Effective date: 30 September 2016
The Services are intended for use by organisations and in accordance with their instructions. If you are using the Services in a workplace or on a device or account issued to you by your employer or another organisation (your "Organisation"), that Organisation is likely to have its own policies regarding storage, access, modification, deletion and retention of information that you submit or provide through the Services.
This means that your Organisation has the right to (i) control and administer your Workplace account ("Your Account") and (ii) access and process any data that you submit or provide through the Services, including, for example, your files and communications. Please contact your Organisation with any privacy enquiries regarding policies, including any enterprise agreements with Facebook, it has in place regarding your use of the Services.
I. COLLECTION OF INFORMATION
Facebook may collect the following kinds of information on behalf of your Organisation when you, your colleagues or other users access the Services:
Customer data. Through use of the Services, you, your colleagues, your Organisation and other users will directly provide or submit information to Facebook ("Customer Data"). Customer Data includes, for example:
contact information, such as full name and email address;
username and password;
work title, department information and other information related to your work or Organisation;
all content that you create, share or post in audio, video, text, images and other media or software files that you provide on or through the Services, or that are provided on your behalf, including information in or about the content that you provide, such as the location of a photo or the date when a file was created;
information that other people provide about you when using the Services, including when they send a message to you or upload information about you;
all communications with other users of the Services;
user communications, feedback, suggestions and ideas sent to us;
billing information; and
information that you provide to us when you or your Organisation contact or engage us for support regarding the Services.
Log and cookie data. We automatically collect certain information on your Organisation's behalf through the Services, such as your Internet protocol (IP) address and other browser or device identifiers, browser type, operating system, crash data, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about your activities (such as the links that you click and pages that you view) within the Services and other standard server log information ("Log and Cookie Data").
Your browser or device may offer settings related to these technologies. For more information about whether these settings are available, what they do and how they work, visit your browser or device's help material. We may not recognise or respond to browser or device signals around tracking, and some settings may interfere with your use of features that we offer. Additionally, the settings offered by a browser or device often only apply to that particular browser or device.
Information that we collect from Facebook and our family of companies. From time to time, we may receive information about you on your Organisation's behalf from companies that are owned or operated by Facebook, in accordance with their terms and policies. Learn more about these companies and their privacy policies.
We also receive information from our third-party partners on your Organisation's behalf for some of the purposes described in Section II below.
II. USE OF INFORMATION
Facebook will use the information that we collect to provide, develop and improve the Services on your Organisation's behalf and in accordance with any other instructions from your Organisation. Examples of such use include:
communicating with users and administrators regarding their use of the Services;
enhancing the security and safety of the Services for your Organisation and other users;
personalising your and your Organisation's experiences as part of our provision of the Services;
developing new tools, products or services for your Organisation;
associating activity on our Services across different devices operated by the same individual to improve the Service which we provide to your Organisation;
associating activity on our Services across different devices operated by the same individual; and
conducting data and system analytics, including research to improve the Services. In these circumstances, Facebook shall, to the extent possible, use de-identified or aggregated data.
We may also use the information that we collect to operate, maintain and improve the systems and infrastructure that provide the Services. You and your Organisation authorise us to do so and acknowledge that this may also result in improvements to the Facebook Services, as centralised systems and infrastructure support the Services and Facebook Services. For example, we may use crash logs from your use of the Services to identify and fix bugs that may also be present in the Facebook Services.
III. DISCLOSURE OF INFORMATION
We may, as directed or approved by your Organisation, disclose the information that we collect in the following circumstances:
to your Organisation, network administrators and other users authorised by your Organisation to access the requested information;
to third-party service providers that are in the United States and in other countries where such service providers assist in providing the Services or part of the Services;
To the family of companies that are part of Facebook;
to third-party apps, websites or other services that you can connect to through the Services;
in connection with a substantial corporate transaction, such as the sale of our Services, a merger, consolidation, asset sale or in the unlikely event of bankruptcy or insolvency;
to protect the safety of any person; to address fraud, security or technical issues; or to protect Workplace's rights or property; and
as otherwise directed or authorised by your Organisation.
Legal requests. If we receive a subpoena, warrant, discovery order or other request or order from a law enforcement agency, court, other governmental entity or litigant that seeks data relating to the Services (collectively a "Legal Request"), we will make reasonable attempts to direct the requesting party to seek the data directly from your Organisation. If we ask the requesting party to direct the request to the Organisation, we will provide your Organisation's contact information to the requesting party. If legally compelled to produce information and unless legally prohibited, we will use reasonable efforts to notify your Organisation so that they can notify you pursuant to your Organisation's policies and as permitted by law. We will direct any requests for information under data protection laws to your Organisation, unless prohibited by law.
Aggregate or de-identified data. We may also disclose information that has been aggregated or that otherwise does not personally identify you to third parties and affiliates who may use it for analytics, trends and analysis to improve and provide our products and services and the products and services provided by the Facebook family of companies described here.
IV. SAFETY AND SECURITY
We use the information that we have to help verify accounts and activity and to promote safety and security on and off our Services on your Organisation's behalf, such as by investigating suspicious activity or violations of our terms or policies. We work hard to protect Your Account using teams of engineers, automated systems and advanced technology such as encryption and machine learning. For example, we may deploy automated technologies to detect abusive behaviour and content, such as child pornography, that may harm our Services, you, other users, your Organisation or others.
V. ACCESSING AND MODIFYING YOUR INFORMATION
You and your Organisation may access, correct or delete information that you have uploaded to the Services using the tools within the Services (for example, editing your profile information or via the Activity Log) provided by us on behalf of your Organisation. If you are not able to do so using the tools provided in the Services, you should contact your Organisation directly to access or modify your information.
Changes that you make to your information on the Services take immediate effect on your specific network, but data will be retained by Facebook in backup copies for a commercially reasonable amount of time and as directed by your Organisation.
VI. DATA LOCATION AND PRIVACY SHIELD
For users outside the US and Canada, you acknowledge that using the Services may result in Facebook, Inc. receiving personal information from you (it will do so solely acting on behalf of Facebook Ireland Limited (Facebook Ireland)) in respect of which it has made commitments under the EU-U.S. and the Swiss-U.S. Privacy Shield ("Privacy Shield"). Facebook Inc. complies with the Privacy Shield Principles regarding any personal information received in reliance on Privacy Shield, as described in our Privacy Shield certification. Further information on Facebook Inc.'s participation in Privacy Shield, including contact information, is set out below and is also available here.
VII. THIRD-PARTY LINKS AND CONTENT
Some of the Services may contain links to content maintained by third parties that we do not control. We are not responsible for the privacy practices of these third parties, and we recommend that you view the privacy policies of each website that you visit.
VIII. ACCOUNT CLOSURE
If you would like to stop using the Services, you should contact your Organisation. Similarly, if you stop working for or with the Organisation, the Organisation may suspend Your Account and/or delete any information associated with Your Account.
It typically takes about 90 days to delete an account on behalf of your Organisation after account closure, but some information may remain in backup copies for a reasonable period of time as directed by your Organisation. Please note that content you create and share on the Services is owned by your Organisation and may remain on the Services and be accessible even if your Organisation deactivates or terminates Your Account. In this way, content that you provide on the Services is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.
X. CONTACT US
1601 Willow Road
Menlo Park, CA 94025, USA (if you live in the US or Canada)
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland (if you live anywhere else).