Privacy Policy

Last Updated: December 12, 2022

INTRODUCTION

PrimePay, LLC (“SyncHR”, “we”, “us” and “our”) respects your privacy. As such, we have developed this Privacy Policy to inform you about our privacy practices. This Privacy Policy describes the types of personal information we collect, how we use the information, with whom we share it, how we secure it and the choices you can make about our use of the information.

What Role Does SyncHR Serve in Data Protection?

It is important to note that SyncHR acts both as a Data Controller and a Data Processor within the realm of data protection law compliance, including the European General Data Protection Regulation of 2018 (“GDPR”). As a Data Processor, SyncHR is responsible for safeguarding the data submitted to our services by or on behalf of our customers, including data regarding our client’s employees, as it flows through the suite of services that we offer to our customers (the “SyncHR HCM Cloud Platform”).  Part I of this Privacy Policy describes how we deal with Data as a Data Processor. As a Data Controller, SyncHR is responsible for safeguarding the data of visitors to our websites, including our public website - www.synchr.com - as well as our customer solution websites, our customer support websites and other sites through which we communicate or deliver our services (the “Sites”), and all SyncHR Service Information (as defined below). Part II of this Privacy Policy describes how we deal with data as a Data Controller. Part III of this Privacy Policy discusses rights you may have under applicable state law.
As used in this Privacy Policy, “personal data” is defined as in the GDPR, and includes any information which, either alone or in combination with other information we hold about you, identifies you, including, for example, your name, postal address, email address and telephone number.
Please read this Privacy Policy carefully to understand our practices regarding your personal data and how we will treat it. If SyncHR is your Data Controller, please pay particular attention to the sections entitled “International Transfer” and “Your Rights.”

PART I: SYNCHR AS A DATA PROCESSOR

SyncHR has entered into separate agreements with our customers to govern the delivery, access, and use of the SyncHR HCM Cloud Platform, including instructions for the processing of personal data on behalf of our customers. Our customers license SyncHR technology and configure their instance of the SyncHR HCM Cloud Platform to serve as a human capital management system to manage core HR functions, benefits, payroll, and HR reporting in a single platform.
SyncHR does collect information when acting as a service provider to its customers. However, SyncHR has no direct relationship with the individuals whose personal data it processes under the direction of our customers and our customers are responsible for making sure that your privacy rights are respected, including ensuring appropriate disclosures about third party data collection and use. To the extent that we are acting as a client’s data processor, we will process your information, including any personal data, in accordance with the terms of our agreement with the applicable customer and the customer’s lawful instructions and the terms of this Privacy Policy shall not apply to such processing. As part of the service to our customers, SyncHR may operate a hosted version of the SyncHR HCM Cloud Platform for our customers to which the customer’s privacy policy applies. If you are an employee or contractor of one of our customers and would no longer like to be contacted by the employer that uses our service, please contact the employer that you interact with directly. Additionally, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to SyncHR’s employer customer, the data controller.
In some cases, the SyncHR HCM Cloud Platform may allow you to interact with and receive services from other third-party processors (e.g. 401(k) administrators). These third-party services and the collection and use of your personal data by these third parties is governed by such third parties’ respective terms of service and privacy policies. You are responsible for reviewing these third-party terms and policies and you acknowledge that SyncHR is not responsible for the privacy practices of these third parties.

PART II: SYNCHR AS A DATA CONTROLLER

When you contact us to request services through our Sites or to raise a customer service issue with SyncHR, you may provide us with relevant information such as, but not limited to, your contact information, the services you currently or would like to purchase from us, or your username related to the SyncHR service (collectively “SyncHR Service Information”). You acknowledge that SyncHR Service Information does not include the personal information processed by SyncHR when serving as a Data Processor to its customers. This Privacy Policy does not apply to SyncHR employees.
Why Do We Need Personal Data? We need certain personal data in order to communicate with you, provide you with the services you request through our Sites, and to address any customer service inquiries you make to SyncHR.
Your Consent. By submitting personal data to SyncHR, you expressly consent to the collection, use and disclosure of your personal data in accordance with this Privacy Policy. We will process your personal data in accordance with applicable data protection and privacy laws. When you access our Sites, you hereby consent to the terms of this Privacy Policy. This consent provides us with a legal basis under applicable law to process your personal data. You maintain the right to withdraw such consent at any time.

Information We Collect

SyncHR may collect information about you from various sources. Specifically, we may obtain information about you:

1. On our Sites (e.g., when you request information, establish an account, or submit content to our Sites);
2. When you call us, email us, or communicate with us through social media; and
3. From our affiliates or subsidiaries, service providers, business partners, and other third parties.

The types of personal information we may obtain includes:

1. Contact details (e.g., name, postal address, email address, and telephone number);
2. Username and password for the account you may establish on our Sites;
3. Photographs, videos, comments, and other content you submit to us;
4. Information you provide by interacting with us through social media; and
5. Other details that you may submit to us or that may be included in the information provided to us by third parties.

Automatic Data Collection

As is true of most websites, we gather certain information automatically. We may combine this automatically collected log information with other information that you provide us or that we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality and to analyze trends in the aggregate and to administer our Sites. The information we may collect by automated means includes:

1. Information about the devices our visitors use to access the Internet (such as the IP address and the device, browser and operating system type);
2. URLs that refer visitors to our Sites;
3. Dates and times of visits to our Sites; and/or clickstream data
4. Internet service provider;
5. Referring/exit pages;
6. The files viewed on our Sites (e.g., HTML pages, graphics, etc.)
7. Language;
8. Information on actions taken on our Sites (such as page views and site navigation patterns);
9. A general geographic location (such as country and city) from which a visitor accesses our Sites or mobile applications; and
10. Search terms that visitors use to reach our Sites.

Cookies.

Like many online services, we use cookies to collect certain information and provide a more personalized site experience. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Site; and (2) third party cookies, which are served by service providers on our Site, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
We use the following types of cookies for the purposes set out below:

Type of cookie	Purpose
Essential Cookies	These cookies are essential to provide you with our services and to enable you to use some of the features. For example, they help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
Functionality Cookies	These cookies allow our Sites to remember choices you make when you use our services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Sites or services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Sites.
Analytics and Performance Cookies	These cookies are used to collect information about traffic to our Sites and how users use our services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Sites, websites that referred them to our Site, the pages they visited on our Sites , what time of day they visited our Sites , whether they have visited our Sites  before, and other similar information. We use this information to help operate our Sites  and services more efficiently, to gather broad demographic information and to monitor the level of activity on our Sites . We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Sites  and services works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies You can find out more about how Google protects your data here: https://policies.google.com/privacy You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Targeted and Advertising Cookies	These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show ads which may be relevant to your interests while you are on third party websites.
Social Media Cookies	These cookies are used when you share information using a social media sharing button or “like” button on the website or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.

 
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com/uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.

Analytics

We may use third-party analytics providers (like Google Analytics and Mixpanel) to help analyze how users use our Sites. These analytics providers use cookies and other technologies to collect information such as how often users use our Sites, what pages they visit, and what other websites they used prior to coming to our Site. We use the information we get from these providers only to improve our Sites and our services. They collect the IP address assigned to you on the date you visit our Sites, rather than your name or other personally identifying information. Although such services may set persistent cookies on your computer to identify you as a unique user the next time you visit our Sites, the cookie is designed to be used only by the service provider.
We use cookies to understand website and Internet usage and to improve or customize the content, offerings or advertisements on our Sites. We also may use cookies to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising.
We, our third-party service providers, advertisers or our partners also may use cookies to manage and measure the performance of advertisements displayed on or delivered by us and/or other networks or websites. This also helps us, our service providers and partners provide more relevant advertising.
We, our third party service providers, advertiser or our partners may also use “web beacons” or clear.gifs, or similar technologies, which are small pieces of code placed on a web page, to monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

How We Use the Information We Collect When Acting as a Data Controller

When you use or communicate with us through the Site, we may use the information we obtain about you to:

1. Register you on our Sites and manage and maintain your accounts on our Sites;
2. Provide products or services you request;
3. Understand your needs and interests and tailor our products and services to suit your personal interests and the manner in which visitors use our Sites, products, and services;
4. Communicate with you about products, services, based on the general geographic location transmitted by your mobile device;
5. Maintain a record of general transactions on our Sites;
6. Respond to your questions and comments and provide customer support;
7. Communicate with you through email, website, mobile applications and social media about our products, services, offers, events and promotions, and offer you products and services we believe may be of interest to you;
8. Enable you to communicate with us through our blogs, social networks, and other interactive media;
9. Operate, evaluate, and improve our business and the products and services we offer;
10. Analyze and enhance our marketing communications, and strategies (including by identifying when emails sent to you have been received and read);
11. Analyze performance of our services and technology and to analyze trends and statistics regarding visitors’ use of our Sites, mobile applications, and social media assets, and the transactions visitors conduct on our Sites;
12. Protect against fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;
13. Enforce our Terms of Use; and
14. Comply with applicable legal requirements and industry standards and our policies.

We may combine the information we collect with publicly available information and information we receive from our affiliates, business partners, and other third parties which may include contact details (e.g., name, postal address, email address, and telephone number). We may use that combined information to enhance and personalize your experience with us, to communicate with you about products, services, and events that may be of interest to you, for promotional purposes, and for other purposes described in this Privacy Policy.
We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.

Information We Share

We do not sell or otherwise disclose personal information about you, except as described in this Privacy Policy.
We may share the personal information we collect with our affiliates, business partners, ad network vendors and their participants, and other third parties for the purposes described in this Privacy Policy, including to communicate with you about products and services, offers, events, and promotions that we believe may be of interest to you. We also may share personal information with our service providers who perform services or process information on our behalf. These service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.
We also may disclose information about you (i) if we are required to do so by law such as to comply with a subpoena or other legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
We reserve the right to transfer personal information we have about you in the event we sell, merge or transfer all or a portion of our business or assets, including pursuant to a bankruptcy or similar proceeding. Should such a sale, merger, or transfer occur, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with our Privacy Policy. Following such a sale, merger, or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that information. You will also be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Your Rights When SyncHR is Your Data Controller

If SyncHR is your Data Controller as described above and you wish to exercise any of the following rights, please contact us using the details below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the rights you would like to enforce. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
Opt-out. You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA. Please note that your use of some of our Sites  may be ineffective upon opt-out. Despite your indicated e-mail preferences, we may send you service-related communications, including notices of any updates to our Terms of Use or Privacy Policy.
Access. You may access the information we hold about you at any time by contacting us directly.
Amend. You can also contact us to update or correct any inaccuracies in your personal data.
Move. Your personal data is portable – i.e. you to have the flexibility to move your data to other service providers as you wish.
Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

Data Retention

SyncHR will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The user account will remain active until responsible contracting company has either disabled the account or termination of service contract with SyncHR.

How We Protect Personal Information

We maintain appropriate administrative, technical and physical safeguards designed to protect the personal information you provide on our Sites  and HCM Cloud Platform against accidental unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Other personal information (not including payment card information) may be transferred unencrypted and involve (i) transmissions over various networks and (ii) changes to conform and adapt to technical requirements of connecting networks or devices. However, SyncHR will use commercially reasonable efforts, like secure socket layer (SSL), to encrypt information such as your login credentials during transmission.
Please note that no electronic transmission of information can be entirely secure. We cannot guarantee that the security measures we have in place to safeguard personal information will never be defeated or fail, or that those measures will always be sufficient or effective.

Linked Websites and Social Networks

Our Sites may provide links to third-party sites for your convenience and information. SyncHR does not control linked websites, and we do not endorse or make any representations about third-party websites. Linked sites may have their own privacy policies, which you should review if you visit those sites. We are not responsible for the content of any sites not affiliated with SyncHR, any use of those sites, or those sites’ privacy practices.
We may also provide social media features on our Sites that enable you to share SyncHR information with your social networks and to interact with SyncHR on various social media websites. This includes social media features, such as the Facebook Like button and widgets, such as the Share this button or interactive mini-programs that run on our Site. Your use of these features may result in the collection or sharing of information about you. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. We encourage you to review the privacy policies and settings on the social media websites with which you interact to help you understand those website’s privacy practices.

Children’s Privacy

SyncHR does not knowingly collect Personal Information or direct its Sites to children under the age of 16. If we learn that a user of our Site is under 16 years old, we will promptly delete any personal information that the individual has provided to us.

Updates to Our Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post a prominent notice on our Site to notify you of any significant changes to our Privacy Policy and indicate at the top of the Privacy Policy when it was most recently updated. If we make any material changes we will notify you by email sent to the e-mail address specified in your account or by means of a notice on our corporate website (www.synchr.com) prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

EU-U.S. Privacy Shield and Swiss - U.S. Privacy Shield

SyncHR Inc participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. SyncHR is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. SyncHR is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. SyncHR complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, SyncHR is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, SyncHR may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Part III: RIGHTS UNDER STATE LAW

Your California Privacy Rights

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), PrimePay is providing the following disclosure for residents in California, including consumers whose information we collect from them directly in signing up for our services and those who visit our Website. In addition to the information provided above, this disclosure further explains our collection and use of your data and rights that may be afforded to you under California law.
 
This disclosure does not apply to employees of our clients, whose information we are provided and maintain from your employer in performing services. If you have any questions regarding personal information provided to or maintained by PrimePay in this respect, please reach out directly to your employer.
 
As defined under the CCPA, Personal Information is “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
 
Your Rights in CA:
Right to Know.
Under California law, you have a right to know: (i) the categories of Personal Information we collect about you, (ii) the categories of sources from which we collect that information, (iii) the business or commercial purpose for collecting such information, and (iv) the categories of third parties with whom we share that information. Additionally, you have a right to request a disclosure of the specific pieces of Personal Information PrimePay has collected and/or maintained about you for the previous twelve (12) months.
 

• Categories of Personal Data Collected & Disclosed

 
PrimePay may collect the following categories of Personal Information about you in your interactions with us:
 
Category A: Identifiers such as your name, alias, postal address, unique personal identifier, online identifier, Internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
 
Category B: Personal information as defined in the California consumer records statute, such as your name, signature, social security number, address, etc.
 
Category C: Characteristics of protected classifications under California or federal law, such as sex, race, or age.
 
Category D: Commercial information, such as your purchase history and transaction information.
 
Category F: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interactions with our Website or applications.
 
Category G: Geolocation data.
 
Category H: Audio, electronic, visual, or similar information.
 
Category I: Professional or employment-related information.
 
Category J: Education information.
 
Category K: Inferences drawn from any information identified above to create a profile about you reflecting, among other, your preferences, characteristics, behavior and aptitudes.
 
Category L: Sensitive personal information, including your social security and other identification numbers, account log-in and credentials.
 

• Sources of Personal Data

 
We collect Personal Information from you directly and indirectly through your interactions with us. For example, we may collect Personal Information when you complete forms or surveys requesting information regarding a product. We may also collect information indirectly, such as through your interactions with our  Websites. 
 
In addition, we collect Personal Information from third party sources, such as clients and partners who may provide your information in connection with our service offerings or marketing opportunities.
 

• Purposes for the Collection of Personal Data

 
We may collect your Personal Information in order to:
 

• Perform services: such as maintaining accounts, provide customer service, process payments, or verify customer information
• Provide advertising and marketing services: including sending you promotional materials or other advertising items that you have or may be interested in
• Development: to help maintain, develop, improve or enhance our products and services
• Research: to conduct research regarding technological developments
• Security detection: to detect security incidents, to the extent that such Personal Information is reasonably necessary and helpful in detecting such incidents;
• Marketing purposes: such as auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards and advertising relating to your current interaction with our websites

 

• Disclosure of Personal Data

 
PrimePay does not sell your Personal Information, however, we may disclose such information with certain third-parties either for a valid business purpose, in accordance with applicable law (e.g., law enforcement agencies when required), or with your consent.
 
Parties to whom we may disclose Personal Information include contractors, vendors and other authorized third-parties to provide specific services, such as support and marketing services. 
 
Right to Delete or Correct.
 
PrimePay retains your Personal Information until there is no longer a legitimate business purpose for maintaining such information, unless we are required to maintain that information longer by applicable law.
 
Under California law, you have a right to request that we delete any and all Personal Information that we have collected or maintain about you. If you make such a request, we will either (i) delete all Personal Information from our records and notify our service providers to delete any Personal Information maintained about you, or (ii) notify you that your request cannot be complied with and for what reason, such as because we need to maintain the information to perform the transacted for services or comply with applicable law.
 
Right to Correct Inaccurate Personal Information.
 
You have a right to request that PrimePay correct any inaccurate personal information collected or maintained by us. If you would like to update or correct such information, please contact us at one of the contact methods designated below.
 
Right to Non-Discrimination

If you choose to exercise any of these rights afforded to you, PrimePay shall not retaliate by any means including, but not limited to, denying goods or services, charging different prices for goods or services, or providing different service levels for goods or services. Exercising certain rights may prevent or inhibit your use or access to PrimePay’s Websites or services. 
 
How to exercise your rights.
 
To submit a request under the rights described above, please contact us at privacy@primepay.com or the mailing address listed below.
 
How to Contact Us
If you have any questions or comments about this Privacy Policy, or if you would like us to update information we have about you or your preferences, please contact us by email at privacy@primepay.com. You also may write to:
PrimePay, LLC
Attn: Information Security
1487 Dunwoody Drive
West Chester, PA 19380
You will receive confirmation of requested updates or deletions within 10 business days after request is made.