What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.workday.com/en-us/privacy.html', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Visit Workday's privacy page at workday.com/en-us/privacy.html to locate the data subject rights request mechanism. Submit a request for deletion or access of personal information collected through Workday's own marketing and website activities.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': "The FTC has jurisdiction over Workday's data collection and marketing practices for US consumers under its unfair or deceptive practices authority", 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': "California residents may file complaints with the California Attorney General regarding CCPA or CPRA compliance related to Workday's collection and use of personal information", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Personal Information Collection and Use clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Personal Information Collection and Use clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Personal Information Collection and Use — Workday

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Workday Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Workday collects personal information from individuals who interact with its website, products, and marketing activities and states it is committed to being transparent about those practices. The full scope of data collected is described in the complete statement.

ⓘ

This analysis describes what Workday's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Understanding what categories of personal information Workday collects directly from website visitors and prospective customers is important for individuals who have provided contact details, attended webinars, or downloaded Workday content.

⚠

Interpretive note: The document was truncated before the operative data collection clauses were visible; this provision is characterized based on the statement's introduction and metadata description rather than from the full policy text.

Consumer impact (what this means for users)

Personal information such as contact details, behavioral data from website visits, and event registration information may be collected and used for marketing and product purposes. The full categories and retention periods are detailed in the complete statement, which was not fully visible in the provided document.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Visit Workday's privacy page at workday.com/en-us/privacy.html to locate the data subject rights request mechanism. Submit a request for deletion or access of personal information collected through Workday's own marketing and website activities.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...

eBay Medium

We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.

See all platforms with this clause type →

Monitoring

Workday has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
That is why we are committed to transparency about how we collect, use, and share that information.

— Excerpt from Workday's Workday Privacy Statement

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Data collection practices must comply with GDPR Articles 5, 6, and 13 for EU/UK individuals, requiring lawful basis disclosure, purpose limitation, and data minimization. CCPA and CPRA require disclosure of specific categories of personal information collected and the purposes for which it is used, with the right to opt out of sale or sharing for targeted advertising. (2) GOVERNANCE EXPOSURE: Medium. Enterprise marketing databases frequently contain personal information of procurement and IT contacts at target organizations. The lawful basis for processing this data, particularly for profiling and targeted outreach, requires evaluation under GDPR's legitimate interests or consent frameworks. (3) JURISDICTION FLAGS: EU and UK contacts require specific notice and, where applicable, consent for marketing communications under ePrivacy Directive and UK PECR requirements. California residents have opt-out rights regarding sharing of personal information for cross-context behavioral advertising under CPRA. (4) CONTRACT AND VENDOR IMPLICATIONS: Organizations that purchase Workday services should assess whether employee or contact data provided during the procurement process is subject to Workday's marketing data practices or is treated as confidential under the service agreement. (5) COMPLIANCE CONSIDERATIONS: The full data inventory, retention schedules, and sub-processor disclosures in the complete statement should be reviewed to ensure consistency with enterprise customer data governance requirements and applicable law.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has jurisdiction over Workday's data collection and marketing practices for US consumers under its unfair or deceptive practices authority
File a complaint →
State AG

California residents may file complaints with the California Attorney General regarding CCPA or CPRA compliance related to Workday's collection and use of personal information
File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Workday Privacy Statement

Entity

Workday

Document last updated

May 5, 2026

Tracking information

First tracked

May 8, 2026

Last verified

May 10, 2026

Record ID

CA-P-009565

Document ID

CA-D-00643

Evidence Provenance

Source URL

https://www.workday.com/en-us/privacy.html

Wayback Machine

View archived versions →

Content hash (SHA-256)

1d1c8751f74511b4904051a1bdb007f27fb1c00c83b0a76e5a3f374aa1db5246

Analysis generated

May 8, 2026 08:59 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Workday
Document: Workday Privacy Statement
Record ID: CA-P-009565
Captured: 2026-05-08 08:59:38 UTC
SHA-256: 1d1c8751f74511b4…
URL: https://conductatlas.com/platform/workday/workday-privacy-statement/personal-information-collection-and-use/
Accessed: June 27, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Dual Controller and Processor Role medium
Global Privacy as Fundamental Right low
Data Sharing with Third Parties medium
Data Subject Rights and Contact Mechanism medium
Employee Data Processing by Enterprise Customers high

Related Analysis

OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Workday's Personal Information Collection and Use clause do?

How does this clause affect you?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.

Is ConductAtlas affiliated with Workday?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Workday.