraw your consent regarding the collection, use and disclosure of your personal information, as described under “Access to and Accuracy of Your Information” below.
- Certain of our Services may require employees to submit biometric facial recognition in connexion with your employment by your employer. If this applies to you, please see our biometric data policy below under the caption “Biometric Data Policy.”
- We will disclose all of your personal information to the employer and to other entities when instructed by the employer. We may disclose your personal information to our affiliates and data processors as needed to provide the Services that your employer and you have requested. These entities are all contractually bound to limit use of your personal information as needed to perform the Services requested by your employer and you. We may, without your consent, also disclose personal information when permitted or when required to do so by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.
- If you have questions about your individual privacy rights, please contact your employer’s human resources department. You may also contact us at the contact information listed below under the caption “Questions.”
Non-Personal Information We Collect Through Tracking Technologies. Non-Personal Information is information that without the aid of additional information cannot be directly associated with a specific person or entity. We use technology to automatically collect this type of non-personal information to better improve our Services. The information we collect through these technologies may include:
- Information from your Browser or Device. The web servers for our Services automatically record certain non-personally identifiable computer information. For instance, when you use any of our Services, we collect your browser type and IP address. This information is gathered for all visitors and users of our Services. This information is used in aggregate form to help us understand how our customer use our Services.
- Web Beacons. Pages of our Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). Unlike cookies, you cannot decline web beacons. However, setting your browser to decline cookies or to prompt you for a response generally may keep web beacons from storing your activity.
- Flash Cookies. These are similar to cookies, except that they can store more complex data to provide greater website functionality and to remember your settings, preferences and navigation to, from, and on our Site. Flash cookies operate differently than regular browser cookies, and cannot be removed or blocked via regular web browser settings. To learn more about how to manage flash cookies, you can visit the Adobe website and follow the directions provided by Adobe with respect to the Flash settings and make changes as directed therein. Limiting the acceptance of flash cookies may reduce or impede the functionality of some Flash applications.
- Technical Data. The servers we use also collect usage, viewing and technical data when visiting our website or using our Services through us and our service providers. The data entries in these logs are used for server and network operation and maintenance and to help us understand general usage patterns.
- Geolocation. Certain of our technologies we use collect information that identifies a device’s location (geolocation information) either provided by a mobile device interacting with our website or our Services or associated with a user’s IP address.
- Other. If you ask us to connect with other sites (for example if you ask us to connect with your Facebook account) we may get information that way too; we may record any telephone calls for quality assurance and training purposes.
Aggregated, Non-Personal Information. We may collect general, non-personal, statistical information about the users of our Services in order to determine information regarding the use of our Services, and general information about our customers. We may also group this information to provide general aggregated data. The aggregated data will not personally identify any user of our Services. Once data has been de-identified, aggregated or summarised it shall no longer be considered personal information.
How We Use Collected Information
We use the information provided or submitted to us to perform the Services requested of us and for purposes related to our business. We limit the collection of personal information that we need to collect to:
- Facilitate customer requested Services, technical and other support, training and other services as requested by our customer.
- Send product updates or technical alerts.
- Establish necessary third party provider relationships required for the operation of our Services.
- Detect fraud, theft or other harmful activity to protect our business, and personal information collected and otherwise to protect the security or integrity of our Services and our business.
- Comply with legal, reporting and regulatory requirements.
- Financial Information – As noted above, certain financial and bank account information and credit card billing information including mailing address maybe required. That information may be stored by us, and, may also be collected and stored by our payments processing vendor(s) for the purpose of processing payments made to us or to you depending on our customer requested Services. We (and our vendors) will not use that information for any other purposes.
- Contact you with information on Services, new Services or products, or upcoming events subject to your rights below under “Commercial Messages and Your Right to Opt-Out.”
Personal information we collect may be transferred to or stored in other countries for processing or storage. By using our Services, you consent to the transfer of your personal information to countries outside your country of residence, which may have different personal data protection rules than in your country.
How We Disclose the Information We Collect
- To third party vendors, suppliers and affiliates who process information on our behalf so that we can provide and operate the Services and our business, such as hosting providers and payment processing providers and who are bound by law or contract to protect information and only use information in accordance with our instructions. These service providers are only given the information needed to perform their specialised services and not to use or disclose the information for any other purpose.
- As needed to support external auditing, legal compliance and corporate governance functions.
- If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, their employees or others, to protect the safety and security of our website and Services, to enable us to take precautions against liability, or to law enforcement agencies or for an investigation related to public safety. In some cases, disclosure may be required by law to be without notice.
- In addition, if we or our subsidiaries are involved in a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain to the buyer or other successor.
- Please note that we may also use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our customers and their employees. These reports do not contain any information that would enable the recipient to contact, locate or identify you. These reports also do not contain any identifiable company information. We may disclose aggregated information about many of our users, and information that does not identify any individual or device.
The security, integrity and confidentiality of collected information is important to us. We have implemented reasonably commercial technical, administrative and physical security measures that are designed to protect information from unauthorised access, disclosure, use and modification that are appropriate for the type of personal information. For example, we use industry-standard encryption technology to secure personal and sensitive information when it is being collected and transmitted over the Internet as well as firewalls, site monitoring and intrusion detection software. Please be aware though that, despite our efforts, no security measures are perfect or impenetrable. Users of our Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. In order to protect you and your information, we may suspend your use of our Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area of our Services is restricted to authorised users only. Unauthorised access to such areas is prohibited and may lead to criminal prosecution.
Notice Regarding Public Forums
Our websites and Services may provide forums and other areas where you can communicate with others and publicly post information. All the information posted will be accessible to anyone with Internet access, and any information included in a posting may be read, collected, and used by others. For example, if you post an email address, you may receive unsolicited messages from third parties. Please use caution when posting any information. Although we do not own any personal information, any feedback, comments, submission or information provided to us through an email, public forum, on our social media pages or others similar public forum available through our Services will be our property.
Commercial Messages and Your Right to Opt-Out
You have the right at any time to opt out of receiving commercial and marketing emails or other marketing communications we send you at any time. To opt-out of commercial or marketing messages, you can simply click the link labelled “unsubscribe” at the bottom of any marketing email we send you or for non-electronic messages, you can send your request to us via email or by regular mail at the addresses under “Questions” below. Please note that even if you unsubscribe or opt-out of commercial or marketing messages, we may still communicate with you regarding your use of our Services.
Access to and Accuracy of Your Information
In certain countries, you may have the right to access and seek correction of your personal information we process and request us to correct, update or delete such information, or limit how we use it.
In certain countries, you may also withdraw your consent to the collection, use and disclosure of your personal information at any time; however, withdrawal of your consent to the collection, use and disclosure of your personal information may result in you being unable to continue use our website or Services.
To exercise any of these rights, simply send your request to us as described under “Questions” below.
Data Retention Policy
Biometric Data Policy
Our Facial Recognition Products. We offer to our customers the ability to use facial recognition technology software through our GeoPunch® mobile time collection application and our AirClock™ time collection device. We offer these products for use with our AsureForce® time and attendance on demand Services to more efficiently capture time collection as well as effectively prevent buddy punching and other deceptive employee practises. These products create a facial biometric scan (a “face scan”) of a person’s facial features, like the distance between the eyes, nose and ears, based on a photo submitted to us through the use of these products. The photo and face scan are submitted to us solely in connexion with such person’s employment with our customer. We collect, use and store these photos and face scans on our customer’s behalf to validate and authenticate an employee’s time punch (in and out). We use these face scans solely for the purposes as requested by our customer (the employer) to perform the time and attendance Services we have been engaged for. All transmission of face scans are encrypted and we cannot use a face scan to recreate an image of any person.
Policy Applies to Persons in Jurisdictions with Biometric Data Privacy Laws. Our policy applies to persons residing in jurisdictions with biometric data privacy laws. The purposes of this policy is to inform individuals of our customers who use our GeoPunch and AirClock products in connexion with their employment with our customer (the employer) who have engaged us to provide such Services that:
- a biometric identifier (face scan) is being collected and stored by us;
- we collect, use and store this information solely in connexion with a person’s employment with our customer (the employer) and as directed by our customer (the employer);
- the purpose for collecting this information on our customer’s (the employer’s) behalf is to provide time and attendance Services to our customer (the employer) that improves time collection, and to prevent buddy punching and other deceptive employee practises within our customer’s organisation;
- we collect, use and store this information for an individual employee for the period of time as directed by our customer under our service agreement with them, subject to a shorter or longer time period as required under applicable law;
- we will retain this information for as long as needed to fulfil the purposes outlined above or for a longer period of time as may be permitted or required under law, after which the face scan will be permanently destroyed;
Informed Consent. By using one of our facial recognition technologies, such person who is using the technology consents to our and our service provider’s who assist in performing our Services, collection, use and storing of such person’s photos and face scans in accordance with the terms of this policy or applicable law. Our customer is initially responsible for obtaining its employees consent to the collection, use, and storing of a face scan. This is typically done upon initial employment or through enrollment and training in the use of our products. We will also endeavour to obtain through our technology where possible a minimum one time consent from each person to the collection, use and storing of such person’s face scan in connexion with providing our Services to our customer and such person as an employee of our customer.
Do Not Track
Without a common industry or legal standard for interpreting Do Not Track (DNT) signals, we do not respond to browser DNT signals. We will continue to monitor further development of a DNT standard by the privacy community and industry.
Children Under 13
We do not knowingly collect personal information from children under 13. If you are under 13, do not submit any information to us through our general website or otherwise. If we learn we have collected or received personal information from a child under 13 we will endeavour to delete that information from our databases. If you have reason to believe that a child under 13 has provided personal information to us through our website or Service, please contact us, so we can endeavour to delete that information from our databases.
Your California Privacy Rights
Under California Civil Code 1798, California residents with an established business relationship can request information about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like more information, please contact us below under the caption “Questions.”
or sent by regular mail addressed to:
Asure Software, Inc.
3700 N Capital of Texas Hwy
Austin, TX 78746
Attn: Privacy Administrator
Our Privacy Administrator will investigate any question or concern and we will notify you within reasonable timeframe of the outcome of the investigation.
Last Updated: March 13, 2017