At PayScale, our mission is to help companies bring modern compensation to life. In support of this mission, it is critical our customers have confidence in the privacy and security of our products. We have designed PayScale products with advanced security technologies to keep the data you provide us safe and we have put in place mechanisms to allow PayScale and our customers to comply with applicable data protection laws.
We leverage industry standard security solutions and practices. PayScale maintains a comprehensive set of IT controls to enable our products to meet compliance obligations and provide our customers secure solutions. Our IT controls include:
- Secure Facilities – The facilities that store your data includes multiple layers of physical security, such as 24-hour physical security, palm print, and RFID and ID identification systems.
- Perimeter Security – Our perimeter network infrastructure is protected by multiple levels of security. We use network segmentation, as well as Group Security Policies, Network Authentication, and Firewalls to restrict and protect our infrastructure.
- Limited Access to Customer Data – PayScale employees do not have direct access to data uploaded or entered by our customers into our products. Our corporate networks are restricted from accessing sensitive data and only authorized employees have access to customer data. PayScale uses modern SSL and HTTPS encryption to protect customer data and communications between our customers and our products.
- Prevention of Unauthorized Access – Customers can only access PayScale products by providing an authenticated username and password combination. Only requests coming from an authenticated user on an HTTPS encrypted connection are allowed access to our servers.
If you have purchased a PayScale product and desire additional information about the IT controls or other security measures we have in place, please email firstname.lastname@example.org and include in your message the name of the organization you are contacting us on behalf of and the PayScale product used by such organization so we can provide you the appropriate information.
Data Protection Laws
PayScale is committed to complying with applicable data protection laws, such as the European Union (“EU”) data protection laws set out in the General Data Protection Regulation (“GDPR”). GDPR becomes enforceable on May 25, 2018, and here at PayScale we’ve been hard at work preparing for GDPR by putting in place measures to ensure that we and our customers comply with GDPR requirements.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation that will replace the EU Data Protection Directive (“Directive 95/46/EC”). The goal of GDPR is to strengthen the security and protection of personal data in the EU and create consistency across EU member states on how personal data can be processed, used, and exchanged.
If a company hosts, collects, stores, or otherwise processes any personal data of an EU citizen (such as an EU citizen’s name or email address), GDPR requires such company to use data processors that implement the technical and organizational requirements of GDPR. For our customers that use PayScale products that potentially process personal data of an EU citizen, we have developed a Data Processing Addendum that is tailored to our products and includes contractual commitments regarding our compliance with EU data protection laws, including, GDPR. Please email email@example.com to receive a copy of our Data Processing Addendum and include in the message the name of the organization you are contacting us on behalf of and the PayScale product used by such organization.
Additionally, for transparency and to comply with applicable data protection laws, PayScale maintains a list of sub-processors. This list of sub-processors includes our third-party suppliers that we engage to allow us to provide you our products and run our business. The sub-processors listed store, have potential access to, or process personal data of an EU citizen. You can find information about our current sub-processors here:
What is the Privacy Shield?
The U.S. Department of Commerce, with the European Commission and the Swiss government, created the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to provide companies with a mechanism to transfer personal data from the EU to the United States in a manner that provides an adequate level of protection under EU data protection laws.
PayScale has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to the U.S. Department of Commerce and has been added to the Department of Commerce’s list of self-certified Privacy Shield participants. Our certifications confirm that we comply with the Privacy Shield Principles for the transfer of European and Swiss personal data to the United States. To learn about how we comply with the Privacy Shield principles, go to www.payscale.com/content/legal/privacyshield.pdf. You can learn more about the Privacy Shield and view our certification here.