Workday's privacy statement addresses how personal information is shared with third parties, though the specific categories of recipients, purposes, and safeguards are detailed in the full document which was not fully available for review.
This analysis describes what Workday's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Enterprise customers and individuals whose data is held by Workday need to understand which third parties may receive their personal information, whether as sub-processors in the platform context or as marketing partners in the controller context.
Interpretive note: Specific third-party sharing provisions could not be directly quoted as the document was truncated before the operative clauses were visible; this provision is characterized based on the statement's stated scope and Workday's known platform architecture.
Personal information provided to Workday through its website or platform may be shared with service providers, analytics partners, or other third parties as described in the full statement. The categories of sharing and any opt-out mechanisms depend on the complete document text.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Workday has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"That is why we are committed to transparency about how we collect, use, and share that information.— Excerpt from Workday's Workday Privacy Statement
(1) REGULATORY LANDSCAPE: GDPR Article 28 requires that sub-processors be disclosed and subject to equivalent data protection obligations. CCPA and CPRA distinguish between service providers, contractors, and third parties for data sharing purposes, with different rights and obligations applying to each category. The FTC Act governs deceptive disclosures about data sharing practices. (2) GOVERNANCE EXPOSURE: High. Enterprise HR platforms process sensitive employee data that may flow to sub-processors for payroll, analytics, benefits administration, or AI-driven features. Each sub-processor relationship requires assessment under applicable law, particularly GDPR's chain-of-liability framework. (3) JURISDICTION FLAGS: EU and UK customers must ensure sub-processor lists are current and that appropriate transfer mechanisms are in place. Illinois BIPA may be relevant if biometric data is processed through any Workday feature. Healthcare-adjacent data sharing may require HIPAA business associate agreement review. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise DPAs should require Workday to provide advance notice of sub-processor changes and to impose equivalent data protection obligations on all sub-processors. Procurement teams should request and review the current sub-processor list as part of vendor due diligence. (5) COMPLIANCE CONSIDERATIONS: Organizations should map all data flows from their Workday instance to third-party sub-processors and assess each against their own data governance policies, employee privacy notices, and applicable regulatory requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Enterprise customers and individuals whose data is held by Workday need to understand which third parties may receive their personal information, whether as sub-processors in the platform context or as marketing partners in the controller context.
Personal information provided to Workday through its website or platform may be shared with service providers, analytics partners, or other third parties as described in the full statement. The categories of sharing and any opt-out mechanisms depend on the complete document text.
ConductAtlas has identified this type of provision across 9 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Workday.