Our Privacy Commitment
At Visier, protecting our customers’ data is our top priority. We are committed to safeguarding the data entrusted to us and have rigorous privacy and security programs in place to ensure we continually adhere to the highest standards of practice. We monitor developments in global privacy laws and regulations and incorporate requirements and best practices into our overall privacy program as they evolve. This commitment has always been fundamental to the way we do business.Download Program Info Sheet
Our Executive Leadership Team (ELT) recognizes that protecting customer data is key to building trust and integral to the continued success of our business. The ELT has appointed a Senior Director, Privacy and Data Protection Officer (DPO) whose responsibilities include overseeing Visier’s Privacy and Data Protection Program and ensuring the fair, transparent and responsible use of data across the company. Our DPO is the point of contact for privacy inquiries and can be reached at firstname.lastname@example.org.
We believe that accountability for privacy lies with all team members, and we enforce corporate policies and practices designed to protect customer data. All employees complete mandatory privacy training and authorized employees provisioned with access to customer data are required to complete additional training. There is a clear understanding that employees share the responsibility for protecting data and are proactively engaged in dialogue on privacy risks and considerations. In addition, employees are expected to abide by Visier’s Code of Conduct and Ethic, adhere to the provisions of all company confidentiality agreements, and follow Visier’s corporate policies and procedures.
Global Data Protection
We strive to meet all applicable regulations including those imposed under the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Protection Act (CCPA). We additionally monitor guidance issued by regulatory bodies and EU supervisory authorities to ensure we adopt current best practices and industry standards.
Learn more about how Visier meets the requirements under the GDPR.
Privacy and Data Protection Program
Our Privacy and Data Protection Program is responsible for:
- Formulating, updating and communicating internal privacy policies;
- Maintaining current and transparent privacy notices including Visier’s Global Privacy Statementwhich describes the information we collect and use across the company; for what processing purposes; and how we manage and safeguard it;
- Promoting a privacy aware culture through ongoing education and awareness activities;
- Designing processes and procedures and issuing guidelines that enable different parts of the business to understand their data protection obligations;
- Maintaining data inventories and records of processing activities;
- Managing vendor and supplier privacy risks;
- Undertaking annual privacy assessments and maintaining our privacy certifications;
- Regularly updating and testing our data breach response plan;
- Ensuring customer data is processed only in accordance with the customer agreement or at the direction of the customer;
- Monitoring the data protection landscape and adjusting plans and efforts to ensure the Privacy and Data Protection Program remains current;
- Evolving the Privacy and Data Protection Program using globally recognized privacy accountability frameworks.
Privacy by Design
We have embedded the privacy by design principles of data stewardship, transparency, user control and responsible use into how we build our products and solutions and operate our services. This means we deliberately and proactively consider privacy impacts during the concept and design stages and throughout product development. This helps to maximize the value of the data while reducing privacy risks introduced at the various stages of the data lifecycle. We look for opportunities to make privacy-enhancing design choices to help comply with legal requirements or to meet best practices. In addition, we incorporate privacy reviews and approvals for all major releases before they become generally available.
Regulatory Compliance and Certifications
Our Privacy and Data Protection Program is aligned with standards set by today’s privacy and data protection laws and regulations including the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA) amongst others. We continually monitor the rapidly evolving privacy landscape, including guidance issued by regulatory bodies and supervisory authorities. We adjust our compliance efforts regularly to ensure our privacy and security programs remain up-to-date.
For external validation of our privacy practices, Visier has achieved Trustarc’s International Privacy Verification seal which publicly exemplifies our dedication and commitment towards upholding industry-established, internationally-recognized, privacy principles and standards.
To view our International Privacy verification status please visit https://privacy.truste.com/privacy-seal/validation?rid=6c03aa06-0835-49d6-a0ae-14301e6e2e5a
International Data Transfers
Visier operates as a global business and complies with applicable laws as it relates to the transfer, storage and processing of personal data outside of a customers’ jurisdiction.
When Visier transfers personal data from the EEA, the UK, or Switzerland to another country such as the United States (US), appropriate data transfer solutions such as Visier’s Data Privacy Addendum (DPA) that incorporates the European-Commission-approved Standard Contractual Clauses (SCCs) and the UK-approved international data transfer addendum, are used.
Following the adequacy decision by the European Commission (EC) Visier also relies on the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as a legal basis for transfers of personal data from the EU to the US. Visier will rely on the UK extension to the EU-U.S. DPF and the Swiss-U.S. DPF when applicable local authorities approve the adequacy decisions. In the meantime, Visier continues, and will continue to offer a DPA with SCCs to every customer who needs one in addition to reliance on the EU-U.S. DPF.
To view our participation in the EU-U.S. Data Privacy Framework please see https://www.dataprivacyframework.gov/.
Furthermore, although third-party verification is not required under the EU-U.S. DPF, Visier uses Trustarc on an annual basis to independently assess and confirm compliance with the EU-U.S. DPF requirements and to verify that appropriate safeguards are in place.
To view our Truste privacy verification please visit: https://privacy.truste.com/privacy-seal/validation?rid=87c6a311-5c42-4595-bab1-fd239f78c984.
Data Center Locations
Mindful that our customers may be faced with organizational restrictions on where data may be stored, Visier has strategically established data centers in Canada, Germany, Singapore, or the United States to enable customers to comply with data localization and data residency requirements.
If your organization processes United Kingdom (UK), Swiss, and/or European Union (EU) data, data may be stored in Canada as Canada’s privacy laws have been recognized by the European Commission (EC) as meeting the adequacy requirement for the protection of personal data. Alternatively, you may choose to have your data stored in the United States and rely on Visier’s DPA with SCCs or Visier’s participation in the EU-U.S. DPF.
Visier has implemented industry standard security safeguards to protect customer data, including many customer-controllable settings within the Visier People solution. Visier customers have full control of the data submitted for processing within the services, as well as all setup and configurations.
We understand that it is essential for you to be able to control the visibility of your data within your organization.That is why you have full control and can customize the security roles to limit users’ visibility to only the data elements they are authorized to see. We also offer numerous checkpoints to ensure there is an opportunity for you to validate your requested configuration changes and review your data and business rules prior to your data being published and accessed by your larger user base.
For complete data segregation, your data is logically separated by means of hardware and software configurations to ensure each customer organization can only view the data they are meant to have access to. You will be provided with your own unique credentials and tenant ID to facilitate the appropriate segregation and restriction of access to your information.
Please visit this page to see our current list of sub-processors.