Our Executive Leadership Team (ELT) recognizes that protecting customer data is key to building trust and integral to the continued success of our business. The ELT has appointed a Senior Director, Privacy and Data Protection Officer (DPO) whose responsibilities include overseeing Visier’s Privacy and Data Protection Program and ensuring the fair, transparent and responsible use of data across the company. Our DPO is the point of contact for privacy inquiries and can be reached at email@example.com.
We believe that accountability for privacy lies with all team members, and we enforce corporate policies and practices designed to protect customer data. All employees complete mandatory privacy training and authorized employees provisioned with access to customer data are required to complete additional training. There is a clear understanding that employees share the responsibility for protecting data and are proactively engaged in dialogue on privacy risks and considerations. In addition, employees are expected to abide by Visier’s Code of Conduct and Ethic, adhere to the provisions of all company confidentiality agreements, and follow Visier’s corporate policies and procedures.
Global Data Protection
We strive to meet all applicable regulations including those imposed under the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Protection Act (CCPA). We additionally monitor guidance issued by regulatory bodies and EU supervisory authorities to ensure we adopt current best practices and industry standards.
Learn more about how Visier meets the requirements under the GDPR.
Privacy and Data Protection Program
Our Privacy and Data Protection Program is responsible for:
- Formulating, updating and communicating internal privacy policies;
- Maintaining current and transparent privacy notices including Visier’s Global Privacy Statement which describes the information we collect and use across the company; for what processing purposes; and how we manage and safeguard it;
- Promoting a privacy aware culture through ongoing education and awareness activities;
- Designing processes and procedures and issuing guidelines that enable different parts of the business to understand their data protection obligations;
- Maintaining data inventories and records of processing activities;
- Managing vendor and supplier privacy risks;
- Undertaking annual privacy assessments and maintaining our privacy certifications;
- Regularly updating and testing our data breach response plan;
- Ensuring customer data is processed only in accordance with the customer agreement or at the direction of the customer;
- Monitoring the data protection landscape and adjusting plans and efforts to ensure the Privacy and Data Protection Program remains current;
- Evolving the Privacy and Data Protection Program using globally recognized privacy accountability frameworks.
Privacy by Design
We have embedded the privacy by design principles of data stewardship, transparency, user control and responsible use into how we build our products and solutions and operate our services. This means we deliberately and proactively consider privacy impacts during the concept and design stages and throughout product development. This helps to maximize the value of the data while reducing privacy risks introduced at the various stages of the data lifecycle. We look for opportunities to make privacy-enhancing design choices to help comply with legal requirements or to meet best practices. In addition, we incorporate privacy reviews and approvals for all major releases before they become generally available.
Regulatory Compliance and Certifications
Our Privacy and Data Protection Program is aligned with standards set by today’s privacy and data protection laws and regulations including the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA) amongst others. We continually monitor the rapidly evolving privacy landscape, including guidance issued by regulatory bodies and supervisory authorities. We adjust our compliance efforts regularly to ensure our privacy and security programs remain up-to-date.
For external validation of our privacy practices, Visier has achieved Trustarc’s International Privacy Verification seal which publicly exemplifies our dedication and commitment towards upholding industry-established, internationally-recognized, privacy principles and standards.
To view our International Privacy verification status please visit https://privacy.truste.com/privacy-seal/validation?rid=6c03aa06-0835-49d6-a0ae-14301e6e2e5a
International Data Transfers
Visier has long employed two data transfer solutions to support the lawful transfer of data from Europe and Switzerland to the U.S. – Standard Contractual Clauses (SCCs) and the E.U.-U.S. and Swiss-U.S. Privacy Shield.
Although the Privacy Shield was invalidated in 2020, Visier has chosen to maintain its certifications with the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks and continues to meet the requirements for the data transfers made under the Framework. We abide by the terms of the Privacy Shield but we do not rely on it as a basis for the transfer of personal data from the EU, UK, and Switzerland. We enter into SCCs approved by the European Commission or competent UK authority (as applicable) which remain a valid data transfer solution.
To view our certification status in the Privacy Shield Framework please see https://www.privacyshield.gov/list.
Although third-party verification is not required under the Privacy Shield, Visier uses Trustarc on an annual basis to independently assess and confirm our compliance with the Framework’s requirements and to verify that appropriate security safeguards are in place.
To view our Truste privacy seal please visit https://privacy.truste.com/privacy-seal/validation?rid=87c6a311-5c42-4595-bab1-fd239f78c984.
Data Center Locations
Mindful that our customers may be faced with organizational restrictions on where data may be stored, Visier has strategically established data centers in Canada, Germany, or the United States to enable customers to comply with data localization and data residency requirements.
If your organization processes United Kingdom (UK) and/or European Union (EU) data, data may be stored in Canada as Canada’s privacy laws have been recognized by the European Commission (EC) as meeting the adequacy requirement for the protection of personal data. Alternatively, you may choose to have your data stored in the United States and rely on Visier’s Standard Contractual Clauses for data transfers from Europe, United Kingdom, and Switzerland, to the U.S.
Visier has implemented industry standard security safeguards to protect customer data, including many customer-controllable settings within the Visier People solution. Visier customers have full control of the data submitted for processing within the services, as well as all setup and configurations.
We understand that it is essential for you to be able to control the visibility of your data within your organization.That is why you have full control and can customize the security roles to limit users’ visibility to only the data elements they are authorized to see. We also offer numerous checkpoints to ensure there is an opportunity for you to validate your requested configuration changes and review your data and business rules prior to your data being published and accessed by your larger user base.
For complete data segregation, your data is logically separated by means of hardware and software configurations to ensure each customer organization can only view the data they are meant to have access to. You will be provided with your own unique credentials and tenant ID to facilitate the appropriate segregation and restriction of access to your information.
Visier uses the following subprocessors to facilitate the provision of its services. Subprocessors are subject to contractual agreements that contain the same level of protection as the agreements Visier enters with its customers. This list may be updated from time to time as subprocessors are added or removed.
|Name of Subprocessor||Purpose||Country where processing is performed|
|Visier, Inc.||Affiliated Service Provider||USA|
|Visier Solutions Inc.||Affiliated Service Provider||Canada|
|Visier Limited||Affiliated Service Provider||United Kingdom|
|Amazon Web Services, Inc.||Infrastructure as a Service||Canada, Germany or the USA (as selected by your organization)|
|Cloudflare, Inc.||Security and DDoS Prevention||Global|
|EMSI||Partner and producer of job taxonomy||USA|
|Apex Systems, Inc.||Professional services||Canada|
|Suvip Solutions, Inc. d/b/a USEReady||Professional services||Canada|
|Deloitte Consulting||Professional services||USA, India|