Workday · Workday Privacy Statement · View original document ↗

Users must contact organization to exercise processor-side rights

High severity High confidence Explicitdocumentlanguage Common · 290 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Workday Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.

This analysis describes what Workday's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Because Workday acts as a processor in employer-deployed contexts, it does not serve as the point of contact for individual rights requests, placing the practical burden on the individual to approach their organization instead.

Consumer impact (what this means for users)

If you want to exercise data protection rights over personal information held in an employer-deployed Workday system, you must contact your organization, not Workday.

How other platforms handle this

Discord Medium

When you exercise any of your applicable legal rights to access, amend, or delete your personal information, we may request additional information from you for the purpose of confirming your identity.

Baseten Medium

For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.

Tinder Medium

If you choose to reveal any personal information about yourself to other users, you do so at your own risk. We strongly encourage you to use caution in disclosing any personal information online.

See all platforms with this clause type →

Monitoring

Workday has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
If you have questions about how your organization uses your personal information with Workday, or if you want to exercise your data protection rights, please contact your organization directly.

— Excerpt from Workday's Workday Privacy Statement

Applicable regulations

CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Workday Privacy Statement
Entity
Workday
Document last updated
May 5, 2026
Tracking information
First tracked
May 8, 2026
Last verified
May 10, 2026
Record ID
CA-P-051482
Document ID
CA-D-00643
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
1d1c8751f74511b4904051a1bdb007f27fb1c00c83b0a76e5a3f374aa1db5246
Analysis generated
May 8, 2026 08:59 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Workday
Document: Workday Privacy Statement
Record ID: CA-P-051482
Captured: 2026-05-08 08:59:38 UTC
SHA-256: 1d1c8751f74511b4…
URL: https://conductatlas.com/platform/workday/workday-privacy-statement/provision/CA-P-051482/users-must-contact-organization-to-exercise-processor-side-rights/
Accessed: July 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Workday's Users must contact organization to exercise processor-side rights clause do?

Because Workday acts as a processor in employer-deployed contexts, it does not serve as the point of contact for individual rights requests, placing the practical burden on the individual to approach their organization instead.

How does this clause affect you?

If you want to exercise data protection rights over personal information held in an employer-deployed Workday system, you must contact your organization, not Workday.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 290 platforms. See the full comparison.

Is ConductAtlas affiliated with Workday?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Workday.