Last Updated: 3/13/2024
Table of Contents
- Introduction
- Personal Information Collected
- App permissions
- Cookies and Other Tracking Technologies
- How We Use and Disclose Personal Information
- Other Online Services
- Your Choices
- Data Retention
- Data Security
- Additional Information for California Residents
- Additional Information For Those Located Outside The United States
- Updates to Privacy Policy
- Contacting Us
I. Introduction
This Privacy Policy provides notice of practices by CBIZ, Inc. and its affiliates (together, CBIZ, us, our, or we) regarding Personal Information collected through or otherwise processed in relation to websites that are controlled and operated by CBIZ that link to this Privacy Policy including the websites found here (the “Websites”), mobile applications that are controlled and operated by CBIZ that link to this Privacy Policy (the Apps), offline services such as CBIZ events, or through the provision of our services requested by you or by our clients, such as accounting, tax, advisory, wealth management, consulting, employee benefits, insurance, payroll, or retirement plan services (the Professional Services) (all together collectively, the Services).
This Privacy Policy does not apply to other online services, such as websites and apps, that we own, provide, or maintain, but do not link to this Privacy Policy.
We may provide you additional privacy notices depending on how you interact with us and depending on the type of Personal Information we collect. For example, our Financial Services Privacy Statement applies to nonpublic personal information (as defined by the Gramm-Leach Bliley Act) that we obtain from customers of our financial Professional Services primarily for personal, family, or household use. Additionally, our Notice of Privacy Practices applies to protected health information (as defined by the Health Insurance Portability and Accountability Act).
If you are a California resident, please see Section 10 below, which sets forth additional information and rights you may have under California law.
II. Personal Information Collected
Personal Information generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, de-identified, or aggregated.
We may obtain your Personal Information from the following sources:
- Directly from you, such as when you use or register an account, subscribe to or access Professional Services via the Services, subscribe to email notifications, communicate or transact through the Services, apply for a job, or submit information online in connection with the Professional Services.
- Our clients, such as when clients of our Professional Services provide us Personal Information about you. For example, our clients may provide Personal Information related to their employees, customers, or suppliers. Personal Information may be in the form of, or included in, documentation provided to us to perform our Professional Services such as payroll files, board or employee records, or other audit documentation.
- Our vendors, such as when our vendors provide us information related to you in the process of providing us their services. For example, vendors may disclose to us your dietary preferences to accommodate in-person events.
- Tracking technologies, such as when you visit the Websites or Apps, which may have first-party and third-party technologies (e.g., cookies, SDKs) that help facilitate and personalize your visit to the Websites or Apps. For more information see Section 4 below.
- External sources, such as when we receive information from data resellers, publicly-available government records, your employer, and referrals or business professionals in your network. This does not include our vendors.
Personal Information we process about you may differ based on how you interact with us, and may include:
- This includes names, contact information, addresses, Internet Protocol (IP) addresses, or other similar identifiers.
- For Professional Services clients or job applicants, this includes your Social Security number, driver’s license, passport information, and other government-issued identifiers.
- Personal Records. This includes your signature, telephone number, education, and employment.
- Commercial Information. This includes records of personal property and services purchased, obtained, or considered purchasing.
- Characteristics of Protected Classifications. This includes age, gender, nationality or citizenship, and race or ethnic origin.
- Internet or Other Electronic Network Activity. This includes IP addresses, device identifiers, mobile networks, browser types, operating system details, referring URLs, length of visits, traffic data, pages viewed, and information regarding interactions with the Websites or Apps.
- Geolocation Data. This includes global latitude and longitude of your location.
- Audio, Electronic, Visual, or Similar Information. This includes audio recordings of customer service calls or video recordings of online webinars.
- Professional or Employment-Related Information. This includes your professional contact information, such as business email address.
- For job applicants, this includes your job title, employer, and other professional background information, including recruitment information (such as skills, qualifications, references, recommendations, and other information included in a resume, application form, or cover letter); background information commonly used for onboarding and security screenings; criminal records information including results of background checks obtained through government agencies; employment background, functional experience, leadership experience, honors or awards, timesheets, education, training, professional certifications; languages spoken; citizenship, immigration, visa status, and work authorization information (including proof of authorization to work in the United States); and vehicle information (such as year, make, model, color, and license plate).
- Account and Profile Information. If you register an account, you may provide information such as your name, email address, and username/password.
- Payment Information. You may provide certain payment information, such as credit card, debit card, account number, or other payment method information, as well as billing address information, client number, and invoice number.
- Information Necessary to Perform Our Professional Services. This includes any information we obtain from the sources listed above in relation to providing our Professional Services, such as payment-related information; information on financial conditions, such as bank account information, salary details, and other benefits; insurance data and the license plate number of a company car; information on insurances and occupational pensions; tax information and documentation, such as tax equalization and tax return files; compensation data; travel information; birth certificates; marriage licenses; degrees; working and living arrangements; immigration data; work permits; payroll information; health information, such as treatment history; absence data, such as medical certificates; and information on sick leave, leave of absence, or parental leave.
- Background Check Information. We may run background checks in relation to our Professional Services before, during, or after provision of such Professional Services. Information involved may include reputational and financial checks, conflicts, anti-money laundering, government sanctions checks, and politically-exposed persons checks.
- Legal Records and Documentation. We may process information related to your legal records for our protection, the protection of our clients and others, and the performance of our Professional Services. Legal records may include court records, information on pending or completed litigation or other legal actions, and active disputes.
- External Service Information. We may obtain information about you from external services, such as where you choose to use a Services feature provided by an external party. We may also supplement certain information that we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
- We may process inferences drawn from any other Personal Information we process to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes.
III. App Permissions
Certain features of the Apps may require access to certain information from your device. Depending on the App and your Apps permission or device settings, the Apps may have access to various device features. For example, this includes access to your photos/media/files/storage (allows the Apps to access the contents of files on your device), or camera (allows the Apps to take pictures and videos). Refer to the App’s description on the app store from which you downloaded the App and your App or device settings for more information.
IV. Cookies and Other Tracking Technologies
We and our vendors may use a variety of tracking technologies, such as cookies, pixels, SDKs, and beacons, that collect certain information whenever you interact with the Websites and Apps, such as device identifiers, IP addresses, location, other unique identifiers, all the areas within the Websites and Apps that you visit, and the length and time of the visit.
Types of tracking technologies we may use include:
- Operationally Necessary. These tracking technologies are used for the core operations of the online service. Without these tracking technologies, the performance of the online service may fail or not work properly. For example, this includes ensuring data security or that your cookie preferences and settings are respected.
- Functional. These tracking technologies allow us to provide online features to enhance your experience and to assess and address the online service’s performance through measurements analytics (such as which functions could be updated for performance efficiency). For example, these tracking technologies may allow you to enable certain embedded features. Without these tracking technologies, some or all of these features may not function properly.
- Analytics. These tracking technologies allow us to assess how users navigate and interact with our Websites and Apps, allowing us to measure and improve our Services based on consumer interests and tendencies (such as knowing which parts or features are the most and least popular).
- Advertising.These tracking technologies help us and other parties personalize ads that are shown to you, including ads displayed on other online services. If enabled, these tracking technologies allow you to receive cross-context and targeted advertising across online services over time. For example, if you show interest in one of our products shown on our Websites, you may receive an advertisement for that same product on a different online service.
We may use third-party technologies (such as Meta Pixel) in connection with your activity on the Services, including for advertising purposes and to analyze your interactions and experiences, including the features you engage with, how you navigate, and your click/touch, movement, scroll, and keystroke activity. These technology companies and advertisers may use, store, or access cookies and other tracking technologies to collect or receive information from the across the internet.
We may also use certain third-party web analytics services, such Google Analytics, to help us understand and analyze how visitors use our Websites. We use this information to implement Google advertising features such as interest-based advertising, audience targeting, and impression reporting.
You may be able to opt out of certain interest-based advertising using the settings on your browser or mobile device. In addition, the following services or organizations offer tools that you can use to limit or opt out of interest-based advertising:
Please note that we or other parties may collect Personal Information about your online activities over time and across different devices and the internet when you use the Services.
You can set your browser to refuse cookies, including using the browser’s Do Not Track signal setting. You can use mobile device settings to limit certain mobile tracking technologies and associated activities. For instance, you can adjust or reset the advertising identifiers on your mobile device in the device settings. iOS users can visit Settings > Privacy > Advertising > Reset Advertising Identifier. Android users can visit Google Privacy settings > Ads > Reset advertising ID.
V. How We Use and Disclose Personal Information
We collect, use, and disclose to service providers Personal Information, as described above, for the following purposes. Unless otherwise noted, the description below covers our activities in the twelve months preceding the Last Updated Date, as well as our current practices.
We collect, use, and disclose Personal Information for the following reasons:
- Provide Services You Ask For, including by maintaining or servicing your account, operating and maintaining our online and offline goods and services, enabling external party features, giving you information about our Services, processing your payments and orders, communicating with you about our Services, and responding to your requests and questions.
- Customer Service, including responding to your requests for technical support, online services, product information, or to any other communication you initiate, including requests, inquiries, and complaints.
- Process Job Applications, including, to the extent that you apply for a job, performing background checks, checking and contacting references, and assessing eligibility and accommodations.
- Necessary and Appropriate Internal Functions, including records maintenance and developing or improving the Services.
- Security and Integrity, including protecting our Services from cyber risks; preventing, identifying, investigating, and responding to fraud, illegal or malicious activities, and other liabilities; verifying identity; enforcing our policies and terms; protecting our rights; and generally providing you with a secure experience when using our Services.
- Quality, Safety, and Internal Research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues, and developing new or enhanced products and service offerings.
- Advertising and Marketing, including measuring the use of our Services and effectiveness of our advertising and marketing; and uncovering insights to improve our Services and provide our users with enhanced features and functionalities, such as personalized experiences.
All Personal Information we collect about you may be used by and disclosed to our affiliates and subsidiaries. We also disclose Personal Information to our vendors, including those who collect, manage, and analyze our customer information and perform services for us, such as sending promotional communications and improving the performance of our Services.
We may combine your Personal Information with data we obtain from our Services, other users, or third parties. We reserve the right to convert, or permit others to convert, your Personal Information into de-identified, anonymized, or aggregated data, as permitted by law.
Associated Entity Services. From time to time, we may enter into an arrangement with another company that is not owned by or affiliated with us to provide additional features on the Services. These arrangements may include business partner services and sponsored online services (referred to here as Associated Entity Services). Any information, including Personal Information, that you provide on one of these Associated Entity Services may be shared with these partners. By participating in activities or providing your information on these Associated Entity Services, you direct us to provide your information to those partners. Separate privacy policies may apply to these partners’ use of your Personal Information.
Business Transactions. In the event of a business transaction, we may disclose Personal Information to prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.
Legal Compliance and Safety. We may also disclose Personal Information for legal compliance, law enforcement, and public safety purposes. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to: (1) comply with applicable law, court order, governmental regulations, or other legal obligations; (2) assist in an investigation, regulatory requests, litigation, or arbitration; (3) protect and defend our rights and property, or the rights or safety of third parties; (4) enforce our Terms of Use, this Privacy Policy, or agreements with third parties; (5) comply with health and safety obligations; or (6) prevent crime.
VI. Other Online Services
The Services may contain links to or features facilitated by other online services. For example, you may be able to share content from the Websites and Apps to your social media profile on an external online service. This Privacy Policy does not apply to the practices of companies that we do not own or control. We provide these external links merely for your convenience and we have no control over, do not review, and are not responsible for external online services.
We may engage vendors to provide certain interactive features on our Websites and Apps. Your use of these interactive features is voluntary, and we may retain the information that you submit through these features. For example, we may offer an interactive chat feature to answer questions and for other customer service purposes. When you participate in the interactive chat, either with a virtual or live agent, the contents of the chat may be captured and kept as a transcript. By using these features, you understand that our vendors may process the information obtained through the feature to provide the service on our behalf.
VII. Your Choices
If you have a registered account, you may be able to change your preferences as well as update your Personal Information through your account settings.
If you receive marketing emails from us, you may opt out through the email’s instructions, as provided. Please note that regardless of your email preferences, we may send you notifications pertaining to the performance of our Services, such as transactional communications relating to products or services you have purchased or use.
VIII. Data Retention
We keep the categories of Personal Information described above for as long as is necessary for the purposes described in this Privacy Policy, to achieve the purposes for which the information was collected, or as may be permitted under applicable law. This generally means holding the information for as long as one of the following apply:
- Your Personal Information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the Information;
- Your Personal Information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the Personal Information was collected;
- Your Personal Information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
- We are otherwise required or permitted to keep your Personal Information by applicable laws or regulations.
To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove Personal Information from our systems and records.
Where your Personal Information is used for more than one purpose, we will retain it until the purpose with the latest period expires.
IX. Data Security
We implement appropriate administrative, technical, physical, and organizational safeguards to protect against unauthorized or unlawful processing of Personal Information and against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to Personal Information. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Information. CBIZ limits access to internal systems that hold Personal Information to individuals who need access for a legitimate business purpose.
X. Additional Information for California Residents
This section provides additional information on our processing of Personal Information related to California residents.
The following categories of Personal Information are considered sensitive under applicable California law: Identifiers that are Social Security Numbers, driver’s licenses, passport information, and other government-issued identifiers; and Characteristics of Protected Classifications. Where we use or disclose sensitive Personal Information, we do so for purposes that are reasonably necessary to provide our Services, including processing job applications and Professional Services, or as needed to ensure security and integrity, to prevent fraud or illegal activity, for physical safety, for short-term, transient use, to verify or maintain the quality or safety of the Services, and to improve, upgrade, or enhance the Services.
If you are a California resident, you have certain rights to the Personal Information that we have collected about you, and you may exercise those rights independently or through an authorized agent. We will comply with your request as soon as reasonably practicable. Requests to exercise your rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. To prevent unauthorized requests related to your Personal Information, we take steps to verify that you are the person that is the subject of the request to know, correct, and/or delete. Following verification of your identity, we will notify you if we are able to fulfill your request. If we are unable to fulfill your request, we will outline the reasons we are unable to honor your request at this time. Note that we may maintain certain information as required or permitted by law and/or subject to your interactions with us. For example, if you reengage with us, such as by submitting personal information through our Contact Us webform, we may collect your personal information even if we had previously removed it from our systems at your request.
You may exercise your rights to your Personal Information by using our webform linked here or by calling toll-free (866) 568-4109.
Right to Know: You have the right to know about your Personal Information. You also have the right to obtain a transportable copy of your Personal Information. Your right to know request may be made no more than twice in a 12-month period.
Your right to know request may encapsulate the following:
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information was collected;
- Our business or commercial purposes for collecting, selling, or sharing (for cross-context behavioral advertising) your Personal Information;
- The categories of third parties to which we disclosed your Personal Information;
- The categories of Personal Information we sold or shared (for cross-context behavioral advertising) about you and the categories of third parties to which each category of Personal Information was sold or shared;
- The categories of Personal Information we disclosed about you for a business purpose and the categories of persons to which it was disclosed; or
- The specific pieces of Personal Information we have collected about you.
Right to Correct Personal Information: You may request that we correct Personal Information that we maintain about you if you believe such information is inaccurate.
Right to Request Deletion of Personal Information: You may request that we delete your Personal Information that we have collected directly from you and are currently maintaining.
- Opt Out Rights: We do not sell or share for cross-context behavioral advertising purposes Personal Information outside of the context of tracking technologies or where we provide marketing lead lists to vendors for advertising purposes.
- To opt out of the sale and sharing for cross-context behavioral advertising purposes through tracking technologies related to the Websites, click on the Do Not Sell or Share My Personal Information link in the footer of the Websites.
For more information on tracking technologies, see Section 4.
Shine the Light: If you are a California resident, you may request information on our disclosing of certain types of Personal Information with other parties, including affiliates, for the other parties’ own direct marketing purposes. To request this information, you may contact us at the information listed in Section 13. Any such request must include California Privacy Rights Request in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.
We will not discriminate against you, including retaliation, if you choose to exercise any of your privacy rights under California law.
XI. Additional Information For Those Located Outside The United States
If you are located outside of the United States, you acknowledge that we collect, process, and store Personal Information in the United States, and that the data protection and privacy laws in the United States may not offer the same level of protection as the applicable laws in your jurisdiction. Where we transfer your Personal Information to an entity outside of your location, we take steps to comply with the law in respect of that transfer. For example, by ensuring that your Personal Information is protected by comparable safeguards to those provided under the law of your location.
XII. Updates to Privacy Policy
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may provide more specific reasonable notice at our discretion (e.g., a banner, pop up, or email to you) if we materially change this Privacy Policy. Any changes to this Privacy Policy will be effective as of the Last Updated date at the top of this page, unless otherwise expressly indicated.
XIII. Contacting Us
You may contact us at 866-568-4109, [email protected] or:
Attn: Legal Counsel/Privacy
CBIZ, Inc.,
P.O. Box 31420
Independence, OH 44131