Peakon is built with privacy compliance and privacy by design in mind and we're excited to help our customers understand how we are approaching this.
Data processed in Peakon
Data processed in Peakon Employee Voice (Peakon) can be classified into three categories;
- Information provided by employees.
- Employee information uploaded to Peakon by employers.
- Information Peakon collects when employees use the platform.
Employees provide information via the surveys they complete. Employers provide information about their employees such as length of tenure, department, job title, location etc. in addition to basic contact information, such as employee email address for the survey to be sent to.
Peakon automatically collects certain information when the platform is used for systems administration purposes, and to ensure the right access is given to users based on the access rights that the account administrator has set.
How Peakon processes the data
Information that employees input to Peakon is aggregated with information from other employees, and compared to data from past or future employee responses and/or industry benchmarks. This aggregated information provides managers with views on the levels of engagement of employees and their sentiment related to their working lives. All survey responses are entirely optional and questions can be skipped.
Typically, identifiable information isn’t made available to an employer organization unless the organization has:
- Enabled and configured the Data Export API.
- Requested an identity reveal- see below.
Peakon may also contact users to gain feedback on how to improve the product, as well as informing our users of new features, versions of the product, or service offerings. We also use this data to handle queries, concerns and complaints.
The standard data retention period for Peakon data is 5 years. In the event that an organization stops using Peakon, data will be anonymized no later than 6 months after the expiration of the service period. We will not store personal data for longer than is reasonably necessary to use it in accordance with our contractual agreement with the customer or with our legal rights and obligations.
Data subject rights
In addition, Workday supports customers in fulfilling the data subject rights for personal data that is processed through the platform:
- Workday supports the employee rights to access or erase personal data from the Peakon platform by opening a customer case specifying the details of the data access or data erasure request.
- Workday supports the employee's right to update their data via the user interface, through the surveys and the survey reset process.
- Employees also have the right to set preferences around how their data is processed, for example unsubscribing from survey invite emails.
- Employees also have the right to obtain copies of their personal data for reuse or transmission to another platform, where feasible.
It is also possible for employees to unsubscribe from Peakon emails, by clicking on the unsubscribe option on the email. This will result in employees not receiving email notifications from Peakon.
Data hosting and subprocessors
The core of the Peakon platform is hosted in the EEA, where employee data and survey responses are stored and processed with technical and organisational measures in place to ensure safe and secure storage.
Some Peakon features may require that some of the information that we collect from users be transferred, processed, or stored at a destination outside the European Economic Area ("EEA"). Full details of the use of sub-processors can be found on the Workday Subprocessor List. Some subprocessors are based outside the EEA, predominantly in the United States. We may transfer personal data to those service providers in the United States or other countries outside the EEA in order to provide our services via the Platform.
Appropriate technical and organizational measures are in place to mitigate against accidental, unauthorized or unlawful loss, destruction, alteration, disclosure or access to Personal Data.
Measures implemented by Peakon include:
- Encryption of Personal Data.
- Backup and disaster recovery arrangements.
- The ability to ensure ongoing confidentiality, integrity, availability and resilience of the IT infrastructure and environment.
- Regular testing and evaluation of the effectiveness of such measures.
In certain circumstances, a customer may receive comments that create a concern and may consider it appropriate to determine an employee’s identity. Example: An employee indicating intention of self-harm or harm to others, or indication of criminal or fraudulent behaviours in the workplace.
In these situations, Workday recommends that the relevant manager engages the employee via the comment response feature by asking them to engage in a further supported discussion to address the issue referred to in the comment. However, customers may determine that they need to identify the commenter so that they can effectively investigate and deal with the situation. In this case, customers can request an Identity Reveal via a customer case.
To fulfil such a request, Workday will require specific details and information to identify the comment, such as the precise comment URL and date of submission. Workday will obtain the identity of the individual who submitted the comment, and share it with the customer’s Named Support Contact via a secure messaging platform. The secure platform protects the identity related data via encryption and automatically destroys and deletes the data after 10 days.
If you have any questions about this article, please contact Workday Support.