Sub-Processors & Processors
Last Updated: September 2022
HR Service Delivery uses certain sub-processors (or Processors, when we're considered to be a Data Controller), sub-contractors and content delivery networks to assist it in providing the Services.
The following are an up-to-date lists our sub-processors:
The following are an up-to-date lists our processors:
- UKG Employee Vault (MyPeopleDoc) - English Version
- UKG Employee Vault (MyPeopleDoc) - French Version
What is a sub-processor:
A sub-contractor who is processing Customers Personal Data for a specific purpose is defined as sub-processor. A sub-processor is a third-party data processor engaged by us, who has or potentially will process Personal Data of Customers. We engage different types of sub-processors to perform various functions as explained below. We refer to third parties that do not process Personal Data but who are otherwise used to provide the Services as “sub-contractors” and not sub-processors.
We undertake to use a reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process Customers Personal Data.
What is a processor:
A sub-contractor who is processing Personal Data for a specific purpose is defined as Processor. A Processor is a third-party engaged by us, who has or potentially will process Personal Data of individuals when we're considered to be a Data Controller.
PeopleDoc requires its sub-processors to satisfy the obligations of a sub-processor set forth in PeopleDoc’s Data Processing Agreement (the “DPA”), including but not limited to requirements to:
process Personal Data based on data controller’s (i.e. Customers) instructions;
use personnel who are properly background checked, bound to non-disclosure and confidentiality obligations and otherwise contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
regularly train individuals to whom they grant access to Personal Data in security and data protection;
implement and maintain appropriate technical and organizational measures;
promptly inform us about any actual or potential security breach; and
cooperate with us in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
We make available to Customers and individuals the current list of Sub-processors and Processors for the Services. Such lists include the identities of those third-parties and their country of processing.
Customers may subscribe on this page to notifications of any new Sub-processors, we provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the applicable Services.
Process to engage new sub-processors and Customer's Right to object:
Customer may object to the use of a new Sub-processor by notifying us promptly in writing (including via email) within ten (10) business days after receipt of our notice.
In the event Customer objects to a new Sub-processor, as described above, we will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer.
If we're unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may upon prior written notice to the other Party, terminate the Agreement or Order Form(s) with respect only to those services which cannot be provided without the use of the objected-to new Sub-Processor.
Our Privacy Team is available at [email protected] for further information.
For more information about UKG Privacy and Security practices, click here.