Our Privacy Commitment
Our Executive Leadership Team (ELT) actively fosters a privacy aware culture and recognizes that protecting customer data is key to building trust and integral to the continued success of our business. The ELT has appointed a Data Protection Officer (DPO) whose responsibilities include monitoring the rapidly changing regulatory landscape and assessing business impacts; maintaining Visier’s privacy policies and notices; providing guidance and advice; and overseeing the Privacy and Data Protection Program. The DPO is the point of contact for privacy inquiries and can be reached at [email protected].
We believe that accountability for privacy lies with all team members, and we enforce corporate policies and practices designed to protect customer data. All employees complete mandatory privacy training and authorized employees provisioned with access to customer data are required to complete additional training. There is a clear understanding that employees share the responsibility for protecting data and are proactively engaged in dialogue on privacy risks and considerations. In addition, employees are expected to abide by Visier’s Code of Conduct and Ethic, adhere to the provisions of all company confidentiality agreements, and follow Visier’s corporate policies and procedures.
Global Data Protection
We strive to meet all applicable regulations including those imposed under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Protection Act (CCPA). We also monitor guidance issued by regulatory bodies and EU supervisory authorities to ensure we adopt privacy best practices and industry standards. Learn more about how Visier meets the requirements under the GDPR.
Privacy and Data Protection Program
Demonstrating compliance towards the array of dynamic and complex data protection obligations requires a comprehensive Privacy and Data Protection Program to ensure applicable data protection laws and requirements are sufficiently addressed, implemented and operationalized across the business.
We believe in putting privacy into practice and achieve this through the following ways:
- Formulating, updating and communicating corporate privacy policies;
- Maintaining up-to-date and transparent privacy notices including Visier’s Global Privacy Statement that describes what information we collect, use and disclose across the business; for what processing purposes; and how we manage and safeguard it;
- Promoting a privacy aware culture through ongoing education and awareness activities;
- Designing processes and procedures and issuing guidelines that enable business areas to comply with data protection obligations;
- Implementing a privacy management tool to maintain records of processing activities;
- Maintaining the data breach response plan to support prompt communication and notification;
- Ensuring customer data is processed only in accordance with customer agreements and instructions;
- Monitoring the data protection landscape and adjusting our plans and efforts to ensure our privacy and data protection program remains current.
Privacy by Design
Visier integrates privacy by design practices in the overall product and development process to guide how we design, develop and govern our solution and services. Privacy by design is tied to Visier’s values – trust, customer service, and innovation – and ensures that privacy impacts are identified early and proactively addressed for all new functions, features and content throughout the product development lifecycle. We look for opportunities to add privacy-enhancing features to help comply with legal requirements or to meet best practices. In addition, we incorporate privacy reviews and approvals for all major releases before they become generally available.
International Data Transfers
On July 16, 2020, the Court of Justice of the European Union (CJEU) ruled that the Privacy Shield program was no longer valid as a mechanism for the adequate protection of data transfers from the European Union (EU) and the United Kingdom (UK) to the United States (US). This decision has become popularly known as the “Schrems II” case.
We want to reassure you, our customers, that you can continue to use Visier for processing personal data worldwide and that we will continue to meet our obligations under global data protection laws and regulations. We offer the European Commission’s Standard Contractual Clauses (SCCs), which remain a valid mechanism for lawful transfers of personal data from the EU, UK, and Switzerland, to the US.
Visier continues to maintain its participation in both the EU-US and Swiss-US Privacy Shield frameworks and is committed to adhering to the frameworks’ requirements for data transferred in reliance on the Privacy Shield.
We look forward to further guidance published by EU data protection authorities, the European Commission, the European Data Protection Board, and US government authorities and we will evaluate and adjust to new data transfer mechanisms as they become available.
Visier has self-certified to the E.U. – U.S. and Swiss – U.S. Privacy Shield Frameworks. To view our certification status in the Privacy Shield Framework, please visit the U.S. Department of Commerce website.
Privacy Seals and Certifications
Although external verification is not required under the Privacy Shield, Visier uses Trustarc as an independent, third party verification provider to assess and confirm our compliance with the Privacy Shield’s Framework’s requirements.
Further, Visier has achieved Trustarc’s International Privacy Verification Seal that publicly exemplifies our dedication and commitment towards upholding industry-established, internationally-recognized, privacy principles and standards. To view our verification status please click here. .
Data Center Locations
Our customers may be faced with organizational restrictions on where data may be stored. You may choose the appropriate region (Canada, Germany or the United States) for storing your data to meet data localization or data residency requirements.
If your organization processes United Kingdom (UK) and/or European Union (EU) data, data may be stored in Canada as Canada’s privacy laws have been recognized by the European Commission (EC) as meeting the adequacy requirement for the protection of personal data. Alternatively, you may choose to have your data stored in the United States and rely on Visier’s Standard Contractual Clauses for data transfers from Europe, United Kingdom, and Switzerland, to the U.S.
Visier has implemented industry standard security safeguards to protect customer data, including many customer-controllable settings within the Visier People solution. Visier customers have full control of the data submitted for processing within the services, as well as all setup and configurations.
We understand that it is essential for you to be able to control the visibility of your data within your organization.That is why you have full control and can customize the security roles to limit users’ visibility to only the data elements they are authorized to see. We also offer numerous checkpoints to ensure there is an opportunity for you to validate your requested configuration changes and review your data and business rules prior to your data being published and accessed by your larger user base.
For complete data segregation, your data is logically separated by means of hardware and software configurations to ensure each customer organization can only view the data they are meant to have access to. You will be provided with your own unique credentials and tenant ID to facilitate the appropriate segregation and restriction of access to your information.
Visier uses the following sub-processors to facilitate the provision of its services. Sub-processors are subject to contractual agreements that contain the same level of protection as the agreements Visier enters with its customers.
|Name of Sub-Processor||Purpose||Country where processing is performed|
|Visier, Inc.||Affiliated Service Provider||USA|
|Visier Solutions Inc.||Affiliated Service Provider||Canada|
|Visier Limited||Affiliated Service Provider||United Kingdom|
|Cyxtera Technologies, Inc.||Co-Location Provider||Canada or the USA (as selected by your organization)|
|Amazon Web Services, Inc.||Infrastructure as a Service||Canada, Germany or the USA (as selected by your organization)|
|Cloudflare, Inc.||Security and DDoS Prevention||Global|
|EMSI||Partner and producer of job taxonomy||USA|
|Apex Systems, Inc.||Professional services||Canada|