Visier launches monthly resignation data and free workforce benchmarking serviceLearn more
Close

Trust and Security


Our Culture

Our Executive Leadership Team (ELT) recognizes that protecting customer data is key to building trust and integral to the continued success of our business. The ELT has appointed a Senior Director, Privacy and Data Protection Officer (DPO) whose responsibilities include overseeing Visier’s Privacy and Data Protection Program and ensuring the fair, transparent and responsible use of data across the company. Our DPO is the point of contact for privacy inquiries and can be reached at dpo@visier.com.

We believe that accountability for privacy lies with all team members, and we enforce corporate policies and practices designed to protect customer data. All employees complete mandatory privacy training and authorized employees provisioned with access to customer data are required to complete additional training. There is a clear understanding that employees share the responsibility for protecting data and are proactively engaged in dialogue on privacy risks and considerations. In addition, employees are expected to abide by Visier’s Code of Conduct and Ethic, adhere to the provisions of all company confidentiality agreements, and follow Visier’s corporate policies and procedures.


Global Data Protection

We strive to meet all applicable regulations including those imposed under the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Protection Act (CCPA). We additionally monitor guidance issued by regulatory bodies and EU supervisory authorities to ensure we adopt current best practices and industry standards.

Learn more about how Visier meets the requirements under  the GDPR.


Privacy and Data Protection Program

Our Privacy and Data Protection Program is responsible for:

  • Formulating, updating and communicating internal privacy policies;
  • Maintaining current and transparent privacy notices including Visier’s Global Privacy Statement which describes the information we collect and use across the company; for what processing purposes; and how we manage and safeguard it;
  • Promoting a privacy aware culture through ongoing education and awareness activities;
  • Designing processes and procedures and issuing guidelines that enable different parts of the business to understand their data protection obligations;
  • Maintaining data inventories and records of processing activities;
  • Managing vendor and supplier privacy risks;
  • Undertaking annual privacy assessments and maintaining our privacy certifications;
  • Regularly updating and testing our data breach response plan;
  • Ensuring customer data is processed only in accordance with the customer agreement or at the direction of the customer;
  • Monitoring the data protection landscape and adjusting plans and efforts to ensure the Privacy and Data Protection Program remains current;
  • Evolving the Privacy and Data Protection Program using globally recognized privacy accountability frameworks.

Privacy by Design

We have embedded the privacy by design principles of data stewardship, transparency, user control and responsible use into how we build our products and solutions and operate our services. This means we deliberately and proactively consider privacy impacts during the concept and design stages and throughout product development. This helps to maximize the value of the data while reducing privacy risks introduced at the various stages of the data lifecycle. We look for opportunities to make privacy-enhancing design choices to help comply with legal requirements or to meet best practices. In addition, we incorporate privacy reviews and approvals for all major releases before they become generally available.


Regulatory Compliance and Certifications

Our Privacy and Data Protection Program is aligned with standards set by today’s privacy and data protection laws and regulations including the EU General Data Protection Regulation (GDPR), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Consumer Privacy Act (CCPA) amongst others. We continually monitor the rapidly evolving privacy landscape, including guidance issued by regulatory bodies and supervisory authorities. We adjust our compliance efforts regularly to ensure our privacy and security programs remain up-to-date.

For external validation of our privacy practices, Visier has achieved Trustarc’s International Privacy Verification seal which publicly exemplifies our dedication and commitment towards upholding industry-established, internationally-recognized, privacy principles and standards. 

To view our International Privacy verification status please visit  https://privacy.truste.com/privacy-seal/validation?rid=6c03aa06-0835-49d6-a0ae-14301e6e2e5a


International Data Transfers

Visier has long employed two data transfer solutions to support the lawful transfer of data from Europe and Switzerland to the U.S. – Standard Contractual Clauses (SCCs) and the E.U.-U.S. and Swiss-U.S. Privacy Shield.

Although the Privacy Shield was invalidated in 2020, Visier has chosen to maintain its certifications with the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks and continues to meet the requirements for the data transfers made under the Framework. We abide by the terms of the Privacy Shield but we do not rely on it as a basis for the transfer of personal data from the EU, UK, and Switzerland. We enter into SCCs approved by the European Commission or competent UK authority (as applicable) which remain a valid data transfer solution.

To view our certification status in the Privacy Shield Framework please see https://www.privacyshield.gov/list.

Although third-party verification is not required under the Privacy Shield, Visier uses Trustarc on an annual basis to independently assess and confirm our compliance with the Framework’s requirements and to verify that appropriate security safeguards are in place.
To view our Truste privacy seal please visit https://privacy.truste.com/privacy-seal/validation?rid=87c6a311-5c42-4595-bab1-fd239f78c984.


Data Center Locations

Mindful that our customers may be faced with organizational restrictions on where data may be stored, Visier has strategically established data centers in Canada, Germany, or the United States to enable customers to comply with data localization and data residency requirements. 

If your organization processes United Kingdom (UK) and/or European Union (EU) data, data may be stored in Canada as Canada’s privacy laws have been recognized by the European Commission (EC) as meeting the adequacy requirement for the protection of personal data. Alternatively, you may choose to have your data stored in the United States and rely on Visier’s Standard Contractual Clauses for data transfers from Europe, United Kingdom, and Switzerland, to the U.S.


Controlled Access

Visier has implemented industry standard security safeguards to protect customer data, including many customer-controllable settings within the Visier People solution. Visier customers have full control of the data submitted for processing within the services, as well as all setup and configurations. 

We understand that it is essential for you to be able to control the visibility of your data within your organization.That is why you have full control and can customize the security roles to limit users’ visibility to only the data elements they are authorized to see. We also offer numerous checkpoints to ensure there is an opportunity for you to validate your requested configuration changes and review your data and business rules prior to your data being published and accessed by your larger user base.

For complete data segregation, your data is logically separated by means of hardware and software configurations to ensure each customer organization can only view the data they are meant to have access to. You will be provided with your own unique credentials and tenant ID to facilitate the appropriate segregation and restriction of access to your information.


Visier’s Subprocessors

Visier uses the following subprocessors to facilitate the provision of its services. Subprocessors are subject to contractual agreements that contain the same level of protection as the agreements Visier enters with its customers. This list may be updated from time to time as subprocessors are added or removed.

Name of SubprocessorPurpose Country where processing is performed
Visier, Inc.Affiliated Service ProviderUSA
Visier Solutions Inc.Affiliated Service ProviderCanada
Visier LimitedAffiliated Service ProviderUnited Kingdom
Amazon Web Services, Inc.Infrastructure as a ServiceCanada, Germany or the USA (as selected by your organization)
Cloudflare, Inc.Security and DDoS PreventionGlobal
EMSIPartner and producer of job taxonomyUSA
Apex Systems, Inc.Professional servicesCanada
Suvip Solutions, Inc. d/b/a USEReadyProfessional servicesCanada
Deloitte ConsultingProfessional servicesUSA, India