Whether you are a prospective or an existing client of ADP, a vendor or any other business contact, a job applicant, a client employee or worker, a website user, an ADP associate or a contingent worker, you will receive information as to how ADP handles your personal data in the relevant ADP Privacy Statement that is made available to you.
When collecting your personal data, ADP is committed to respecting your choices regarding the processing of such data. We will process your data for the business purpose such data was collected. Under very limited circumstances as described in our Binding Corporate Rules, ADP may process your data for a legitimate secondary purpose that is closely related to the original purpose for which such data was collected. If you are a Client employee or worker, ADP will process your data in accordance with the instructions that we receive from our Clients.
ADP has embedded privacy principles in its product development cycles. We collect and use only the minimum personal data necessary to achieve the business purpose for which your data was collected. While ADP processes your data, access to your personal data is granted based on role and job function.
Where reasonable or required by law, ADP will provide information that you may request regarding the data that ADP collected from you in accordance with our Binding Corporate Rules. When processing personal data on behalf of its Clients, ADP will provide assistance in addressing individuals' rights requests, in accordance with applicable law and contractual agreement with our Clients. ADP is committed to provide you with a reasonable opportunity to examine your own personal data and to update it if it is incorrect.
ADP has implemented a Global Records Information Management (RIM) Policy, covering the appropriate retention, maintenance, and destruction of client information and company records.
ADP's Global Security Organization maintains administrative, technical and physical controls to protect personal data entrusted to ADP. ADP's incident response process is designed to ensure that any incidents involving your personal data are addressed, tracked and reported in a timely and effective manner and in accordance with ADP security policies, procedures, and legal requirements. When necessary, procedures for the notification of Clients, individuals and all other parties who may be impacted by the incident are initiated, and appropriate remedial actions are taken.
ADP's vendors must meet our data security and privacy standards. Our vendor assurance process enables ADP to assess its vendors prior to entering into a contract with them. Our vendors are contractually required to comply with ADP's privacy principles.
ADP will comply with applicable laws in case of transfer of personal data across country borders. Where applicable, ADP shall also comply with its Binding Corporate Rules for Client Data Processing Services (the Processor Code) which provides the primary legal basis for transfers of personal data of our Clients' employees from European locations to members of the ADP group located outside of the European Economic Area (EEA).
ADP's global privacy program is led by its Chief Privacy Officer and the Data Privacy and Governance Team in cooperation with representatives from all of ADP's business units and functions, the ADP Privacy Stewards, the members of the ADP Legal department and Compliance professionals. Taking into account the sensitivity of the personal data, ADP Associates and contingent workers who access personal data are trained on the appropriate use and handling of personal data as it pertains to their job responsibilities.