Privacy Policy

Privacy Policy


Empeon Data Protection Policy. 

Below describes how we how Empeon (“us” or “we”) collects, shares and protects personal information (“PI”) and confidential business information (“CBI”).  

Information Collection 

Most of your data we obtain is via consent, that you provide us so that we can optimize the services we offer you. 

General Privacy Policy 

Our services involve the processing of employee compensation, which may include but not limited to, withholding and benefits data, banking or health data which we handle with confidentiality. During our communications, we may encounter other business, employee or employee dependent information relating to your business or employees whereby a reasonable person would understand such information to be confidential. We are committed to protecting such data and safeguarding your privacy. All Empeon employees are subject to a strict confidentiality covenants and all understand that it will be strictly enforced. Empeon does not sell or rent your Client Information to third parties. 

Client Information – Confidentiality Conditions

  • We may disclose CBI to our own staff, affiliates, or service providers who have a need to know for us to provide the services you request or other services that could benefit you or your business. Such parties will be subject to industry standard confidentiality protocols. 
  • Empeon will disclose CBI when you authorize us to do so. Such as to provide our tax filing and payment service, you must provide us with a Power of Attorney authorizing us to sign your employment tax returns and speak to the taxing authority if the need arises. 
  • Empeon will disclose CBI when your consent is implied by the nature of your request. For example: if you ask us for a quote on worker’s compensation insurance, we will must share certain CBI with the insurance company and possibly a licensed broker. 
  • While not a standard business practice, Empeon legally may disclose any information: 
  • already lawfully in its possession without any obligation of confidentiality; 
  • developed by us or procured from other sources without duty of confidentiality; 
  • that is publicly available when received by us, or which becomes publicly available through no fault of ours; or 
  • that you disclose to another without obligation of confidentiality; 
  • Empeon may disclose CBI in limited circumstances when in good faith we believe that disclosure is required by law. For example: to cooperate with regulators or law enforcement, to comply with a specific legal process such as a court order, subpoena, or search warrant, or to comply with a law enforcement request 

Empeon, may offer features or services that may be accessed directly by employees or participants that may require the use of their PI, and they will be given a choice to use or opt out of the feature or service.  Similarly, in a few instances Empeon may bundle services of potential value to you, that necessarily involve the disclosure PI, and which may require you to notify each affected party of their right to opt-out. 

Third Party Relationships

We have limited relationships with third parties. Service providers who are contractually required to maintain the confidentiality of the data we provide them. Also, we have business partners that provide services, some of which are co-branded. We clearly identify partner services and sites. When you request any of these products or services or other information on them, you are permitting us to provide your contact or limited CBI necessary to the partner to fulfill your request or verify your participation in partner’s program involving Empeon.

Web Technologies

Visits to our portal or other landing site are tracked on our server only for managing our traffic and bandwidth usage, but are not linked to any name or personally identifiable login information.

Your payroll data transmitted via our Empeon interface, such data is only accepted on a secure, encrypted page behind a firewall, and your identity will necessarily be established both by secure login procedures as well as via cookies which identify your computer. Cookies are pieces of information that our site provides to your browser. Cookies allow us to track site usage and determine areas users prefer. Cookies also allow us to customize your visit to our site. Though you can decline cookies while at online, doing so may limit your ability to access certain areas of the site. Check the “Help” menu of your browser to learn how to change cookie preference.

When we track, we collect data such as your IP address, browser type and version, and pages you view. We may also track how you get to our sites and any links you click to leave our sites. We do not track non-Empeon URLs that you type into your browser and we do not track you across the Internet once you leave our sites.  We do not disclose your URL to others, this data is used for internal purposes only. We only use your activity to assist you by aiding security, by reducing the need to re-enter your data and by helping us to resolve technical support issues. We may also use this information to offer you a personalized Web experience or to tailor our offerings to you. You control whether you receive Empeon promotional materials and may always opt out by clicking on the icon or checkbox that indicates you do not want to receive any such materials.

To optimize the experience, we may occasionally use framing or provide links to non-Empeon sites. Though your browser may indicate you are at a Empeon site, you may be on a partner site. Also, you may be on a Empeon specialized site created for certain customers or purposes. To determine which site you are on, right-click on the site and then select “properties.” When visiting any non-Empeon site, you will be subject to that site’s policies in effect. Empeon has no control over that site’s privacy. If you have questions, please review that Web site’s policy.

Information Security

We utilize advanced industry accepted security practices, including digital certificates, encryption and passwords to protect your personal and payroll information. We employ technical means for the backup and recovery of CBI, detection and prevention of viruses and malware and site monitoring. We maintain advanced firewalls and other computer hardware and software to protect against unauthorized access or alteration to client data. These measures implement reasonable physical, administrative and technical safeguards that help us to protect our Client Information from loss or from unauthorized access, use and disclosure.

Digital Certificates

Secure Sockets Layer (SSL) provides a method to verify that you are logging on to our server and not a site that is impersonating our server. Our server sends a digital certificate to your browser program before you log on with us. SSL lets you verify the identity of a server by viewing the site’s certificate. A certificate is a way of associating a public key to a name. You can verify that you are logged on to our server by viewing our certificate through your browser program.

Data Encryption

Once the server is authenticated via SSL, your browser and our server will establish a secret symmetric key. This symmetric key allows your browser and our server to exchange encrypted data and is valid for a single session only. If you log out and later come back to our website, your browser and our server will negotiate a different symmetric key automatically.

Passwords

Empeon provides for the creation of a unique username and password for each user in your organization that must be entered each time a user logs on. Please be aware that passwords can remain in your browser’s cache, which may allow access if your computer is left unattended.

A Further Word About Cookies

In addition to the cookie usage described above in relation to visits to Empeon websites generally, Empeon issues a separate “session cookie” only to record encrypted authentication information for the duration of each specific session during which an authorized user is logged in. The session cookie does not include either the username or password of the user. Empeon does not use cookies to store confidential user information.  Instead, an advanced security method utilizing encoded session IDs has been implemented. The session cookie lets a specific, authorized user move from page to page in the secure parts of Empeon’s website and stay identified by our system. Without the session cookie, each page would treat the user like a completely new visitor. The session cookie is a temporary file that gets erased when you log out or close your browser.

Timeouts and Firewalls

To provide additional protection, a timeout feature is used on selected parts of our website. This feature automatically logs you out of your account after an extended period of time.

Empeon utilizes advanced hardware and software systems including firewall, attack detection and anti-virus systems.

Physical Security

Empeon utilizes secure monitored server hosting environments which feature redundant, high bandwidth connections from multiple providers, real-time network monitoring and management, 24/7 facilities access monitoring, environmental controls and redundant electricity. Non-H2O fire suppression systems are also utilized to protect the availability of Empeon internet services.

Changes to this Policy

This policy may be changed or updated from time to time without prior notice, so feel free to check periodically to make sure you are aware of Empeon’s most up to date privacy policies.

Effective September 1, 2020.