Privacy Policy

Privacy Policy

Last Updated: 12/16/2023

Table of Contents

  1. Introduction
  2. Personal Information Collected
  3. App permissions
  4. Cookies and Other Tracking Technologies
  5. How We Use and Disclose Personal Information
  6. Other Online Services
  7. Your Choices
  8. Data Retention
  9. Data Security
  10. Additional Information for California Residents
  11. Additional Information For Those Located Outside The United States
  12. Updates to Privacy Policy
  13. Contacting Us

I. Introduction

This Privacy Policy provides notice of practices by CBIZ, Inc. and its affiliates (together, “CBIZ,” “us,” “our,” or “we”) regarding personal information collected through or otherwise processed in relation to websites that are controlled and operated by CBIZ that link to this Privacy Policy including the websites found here (the “Websites”), mobile applications that are controlled and operated by CBIZ that link to this Privacy Policy (the “Apps”), offline services such as CBIZ events, or through the provision of our services requested by you or by our clients, such as accounting, tax, advisory, wealth management, consulting, employee benefits, insurance, payroll, or retirement plan services (the “Professional Services”) (all together collectively, the “Services”).

This Privacy Policy does not apply to other online services, such as websites and apps, that we own, provide, or maintain.

We may provide you additional privacy notices depending on how you interact with us and depending on the type of personal information we collect. For example, our Financial Services Privacy Statement applies to nonpublic personal information (as defined by the Gramm-Leach Bliley Act) that we obtain from customers of our financial Professional primarily for personal, family, or household use. Additionally, our Notice of Privacy Practices applies to protected health information (as defined by the Health Insurance Portability and Accountability Act).

If you are a California resident, please see Section 10 below, which sets forth additional information and rights you may have under California law.

II. Personal Information Collected

Personal Information generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, de-identified, or aggregated.

We may obtain your Personal Information from the following sources:
  • Directly from you. Such as when you use or register an account, subscribe to or access Professional Services via the Website, subscribe to email notifications, communicate or transact through the Website, apply for a job, or submit information online in connection with the Professional Services.
  • Our Clients. Clients of our Professional Services may provide us personal information about you. For example, our clients may provide Personal Information related to their employees, customers, or suppliers. Personal Information may be in the form of, or included in, documentation provided to us to perform our Professional Services such as payroll files, board or employee records, or other audit documentation.
  • Our Vendors. Our vendors may provide us information related to you in the process of providing us their services. For example, vendors may disclose to us your dietary preferences to accommodate in-person events.
  • Tracking Technologies. Such as when you visit the Website, which may have first-party and third-party technology integrations (e.g., cookies) that help facilitate and personalize your visit to the Website or to other online services. For more information see Section 4.
  • External Sources. Such as data resellers, publicly-available government records, from your employer, and from referrals or business professionals in your network. This does not include our vendors.

Personal Information we process about you may differ based on how you interact with us, but may include:

  • Identifiers. This includes names, contact information, addresses, Internet Protocol (IP) addresses, or other similar identifiers.
    • For Professional Services clients or job applicants, this includes your Social Security number, driver’s license, passport information, and other government-issued identifiers.
  • Personal Records. This includes your signature, telephone number, education, and employment.
  • Commercial Information. This includes records of personal property and services purchased, obtained, or considered purchasing.
  • Characteristics of Protected Classifications. This includes age, gender, nationality or citizenship, and race or ethnic origin.
  • Internet or Other Electronic Network Activity. This includes Internet Protocol (IP) addresses, device identifiers, mobile networks, browser types, operating system details, referring URLs, length of visits, traffic data, pages viewed, and information regarding interactions with the Website.
  • Geolocation Data. This includes global latitude and longitude of your location.
  • Audio, Electronic, Visual, or Similar Information. This includes audio recordings of customer services calls or video recordings of online webinars.
  • Professional or Employment-Related Information. This includes your professional contact information such as business email address.
    • For job applicants, this includes your job title, employer, and other professional background information, including recruitment information (such as skills, qualifications, references, recommendations, and other information included in a resume, application form, or cover letter); background information commonly used for onboarding and security screenings; criminal records information including results of background checks obtained through government agencies; employment background, functional experience, leadership experience, honors or awards, timesheets, education, training, professional certifications; languages spoken; citizenship, immigration, visa status, and work authorization information (including proof of authorization to work in the United States); and vehicle information (such as year, make, model, color, and license plate).
  • Payment Information. You may provide certain payment information, such as credit card, debit card, account number, or other payment method information, as well as billing address information.
  • Information Necessary to Perform Our Professional Services. This includes any information we obtain from the sources listed above in relation to providing our Professional Services such as payment-related information, information on financial conditions, such as bank account information, salary details, and other benefits, insurance data and the license plate number of a company car, information on insurances and occupational pensions, tax information and documentation such as tax equalization and tax return files, compensation data, travel information, birth certificates, marriage licenses, degrees, working and living arrangements, immigration data, work permits, payroll information, and health information such as treatment history and absence data such as medical certificates and information on sick leave, leave of absence, or parental leave.
  • Background Check Information. We may run background checks in relation to our Professional Services before, during, or after provision of such Professional Services. Information involved may include reputational and financial checks, conflicts, anti-money laundering, government sanctions checks, and politically exposed persons checks.
  • Legal Records and Documentation. We may process information related to your legal records for our protection, the protection of our clients and others, and to perform our Professional Services. Legal records may include court records, information on pending or completed litigation or other legal actions, and active disputes.
  • External Service Information. We may obtain information about you from external services, such as where you choose to use a Website feature provided by an external party. We may also supplement certain information that we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
  • Inferences. We may process inferences drawn from any other personal information we process to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes.

III. App Permissions

Certain features of the Apps may require access to certain information from your device. Depending on the App and your Apps permission or device settings, the Apps may have access to various device features. For example, this includes access to your photos/media/files/storage (allows the Apps to access the contents of files on your device), or camera (allows the Apps to take pictures and videos). Refer to the App’s description on the app store from which you downloaded the App and your App or device settings for more information.

IV. Cookies and Other Tracking Technologies

We and our vendors may use a variety of tracking technologies, such as cookies, that collect certain information whenever you interact with the Website, such as device identifiers, your IP address, location, other unique identifiers, all the areas within the Website that you visit, and the length and time of the visit.

Types of tracking technologies we may use:

  • Operationally Necessary. These tracking technologies are used for the core operations of the website. Without these tracking technologies, the performance of our website may fail or not work properly. For example, ensuring the website’s security or that your cookie preferences and settings are respected.
  • Functional. These tracking technologies allow us to provide website features to enhance your experience and to assess and address the website’s performance through measurements analytics (such as which functions of the website could be updated for performance efficiency). For example, these tracking technologies may allow you to enable certain embedded features. Without these tracking technologies, some or all of these features may not function properly.
  • Analytics. These tracking technologies allow us to assess how users navigate and interact with our website, allowing us to measure and improve our services based on consumer interests and tendencies (such as knowing which parts or features of the website are the most and least popular).
  • Advertising. These tracking technologies help us and other parties personalize ads that are shown to you on our website, as well as on other online services. If enabled, these tracking technologies allow you to receive cross-context and targeted advertising across online services over time. For example, if you show interest in one of our products shown on our website, you may receive an advertisement for that same product on a different online service.

We may use third-party technologies (such as Meta Pixel, Google Analytics) in connection with your activity on the Services, including for advertising purposes and to analyze your interactions and experiences with our websites, and including the features you engage with, how you navigate, and your click/touch, movement, scroll, and keystroke activity. These technology companies and advertisers may use, store, or access cookies and other tracking technologies to collect or receive information from the Website and elsewhere on the internet.

You may be able to opt-out of certain interest-based advertising using the settings on your browser or mobile device. In addition, the following services or organizations offer tools that you can use to limit or opt-out of interest-based advertising:

Please note that we or other parties may collect Personal Information about your online activities over time and across different devices and online websites when you use the Services. Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our Services are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, visit allaboutdnt.com.

You can set your browser to refuse cookies from the Website, including using the browser’s Do Not Track signal setting, but if you do so, you may not be able to access or use portions of the Website, or certain offerings on the Website may not function as intended or as well.

You can use mobile device settings to limit mobile tracking technologies and associated activities. For instance, you can adjust or reset the advertising identifiers on your mobile device in the device settings. iOS users can visit Settings > Privacy > Advertising > Reset Advertising Identifier. Android users can visit Google settings > Ads > Reset advertising ID.

V. How We Use and Disclose Personal Information

We collect, use, and disclose to service providers Personal Information, as described above, for the following purposes. Unless otherwise noted, the description below covers our activities in the twelve months preceding the Last Updated Date, as well as our current practices.

We collect, use, and disclose Personal Information for the following reasons:

  • Provide Services You Ask For. Including by maintaining or servicing your account, operating and maintaining our online and offline goods and services, enabling external party features, giving you information about our Services, processing your payments and orders, communicating with you about our Services, and responding to your requests and questions.
  • Customer Service. To respond to your requests for technical support, online services, product information, or to any other communication you initiate, including requests, inquiries, and complaints.
  • Process Job Applications. To the extent that you apply for a job, including performing background checks, checking and contacting references, and assessing eligibility and accommodations.
  • Necessary and Appropriate Internal Functions. Including records maintenance and developing or improving the Website.
  • Security and Integrity. Including protecting our Services from cyber risks; preventing, identifying, investigating, and responding to fraud, illegal or malicious activities, and other liabilities; verifying identity; enforcing our policies and terms; protecting our rights; and generally providing you with a secure experience when using our Services.
  • Quality, Safety, and Internal Research. Including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues, and developing new or enhanced products and service offerings.
  • Advertising and Marketing. Including measuring the use of our Services and effectiveness of our advertising and marketing, and uncovering insights to improve our Services and provide our users with enhanced features and functionalities, such as personalized experiences.

All Personal Information we collect about you may be used by and disclosed to our affiliates and subsidiaries. We also disclose Personal Information to our vendors, including those who collect, manage, and analyze our customer information and perform services for us, such as sending promotional communications and improving the performance of our Services.

We may combine your Personal Information with data we obtain from our Services, other users, or third-parties. We reserve the right to convert, or permit others to convert, your Personal Information into de-identified, anonymized, or aggregated data, as permitted by law.

Associated Entity Services. From time to time we may enter into an arrangement with another company that is not owned by or affiliated with us to provide additional features on the Services. These arrangements may include business partner and sponsored online services (referred to here as “Associated Entity Services”). Any information, including Personal Information, that you provide on one of these Associated Entity Services may be shared with these partners. By participating in activities or providing your information on these Associated Entity Services, you consent to us providing your information to those partners. Separate privacy policies may apply to these partners’ use of your Personal Information.

Business Transactions. In the event of a business transaction, we may disclose Personal Information to prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.

Legal Compliance and Safety.We may also disclose Personal Information for legal compliance, law enforcement, and public safety purposes. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to: (1) comply with applicable law, court order, governmental regulations, or other legal obligations; (2) assist in an investigation, regulatory requests, litigation, or arbitration; (3) protect and defend our rights and property, or the rights or safety of third parties; (4) enforce our Terms of Use, this Privacy Policy, or agreements with third-parties; (5) comply with health and safety obligations; or (6) prevent crime.

VI. Other Online Services

The Services may contain links to or features facilitated by other online services. For example, you may be able to share content from the Website to your social media profile on an external online service. This Privacy Policy does not apply to the practices of companies that we do not own or control. We provide these external links merely for your convenience and we have no control over, do not review, and are not responsible for external online services.

VII. Your Choices

If you have a registered account, you may be able to change your preferences as well as update your Personal Information through your account settings.

If you receive marketing emails from us, you may opt-out through the email’s instructions, as provided. Please note that regardless of your email preferences, we may send you notifications pertaining to the performance of our Services, such as transactional communications relating to products or services you have purchased or use.

VIII. Data Retention

We keep the categories of Personal Information described above for as long as is necessary for the purposes described in this Privacy Policy, to achieve the purposes for which the information was collected, or as may be permitted under applicable law. This generally means holding the information for as long as one of the following apply:

  • Your Personal Information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the Information;
  • Your Personal Information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the Personal Information was collected; 
  • Your Personal Information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
  • We are otherwise required or permitted to keep your Personal Information by applicable laws or regulations.

To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove Personal Information from our systems and records.

Where your Personal Information is used for more than one purpose, we will retain it until the purpose with the latest period expires.

IX. Data Security

We implement appropriate administrative, technical, physical, and organizational safeguards to protect against unauthorized or unlawful processing of Personal Information and against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to Personal Information. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Information. CBIZ limits access to internal systems that hold Personal Information to individuals who need access for a legitimate business purpose.

X. Additional Information for California Residents

This section provides additional information on our processing of Personal Information related to California residents.

The following categories of Personal Information are considered sensitive under applicable California law: Identifiers that are Social Security Numbers, driver’s licenses, passport information, and other government-issued identifiers and Characteristics of Protected Classifications. Where we use or disclose sensitive Personal Information, we do so for purposes that are reasonably necessary to provide our Services, including processing job applications and Professional Services, or as needed to ensure security and integrity, to prevent fraud or illegal activity, for physical safety, for short-term, transient use, to verify or maintain the quality or safety of the Services, and to improve, upgrade, or enhance the Services.

If you are a California resident, you have certain rights to the Personal Information that we have collected about you, and you may exercise those rights independently or through an authorized agent. We will comply with your request as soon as reasonably practicable. Requests to exercise your rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. To prevent unauthorized requests related to your Personal Information, we take steps to verify that you are the person that is the subject of the request to know, correct, and/or delete. Following verification of your identity, we will notify you if we are able to fulfill your request. If we are unable to fulfill your request, we will outline the reasons we are unable to honor your request at this time.

You may exercise your rights to your Personal Information by using our webform linked here or by calling toll-free (866) 568-4109.

Right to Know: You have the right to know about your Personal Information. You also have the right to obtain a transportable copy of your Personal Information. Your right to know request may be made no more than twice in a 12-month period.

Your right to know request may encapsulate the following:

  • The categories of Personal Information we have collected about you;
  • The categories of sources from which the Personal Information was collected;
  • Our business or commercial purposes for collecting, selling, or sharing (for cross-context behavioral advertising) your Personal Information;
  • The categories of third-parties to which we disclosed your Personal Information;
  • The categories of Personal Information we sold or shared (for cross-context behavioral advertising) about you and the categories of third-parties to which each category of Personal Information was sold or shared;
  • The categories of Personal Information we disclosed about you for a business purpose and the categories of persons to which it was disclosed; or
  • The specific pieces of Personal Information we have collected about you.

Right to Correct Personal Information: You may request that we correct Personal Information that we maintain about you if you believe such information is inaccurate.

Right to Request Deletion of Personal Information: You may request that we delete your Personal Information that we have collected directly from you and are currently maintaining.

Opt-Out Rights: We do not sell or share for cross-context behavioral advertising purposes Personal Information outside of the context of tracking technologies or where we provide marketing lead lists to vendors for advertising purposes.

To opt out of the sale and sharing for cross-context behavioral advertising purposes through tracking technologies, click on the “Do Not Sell or Share My Personal Information” link in the footer of the Website.

For more information on tracking technologies, see Section 4.

Shine the Light: If you are a California resident, you may request information on our disclosing of certain types of personal information with other parties, including affiliates, for the other parties’ own direct marketing purposes. To request this information, you may contact us at the information listed in Section 13. Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.

We will not discriminate against you, including retaliation, if you choose to exercise any of your privacy rights under California law.

XI. Additional Information For Those Located Outside The United States

If you are located outside of the United States, you acknowledge that we collect, process, and store Personal Information in the United States, and that the data protection and privacy laws in the United States may not offer the same level of protection as the applicable laws in your jurisdiction. Where we transfer your Personal Information to an entity outside of your location, we take steps to comply with the law in respect of that transfer. For example, by ensuring that your Personal Information is protected by comparable safeguards to those provided under the law of your location.

XII. Updates to Privacy Policy

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may provide more specific reasonable notice at our discretion (e.g., a banner, pop up, or email to you) if we materially change this Privacy Policy. Any changes to this Privacy Policy will be effective as of the “Last Updated” date at the top of this page, unless otherwise expressly indicated.

XIII. Contacting Us

You may contact us at [email protected] or:

Attn: Legal Counsel/Privacy

CBIZ, Inc.,

P.O. Box 31420

Independence, OH 44131