Workfront's privacy notice outlines how information about you is collected, used, and protected.
Last Updated: February 9, 2022
Enter your business email
Workfront Inc. and its Affiliates (Workfront, Ltd.; Workfront Armenia LLC) collectively “Workfront”) takes the protection of our customer’s privacy seriously. This Privacy Notice informs you of our policies regarding the collection, use, and disclosure of all personally identifiable information (“Personal Data") provided to us through use of each of our websites and mobile applications on which a link to this Privacy Notice is displayed or clearly referenced, and where Workfront controls and/or determines whether and what Personal Data is processed (i.e., is the “Data Controller” as the term is defined by the European General Data Protection Regulation or “GDPR”). For example, this Privacy Notice applies to information we collect from you via our website, or when we communicate with you about products and services we offer, organize events, establish partnerships, or for marketing purposes, among others.
Workfront may also process Personal Data in accordance with instructions and on behalf of third parties such as customers that use Workfront products and services (collectively, “Services”). In this context, Workfront is a “Data Processor” (as defined by GDPR). This Privacy Notice does not apply to data or activities where Workfront is the Data Processor.
1. What Types of Information Does Workfront Collect?
The following Personal Data may be collected by Workfront for the purposes described in this Privacy Notice:
- Email address;
- Username/account credentials
- Job role/title
- Company name
- Telephone number;
- IP address;
- Mobile Device ID;
- Eligibility information (available license discounts or special license terms);
- Types of apps and websites of interest; and
- Content of customer support communications;
- Browsing Time;
- Cookie Information;
- Customer GUID;
- Usage Analytics.
2. How Does Workfront Use Personal Data?
Workfront will only collect and process Personal Data for the following purposes:
- To administer the Services;
- To personalize the Services for you;
- To access and use our Services, update your account, and adjust your preferences;
- To send you information about your account, including service updates/outages, customer support messages, payment reminders, or other notifications regarding our Services and/or your Workfront account;
- To send you marketing or promotional content consistent with your preferences (i.e., whether you have consented to receive these messages or have not opted-out);
- To better understand our customers, improve our website and Services, and develop new product features;
- To enable our service providers to perform services on our behalf;
- For monitoring web traffic and usage activity on our website for analytics purposes, troubleshooting, website availability, and to detect or prevent fraud;
- To track, for example, the total number of visitors to our web properties or Service, the number of visitors to each page, and the domain names of our visitors’ Internet service providers to make decisions on how to provide better products and better services for our users;
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with a valid court order, warrant, subpoena or similar legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence in accordance with our Law Enforcement Request Process; (d) to enforce our rights and compliance with our terms of service; (e) to protect our operations or those of any of our ffiliates; (f) to protect the rights, privacy, safety or property, a of Workfront, our Affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
|Processing Purpose/Activity||Legal Basis|
|Administer the Service||Performance of a Contract|
|Personalize the Services for you||Performance of a Contract|
|Enable your access to and use of the Service||Performance of a Contract|
|Supply you access to the services that you purchase||Performance of a Contract|
|For customer announcements, statements and invoices||Performance of a Contract|
|Direct Marketing (B2B) communications; these include an unsubscribe option for users who wish to exercise their choice to decline to participate in these communications||
Legitimate Interest (where we do not rely on your consent)
|Data analytics to improve our products/services, customer relationships and experiences||Performance of a Contract|
3. How Does Workfront Secure Personal Data About Me?
We take commercially reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing. These technical and organizational measures ensure a level of security appropriate to the level of risk and nature of Personal Data involved. Although Workfront seeks to protect the privacy of others who use our Service, it is impossible to protect Personal Data against all potential risks.
4. International transfer of Personal Data
Workfront is located in the United States. Your Personal Data may be collected, transferred and stored in the United States and by our affiliates and service providers in other countries where we operate. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.
Your Personal Data may be processed outside the European Economic Area (EEA), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA. Where appropriate, we have in place data transfer safeguards including t Standard Contractual Clauses (SCCs) for the lawful transfer of Personal Data to restricted third countries and other legal mechanisms as appropriate to govern such transfers. In addition, we require the recipients of such transfers to apply an adequate level of protection to your Personal Data.
Privacy Shield Statement
Workfront Inc. (our U.S. company) has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the transfer of personal information from the European Economic Area (EEA), the United Kingdom and Switzerland to the United States. Although the EU-U.S. and Swiss-U.S. Privacy Shield have been ruled invalid for the transfer of data, where personal information has already been transferred to the U.S. on the basis of the EU-U.S. or Swiss-U.S. Privacy Shield, we will continue to protect personal information from the EU, the United Kingdom and Switzerland according to the standards of the Privacy Shield and applicable EU law. To learn more about the Privacy Shield programme please see https://www.privacyshield.gov/ or to view the certification for Workfront Inc., https://www.privacyshield.gov/participant?id=a2zt0000000L1HHAA0&status=Active.
For users who reside outside of North America, your relationship is with Workfront Limited, which is the “data controller” with regard to EU personal information collected by Workfront. Your personal information may be transferred to Workfront Inc. as described above.
With respect to personal information processed on behalf of our EEA, United Kingdom and Swiss business customers, under EU privacy laws, Workfront Ltd. is generally considered a “data processor.” For example, an EEA business customer may use Adobe Sign to process documents containing names, email addresses and other personal information about its consumers. As part of Adobe providing services to the business customer, this personal information of consumers may be transferred by Workfront Ltd., to Workfront Inc., under Standard Contractual Clauses, as described above.
In compliance with the Privacy Shield Principles, Workfront commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy, please contact us [email protected].
Workfront Inc., has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data and human resources data transferred from the EU and Switzerland in the context of the employment relationship.
If we do not resolve your complaint, Workfront Inc., has chosen to cooperate with a dispute resolution provider established by the Association of National Advertisers (ANA), who will hear such complaints (more information). You may also have a right to invoke binding arbitration for unresolved complaints (more information). Workfront Inc., is subject to the investigatory and enforcement powers of the FTC.
Attn: Privacy Shield
2020 K Street NW, Suite 660 | Washington, DC 20006
5. How Can Individuals Exercise their Rights as Data Subjects?
As an individual you have certain rights in connection with the processing of your Personal Data. Depending on the applicable laws and location these rights may include:
- To access your Personal Data held by us (right to access);
- To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to rectification);
- To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
- To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing);
- To transfer your Personal Data to another controller, to the extent possible (right to data portability);
- To object to any processing of your Personal Data carried out (such as where we are using your Personal Data for direct marketing), you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our websites; and
- To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
- To not be subjected to discrimination (Right to non-discrimination)
- To Opt Out of Selling of Personal Information (Right to Opt Out of Sales)
To exercise your rights, please contact us by email ([email protected]). To the extent Workfront is the Data Controller for the Personal Data covered by the request, we will respond in accordance with applicable law.
As a Data Processor, Workfront has an obligation to “assist the controller” in responding to requests of Data Subjects to exercise their rights under applicable Data Protections Laws and shall not respond to any such requests or complaints directly. Instead, Workfront will attempt to forward the request on to the appropriate Data Controller, if known.
If you are a resident of California, under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our websites. Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another visitor to our websites.
6. What Choices Do I Have?
Individuals may choose whether to permit Workfront to process their Personal Data for certain purposes. For example, we will ask for your consent before we share your Personal Data with third parties for their own marketing purposes, if we want to use your data for a purpose that is materially different than for which it was originally provided, and for other reasons as may be required by applicable law. You may opt-out of these activities at any time by withdrawing your consent for processing. Please contact us at the email provided below if you wish to do so.
When you share your contact information with Workfront to receive or access information about Workfront’s Services, features, or products (e.g. when requesting a ‘demo’ of our product), you agree to occasionally receive newsletters, product announcements, promotional materials, and other information about Workfront by email . You may choose not to provide your Personal Data for this purpose; you may also opt-out of receiving Workfront marketing communications at any time by using the “Unsubscribe” option available via link in these email communications. You may also ask us to opt you out of receiving our marketing materials by contacting us at the email provided below. contact using the details provided at the end of this privacy notice.
7. For How Long Will Workfront Retain My Personal Data?
Workfront will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was intended. We may also retain it to comply with legal, regulatory, accounting, or reporting requirements and for the establishment, exercise or defence of legal claims in the countries where we do business.
Where we process your Personal Data for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a permanent record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future.
Unless otherwise noted, Personal Data will otherwise be deleted in accordance with applicable law.
8. Third Party Sites
When you interact with us through the Service, we and third parties that provide functionality on the Service, may engage, receive, collect and store certain types of information through automatic data collection tools including cookies, encrypted authentication tokens and similar technology. Such information, which is collected passively using various technologies, may include but is not limited to information about your device, referring/exit pages and URLs and number of clicks. Workfront may store such information itself or such information may be included in databases owned and maintained by Workfront affiliates, agents or third party service providers.
The Workfront website and online Service may contain links to other web sites and/or services not operated or controlled by Workfront (the “Third Party Sites”). This Privacy Notice does not apply to the Third Party Sites and Workfront is not responsible for them. Please review the Privacy Notice of any Third Party Sites before sharing Personal Data with them as their processing of your Personal Data may be governed by them.
9. Can Children Use Workfront’s Sites?
Workfront does not intentionally market or collect Personal Data from children. If you are under the age of 18, please do not use Workfront’s website or Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Notice by instructing their children never to provide Personal Data on the Service without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to Workfront, please contact us below, and we will delete that information.
10. How Will Workfront Disclose Personal Data?
There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
Business Transfers: As we develop our business, we might decide to sell or buy businesses or assets. In connection with any potential or actual corporate sale, merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution or similar event or transaction, Personal Data may be disclosed to third parties as it may be part of the assets potentially transferred or otherwise relevant to the transaction.
Agents, Consultants and Third Parties: Like many businesses, Workfront sometimes hires other companies to perform certain business-related functions, including to help us understand and improve the use of our Service. We may share any information we receive with vendors and service providers retained in connection with the operation of our business. Workfront will remain liable for onward transfers of Personal Data to its subcontractors and third-party agents.
Legal Requirements: Workfront may disclose your Personal Data if requested, subpoenaed and/or if we are required to do so by law, regulation, legal process, or by any court of competent jurisdiction or any inquiry or investigation by any governmental, official or regulatory body which is lawfully entitled to require any such disclosure, or otherwise in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Workfront or a third party, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect Workfront against potential legal liability.
11. Do Not Sell My Personal Information
We do not sell, rent, or share your Personal Data third party Advertisers for their own marketing purposes, unless you choose in advance to have such information shared for this purpose. Workfront does not provide Personal Data to any third party in exchange for valuable consideration.
Workfront may make changes to this Privacy Notice from time to time in line with changes to applicable law or our privacy practices. We reserve the right to update or modify this Privacy Notice at any time. Please review this Notice periodically, and especially before you provide any Personal Data. This Privacy Notice was last updated on the date indicated at the top of the page. Your use of the Service after any changes or revisions to this Privacy Notice indicate your agreement with the terms of such revised Privacy Notice.
13. Questions, Concerns or Complaints
Please feel free to contact us if you have any questions about our Privacy Notice or the information practices using the details set out below:
Email: [email protected]
Postal mail: 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland.
If you have unresolved concerns, you have the right to report them to your local privacy regulator or data protection authority and, where applicable, you also have the right to lodge a complaint with Workfront’s lead supervisory authority, the Information Commissioner’s Office.