A separate agreement governs the delivery, access, and use of the Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through Services accounts. The organization (e.g., your employer) that entered into the Client Agreement (“Client”) is the data controller for its instance of the Services (their “Platform”) and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator for the Platform you use.
We generally collect and process the following types of Personal Information:
Personal Information. When using the Site or Mobile Apps, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to (i) communicate with you by responding to your requests, comments and questions, (ii) improve the Site and (iii) perform the Services provided by Namely. The GDPR legal basis for processing this information is (i) the legitimate interest in communicating with you and improving Our Site and (ii) the contractual obligation to perform the Services.
Contact Information When you express an interest in obtaining additional information about the Services, the Site, or Mobile Apps, Namely may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Device Information. When using the Mobile Apps, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Mobile Apps on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Mobile Apps. When you download and use the Mobile Apps, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Mobile Apps. However, if you are using the Namely Time Mobile App, your employer may enable location tracking technology for time keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. If you apply for a job at Namely through the Site, You may provide Us with your location information by selecting the “Locate me” button. We use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your consent.
Log Data. As is true of most Websites, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.
Single Sign-On. You can log in to Our Services using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.
Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us at email@example.com. If you choose to use Our referral service to tell a friend about our Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting him or her to visit the Site. Namely stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at firstname.lastname@example.org to request that We remove this information from our database. The GDPR legal basis for processing this information is your consent.
Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, Namely only collects information under the direction of its Clients. The Client Agreement governs the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through Services accounts. The Client (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.
Client data will be used by Namely in accordance with the Client’s instructions, applicable terms in the Client Agreement, Client’s use of Services functionality, and as required by applicable law. Under applicable GDPR, Namely is a processor of Client data and Client is the controller.
Namely also uses other information in furtherance of Our legitimate interests in operating Our Services, the Site, and business.
Third Party Services.
At times, you may be able to access other Third Party Services through the Site, for example by clicking on links to those Third Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies.
Information Shared with Our Service Providers.
We may share your information with third parties who provide services to Us. These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include the provision of (i) email services to send marketing communications, (ii) mapping services, (iii) customer service or support, and (iv) providing cloud computing infrastructure.
Information Shared with Our Sub-Processors.
We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf, mapping service providers, and customer support providers Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us. Transfers to subsequent third parties are covered by onward transfer agreements between Namely and each Sub-Processor. A list of Namely Sub-Processors that process Personal Information of individuals located in the EU can be found here.
Information Disclosed Pursuant to Business Transfers.
Information Disclosed for Our Protection and the Protection of Others.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors We share your Personal Information with to use it for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions.
We will retain your Personal Information and the Personal Information We process on behalf of Our Clients for as long as needed to provide Services to Our Clients in accordance with Namely data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. You may request removal of your Personal Information at any time by contacting email@example.com.
The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Sub-Processors or other third party service providers, We base our selection on said parties having adequate safeguards in place that meet Our data protection standards. We audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.
If you have any questions about security on Our Site, you can contact Us at firstname.lastname@example.org.
Namely is based in the U.S., the Site is hosted in the U.S., and many of Namely’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to Namely, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union), where the local applicable law may provide you with less protection than under European Union law. However, any transfer of Personal Information from the European Union to the U.S. or elsewhere will be strictly in accordance with applicable European Union data protection law.
Namely participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view Our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov.
Namely is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Namely complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Namely is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact Our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
VeraSafe has been appointed as Our representative in the European Union for data protection matters relating to Personal Information of persons located in the EU, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted only on matters related to the processing of Personal Information of persons located in the EU. To make such an inquiry, please contact VeraSafe using this contact form:
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
As part of the Services, you may choose to opt-in to receive occasional email and other communications from Us, such as communications relating to promotions. You may opt-out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at email@example.com. In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.
In the event that you have provided Personal Information to Us in your use of the Site, We will provide you with information about whether We hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting Us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
When acting as a service provider of Our Clients, Namely has no direct relationship with the individuals whose Personal Information is provided to Namely through the Services. An individual who is or was employed by one of Our Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her Personal Information in the Platform, should direct his/her query to the HR department of the Client that uses the Platform and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the Platform provided by the Client.
If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:
Right of Access.
You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.
Right of correction.
At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide US.
Right to be forgotten.
At your request, We will delete your Personal Information if:
We will decline your request for deletion if processing of your Personal Information is necessary: 1. for Us to comply with Our legal obligations; 2. for the establishment, exercise or defense of legal claims; or 3. for the performance of a task in the public interest.
We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.
Right to object.
Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing.
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.
In so far as practicable, We will notify Our Clients and third parties We have disclosed your Personal Information with of any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee our Clients or other third parties will comply with your requests and We encourage you to contact them directly.
Please note that if you decide to exercise some of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site and Mobile Apps.
Right to complain to a supervisory authority. If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.
Effective Date: May 25, 2018.