Effective Date: July 16, 2018
Welcome to this American Payroll Association website, owned and produced by the American Payroll Association ("APA", "we", "us" and "our"). Our websites are available to all visitors, although some content and features are restricted to APA members.
The APA will update this policy from time to time, so please check back periodically. If at any point we decide to use personal information in a manner different from that stated at the time it was collected, we will post such changes prior to implementing them.
American Payroll Association
660 N. Main, Suite 100
San Antonio, TX 78205
What personal information does APA collect?
Our goal is to become your destination for payroll-related information by providing information, services, and product offerings that are most relevant to you in the most convenient way. To achieve this goal, the APA collects personal information about site visitors. Personal information is any information that identifies you or makes you identifiable. We may collect personal information in the following ways:
What are "cookies" and how does APA use them?
We use the cookies described below on our Services:
- Strictly Necessary: Some of the cookies we use are necessary to provide our Services to you. For example, these cookies help you: see the right information when you login to our Services; navigate from page to page without having to sign in on every page; detect, prevent, and mitigate malicious and fraudulent activities on our Services; support and enable other security features. Without such cookies, some of our Services cannot be provided to you.
- Functional: Functional cookies collect information about how you use our Services, provide you with certain functions on our Services, and they remember your preferences. For example, these cookies allow our Services to remember your language selection or username as you navigate through our Services. Functional cookies also perform important functions for your use of the Services.
- Analytics, Performance, and Research: These cookies help us understand how well our Services are doing. They collect information about your use and interaction with our Services so that we can continue to improve and expand our Services.
- Marketing: Our marketing cookies allow us to collect information about your interactions with our marketing activities, such as parts of our website and our emails. Such cookies measure how you interact with our marketing communications to determine, among other things, how effective a marketing campaign is. For example, we may measure whether certain marketing communications resulted in purchases.
- Advertising: These cookies deliver relevant advertisements to you off of our Services. Our advertising partners will collect information about your interaction with their advertisements to measure the effectiveness of our advertising campaign and to deliver advertisements that are more relevant to you and your interests.
The length of time a cookie will stay on your browsing device depends on whether it is a "persistent" or "session" cookie. Each category of cookie listed above is either a session cookie or persistent cookie.
We use "persistent cookies" to save information about you for longer periods of time, such as your registration ID and login password for future logins to the Service. We also use "session cookies" to collect and store information about you until you close your browser, such as information about your interactions with the Service.
Persistent cookies are stored for varied lengths of time depending on the purpose of the cookie collection and tool used. You can delete cookie data as described below.
Below we describe how you can manage first-party and third-party cookies on our Services:
- First-Party Cookies: You can enable, disable or delete cookies via your browser settings. To do this, follow the instructions provided by your browser, usually located within the "Help," "Tools," or "Edit" settings of your browser. Please be aware that if you set disable cookies on your browser, you may not be able to access secure areas of the Services and parts of the Services may also not work properly (e.g., referral links, preferences, etc.).
Many browser manufacturers provide helpful information about cookie management, including, but not limited to:
- Google Chrome
- Internet Explorer
- Mozilla Firefox
- Safari (Desktop) or Safari (Mobile)
- Android Browser
If you use a different browser than those listed above, please refer to your specific browser's documentation. You can also find out more information about how to change your browser cookie settings at www.allaboutcookies.org.
- Third-Party Cookies: Any cookies that are placed on your browsing device by a third party can be managed through your browser (as described above) or by checking the third party's website for more information about cookie management and how to "opt-out" of receiving cookies from them.
How does APA use the personal information it collects?
The APA collects information to provide you with the Services you request and to improve our websites. Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. In general, we use personal information to create, develop, operate, deliver, and improve our Services, content, and advertising. Your relationship with APA will determine which purposes apply to you. Examples of how we may use this information include:
- To Provide You With Services. When you access our website or otherwise use your Services, we collect certain information about you to be able to support your requests and manage your membership. For example, we may collect information about you and your company when you complete an inquiry form on our Services to hear more about our products and services. We cannot provide you with our Services without processing your personal information.
- Enforce Our Terms, Agreements or Policies. We process your personal information to enforce certain terms, agreements, and policies relevant to our relationship with you, including any agreements with third-party partners. We will also collect fees based on your use of the Services, and actively monitor, investigate, prevent or mitigate any alleged or actual prohibited, illicit, or illegal activities on our Services. This processing allows us to maintain a trusted environment for you. We cannot perform the Services without such processing.
- To Provide Customer Support. Whenever you contact us for customer support or any other reason (e.g., diagnose or fix technology problems, provide feedback, notify us of a dispute, etc.), we process any information you provide to us and any information we already have about you. Without processing your personal information for such purposes, we cannot respond to you or ensure your continued use and enjoyment of the Services.
- To Provide Secure Services. We are committed to ensuring your personal information is processed securely on our Services. To maintain the security of our Services, we may process your personal information to investigate, detect, prevent or report fraud, misrepresentation, security incidents or breaches, spam, malware, malicious activities or other prohibited or illegal activities. In addition, we process your personal information to improve the security of our Services. We cannot provide the Services securely without such processing.
- To Develop New Ways to Understand Our Members' Requirements. We process your personal information to strengthen our understanding of our members' needs and goals in using the Services, so that we may anticipate new features or products that will enhance our members' experiences and otherwise maintain and improve the Services.
- To Conduct Research and Product Development. We may process your personal information to improve, optimize or expand our Services or features of our Services. We do so by processing information about your use of the Services, any information you provide to us (e.g., feedback, survey responses, etc.) and by measuring, tracking and analyzing trends and usage in connection to your use or the performance of our Services. Without processing your information for such purposes, we may not be able to ensure your continued enjoyment of part or all of our Services.
- To Engage in Marketing Activities. We may process your personal information to: send you marketing communications; run contests, special offers or other events or activities; send you information about opportunities, products, services, contests, promotions, discounts, incentives, surveys, and rewards offered by us and select partners; or otherwise market our products and services, including targeted marketing. When you share your friends' or business partners' contact information with us, we may reach out to them on your behalf in accordance with applicable laws. You can unsubscribe from marketing communications at any time and without charge.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. Data collection that is optional will be clearly stated when collected. However, if you decide not to share required personal information with us, it may delay or stop us from meeting our obligations and this can also mean that we cannot perform Services needed to carry out requested transactions. We are required to collect certain personal information by law, and/or under the terms of a contract we have with you. By not sharing the required data with us, it may lead to cancelling a Service you have with us.
How does APA share my personal information?
We may share your information as follows.
- Affiliated Businesses. We may share your personal information with group companies and affiliates. Affiliated businesses may use your information to help provide, understand, and improve the Services and affiliates' own services.
- Our Service Providers, Business Partners, and Others. We may share your personal information with our service providers, business partners or third-party organizations that help us provide the Services to you. Such entities will be given access to your information as is reasonably necessary to provide the Service under contractual obligations at least as protective as this Policy.
- Anonymous or Aggregate Data. We may share anonymized or aggregated information with any third parties. Such information no longer reasonably identifies you. For instance, we disclose to third-party sponsors/advertisers aggregate statistics (i.e., impressions and click-throughs on a company's advertisement). Also, we may share aggregate website statistics with the media or other third parties. No personally identifiable information is disclosed to these sponsors/advertisers or other third parties as part of this process – only information in an aggregate form.
- Change of Control. We may share your personal information with a subsequent owner, co-owner, or operator of our Services, or in connection with a corporate merger, consolidation, or restructuring; financing, acquisition, divestiture, or dissolution of all or some portion of our business; or other corporate change. We will notify you with any choices you may have regarding your information.
- Safety and Legal Compliance. We may share your personal information if we believe that such disclosure is necessary to: comply with any applicable laws, regulations, legal processes or requests by public authorities (e.g., law enforcement, tax authorities, etc.); protect you, us or our other users' rights or property, or to protect our Services; comply with or enforce our terms, agreements or policies.
How long does APA keep my personal information?
We generally retain your personal information as long as necessary to fulfill the purposes of collection or to comply with applicable law. Otherwise we will try to delete your personal information upon your request or when we no longer need it for the purposes for which we originally collected it.
We recognize that retention requirements can vary between jurisdictions, but we generally apply the retention periods described below.
- Marketing Contact Information. We will retain your marketing contact information until you unsubscribe from our marketing communications. Upon your request to unsubscribe, we will store your contact information on our suppression list to ensure we do not send you marketing communications in the future.
- Information About Your Use of the Services. We collect information about your interactions with our Services and we may store such information indefinitely for the establishment or defense of legal claims, audit, or fraud and/or crime prevention purposes.
- Web Behavior Data. Any cookie information, including information collected via web beacons, flash cookies, or pixels, is retained up to one year from expiry of the cookie or the date of collection.
What kinds of security procedures are in place to protect against the loss, misuse, or alteration of your information?
This APA website has security measures, such as firewalls, in place to attempt to protect against the loss, misuse, and alteration of your user data under our control. The APA has implemented strict rules for employees who have access either to the databases that store user information or to the servers that host our services. While we cannot guarantee that loss, misuse, or alteration to data will not occur, we take many precautions to prevent such unfortunate occurrences. Any other particularly sensitive information, such as your credit card number, collected for a commerce transaction, is encrypted prior to transmission.
You are ultimately responsible for the security of your APA ID and password. You may not share your APA ID and password with colleagues or friends so they can access content or features on this APA website that are restricted to APA members only. You should log out of your browser at the end of each computer session to ensure that others cannot access your personal information and correspondence, especially if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe.
How can APA members and customers modify their personal information?
APA members and customers have the following options for changing and modifying information previously provided. Log on to the APA website, then select or search for "My Account," or contact our membership services at the address listed above.
Individuals located in the European Economic Area, the United Kingdom, or Switzerland (collectively "Designated Countries") at the time of data collection should refer to the "Notice to Individuals in the European Economic Area and Switzerland" section below for more information regarding your rights under the applicable law.
What is the opt-out policy for APA websites?
The APA provides members the opportunity to opt-out of receiving communications from us. If you no longer wish to receive specific communications or services such as mail, email, faxes, or electronic newsletters, you have the following options: Log on to the APA website, from any page on the website, and click on "Edit My Profile." Scroll down to identify the communications and services you do or do not wish to receive, or contact us at the email and/or mailing address identified above.
Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Services.
Does APA collect children's personal information?
We do not knowingly request or collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, APA will require the user to close his or her account. We will also take steps to delete the information as soon as possible. Please contact us at email@example.com if you believe we have inadvertently collected personal information from an individual under 18 without proper consents so that we may delete such information as soon as possible.
Notice to Individuals in the European Economic Area, United Kingdom, and Switzerland
This section only applies to individuals using or accessing our Service while located in the European Economic Area, United Kingdom, and/or Switzerland (collectively, the "Designated Countries") at the time of data collection.
We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in the Designated Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in the Designated Countries.
- Our Relationship to You. APA is a data controller with regard to any personal information collected from individuals accessing or using its Services. A "data controller" is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that handle your personal information in accordance with our instructions are our service providers and are "data processors."
You are a "User." Users are individuals providing personal information to us via our Services, such as by sending us an inquiry form, signing up for our newsletter(s), or otherwise accessing or using our Services.
- Legal Bases for Processing Personal Information. Below is a list indicating the purposes and legal bases we rely on in processing personal information.
Purposes of Processing
- To Provide You with Services
- To Enforce our Terms, Agreements or Policies
- To Provide Customer Support
- To Provide You with Administrative Communications
- To Provide Secure Services
- Legal Basis: Our processing is based on our contract obligations or to take steps at the request of the individual prior to entering into a contract.
- Our Service Providers, Business Partners and Others
- Affiliated Businesses
- To Conduct Research and Product Development
- Change of Control
- To Develop New Ways to Understand Our Members' Requirements
- Legal Basis: Our processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
- Maintain Legal or Regulatory Compliance
- Safety and Legal Compliance
- Legal Basis: Our processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
- Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law, or the individual's consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information in this way, or to disclose your personal information to third parties for marketing purposes, please click an unsubscribe link in your emails or contact us at firstname.lastname@example.org. You can object to direct marketing at any time and free of charge.
- Individual Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other's privacy; (c) to protect our rights and properties; or (4) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at email@example.com. We may seek to verify your identity when we receive an individual rights request from you to ensure the security of your personal information.
- Right to withdraw consent. For any consent-based processing of your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.
- Right of access. Upon your request, we will provide you with a copy of your personal information in our files without undue delay and free of charge, unless we are permitted by law to charge a fee. Your access may be limited to the extent it would adversely affect the rights and freedoms of other individuals.
- Right to rectification (or "correction"). You may request to correct or update any of your personal information in our files. We may provide you with the ability to update some or all of your personal information directly via the Services.
- Right to erasure (or the "Right to be Forgotten"). Upon your request, we will erase any of your personal information in our files that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to, but later withdrew such consent; or was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing.
- Right to restriction. You have the right to restrict our processing of your personal information where one of the following conditions applies:
- You contest the accuracy of your personal information that we processed. If you restrict processing based on this condition, you may experience an interruption of some or all of the Services during the period necessary for us to verify the accuracy of your personal information;
- The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead;
- We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defend against legal claims; or
- You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.
- Right to object to processing. You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal bases of: consent; contract; or legitimate interests. We may continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Right to data portability. If we process your personal information based in a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another "controller," where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. Your right to data portability only applies to personal information provided by you to us.
- Notification to third parties. When we fulfill your individual rights requests for correction (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves disproportionate effort. Upon your request, we will identify such third parties.
- Transfer of Your Personal Information. We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the Designated Countries, we have the required contractual provisions for transferring personal information in place with the third-parties to which your information is transferred.
- Right to Lodge Complaint. If you believe we have infringed or violated your privacy rights, please contact us at firstname.lastname@example.org so that we may resolve your dispute directly. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement.
Do Not Track Policy
California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated "Do Not Track" features. Most of these features, when turned on, send a signal or preference to the website or online service that a user visits, indicating that the user does not wish to be tracked. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals. We continue to work with the online industry to define a common understanding of how to treat Do Not Track signals.
California Privacy Rights
If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your personal information with third parties for the third parties' direct marketing purposes. California law provides that you have the right to submit a request to us at our designated address and receive the following information: (a) the categories of information we disclosed to third parties for the third parties' direct marketing purposes during the preceding calendar year; and (b) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.
You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually. You may make such a request by emailing email@example.com.
Fraudulent emails adopt many different forms and are the unauthorized actions of third parties not associated with the APA. These email messages, also known as "phishing" or "spoofing," are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers. Learn more about protecting yourself from fraud.
Please be advised that the APA does not request payments, personal information, financial information, account numbers, IDs, passwords, or copies of invoices in an unsolicited manner through email, mail, phone, or fax. The APA also does not provide our list to other organizations to sell. The APA accepts no responsibility for any costs or charges incurred as a result of fraudulent activity.