Workplace Marketing Privacy Policy

Effective October 10, 2023
TABLE OF CONTENTS
  1. Legal information
  2. Information we collect
  3. How we process your information
  4. Information we share
  5. How to exercise your rights
  6. Retention of your information
  7. Our global operations
  8. Our legal bases for processing
  9. Updates to the Privacy Policy
  10. Who is responsible for your information
  11. Contact Us

1. Legal Information

This privacy policy (“Privacy Policy”) explains our data practices in connection with the provision of our Websites, including workplace.com (“Sites”) (as distinct from the Workplace Services), and our marketing and feedback based activities (collectively “Activities”). In this Privacy Policy, we describe the information we collect about you in connection with our Sites and Activities. We then explain how we process and share this information and how you can exercise rights that you may have.
“Meta”, “we”, “our” or “us” means the Meta entity responsible for the collection and use of personal data under this Privacy Policy as set out in “Who is responsible for your information”.
Workplace Services: This Privacy Policy does not apply to your use of the online Workplace product that we provide to our customers, which allows users to collaborate and share information at work, including the Workplace product, apps and related online services (together the "Workplace Services"). Your use of the Workplace Services is governed by the “Workplace Privacy Policy” found here.

2. Information we collect

We collect the following information about you:
Your Contact Information. We collect your email address and basic information such as your name, job title, organisation name and phone number when you, for example, request information in connection with our products, including Workplace, download resources, sign-up for marketing materials, request a free trial or attend one of our events or conventions. If you don’t provide us with this information, you will not be able to create an account to start your free Workplace trial, for example. If you are the administrator of your organisation’s account, we collect your contact information when you consent to receiving marketing-related electronic communications from us.
Information You Give Us. When you contact us, you may provide us with other information. The type of information depends on why you contact us. For example, if you have an issue related to your use of our Sites, you may provide us information you consider helpful to deal with your issue, along with details of how to contact you (e.g., an email address). For example, you may send us an email with information relating to our Site performance or other issues. Similarly, if you ask us for information about the Workplace Services, for example, you may tell us about where you work or other information to help us respond to your query.
Survey and Feedback Information. We also obtain information about you when you optionally participate in one of our surveys or feedback panels. For example,we work with third-party service providers who conduct surveys and feedback panels for us, such as hosting a community of Workplace customers who have opted to be part of a feedback panel. These companies provide us with information they collect about you in certain circumstances, including your age, gender, email, details about your business role and ways you use our products, and your feedback that you provide.
Usage And Log Information. We collect information about your activity on our Sites, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Site, and the time, frequency, and duration of your activities), log files, and diagnostic, crash, website, and performance logs and reports.
Device And Connection Information. We collect device and connection-specific information when you access or use our Sites. This includes information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Meta Company Products associated with the same device or account).
Cookies. Our Sites use cookies. A cookie is a tiny element of data that our Site sends to a user’s browser, which may then be stored on the user’s hard drive so that we can recognise the user’s computer or device when they return. We also use other technologies that have a similar function. You can learn more about how we use cookies and similar technologies on our Workplace Site in our Cookies Policy.
Third Party Information. Where we work with third-party service providers and partners to help us operate, provide, improve, understand, customise, and support our Sites or Activities, we collect information from them about you.
Meta Companies. We collect information from infrastructure, systems and technology shared with other Meta Companies in specific circumstances. We also process information about you across Meta Company Products and across your devices according to each product’s terms and policies and as permitted by applicable law.
The information collected when you use the Workplace Services is subject to the Workplace Privacy Policy which governs how your information is processed when you use the Workplace Services.

3. How we process your information

We use information we have (subject to choices you make and applicable law) to operate, provide, improve, understand, customise, and support our Sites and Activities.
Provide, improve and develop our Site and Activities.
We analyse your information to provide, improve and develop our Site and Activities. This includes allowing you to generally use and navigate our Sites, contact us for more information, access additional resources and sign up for free trials. We will also use your information to carry out our marketing activities in accordance with this Privacy Policy. We also use your information to provide, improve and develop surveys and/or feedback panels that you have joined.
Understand What Customers Want and Like.
We consider and analyse your information and feedback if you participate in a feedback panel or other feedback studies (such as where, for example, you test new concepts and preview Workplace features). We do this to understand what customers want and like to, for example, inform whether to change or introduce new features of Workplace or other products and services and get other insights. The information obtained from your participation in a feedback panel or other feedback studies will be aggregated and used in a de-identified form and if a quotation or sentiment is used in a feedback or insights report, the report won’t attribute this to you personally.
Communicate with you.
We use the information we have to send you marketing communications and generally communicate with you about our Sites and Activities, and let you know about our policies and terms where applicable. We also use your information to respond to you when you contact us.
Provide, personalise, measure and improve our marketing and advertising.
We may use your information for targeted ads, including via first party and third party networks and for creating lookalike audiences, custom audiences and measurement in first party and third party ad networks.
Promote safety, integrity and security.
We analyse your device and connection information to identify and investigate patterns of suspicious behaviour.
Preserve and share information with others including law enforcement and to respond to legal requests.
We process your information when we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others. This includes responding to legal requests where we are not compelled by applicable law but have a good faith belief it is required by law in the relevant jurisdiction or sharing information with law enforcement or industry partners to combat abusive or illegal behaviour. For example, we preserve a snapshot of user information when requested by law enforcement where necessary for the purposes of an investigation. We preserve and share information when we seek legal advice or seek to protect ourselves in the context of litigation and other disputes. This includes matters such as violations of our terms and policies. In some instances, failure to provide us with your personal information when required by law may cause you and Meta to violate the applicable law.

4. Information we share

We require partners and third parties to follow rules about how they can and cannot use and disclose the information that we provide. Here’s more detail about who we share information with:
Third Party Partners and Service Providers: We work with third-party partners and third-party service providers to help us undertake our Sites and Activities. Depending on how they support or work with us, when we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms. We work with different types of partners and service providers, namely those who support us with marketing, analytics, surveys, feedback panels, and improving products and services.
Meta Companies: We share information we collect in connection with our Activities or via our Sites, infrastructure, systems and technology with other Meta Companies. Sharing helps us to promote safety, security and integrity; personalise offers and ads; comply with applicable laws; develop and provide features and integrations; and understand how people use and interact with Meta Company Products.
Legal and Compliance: We may access, preserve, use and share your information (i) in response to legal requests, such as search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. We may also share your information with other organisations, including other Meta companies or third parties, who assist us with investigating and responding to such requests, (ii) in accordance with applicable law, and (iii) to promote the safety, security and integrity of Meta Products, users, employees, property and the public. This includes for the purposes of investigating a breach of an agreement, violations of our terms or policies or contravention of law or detecting, addressing or preventing fraud. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
Sale of Business: If we sell or transfer all or part of our business to someone else, then we may give the new owner your information as part of that transaction, in line with applicable law.

5. How to exercise your rights

You have rights in relation to your personal information, depending on applicable law and where you reside. While some of these rights apply generally, certain rights apply only in limited cases or in certain jurisdictions. You can exercise your rights by contacting us here.
  • Right of access/to know - You have a right to request access to your information and to be provided with a copy of certain information including the categories of your personal information we collect, use and disclose, and information about our data practices.
  • Right of rectification - You have the right to request that we rectify inaccurate personal information about you.
  • Right of erasure/to request deletion - You have the right, in certain cases, to request that we delete your personal information, provided there are valid grounds for doing so and subject to applicable law.
  • Right to data portability - You have the right to receive, in certain cases, your information in a structured, commonly used and machine-readable format and to transmit such information to another controller.
  • Right to object/opt out (marketing) - You have the right to object to processing for direct marketing, profiling and automated decision making purposes at any time. If we use your information for direct marketing, you can object and opt out of future direct marketing messages using the unsubscribe link in such communications.
  • Right to object - You have the right to object to and restrict certain processing of your information. You can object to our processing of your information when we rely on legitimate interests or perform a task in the public interest. We will consider several factors when assessing an objection, including: Unless we find that we have compelling legitimate grounds for this processing, which are not outweighed by your interests or fundamental rights and freedoms, or the processing is needed for legal reasons, your objection will be upheld, and we will cease processing your information. You can further use the "unsubscribe" link in our marketing communications to stop us from using your information for that direct marketing.
    • Your reasonable expectations
    • The benefits and risks to you, us, other users or third parties
    • Other available means to achieve the same purpose that may be less invasive and do not require disproportionate effort
  • Right to withdraw your consent - Where we have sought your consent for certain processing activities, you have the right to withdraw that consent at any time. Please note that the lawfulness of any processing undertaken prior to your withdrawal of consent shall not be affected by the withdrawal.
  • Right to complain - You can lodge a complaint with your local supervisory authority. Meta Platforms Ireland Limited's lead supervisory authority is the Irish Data Protection Commission.
  • Right to non-discrimination: We will not discriminate against you for exercising any of these rights.
Please note that to protect your information and the integrity of our Marketing Services, we may need to verify your identity before processing your request. In some cases we may need to collect additional information to verify your identity, such as a government issued ID in some jurisdictions. Under certain laws, you may exercise these rights yourself or you may designate an authorised agent to make these requests on your behalf.
Brazilian General Data Protection Law
This section applies to personal information processing activities under Brazilian law and supplements this Privacy Policy.
Under the Brazilian General Data Protection Law (the “LGPD”), you have the right to access, rectify, port, erase, and confirm that we process your data. In certain circumstances, you also have the right to object to and to restrict the processing of your personal information, or you may withdraw your consent when we process data you provide to us based on your consent. This Privacy Policy provides information about how we share data with third parties. To request more information about our data practices, click here.
You also have the right to petition the Brazilian Data Protection Authority by contacting the DPA directly.

6. Retention of your information

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. Meta will retain your information that we collect when you participate in a feedback panel or feedback studies for the duration of the project and for such time thereafter as required to conduct analyses, respond to peer review or otherwise verify the feedback. Meta will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your personal information to comply with applicable law), to resolve disputes and to enforce our terms. Once these retention timelines have passed and we have no further specific reason to retain that personal information, the relevant personal information will be deleted.

7. Our global operations

We share the information we collect globally, both internally across our offices and data centres, and externally with our vendors, service providers and third parties. Because Meta is global, with customers and employees around the world, transfers are necessary for a variety of reasons, including:
  • So we can operate and provide the services stated in the terms of this Privacy Policy
  • So we can fix, analyse and improve our products in accordance with this Privacy Policy
Where is information transferred?
Your information will be transferred or transmitted to, or stored and processed in:
  • Places we have infrastructure or data centres, including the United States, Ireland, Denmark and Sweden, among others
  • Countries where Workplace is available
  • Other countries where our vendors, service providers and third parties are located outside of the country where you live, for purposes as described in this Privacy Policy.
How do we safeguard your information?
We rely on appropriate mechanisms for international data transfers.
Mechanisms we use for global data transfers
We rely on appropriate mechanisms for international transfers. For example, for information we collect:
European Economic Area
  • We rely on decisions from the European Commission by which they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal data. These decisions are referred to as “adequacy decisions.” In particular, we transfer the information collected from the European Economic Area to Argentina, Israel, New Zealand, Switzerland and, where the decision is applicable, Canada based on the relevant adequacy decisions. Learn more about the adequacy decision for each country.Meta Platforms, Inc. has certified its participation in the EU-U.S. Data Privacy Framework. We rely on the EU-U.S. Data Privacy Framework, and the European Commission’s related adequacy decision, for transfers of information for the products and services specified in that certification. For more information, please review Meta Platforms, Inc.’s Data Privacy Framework Disclosure.
  • In other situations, we rely on standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) or on derogations provided for under applicable law to transfer information to a third country.
  • In addition, please review the additional steps we take to transfer your information securely.
If you have questions about our international data transfers and the standard contractual clauses, you can contact us.
Korea
Learn more about the privacy rights available to you, details about the third parties we share your information with, and other matters by reviewing our Korea Privacy Notice.
ROW:
  • In other situations, we rely on standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK, where appropriate) or on derogations provided for under applicable law to transfer information to a third country.
  • We rely on determinations from the European Commission, and from other relevant authorities, about whether other countries have adequate levels of data protection.
  • We use equivalent mechanisms under applicable laws that apply to data transfers to the United States and other relevant countries.
We also make sure that appropriate safeguards are in place whenever we transfer your information. For example, we encrypt your information when it’s in transit over public networks to protect it from unauthorised access.

8. Our Legal Bases for Processing

Under certain applicable data protection laws, companies must have a legal basis to process personal data. When we talk about "processing personal data," we mean the ways we collect, use and share your information, as we described in the other sections of this Privacy Policy above.
What is our legal basis?
Depending on your jurisdiction and your circumstances, we rely on different legal bases to process your information for the purposes described in this Privacy Policy. We may also rely on different legal bases when processing your same information for different purposes. In certain jurisdictions, we rely primarily on your consent to process your personal information. In other jurisdictions, including the European Region, we will rely on the legal bases below. For each legal basis below, we describe why we process your information.
Legitimate Interests
We rely on our legitimate interests or the legitimate interests of a third party where they are not outweighed by your interests or fundamental rights and freedoms (“legitimate interests”):
Why and how we process your informationLegitimate Interests relied onInformation Categories Used
To provide, improve and develop our Site and Activities, we:
Analyse your information and how you use our Site and use and engage with our Activities.
It is in our interest to understand our Site activity and to monitor and improve our Site.
It is in our interest to provide Marketing and Feedback Activities, to understand how you use these, and to develop and improve them.
  • Your Contact Information
  • Information You Give Us
  • Usage and Log Information
  • Device and Connection Information
  • Third Party Information
  • Cookies
To understand what users want and like, we:
Provide our Activities, including analysing your information and feedback if you participate in a feedback panel and other feedback studies where, for example, you test new concepts and preview Workplace features, for example.
The information obtained from your participation in the a feedback panel and other feedback studies will be aggregated and used in a de-identified form and if a quotation or sentiment is used in a feedback or insights report, the report won’t attribute this to you personally.
It is in our interest and in the interest of customers to know what customers want and like and use this to inform whether to change or introduce new features of Workplace or other products and services and get other insights.
  • Your Contact Information
  • Information You Give Us
  • Usage and Log Information
  • Device and Connection Information
  • Third Party Information
  • Cookies
To communicate with you and to send you marketing communications (where they are not based on consent).
If you sign up to receive email marketing communications such as newsletters, you can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email.
We communicate with you about our Activities and our policies and/or terms where relevant.
We also respond to you when you contact us.
It is in our interest to send you direct marketing communications to market our products and provide you with information on new or updated products of interest.
It is in our interest to communicate with you about our Activities.
It is in our interest and your interest to use your information to respond to you when you contact us.
  • Your Contact Information
  • Information You Give Us
To provide, personalise, measure and improve our marketing and advertising, we:
Use your information for targeted ads, including via first party and third party networks and for creating lookalike audiences, custom audiences and measurement in first party and third party ad networks
It is in our interest to undertake marketing and advertising activities.
  • Your Contact Information
  • Information You Give Us
  • Usage And Log Information
  • Device And Connection Information
  • Cookies
To promote safety, integrity and security, we:
Analyse your device and connection Information to identify and investigate patterns of suspicious behaviour.
It is in our interest and in the interest of users of our Sites and participants in our Marketing and Feedback Activities to secure related systems and fight spam, threats, abuse, or infringement activities and promote safety and security on the Sites and Activities.
  • Device And Connection Information
  • Usage And Log Information
  • Cookies
We preserve and share information with others including law enforcement and to respond to legal requests.
This includes responding to legal requests where we are not compelled by applicable law but have a good faith belief it is required by law in the relevant jurisdiction or sharing information with law enforcement or industry partners to combat abusive or illegal behaviour. For example, we preserve a snapshot of user information when requested by law enforcement where necessary for the purposes of an investigation.
It is in our interest and in the interest of our users to prevent and address fraud, unauthorised use of our Sites or Activities, violations of our terms and policies, or other harmful or illegal activity.
It is in our interest to protect ourselves (including our rights, personnel, property or products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
Relevant law enforcement, government, authorities and industry partners have a legitimate interest in investigating and combating abusive or illegal behaviour.
  • Your Contact Information
  • Information You Give Us
  • Device And Connection Information
  • Usage and Log Information
  • Third Party Information
  • Cookies
We preserve and share information when we seek legal advice or seek to protect ourselves in the context of litigation and other disputes. This includes matters such as violations of our terms and policies, where applicable.
It is in our interest and in the interest of our users to respond to complaints, prevent and address fraud, unauthorised use of our Sites and Activities, violations of applicable our terms and policies where applicable, or other harmful or illegal activity.
It is in our interest to seek legal advice and protect ourselves (including our rights, personnel, property or products), our users or others, including as part of investigations or regulatory inquiries and litigation or other disputes.
  • Your Contact Information
  • Information You Give Us
  • Device And Connection Information
  • Usage and Log Information
  • Third Party Information
  • Cookies
Your Consent
We process information for the purposes described below when you have given us your consent. The categories of information used and why and how it is processed are set out below:
Why And How We Process Your InformationInformation Categories Used
To send you marketing communications (where based on your consent),When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn by contacting us using the contact information set out below.
You can unsubscribe from email marketing communications at any time by clicking the “unsubscribe” link included at the bottom of each email.
  • Your Contact Information
Compliance With A Legal Obligation
We process information to comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request.
Why And How We Process Your InformationInformation Categories Used
For processing information when we comply with a legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others. For example, a search warrant or production order from Irish law enforcement to provide information in relation to an investigation, such as your IP address.
  • Your Contact Information
  • Information You Give Us
  • Device And Connection Information
  • Usage and Log Information
  • Third Party Information
  • Cookies
Protection Of Your Vital Interests Or Those Of Another Person
We process information when someone’s vital interests require protection.
Why And How We Process Your InformationInformation Categories Used
We share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests include protection of your or someone else’s life, physical or mental health, wellbeing or integrity or that of others.
  • Your Contact Information
  • Information You Give Us
  • Device And Connection Information
  • Usage and Log Information
  • Third Party Information
  • Cookies

9. Updates to the Privacy Policy

We may amend or update our Privacy Policy from time to time. We will post the new Privacy Policy, update the “Last Modified” date at the top and take any other steps required by applicable law. Please review our Privacy Policy from time to time.

10. Who is responsible for your information

We may amend or update our Privacy Policy from time to time. We will post the new Privacy Policy, update the “Last Modified” date at the top and take any other steps required by applicable law. Please review our Privacy Policy from time to time.
If you live in a country or territory in the “European Region” (which includes countries in the European Union and others: Andorra, Austria, Azores, Belgium, Bulgaria, Canary Islands, Channel Islands, Croatia, Czech Republic, Denmark, Estonia, Finland, France, French Guiana, Germany, Gibraltar, Greece, Guadeloupe, Hungary, Iceland, Ireland, Isle of Man, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Madeira, Malta, Martinique, Mayotte, Monaco, Netherlands, Norway, Poland, Portugal, Republic of Cyprus, Réunion, Romania, San Marino, Saint-Martin, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, United Kingdom sovereign bases in Cyprus (Akrotiri and Dhekelia), and Vatican City) or you otherwise live outside the US or Canada the data controller responsible for your information is Meta Platforms Ireland Limited.
If you live in the US or Canada the entity responsible for your information is Meta Platforms Inc.

11. Contact Us

If you have questions about this Privacy Policy, or have questions, complaints or requests regarding your personal information and our privacy policies and practices, you can contact us. You can contact us by email at workplace.team@fb.com or by mail at:
US & Canada:
Meta Platforms, Inc.
ATTN: Privacy Operations
1601 Willow Road
Menlo Park, CA 94025
Rest of World (including European Region):
Meta Platforms Ireland Limited
Merrion Road
Dublin 4
D04 X2K5
Ireland
The Data Protection Officer for Meta Platforms Ireland Limited can be contacted here.