Effective Date: September 30, 2016
The Services are intended for use by organizations and in accordance with their instructions. If you are using the Services in a workplace or on a device or account issued to you by your employer or another organization (your “Organization”), that Organization likely has its own policies regarding storage, access, modification, deletion, and retention of information you submit or provide through the Services.
This means that your Organization has the right to (i) control and administer your Workplace account (“Your Account”) and (ii) access and process any data you submit or provide through the Services, including, for example, your files and communications. Please contact your Organization with any privacy inquiries regarding policies, including any enterprise agreements with Facebook, it has in place regarding your use of the Services.
I. COLLECTION OF INFORMATION
Facebook may collect the following kinds of information on behalf of your Organization when you, your colleagues, or other users access the Services:
Customer Data. Through use of the Services, you, your colleagues, your Organization, and other users, will directly provide or submit information to Facebook (“Customer Data”). Customer Data includes, for example:
Contact information, such as full name and email address;
Username and password;
Work title, department information, and other information related to your work or Organization;
All content that you create, share or post in audio, video, text, images, and other media or software files that you provide on or through the Services, or that are provided on your behalf, including information in or about the content you provide, such as the location of a photo or the date a file was created;
Information other people provide about you when using the Services, including when they send a message to you or upload information about you;
All communications with other users of the Services;
User communications, feedback, suggestions, and ideas sent to us;
Billing information; and
Information you provide us when you or your Organization contact or engage us for support regarding the Services.
Log and Cookie Data. We automatically collect certain information on your Organization’s behalf through the Services, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about your activities (such as the links you click and pages you view) within the Services, and other standard server-log information (“Log and Cookie Data”).
Your browser or device may offer settings related to these technologies. For more information about whether these settings are available, what they do, and how they work, visit your browser or device’s help material. We may not recognize or respond to browser or device signals around tracking, and some settings may interfere with your use of features we offer. Additionally, the settings offered by a browser or device often apply only to that particular browser or device.
Information we collect from Facebook and Our Family of Companies. From time to time, we may receive information on your Organization’s behalf, about you from companies that are owned or operated by Facebook, in accordance with their terms and policies. Learn more about these companies and their privacy policies.
We also receive information from our third party partners on your Organization’s behalf for some of the purposes described in Section II below.
II. USE OF INFORMATION
Facebook will use information we collect to provide, develop, and improve the Services on your Organization’s behalf and in accordance with any other instructions from your Organization. Examples of such use include:
Communicate with users and administrators regarding their use of the Services;
Enhance the security and safety of the Services for your Organization and other users;
Personalize your and your Organization’s experiences as part of our provision of the Services;
Develop new tools, products, or services for your Organization;
Associate activity on our Services across different devices operated by the same individual to improve the Service which we provide to your Organization;
Associate activity on our Services across different devices operated by the same individual; and
Conduct data and system analytics, including research to improve the Services. In these circumstances Facebook shall to the extent possible use de-identified or aggregated data.
We may also use the information we collect in order to operate, maintain, and improve the systems and infrastructure that provide the Services. You and your Organization authorize us to do so and acknowledge that this may also result in improvements to the Facebook Services, since centralized systems and infrastructure support the Services and Facebook Services. For example, we may use crash logs from your use of the Services to identify and fix bugs that may also be present in the Facebook Services.
III. DISCLOSURE OF INFORMATION
We may, as directed or approved by your Organization, disclose the information that we collect in the following circumstances:
To your Organization, network administrators, and other users authorized by your Organization to access the requested information;
To third-party service providers that are in the United States and in other countries where such service providers assist in providing the Services or part of the Services;
To the family of companies that are part of Facebook;
To third-party apps, websites, or other services that you can connect to through the Services;
In connection with a substantial corporate transaction, such as the sale of our Services, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy or insolvency;
To protect the safety of any person; to address fraud, security or technical issues; or to protect Workplace’s rights or property; and
As otherwise directed or authorized by your Organization.
Legal Requests. If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity, or litigant that seeks data relating to the Services (collectively a “Legal Request”), we will make reasonable attempts to direct the requesting party to seek the data directly from your Organization. If we ask the requesting party to direct the request to the Organization, we will provide your Organization’s contact information to the requesting party. If legally compelled to produce information and unless legally prohibited, we will use reasonable efforts to notify your Organization so they can notify you pursuant to your Organization’s policies and as permitted by law. We will direct any requests for information under data protection laws to your Organization, unless prohibited by law.
Aggregate or de-identified data. We may also disclose information that has been aggregated or that otherwise does not personally identify you to third parties and affiliates who may use it for analytics, trends and analysis to improve and provide our products and services and the products and services provided by the Facebook Family of Companies described here.
IV. SAFETY AND SECURITY
We use the information we have to help verify accounts and activity, and to promote safety and security on and off of our Services on your Organization’s behalf, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect Your Account using teams of engineers, automated systems, and advanced technology such as encryption and machine learning. For example, we may deploy automated technologies to detect abusive behavior and content, such as child pornography, that may harm our Services, you, other users, your Organization or others.
V. ACCESSING AND MODIFYING YOUR INFORMATION
You and your Organization may access, correct, or delete information you have uploaded to the Services by using the tools within the Services (for example, editing your profile information or via Activity Log) provided by us on behalf of your Organization. If not enabled by the tools provided on the Services, you should contact your Organization directly to access or modify your information.
Changes you make to your information on the Services take immediate effect on your specific network, but data will be retained by Facebook in backup copies for a commercially reasonable amount of time and as directed by your Organization.
VI. DATA LOCATION AND PRIVACY SHIELD
For users outside the US and Canada, you acknowledge that using the Services may result in Facebook, Inc. receiving personal information from you (it will do so solely acting on behalf of Facebook Ireland Limited (Facebook Ireland)) in respect of which it has made commitments under the EU-U.S. and the Swiss-U.S. Privacy Shield (“Privacy Shield”). Facebook Inc. complies with the Privacy Shield Principles regarding any personal information received in reliance on Privacy Shield, as described in our Privacy Shield certification. Further information on Facebook Inc.’s participation in Privacy Shield, including contact information, is set out below and also available here.
VII. THIRD-PARTY LINKS AND CONTENT
Some of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and we recommend that you visit the privacy policies of each website that you visit.
VIII. ACCOUNT CLOSURE
If you would like to stop using the Services, you should contact your Organization. Similarly, if you stop working for or with the Organization, the Organization may suspend Your Account and/or delete any information associated with Your Account.
It typically takes about 90 days to delete an account on behalf of your Organization after account closure, but some information may remain in backup copies for a reasonable period of time as directed by your Organization. Please note, content you create and share on the Services is owned by your Organization and may remain on the Services and be accessible even if your Organization deactivates or terminates Your Account. In this way, content you provide on the Services is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.