Last Updated Jun 1, 2026
Our Commitment to User Privacy
This Privacy Policy (“Policy”) describes how Central Business Applications Inc., and its subsidiaries, ("Central," “we,” “us,” or “our”), a wholly owned subsidiary of Mercury Technologies Inc. (“Mercury”), collects, uses, and discloses your personal data when you interact with Central’s platform including our applications, websites, software, and support services (the “Platform”) through which we offer payroll, benefits administration, and related workforce management products and services (“Services”).
As part of Mercury, Central may share personal data with Mercury and its affiliates as described in this Policy. For more information about Mercury’s privacy practices, please visit www.mercury.com/privacy.
Please read this Policy carefully. By continuing to use or access the Platform or our Services, you are consenting to the practices described in this Policy.
Scope of this Policy
This Policy applies when you:
Visit, access, interact with, or use Central’s Platform or Services, including by logging into a Central account;
Create or administer a Central account;
Are an employee, contractor, or other individual whose personal data is submitted to or processed through the Platform by a Client, including through onboarding, payroll, benefits enrollment, or payment workflows;
Receive communications from us or communicate with us, including by email, phone, chat, or through branded social media pages;
Register for, attend, or participate in events hosted by Central; or
Participate in surveys, research, or other data collection facilitated by us.
In addition to the above scope, Central provides payroll, benefits administration, and related services to employers and businesses ("Clients"). When Central processes personal data on behalf of a Client to deliver the Services, Central acts as a processor (or service provider) on behalf of the Client. The Client is the controller (or business) that determines why and how that personal data is processed, and the Client’s own privacy policy governs the collection and use of that data. If you have questions about why your data is being processed or wish to exercise your data subject rights, you should contact your employer.
This Policy describes how Central handles personal data when providing Services on behalf of Clients and when Central independently collects information through the Platform. When Central processes personal data on behalf of a Client to deliver the Services - such as payroll data, tax information, benefits enrollment data, compensation details, and related employment records - Central does so at the Client’s direction. Central processes this data only as necessary to provide the Services, comply with legal obligations, and as otherwise described in this Policy.
We Limit Use of Your Personal Data
To provide and maintain our Service, including to monitor the usage of our Service.
To manage your Account: to manage your registration as a user of the Service. The personal data you provide can give you access to different functionalities of the Service that are available to you as a registered user.
To process transactions and payments in connection with the Services.
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide you with news, special offers and general information about other goods, services, and events we offer that are similar to those you have already purchased or enquired about, where we have a lawful basis to do so. You may opt out of marketing at any time by emailing support@central.inc.
To attend and manage your requests to us.
For business transfers: we may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Service users is among the assets transferred.
To protect against fraud: including identity verification and detection of unauthorized or suspicious activity.
To comply with legal and regulatory obligations, including anti-money laundering (AML), know-your-customer (KYC), tax reporting, and other obligations.
To operate, evaluate, and improve our business and the Platform including, data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve the Services, and your experience across Mercury’s platform.
For other purposes described to you at the time of collection.
How We Disclose Personal Data
We may disclose your personal data with the following categories of recipients:
Your employer (Client), as necessary to provide the Services and as directed by the Client.
Merchants, if you open a payment dispute for a transaction with said merchant.
Service Providers: third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, and email delivery).
Business transfers: in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates, including Mercury Technologies Inc. and its subsidiaries or other companies that Mercury controls or that are under common control with Mercury, may use personal data for any purpose described in this Policy.
Business partners: to offer you certain products, services or promotions where allowed by law.
With financial institutions, processors, payment card associations and other entities that are involved in the payment process as necessary to provide the Services.
With insurance carriers and benefits administrators: where applicable, we share information with insurance carriers, general agents, brokers, and third-party administrators to administer employer-sponsored benefits. We share protected health information only as authorized by you, as necessary to provide the benefits services, or as required by applicable law.
With other users: when you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
Advertising networks and data analytics providers, to conduct analytics and place advertisements on our behalf on third-party websites and services.
With regulators, law enforcement, or other government entities: where required by law or as we have a good faith belief that such action is necessary or appropriate. For example, to respond to a court order or subpoena, protect ourselves, enforce our terms and conditions, and investigate suspicious or potentially fraudulent activity.
With your consent: We may disclose your personal information for any other purpose with your consent.
We may share aggregated and anonymized information that does not specifically identify you or any individual user of our Services. We do not attempt to re-identify de-identified information.
We Collect and Use Data
Data we collect may include:
Contact information: name, email address, phone number, and mailing address.
Dependent and beneficiary information: name, birth date, mailing address, relationship, and insurance plan selections for individuals enrolled in employer-sponsored benefits through Central.
Professional or employment information: employer, job title, and employment history.
Internet or other electronic network activity information, when you visit or log in to our website, including usage data (browser data, pages viewed, interactions with the Platform), device data (hardware model, operating system, unique device identifiers), and cookies and similar technologies.
Geolocation data: approximate location derived from IP address.
Sensitive Personal Information
Government-issued identification numbers, including Social Security numbers, tax identification numbers, and where applicable, passport or national identity numbers, for the purposes of payroll processing, tax reporting, identity verification, and compliance with legal obligations.
Financial account information, including bank account, routing numbers, and account log-in credentials, for the purposes of direct deposit, payment processing, and related financial services.
Demographic details, including gender, and other demographic information provided in connection with the Services.
We collect and process sensitive Personal Data only as necessary to provide the Services, comply with legal obligations, and prevent fraud.
In the past 12 months, we have disclosed the following categories of personal data as shown in the chart below for our business purposes.
Contact information
Clients, Service Providers, Financial Institutions, Affiliates, Merchants, Business Partners, Insurance Carriers, Law Enforcement or Government Entities
Dependent and Beneficiary Information
Clients, Service Providers, Affiliates, Business Partners, Insurance Carriers
Professional or employment information
Clients, Service Providers, Affiliates, Business Partners, Insurance Carriers, Law Enforcement or Government Entities
Internet/electronic activity
Service Providers, Affiliates, Analytics and Advertising Partners
Geolocation Data
Service Providers, Affiliates
Sensitive personal information
Service Providers, Affiliates, Financial Institutions, Business Partners, Insurance Carriers, Law Enforcement or Government Entities
Sources of Information
We also check that you are using our Services legally and are eligible for the Services you want to use. We protect the Services from fraudsters who may put you and your money at risk. To do this, we may collect data about you from companies that help us verify your identity, if applicable, prevent fraud or assess risk.
We collect (and/or have collected during at least the 12-month period preceding the effective date of this Policy) information about you from the following categories of sources:
You directly, when you submit information to us or allow us to access information,
Your employer and their representatives,
Your devices and how you interact with our Services, and
Other sources, including:
Identity Verification, if applicable. Information from third-party identity verification services and publicly available sources, including your government-issued identification number.
Eligibility, Compliance, and Fraud. Information about you from third parties for any investigation, eligibility, identity or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law. This may include, without limitation, the receipt and exchange of account or transaction-related information with any consumer reporting agency.
Data Retention
We retain your Personal Data for as long as necessary to fulfill the purposes described in this Policy. In general, we use following factors to determine the retention period:
Provide and maintain our Services
Comply with legal and regulatory obligations
Meet tax, accounting, and financial reporting requirements
Prevent fraud and maintain security
Resolve disputes and enforce our agreements
Establish, exercise or defend our legal rights
Security
We take reasonable measures, including administrative, technical and physical safeguards to help protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction.
We maintain strict security standards and procedures with a view to preventing unauthorized access to your data by anyone, including our staff. We use technologies such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your data.
Your Privacy Rights and Choices
Depending on where you are located, you may have certain rights regarding your personal data under applicable privacy laws. Subject to applicable law, you may have the right to:
Right to Know/Access: You may request that we disclose the categories and specific pieces of personal data we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your personal data. Where required, we will provide this in a portable format.
Right to Correct/Rectification: You can change or correct data about yourself through your Central account at any time or by emailing us at support@central.inc. You can also email us if you wish to deactivate your account. We may retain data about you for a period of time consistent with applicable law.
Right to Delete/Erasure: You may request deletion of your personal data, subject to certain exceptions (for example, where retention is required by law or necessary to complete a transaction).
Right to Opt-Out of Sale or Sharing: You may have the right to opt out of the “sale” or “sharing” of personal information, as defined under applicable law. You may exercise this right by clicking the “Your Privacy Choices” link at the bottom of our page or enabling GPC.
Right to Restrict, Object, or Limit Use: In certain circumstances, you may object to or request that we restrict certain processing of your personal information. We collect sensitive personal information including government-issued identification numbers and financial account information. This information is used only as necessary to provide the Services, comply with legal obligations, and prevent fraud.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
Right to Appeal: If we deny your request, you may have the right to appeal our decision, depending on your jurisdiction. You may contact us as indicated below. We will review your appeal and provide a response within the required timeframe.
How to Exercise Your Rights
To submit a privacy rights request, please contact us at: support@central.inc.
To protect your information, we may verify your identity before fulfilling your request. Verification may require: logging into your account, confirming identifying information, or providing additional documentation where necessary. We will respond within the timeframe required by applicable law.
If you are an employee or contractor of a Central Client and wish to exercise rights with respect to employment-related data processed by Central on behalf of your employer, please contact your employer directly.
Choices You May Make:
Location Data, if applicable: Our mobile applications may require location data. If you do not grant us access to this data then you may not be able to use our Services. If you grant access to location data but later revoke this access your mobile device may no longer be able to use our Services. You may also uninstall our Services to stop collection of location data.
Cookies and Tracking Technologies: You can set your browser to reject cookies, but our Services may not function properly in this setting. For more information, see the Cookies and Tracking Technologies section below.
Marketing: You can opt-out of email or text messages by following instructions in these messages. If you opt-out we may still send you messages regarding transactions and services related to our ongoing business relationship.
Notifications: Our Services may ask you for permission to send notifications to your device. Our services will still work if you do not grant us permission to send you notifications.
Do Not Track: Some browsers support a “Do Not Track” feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Our Services do not currently change the way they operate based upon detection of a Do Not Track or similar signal. Where required by applicable law, we honor legally recognized preference signals, such as the Global Privacy Control (GPC).
Cookies and Tracking Technologies
We and our partners may use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and gather information about our user base, such as location information based on IP addresses. You can control the use of cookies at the individual browser level.
Cookies are small text files that are placed on your computer by websites and services that you visit or access. They are widely used to make websites and services work and function with greater efficiency, and to provide information about our users’ experience during use of, or interaction with, our websites, and Services. Some cookies last only for the duration of your web session and expire when you exit your browser; other cookies may last for longer than your web session, including after you exit your browser, for example by remembering you when you return to our website. The below explains the cookies that we and our third party partners use and why.
Functional Cookies: used to record your choices and settings that enable our Platform and Services to operate correctly or that maintain your preferences over time.
Authentication Cookies: When you sign into the Platform or Service, we may store a unique ID number and the time you signed in to allow you to navigate without reauthenticating on each page.
Analytics Cookie: used to gather usage and performance data, such as counting unique visitors and developing statistics about Platform operations. This may include cookies from third-party providers such as Google Analytics. You can learn more about Google Analytics here and opt out here.
We may also share or permit third party online advertising networks and other third-party services to collect information about your use of our Services over time so that they may display ads that may be relevant to your interests on our Services as well as on other websites or apps, or on other devices you may use. Under certain U.S. privacy laws, the use of these technologies may be considered “sharing” or a “sale” of personal data, even though we do not exchange your data for money.
How to Control Cookies
Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. You can also opt out of certain advertising-related tracking through our cookie preference tool (where available), your browser settings and device-level privacy settings (such as “Limit Ad Tracking”).
Certain features of our Services may depend on cookies. Please be aware that if you choose to block cookies, you may not be able to sign in or use those features, and preferences that are dependent on cookies may be lost. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated.
Links to Other Websites
The Services contain hyperlinks to other websites or locations that we do not control and are operated and controlled by third parties (“Third-Party Websites”). Our Privacy Policy does not apply to these Third-Party Websites and we make no representations regarding the policies or business practices of any such Third-Party Websites. We encourage you to read the privacy notice of any website you visit.
Children’s Privacy
The Services are designed for use by businesses and their employees and are not directed at children under the age of 13. We do not knowingly collect Personal Data directly from children under the age of 13. Additionally, we do not knowingly share or sell Personal Data of minors under 16 years of age. If you are a parent or guardian and believe that we might have any Personal Data from your minor, please contact us at support@central.inc.
Changes to this Policy
We may amend this Policy from time to time to reflect changes in our practices by posting a revised version and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed. If you disagree with these changes, you may cancel your account at any time. If you keep using our Services, you consent to any changes of this Policy.
Contact Details
If you have questions or comments, feel free to email us at support@central.inc.
