Our new support login location can be found below.
Skip to content Our new support login location can be found below.
This Privacy Policy describes PrismHR, and our subsidiaries and affiliates collect, use, share, and protect business, financial, and personal information. This Policy applies to all information collected or submitted on this website and mobile applications (“Site”). This policy is available on the homepage of this Site and at every login page where personally identifiable information may be requested.
Your privacy, and the privacy of the information provided, is important to us. We responsibly protect your data from loss, misuse, unauthorized access, disclosure, alteration, and untimely destruction. We do not grant access to your personal information except as otherwise set forth herein. We do not share or sell personal information collected on the Site with any third parties for their marketing purposes. At times, we will provide you with links to other websites. We encourage our users to be aware when they leave our Site, and to read the privacy statements of every website that collects personally identifiable information
We limit the collection of personal information to the information that we need to administer and improve the Site, to provide our products and services (“Services”) to our customers, and to fulfill any legal and regulatory requirements.
We do not require you to provide any personal information in order to have general access to the Site. However, to access or use certain information, features, or services at the site, you may be required to provide personal information.
By providing your mobile number and opting in to receive SMS (Short Message Service) messages from PrismHR, you consent to receive event-based text messages related to your account, services, customer support, alerts, and other information relevant to your relationship with PrismHR.
We use the information provided on the site to perform the services you request.
We may collect general, non-personal, statistical information about the users of the site and our services in order to determine information regarding the use of our site and general information about our customers. We may also group this information to provide general aggregated data. The aggregated data will not personally identify any customers or visitors to the site.
A “cookie” is a piece of data that our site may provide to your browser while you are at our site. The information stored in a cookie is used for user convenience purposes, such as reducing repetitive messages, tracking helper tool versions, and retaining user display preferences. If a user rejects the cookie, they will be able to browse the site but will be unable to use our online application.
PrismHR may use third-party service providers to use cookies, web beacons, and similar technologies to collect or receive information from our site and elsewhere on the Internet and use that information to provide measurement services and target ads. You can opt-out of this information tracking using a web browser that supports a “Do Not Track” functionality.
We recognize, and honor opt-out preference signals sent via the Global Privacy Control (GPC). If your browser or extension supports GPC and it is enabled, we will treat it as a valid request to opt out of the sale or sharing of your personal information. We process GPC signals in a frictionless manner, meaning you do not need to take any additional steps for your opt-out to be honored.
This site is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13 years of age. All dependent data needed for benefits enrollment is customarily provided by the employee/guardian and kept secure as indicated in this policy.
This PRIVACY NOTICE FOR CALIFORNIA CONSUMERS supplements the information contained in the Privacy Statement of the PrismHR family of companies (collectively, “we,” “us,” or “our”) and applies solely to California consumers (“consumers” or “you”), effective January 1, 2020. We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended (“CCPA”) and other applicable California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice. For purposes of this notice, a “third party” is an entity that is not a wholly owned or majority-owned and controlled subsidiary of the PrismHR family of companies.
Under California Civil Code 1798, California residents with an established business relationship can request information about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like more information, please contact your service provider.
Information is shared to facilitate the Services needed in order to properly and efficiently handle duties related to your account.
Keeping your information accurate and up to date is very important. You can review or correct your account information by contacting a customer service representative. If you have an account at the site, you can make changes to your account information after you log in to the Site from your PC or wireless device and use the online tools. Note that some information changes may be made by or have to be done through your employer.
This policy statement may be revised from time to time due to legislative changes, changes in technology or our privacy practices, or new uses of customer information not previously disclosed in this policy. Revisions are effective upon posting and your continued use of this site will indicate your acceptance of those changes. Please refer to this policy regularly.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).
| CATEGORY | EXAMPLES | COLLECTED? |
| A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES |
| C. Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information). | YES |
| D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
| E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints. | YES |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
| G. Geolocation data | Physical location or movements. | YES |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | YES |
| I. Professional or employment-related information | Current or past job history or performance evaluations. | YES |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES |
| K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
We may also collect personal information about you from other categories of sources, such as our affiliates; our other clients; public and publicly available sources; our third-party referral partners, vendors, data suppliers, and service providers; partners with which we offer co-branded services or engage in joint event or marketing activities; social networks; news outlets and related media; and organizations with which you are employed or affiliated.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may share your personal information within the PrismHR family of companies to provide services to you or in an effort to assess your needs and how we can help fulfill those needs.
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we require the recipient to keep that personal information confidential and secure, to not disclose that personal information to others, and to not use it for any purpose except performing the services related to the business purpose.
In the preceding twelve (12) months, we have not sold any personal information to third parties within the scope of the application of the CCPA.
The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) – month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights.
We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.
You may make a request for the disclosures or deletion described above by contacting us using one of the methods described below methods.
You may be required to submit proof of your identity for these requests to be processed as a verifiable consumer request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.
We will respond to your request consistent with the CCPA, which does not apply to certain information, such as information made available from government records, certain data subject to the (FCRA), (GLBA) and certain other laws, and where its application is preempted by, or in conflict with, federal law or the United States or the California Constitution.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).
At a minimum, this notice will be reviewed and updated on an annual basis. We reserve the right to amend this notice at our discretion and at any time. Any changes will be posted on this page with an updated revision date.
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us.
First Class Mail, Return Receipt:
PrismHR
ATTN: HR Compliance Team
1475 S Price Rd
Chandler, AZ 85286
European Economic Area (EEA) residents have the right to:
New York residents are entitled to reasonable administrative, technical, and physical safeguards to protect their private information.
We implement reasonable organizational, technical, and physical security measures designed to protect your information in accordance with the SHIELD Act, GDPR, and CCPA. However, no electronic transmission or storage of information can be entirely secure, so we cannot guarantee absolute security.
The Telephone Consumer Protection Act (TCPA), codified at 47 U.S.C. § 227, is a significant federal statute enacted to safeguard consumer privacy against unwanted telemarketing calls, faxes, and SMS (Short Message Service) text messages. This policy outlines PrismHR procedures and standards our organization will adhere to in order to ensure compliance with the TCPA when sending SMS text messages to consumers.
The primary objective of this policy is to establish a framework that ensures all SMS text messages sent by our organization are in compliance with TCPA regulations, thereby protecting consumer rights and avoiding legal penalties.
This policy applies to all employees, contractors, and third-party vendors involved in the creation, approval, and dissemination of SMS text messages on behalf of our organization.
To comply with TCPA regulations, our organization must obtain prior express written consent from consumers before sending any SMS text messages for marketing purposes. This consent should be:
Transactional or informational SMS text messages may be sent without prior consent but must comply with applicable regulations.
Every SMS text message must include an opt-out mechanism, allowing consumers to easily and promptly unsubscribe from receiving future messages. This can be achieved by including instructions within the message, such as replying with “STOP” to opt-out.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Our organization will maintain comprehensive records of consumer consent and opt-out requests. These records will include:
SMS text messages should be concise, relevant, and respectful of consumer privacy. Our organization will:
Any third-party vendors involved in sending SMS text messages on behalf of our organization must comply with TCPA regulations. Our organization will conduct due diligence and establish contractual agreements to ensure vendors adhere to these standards.
Employees and contractors involved in SMS text messaging activities must receive regular training on TCPA compliance. This training will cover:
Our organization will implement monitoring systems to ensure ongoing compliance with this policy. Non-compliance may result in disciplinary action, including termination for employees and contract termination for vendors.
This policy will be reviewed annually and amended as necessary to reflect changes in TCPA regulations or organizational practices. All amendments will be communicated to relevant stakeholders.
Adhering to TCPA regulations is crucial for maintaining consumer trust and avoiding legal penalties. This policy serves as a comprehensive guide to ensure our organization’s SMS text messaging practices are compliant, respectful, and transparent.
This Notice, which forms part of our privacy policy, provides supplemental information for residents of Colorado, Connecticut, Nevada, Utah, and Virginia, regarding their rights under applicable state privacy laws. These include the Colorado Privacy Act (effective July 1, 2023); the Connecticut Personal Data Privacy Act (effective July 1, 2023); the Utah Consumer Privacy Act (effective December 31, 2023); and the Virginia Consumer Data Protection Act (effective January 1, 2023); and (collectively, the “Privacy Laws”). If you are a Consumer residing in Colorado, Connecticut, Utah, or Virginia, the following provisions may apply to our processing of information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer’s (“personal information”) as defined under the Privacy Laws.
Under the laws of Colorado, Connecticut, Utah, and Virginia, a ‘Consumer’ is defined as a resident acting in an individual or household context. This definition excludes individuals acting in an employment context (e.g., current, former, or prospective employees) or in a commercial context (e.g., employees, owners, directors, officers, or representatives of an entity engaging with us in that capacity).
This policy statement may be revised from time to time due to legislative changes, changes in technology or our privacy practices, or new uses of customer information not previously disclosed in this policy. Revisions are effective upon posting and your continued use of this site will indicate your acceptance of those changes. Please refer to this policy regularly.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”).
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Contact, name, employment information, financial, and educational information.
Race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex, gender expression, gender identify, age, sexual orientation, military and veteran status.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Colorado: Fingerprint, Voiceprint, Scan or record of an eye retina or iris, facial map, facial geometry, facial template, or other unique biological, physical, or behavioral patterns or characteristics.
“Biometric Information” does not include the following unless the biometric data is used for identification purposes: (i) a digital or physical photograph; (ii) an audio or voice recording; or (iii) any data generated from a digital or physical photograph or an audio or video recording.
This section does not apply to Connecticut, Utah, or Virginia.
Mobile device and online identifiers, Mac address, IP address, cookie IDs, browser activity, search history, social media information, and information regarding your interaction with our website or mobile application.
Physical location or movements.
Age, gender, race, citizenship, ethnicity, date of birth, family or marital status, household income, education, professional and employment information.
Any form of automated process performed on personal data to evaluate, analyze, or predict personal aspects related to an identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sexual orientation or citizenship or immigration status; the processing of genetic or biometric data for the purpose of uniquely identifying an individual; personal data collected from a known child; or precise geolocation data.
We may also collect personal information about you from other categories of sources, such as our affiliates; our other clients; public and publicly available sources; our third-party referral partners, vendors, data suppliers, and service providers; partners with which we offer co-branded services or engage in joint event or marketing activities; social networks; news outlets and related media; and organizations with which you are employed or affiliated.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may share your personal information within the PrismHR family of companies to provide services to you or in an effort to assess your needs and how we can help fulfill those needs.
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we require the recipient to keep that personal information confidential and secure, to not disclose that personal information to others, and to not use it for any purpose except performing the services related to the business purpose.
Residents of Colorado [Colorado Privacy Act (CPA)], Connecticut [Connecticut Data Protection Act (CTDPA)], Utah [Utah Consumer Privacy Act (UCPA)], and Virginia [Virginia Consumer Data Protection Act (VCDPA)], have certain personal data rights.
You have the right to request that we delete any of your personal information that we collected from you and retained, unless otherwise permitted by law, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
To Exercise The Access, Data Portability, And Deletion Rights Described Above, Please Submit A Verifiable Consumer Request To Us By Either:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) – month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you are a Colorado, Virginia, or Connecticut consumer, and we refuse to take action on your request, you may appeal our refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us via email at privacy@prismhr.com.
We will not discriminate against you for exercising any of your privacy rights.
Suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.
Privacy rights for residents of Nevada are governed by NRS Chapter 603A , enacted in 2005, and Senate Bill 220, enacted in 2019, granting Nevada consumers the ability to restrict the sale of their “Covered Information.” This term refers to one or more types of personally identifiable information collected by an operator through a website or online service operated by that entity, including:
If you wish to submit an additional inquiry concerning the sale of your Covered Information, as defined by Nevada law, please contact us via email at privacy@prismhr.com.
PrismHR (“Company,” “we,” or “us”) has established the following Biometric Data Privacy Policy (the “Policy”) for [type(s) of data subjects/end users, e.g., “clients,” “client employees,” “internal employees,” ” “customer users,” etc.] of the Company’s biometric [type of biometric system, e.g., “authentication,” “access control,” etc.] system (the “Biometric System”). This Policy describes how the Company treats [type(s) of biometric data, e.g., facial images, face geometry, fingerprints, etc.], and other data that may be considered “biometric identifiers” or “biometric information” under applicable law (collectively, “Biometric Data”) that is collected, obtained, and/or processed by the Company from [type(s) of data subjects/end users] through its operation of the Biometric System. The Company reserves the right to amend this Policy at any time, without notice.
Biometric systems are computer-based systems that scan an individual’s face, finger, hand, or other physical feature for purposes of recognition and/or verification. These systems generate unique data points and create a unique mathematical representation, or algorithm, that is used to identify or verify an individual’s identity, such as when an individual uses their face or fingerprint as an authentication measure to gain access to a restricted area or an electronic device. The Company’s Biometric System operates by scanning and analyzing [type(s) of data subjects/end users]s’ Biometric Data to [recognize]/[verify] their identities.
Any Biometric Data collected or processed by the Company will be used solely for purposes of [processing purposes, e.g., “identity verification,” “fraud prevention and detection,” “security,” “access control,” etc.], and to comply with our legal obligations under applicable law. In the event we begin collecting or using Biometric Data in connection with the Biometric System for any additional purpose, we will update this policy. PrismHR will not sell or trade any Biometric Data that we receive from our clients and client employees.
We may disclose Biometric Data with our third-party service providers (e.g., cloud hosting providers) that assist with or otherwise facilitate our operation of the Biometric System, for purposes of [disclosure purposes, e.g., “when you request that we provide you with a product or service,” “to facilitate your use of the Biometric System,” etc.]. We may also disclose Biometric Data: (1) when required to do so by law; (2) when necessary to establish, exercise, or protect our rights; (3) to protect the vital interests of natural persons; (4) to investigate fraud or other criminal acts; or (5) in the context of merger, acquisition, or similar commercial transaction. Any Biometric Data disclosed by us will be solely for these purposes.
Any Biometric Data collected, obtained, or otherwise processed by us will be permanently deleted if the Company receives a verifiable deletion request. Such requests may come from an employee, or a client request with a written agreement from the employee to discontinue the use of the biometric technology for any specific employee. Biometric Data may also be deleted due to the termination of a client’s contractual relationship and deletion will be executed in accordance with PrismHR’s client services agreement or the Company’s record retention schedule, as applicable, whichever is earlier.
We use a commercially reasonable standard of care, consistent with our industry, to store, transmit, and protect from disclosure, use, unauthorize access, or loss of any Biometric Data collected or otherwise obtained through use of the Biometric System. Such storage, transmission, and protection is performed in a manner that is the same as, or more protective than, the manner in which we store, transmit, and protect other forms of confidential and sensitive information, including personal information that can be used to uniquely identify an individual.
For more information, or if you have any questions about this Biometric Data Privacy Policy, you may contact us using the information below:
