Last updated on August 1, 2019
Zenefits’ strives to provide employers and their employees who use Zenefits’ service to manage their HR needs (collectively, Users, or you), a user-friendly platform that handles a wide spectrum of HR-related matters – from simple on-boarding and off-boarding of employees to managing a 401k plan, or providing health, dental, and vision insurance.
To do this, we recognize you must trust us with your personal information. Maintaining your trust is one of Zenefits’ top priorities, and as a result, we abide by the following principles to protect your privacy:
- Because privacy and security go hand-in-hand, we have implemented industry standard administrative, technical and physical security safeguards designed to protect your and your employees’ information.
1. INFORMATION COLLECTION
The amount of information we collect depends on which features of the Service you use. Zenefits needs personal information about you, your employees, and their dependents as applicable to provide the Service, and your providing the information to us constitutes your consent to our processing of this information. Additionally, because we provide a wide range of HR and benefits management features, we may collect information about you from your employer, rather than directly from you. More specifically, we may collect the following categories of personal information about you:
- Registration Information: Your email address and password (your login credentials), and other information necessary to set up your account on the Service, which will depend on the features you use or your employer chooses to use.
- Identity information: Your name, physical address, Social Security Number/tax identification number, and other identifiers used to manage and track human resources processes and benefits.
- Demographic information: If you voluntarily submit information regarding your race in response to Equal Employment Opportunity Commission questionnaires to your employer through Zenefits.
- Dependent information: Names and identifiers for members of your family or others (i.e., dependents) that you have chosen to cover with your benefits. For example if you wish to cover your child under a health insurance plan, Zenefits will need your child’s name and Social Security Number to submit to the insurance carrier.
- Bank account information: Zenefits needs bank account and routing numbers if you use the Service to provide payroll services, Health Savings Accounts (HSAs), Flexible Savings Accounts (FSAs), and Commuter Benefits.
- Insurance information and Protected Health Information (PHI): If you manage or obtain insurance (health, dental, vision, life & disability, etc.) through Zenefits, we may assist you with enrollment in insurance coverage, and Zenefits may process information related to your insurance coverage, including eligibility and enrollment information. We may also help you process or resolve claims for HSAs, or FSAs, and as a result, may have access to PHI (personally identifiable information relating to past, present, or future health care or payment). Zenefits takes steps to protect PHI consistent with the Health Insurance Portability and Accountability Act (HIPAA), and its attendant regulations. Please see our disclosures Related to Insurance Services in Section 2 below.
- Background Check Information: If you use Zenefits to manage your background check process, we may work with a third party to facilitate employee background checks and collect this information for you.
- Information from Third-Party Sites and Services: If you use Zenefits to manage third party services that integrate with the Service, we may have access to your information on such third-party services. We may, for example, have information about your use of a third-party payroll service provider.
- Device and IP Information: When you access the Service, we automatically receive the internet protocol (“IP”) address of your computer or the proxy server that you use to access the internet, in addition to other technical information such as your computer operating system details, your type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system, and the name of your ISP or mobile carrier. Zenefits may log this information and analyze it to determine anomalous behavior, detect threats and generally improve the Service.
- From your interaction with Customer Support: When you contact our customer support team, we may review your Zenefits user profile. Customer support will collect the information necessary to categorize your questions, respond to them, and, if applicable, investigate and resolve any issue you bring to our attention or that we discover independently. We may also use this information to track potential problems and trends, improve the Service, and customize our support responses to better serve you.
2. USES AND DISCLOSURES OF YOUR INFORMATION
Zenefits uses the information it collects about you as set forth below:
- To provide the Service: Zenefits uses the information it collects to provide the Service to our Users – including to provide User-specific and customized experiences where necessary and appropriate, with the goal of enabling hassle-free HR through our platform.
- To improve and customize the Service: Zenefits seeks to improve your experience with the Service. As a result, we will analyze data we collect about your use of the Service to inform how we can improve our products, including our software, infrastructure, user interfaces, and integrations with our partners.
- To integrate with Third Parties: To support our Users and streamline the HR experience, Zenefits may integrate our system with third parties. For example, Zenefits may integrate the Service to support your preferred payroll service. If you have an independent direct relationship with a third party integrated into the Service, any permissions you may have granted to that third party will govern their use of your data.
Otherwise, any third party used by Zenefits to help provide the Services will not have any independent right to access or use your personal information.
- To communicate with you: Zenefits wants to help you know how to best take advantage of the Service, especially as we improve and develop new features. We may send messages relating to your use of the Service – for example, we may send you a note that open enrollment has commenced. We may also send you messages about Service-related matters through our dashboard or by email. Also, because we want to improve the Service, we may occasionally send promotional materials out via email so that you are able to take advantage of new or unused features. More details about our advertising and marketing activities are provided below. You can control whether you receive future non-Service-related messages by unsubscribing in the message itself.
- To advertise and market to you: As noted above, Zenefits relies on cookies, beacons, and mobile SDKs to recognize your browser or mobile device in order to serve you ads. These same technologies are used by Zenefits to analyze the effectiveness of our advertising and email marketing campaigns. Zenefits may use third party services, data, and software tools to target advertising to you, perform campaign effectiveness analysis, help us identify and reach potential Users, and track the performance of our site and advertising generally. Zenefits’ third party advertising vendors do not have any independent right to use Zenefits’ data or that of its Users. Zenefits will not use PHI in connection with any advertisement or marketing for you.
To learn more about advertising technologies and how to opt-out of online behavioral advertising, please visit http://www.allaboutcookies.org or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org, or the Digital Advertising Alliance at http://www.aboutads.info/choices/.
You may also opt out of tracking and receiving online behavioral advertising on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices app at http://wwwaboutads.com/info/appchoices. These sites are not controlled by Zenefits, but provide an opt-out from advertising exchanges. Depending on your mobile device, you also can control tracking technologies through your settings by resetting your advertising ID. Please note that the only way to completely “opt out” of the tracking that cookies and other technologies enable is to actively manage the settings on your browser or mobile device, which may negatively impact your ability to use the Service.
As a Zenefits User, we strive to not disclose more than the minimum necessary PHI required to provide the Service. We may use, access, transmit and process PHI for you in our capacity as a Business Associate as defined under HIPAA. A “Business Associate” is a person or entity that performs certain functions that may involve the use or disclosure of PHI for a Covered Entity (like an insurance carrier).
The reasons that a Business Associate like Zenefits may use and disclose PHI is to help carry out insurance payments, health care, and other benefits-related services in connection with providing the Service (or as otherwise permitted under applicable law). Other, related reasons that Zenefits may use or disclose PHI include:
- To facilitate your access: It’s your information, and you should be able to get to it.
We may use and transfer your PHI to the Service so you can access your enrollment and billing information for your selected benefit(s) plans (such as your selected group health plan).
- To facilitate payment: If you’ve used your insurance benefits, we may use and disclose your PHI to help your insurance pay for covered health care services. For example, payment for services by doctors, hospitals, pharmacies and others covered by your insurance may require the use or disclosure of PHI. Zenefits might also use your information to help your insurance carrier determine your eligibility for benefits, to coordinate benefits, to examine medical necessity, to obtain premiums, and to issue explanations of benefits.
- To facilitate Health Care Operations: We may use and disclose your PHI for the operational aspects of health care, for example, transferring medical records to specialists or pharmacists, or to facilitate your treatment at dedicated facilities.
- To facilitate your access: It’s your information, and you should be able to get to it.
- To work with our vendors and service providers: Zenefits uses third party vendors and service providers to provide the Service to you. For example, we use Amazon Web Services (AWS) to host the Service in the secure AWS cloud, and, as mentioned above, we also use third parties to help us advertise and market to you. We also use a third party to help facilitate aspects of our Pay Your People payroll feature.
Additionally, certain Zenefits vendors and service providers may perform services which involve access to PHI. Any Zenefits vendor or service provider that processes PHI will agree in writing to contract terms designed to safeguard your information under HIPAA.
- To comply with valid legal process and similar disclosures: Zenefits may disclose your information as permitted by law or as reasonably necessary to:
- Comply with a legal requirement or process, for example, civil and criminal subpoenas, court orders or other compulsory disclosures;
- To protect the rights, property, or safety of Zenefits, our employees, or our Customers and Users.
3. YOUR CHOICES
- Right to access, correct, and delete your personal information: Users have a right to access, modify, correct, or delete personal information controlled by Zenefits as necessary. In some cases, information deletion must be coordinated with the employer to ensure alternative HR systems are able to provide the User a legally compliant HR record-keeping system.
4. IMPORTANT INFORMATION
- Security: Zenefits has implemented industry standard administrative, technical, and physical security safeguards designed to protect the personal information that you provide. Access to your data on our Service is password-protected, and data is protected by SSL encryption when it is exchanged between your web browser and the Service. We also support secure https access to the Zenefits.com website. To protect any data you store on our servers, we also regularly monitor our system for possible vulnerabilities and attacks.
As you know, however, the Internet is not a 100% secure environment, and as a result, we cannot ensure or warrant the security of any information that you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our administrative, technical, or physical safeguards. It is your responsibility to protect the security of your login information. Please help keep your account safe by using a strong password.
- California’s Shine the Light Law: California Civil Code Section 1798.83, known as the “Shine The Light” law, permits Users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their own direct marketing purposes.
- California’s Do-Not-Track Disclosure: As required by the California Online Privacy Protection Act (California Business and Professions Code Sections 22575-22579), Zenefits notes that although we do our best to honor the privacy preferences of our Users, and have implemented industry standard safeguards as described above, we do not respond to Do-Not-Track signals from your browser at this time due to the lack of a neutral and consistent industry standard. Zenefits does not collect personal information about your online activities over time and across third party websites or services. However, when Zenefits uses third-party services, data, and software tools to target advertising to you, these third parties may collect personal information about your online activities over time and across third party websites or services.
- Users under the age of 13: The Service is a general audience site not directed at children under the age of 13. Unless listed as a dependent under an adult’s insurance policy or other insurance benefits, Zenefits does not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to register as Users. In the event that we learn that we have collected personal information from a child under the age of 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13 that is not a dependent of one of our Users, please contact us as set out in Section 5 below.
5. CONTACT US
You may contact us by mail at:
C/O Zenefits’ Privacy Officer
50 Beale Street,
San Francisco, CA 94105