Depending on where you live, you may have the right to see, correct, delete, or move your personal data held by ADP, and to withdraw any consent you have given for its use.
This analysis describes what ADP's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision creates a procedural framework through which data subjects may submit formal requests for data access and control. The establishment of a dedicated portal creates an operational mechanism for handling individual rights requests and establishes ADP's obligation to process requests according to applicable legal standards.
ADP deleted the cookie preference management tool that previously allowed users to understand and control which cookies were placed on their devices, including functional, analytics, and advertising cookies. The removal eliminates the transparency mechanism through which users could consent to or opt out of different cookie categories. The practical effect depends on whether ADP has replaced this functionality elsewhere or whether cookies continue to be placed without equivalent granular user control.
View change record →Individuals can request access to, correction of, or deletion of their personal data through ADP's privacy portal, but the practical scope of these rights depends on jurisdiction and whether ADP or your employer controls the relevant data.
Cross-platform context
See how other platforms handle Individual Rights and Access Requests and similar clauses.
Compare across platforms →Monitoring
ADP has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on your location and subject to applicable law, you may have certain rights with respect to your personal data. These rights may include: the right to access personal data we hold about you; the right to rectify inaccurate personal data; the right to erasure of your personal data; the right to restrict or object to processing; the right to data portability; and the right to withdraw consent. To exercise these rights, please contact us through our Privacy Rights Request portal.— Excerpt from ADP's ADP Privacy Statement
REGULATORY LANDSCAPE: Individual rights provisions engage GDPR Articles 15 through 22 (access, rectification, erasure, restriction, portability, objection, and automated decision-making rights), UK GDPR equivalent provisions, and CCPA Sections 1798.100 through 1798.125. Response deadlines are 30 days under GDPR with a possible 60-day extension, and 45 days under CCPA with a 45-day extension. The relevant enforcement authorities are national EU DPAs, the UK ICO, and the California Privacy Protection Agency. GOVERNANCE EXPOSURE: Medium. ADP's processor role for employer-client data means that many individual rights requests received directly by ADP must be forwarded to the employer-client for response, which creates operational complexity and potential delay. Failure to respond within statutory timeframes constitutes a regulatory violation regardless of the processor/controller distinction. JURISDICTION FLAGS: EU, UK, and California create statutory deadlines and enforcement mechanisms for rights requests. Illinois, Virginia, Colorado, and other US states with comprehensive privacy laws also create response obligations. The policy's qualification that rights exist 'depending on your location and subject to applicable law' is accurate but may lead consumers to believe they have no rights when they do. CONTRACT AND VENDOR IMPLICATIONS: Employer-clients should establish internal processes to handle ADP-forwarded rights requests within statutory timelines. DPAs should specify ADP's obligations to assist clients in fulfilling data subject rights requests as required by GDPR Article 28(3)(e). COMPLIANCE CONSIDERATIONS: ADP's privacy rights portal should be audited for identity verification processes that are neither so burdensome as to deter rights exercise nor so lax as to enable unauthorized access. Response tracking systems should log request dates and extensions to demonstrate compliance with statutory timelines. Legal teams should confirm that rights requests related to ADP-processed employer data are routed correctly and within required timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision creates a procedural framework through which data subjects may submit formal requests for data access and control. The establishment of a dedicated portal creates an operational mechanism for handling individual rights requests and establishes ADP's obligation to process requests according to applicable legal standards.
Individuals can request access to, correction of, or deletion of their personal data through ADP's privacy portal, but the practical scope of these rights depends on jurisdiction and whether ADP or your employer controls the relevant data.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ADP.