Workplace Standard Privacy Policy

Workplace Standard allows users within the same organisation or workplace ("Business") or community that they are part of to collaborate, share and discover work information more effectively. This Privacy Policy describes how and when your information is collected, used and shared by Facebook when you, your colleagues, business associates or other users use the Workplace Standard platform (which includes the Workplace websites, apps and related online services that link to this Privacy Policy, which we call the "Services"). This Privacy Policy applies to your use of the Services. Other Facebook Services are governed by their own terms.
IMPORTANT NOTICE: We offer Businesses a Workplace Essential, Workplace Advanced or Workplace Enterprise option, which allows the Business to assume control of all Workplace Standard accounts which the Business can demonstrate email domain ownership over ("Upgraded Accounts") and upgrade these accounts to a new Workplace Essential, Workplace Advanced or Workplace Enterprise community. This gives the Business the ability to access, process and delete any data submitted or previously provided through the Services by Upgraded Users, including all files and communications, all groups and all Workplace Chat messages.
If you have joined Workplace Standard using an email address, phone number or any other credential that is not owned by a Business, but have shared content within a Business community (including all data shared in groups within that Business community and in Workplace Chat with Upgraded Users), then the Business, upon upgrading to a Workplace Essential, Workplace Advanced or Workplace Enterprise community, will have access to and control over all data submitted or provided through the Services within that Business group or community. This will include all files and communications previously shared and that you may share in the future with Upgraded Accounts in that Business group or community, including with Upgraded Users in Workplace Chat.
If the Business chooses to upgrade to Workplace Essential, Workplace Advanced or Workplace Enterprise, then you may have to accept a new set of terms at that time, including a new privacy policy and terms of use. For more information on the differences between Workplace Standard, Workplace Essential, Workplace Advanced and Workplace Enterprise or to upgrade your account, see here. If the Business elects to upgrade to Workplace Essential, Workplace Advanced or Workplace Enterprise, it will be that Business and not Facebook that shall determine how your information may be processed and used in that Workplace Business community, including information you previously shared on Workplace Standard within that Business group or community.
Please ensure that you have all necessary consents and permissions before you post any information about other users of the Services or your Business on Workplace.

I. What kinds of information do we collect?
Information you and others provide. We may collect the following kinds of information from and about you:
  • the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the date when a file was created. We also collect information about how you use our Services, such as the types of content that you view or engage with or the frequency and duration of your activities;
  • contact information, such as full name and email address, and any contact information relating to other users (such as telephone numbers or email addresses) that you choose to upload, sync or import (such as from your personal Facebook Account);
  • work title, department information, reporting structures and other information related to your work or Business;
  • communications and information that other people provide when they use the Services. This can include information about you, such as when others share or comment on a photo of you, send a message to you or upload, sync or import your contact information;
  • the content of all communications on or through the Services;
  • user communications, feedback, suggestions and ideas sent to us, or any other information that you provide to us when you or your Business contact or engage us for support regarding the Services;
  • information about the people and groups that you are connected to and how you interact with them, such as the people you communicate with the most or the groups you like to share with; and
  • any other information that you choose to upload, share with other users or provide to us directly through the Services.
Information that we collect from the Facebook Family of Companies and from other Facebook Services.
We may receive information about you from other Facebook Services that you choose to use, such as your personal Facebook account, and from other companies that are owned or operated by Facebook, in accordance with their terms and privacy policies. We may use this information for the purposes set out under the "How do we use this information?" section of this Privacy Policy. Learn more about these Facebook Companies and their privacy policies, as well as the Facebook Data Policy.
Information from third-party partners. We may also receive information from our third-party partners about you and your activities on and off Workplace, such as information from a partner when we jointly offer services to you.
Device information/Location.We may collect information from or about the computers, phones or other devices where you install or access our Services, including but not limited to device locations (including specific geographic locations), such as through GPS, Bluetooth or Wi-Fi signals. We may associate or link the information we collect from your different devices, which helps us to provide the Services consistently across your devices.
Log and cookie data. We automatically collect certain information provided by your browser or operating system through the Services, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about your activities and actions (such as the links that you click and pages that you view) within the Services and other standard server log information ("Log and Cookie Data").
We may set or log data stored in cookies or local storage objects to automatically collect this information. You can find out more about our use of cookies and related technologies, including the purposes for which we use them, by reading our Cookie Policy. By using the Services, you consent to our use of cookies and similar technologies as described in our Cookie Policy.
Your browser or device may offer settings related to these technologies. For more information about whether these settings are available, what they do and how they work, visit your browser or device's help material. We may not recognise or respond to browser or device signals around tracking, and some settings may interfere with your use of features that we offer. Additionally, the settings offered by a browser or device often only apply to that particular browser or device.

II. How do we use the information we collect?
Facebook will use the information that we collect to provide, develop, improve and monetise the Services, as well as the Facebook Services and those services provided by the Facebook Companies. Examples of such use include:
  • communicating with users regarding their use of the Services;
  • enhancing and promoting the security, integrity and safety of the Services for you and other users;
  • operating, maintaining and improving the systems and infrastructure that provide the Services and other Facebook Services (note that we use the same systems and infrastructure to support the Services and the Facebook Services). For example, we may use crash logs from your use of the Services to identify and fix bugs that may also be present in the Facebook Services;
  • personalising and customising your experiences as part of our provision of the Services, including presenting you with content, communications or topics (including paid content) that you may be interested in or that are popular or trending within your Business community;
  • developing new tools, products or services that we may introduce, which may develop and enrich your experience over time;
  • sending you marketing communications, communicating with you about our Services and letting you know about our policies and terms. We also use your information to respond to you when you contact us;
  • associating activity on our Services and the Facebook Services across different devices operated or used by the same individual to improve the Services and other Facebook Services that we provide; and
  • conducting data and system analytics, including research to improve the Services and the Facebook Services.

III. How is this information shared?
We may share the information we collect in the following circumstances:
  • to the community when you choose to share and communicate through the Services. You may be able to choose the audience who you choose to share content with, e.g. when you share content within a Group or when you use Workplace Chat;
  • to the Business in circumstances where the Business assumes control of its Workplace community, as described above and in the Workplace Standard Terms of Service. In such circumstances, the Business will have responsibility for the manner in which your information is used;
  • to third-party service providers who may assist in providing the Services or part of the Services;
  • to the Facebook Companies for the purposes set out above;
  • to third-party apps, websites or other services that you can connect to through the Services;
  • in connection with a substantial corporate transaction, such as the sale of our Services, a merger, consolidation, asset sale or in the unlikely event of bankruptcy or insolvency, or if the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner;
  • to help verify accounts and activity, and to promote safety and security on and off our Services and Facebook Services, such as by investigating suspicious activity or breaches of our terms or policies; and
  • as otherwise directed or authorised by you.
We may also share the information that we collect with third-party partners and customers who help us to provide and improve our Services or other Facebook Services or who use our advertising or related products, which makes it possible to provide Workplace Standard as a free service to you. We will not share information that personally identifies you (personally identifiable information is information such as a name or email address that can by itself be used to contact you or identify who you are) with advertising, measurement or analytics partners unless you give us permission. We may provide these partners with information about the reach and effectiveness of their advertising without providing information that personally identifies you, or if we have aggregated the information so that it does not personally identify you.
Legal requests. We may access, preserve and share your information in response to a legal request (e.g. a search warrant, court order or subpoena) if we have a good-faith belief that the law requires us to do so. This may include responding to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards. We may also access, preserve and share information when we have a good-faith belief that it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; or to prevent death or imminent bodily harm. For example, we may provide information to third-party partners about the reliability of your account to prevent fraud and abuse on and off our Services and other Facebook Services. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation or investigations concerning possible breaches of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for breaches of our terms for at least a year to prevent repeat abuse or other breaches of our terms.
Aggregate or de-identified data. We may also disclose information that has been aggregated or that otherwise does not personally identify you to third parties and affiliates who may, amongst other purposes, use it for analytics, trends and analysis to improve and provide our products and services as well as the products and services provided by the Facebook Companies.

IV. What is our legal basis for processing data?
We collect, use and share the data that we have in the ways described above:
  • as necessary to fulfil our Terms of Service;
  • as necessary to comply with our legal obligations; and
  • as necessary for our (or others') legitimate interests, including our interests in providing an innovative, personalised, safe and profitable Service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.

V. How can you exercise your rights provided under the GDPR?
Under the General Data Protection Regulation, you have the right to access, rectify, port and delete your data, as well as the right to restrict and object to certain processing of your data. This includes:
  • where you have agreed to direct marketing, the right to object to our processing of your data for that purpose, which you can exercise by using the "unsubscribe" link in such marketing communications; and
  • the right to object to our processing of your data where we are pursuing our legitimate interests or those of a third party, which you can exercise by requesting us to delete your account at any time.

VI. Data retention, account deactivation and deletion
We store data until it is no longer necessary to provide our Services or until your account is deleted – whichever comes first. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.
You can delete your account at any time. When you delete your account, we delete things you have posted. If you do not want to delete your account, but want to temporarily stop using Workplace Standard, we may offer you the choice to deactivate your account instead. To learn more about deleting your account, click here and to learn more about deactivating an account, click here. It may take up to 90 days to delete data stored in backup systems. Your information isn't accessible on Workplace during this time.

VII. How do you access and modify the information we hold about you?
You can find tools for managing, accessing and porting your data in your Workplace general account settings.
You access, correct or delete information that you have uploaded to the Services using the tools within the Services (for example, editing your profile information, via the activity log or downloading and porting your information via the Download Your Information tool accessible in your account settings) provided by us. Changes that you make to your information on the Services take immediate effect on your community, but data will be retained by Facebook in backup copies for a commercially reasonable amount of time.

VIII. Safety and security
We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services, such as by investigating suspicious activity or breaches of our terms or policies. We work hard to protect your account by using teams of engineers, automated systems and advanced technology such as encryption and machine learning. For example, we may deploy automated technologies to detect abusive behaviour and content, such as child pornography, which may harm our Services, you, other users or others. Some aspects of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and we recommend that you view the privacy policies of each website that you visit.

IX. How our global services operate
In providing the Services to you and in using the service providers referred to in this Privacy Policy, you understand that information may be stored or processed by us in different locations around the world. For example, information collected within the European Economic Area ("EEA") may be transferred to countries outside of the EEA for the purposes described in this policy. We utilise standard contract clauses approved by the European Commission, and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

X. How will we notify you of changes to this policy?
We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will provide appropriate notice to you, revise the "Effective date" date above and post the new Privacy Policy.

XI. How to contact Facebook with questions
If you have any questions about this Privacy Policy, or wish to learn more about Workplace generally, please contact us online or by post at:
Facebook, Inc.
1601 Willow Road
Menlo Park, CA 94025, USA (if you live outside of the EU)
OR
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland (if you live in the EU).
You can also contact the Data Protection Officer for Facebook Ireland Ltd.
Facebook Ireland Ltd. is regulated in Ireland by the Irish Data Protection Commissioner.

Last updated: 2 September 2019

Privacy notice for California residents (Date of last revision: 1 July 2020)

This California Privacy Notice ("Notice") is for California residents and supplements the above Workplace Standard Privacy Policy. It explains how we collect, use and share your Personal Information and how to exercise your rights under the California Consumer Privacy Act ("CCPA").
When we say "Personal Information" in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.

How we collect, use and share Personal Information
To provide the Workplace Standard Platform (which includes the Workplace websites, apps and related online services, which we call the "Services"), we must process information about you, including Personal Information. Subject to the limitations we describe above in our Workplace Standard Privacy Policy, we may share your Personal Information for business purposes with strict restrictions on how our partners can use and disclose the data we provide, at your direction, or in ways otherwise in accordance with the CCPA. We don't sell any of your Personal Information, and we never will.
The best way to learn about the kinds of information we collect and how we use it is to review our Workplace Standard Privacy Policy. Here is a summary of the CCPA-related categories of Personal Information we may have collected about you over the past 12 months, depending on how you use the Services, as well as how we use it and with whom we may have shared it

Categories of Personal Information we collect may include:Examples of how Personal Information is used include:Parties with whom each category of Personal Information may be shared include:
  • Identifiers;
  • Internet or other electronic network activity information;
  • Location-related information, including precise device location if you choose to allow us to collect it;
  • Audio or visual Information, including photos if you or others choose to provide it;
  • Professional or employment information, if you choose to provide it; and
  • Information derived from other Personal Information about you, which could include your preferences, interests and other information used to personalise your experience.
  • Providing, personalising and improving the Services;
  • Sending you marketing communications;
  • Promoting safety, integrity and security; and
  • Communicating with you.
  • The community you choose to share and communicate with through the Services;
  • A business that assumes control of its Workplace community, as described in the Workplace Standard Terms of Service;
  • People and accounts with which others share or reshare content about you;
  • Partners, including partners who use our analytics services, advertisers, measurement partners, partners offering goods and services in our Services, vendors and service providers;
  • Third-party apps, websites or other services that you can connect to through the Services;
  • New owners in the event of a change of ownership or control of all or part of our Services or their assets changes;
  • Law enforcement or other third parties in connection with legal requests; and

To learn more about how we process information, including other types of Personal Information we collect, return to our Workplace Standard Privacy Policy.

Sources of Personal Information
We receive Personal Information from the information that you and others provide, from your device(s), and from our partners. The categories of sources from which we've collected or received Personal Information include:
  • You: We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the date when a file was created. We also collect information about how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities. We also collect information about the people and groups you are connected to and how you interact with them, such as the people you communicate with the most or the groups you like to share with.
  • Other people: We may also receive communications and information that other people provide when they use the Services. This can include information about you, such as when others share or comment on a photo of you, send a message to you, or upload, sync or import your contact information.
  • Your device(s): We may collect information from or about the computers, phones or other devices where you install or access our Services. We may associate or link the information we collect from your different devices, which helps us to provide the Services consistently across your devices.
  • Facebook Companies: We may receive information from other Facebook Companies (which include WhatsApp and Oculus) for business purposes that help us provide you with an innovative, relevant, consistent and safe experience across all of the Facebook Company Products you use. We also process information about you across the Facebook Companies for these purposes, as permitted by applicable law, and in accordance with their terms and policies.
  • Partners: We may also receive information from our partners about you and your activities on and off Workplace, such as information from a partner when we jointly offer services to you.

How can you exercise your rights provided under the CCPA?
Under the CCPA, you have the following rights:
  • Right to know: You have the right to request that we disclose to you the Personal Information we collect, use or disclose, and information about our data practices;
  • Right to request deletion: You have the right to request that we delete your Personal Information that we have collected from you;
  • Right to non-discrimination: We will not discriminate against you for exercising any of these rights.
To exercise your "right to know" or your "right to request deletion", click here.
Please note that in order to protect your information and the integrity of our Services, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government-issued ID.
Under the CCPA, you may exercise these rights yourself or you may designate an authorised agent to make these requests on your behalf. In most cases, we will facilitate your request through automated tools available through your password-protected account

Contact for more information.
If you have additional questions about this Notice or how to exercise your rights under the CCPA, please contact us.