X

TRUSTe

Namely Privacy Policy

This Privacy Policy (the “Privacy Policy”) describes how Namely, Inc and its subsidiaries and affiliates (“Namely,” “We,” “Our,” or “Us”) collects, uses, secures, and discloses your personal information, which includes any information which is available to Us and may reasonably be used to identify you, or as defined pursuant to the applicable statutory or regulatory definition under the European Union General Data Protection Regulation of 2016 (“GDPR”), the UK Data Protection Act of 2018 (as amended and also known as the UK General Data Protection Act (“UK GDPR”), and the California Consumer Protection Act (“CCPA”), as detailed further herein (“Personal Information”), and what choices you have with respect to that information.

Namely is committed to protecting you and your Personal Information. Our commitment to privacy has not changed, but our ability to serve our clients has improved after our recent merger with Vensure Employer Services and PrismHR. Updates in this latest version of the Privacy Policy reflect that expansion and also recent changes in applicable data protection laws.

This Privacy Policy Covers the Following Topics:

Applicability of this Privacy Policy

Information We Collect and Receive About You and How We Use It

Information You or Your Employer Provide to Us

Other Information

How, and With Whom, Your Information Is Shared

Data Retention

Data Security

Data Privacy in the European Union and the United Kingdom

International Transfer of Personal Information: Privacy Shield and Contractual Terms

Rights with regard to Your Personal Information

GDPR Data Representative in the European Union and the United Kingdom

Marketing

California Data Privacy

Changes to this Privacy Policy

Contacting Namely If You Have Questions or Concerns

Applicability of this Privacy Policy

This Privacy Policy describes the policies and procedures of Namely located principally at 195 Broadway, New York, NY 10007 on the collection, use, access, correction, and disclosure of your Personal Information on namely.com (the “Site”), Our mobile applications: Namely and Namely Time Mobile (together, the “Platform”), and the services you may purchase or receive from Namely, including but not limited to Payroll, Benefits Administration, and Managed Services (the “Services”). This Privacy Policy additionally covers any of your Personal Information which is provided to Us and which is used in connection with the marketing of the Platform, Services, features or content by Namely, its subcontractors or Subprocessors (as defined below), Service Providers (as defined below), and third parties. This Privacy Policy also describes the choices available to you regarding the use of, your access to, and your rights in relation to your Personal Information, generally, and pursuant to applicable regulations for certain European Union (“EU”), United Kingdom (“UK”), and California residents.

This Privacy Policy does not apply to any third party applications or software that can be accessed from the Site, Platform, or the Services, such as applicant tracking systems, social media websites or partner websites (“Third-Party Services”).

Where applicable, a separate agreement may govern the delivery, access, and use of the Platform, Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through employer-based accounts (“Clients”). The Client that entered into the Client Agreement with Namely may authorize Us to collect, process, and store your Personal Information and associated Client data. If you have any questions about specific Platform settings or what information Namely has been authorized by Client to process on your behalf, you may contact Namely at the contact information in this notice or your Client administrator for the Platform and/or Services applicable to you and the collection of your Personal Information.

Information We Collect and Receive About You and How We Use It

We generally collect and process the following types of Personal Information:

Information You or Your Employer Provide Us:

  • Account-Related Personal Information. When using the Site, Platform, or Services, you or your employer may choose to provide Us with certain Personal Information, such as your name, profile photograph, employment details, email address, phone number, and other contact information. While provision of much of your Personal Information is mandatory for use of the Platform and Services, certain Personal Information collected for account-related purposes is elective and you or your employer may choose to provide or not at your discretion. Any account-related Personal Information you or your employer provide is used to: (i) provide login information to the Platform as well as to carry out Platform processing functions and the Services Namely has been contracted to provide by your employer; (ii) communicate with you by responding to your requests, comments and questions; (iii) improve the Site; and (iv) perform various account functions provided by Namely. The GDPR and UK GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving the Site; and (b) the contractual obligation to perform the Services.

  • Information Related to Data Collected on behalf of Clients to provide the Services. When providing access to the Platform or providing certain Services, Namely collects information under the direction of its Clients. The Client Agreement may govern the delivery, access, and use of the Platform and Services, including the processing of Personal Information and data submitted through Client accounts. The Client (e.g., your employer) controls their Platform instance and any associated Client data as described in the Agreement between Namely and Client. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact your employer’s Client Administrator. Client data will be used by Namely in accordance with the Client’s instructions, the applicable terms in the Client Agreement, the Client’s election of various Platform and Services functionalities, this Privacy Policy, and as required by applicable law. In such cases, Namely acts as the data processor of Client data at the direction of the Client, who acts as the data controller. The GDPR and UK GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving Our Site, Platform, and Services; and (b) the contractual obligation to provide access to the Platform and certain Services.

  • Contact Information When you express an interest in obtaining additional information about the Site, Platform, or Services, Namely may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments, and questions. The GDPR and UK GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.

  • Device Information. When using the Platform, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of the Platform on your phone or computer. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Platform. When you download or access the Platform, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR and UK GDPR legal basis for processing this information is the contractual obligation to your employer to provide access to the Platform and to perform certain Services.

  • Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Platform except as described in this Privacy Policy. However, if you are using the Namely Time Mobile App, your employer may enable location tracking technology for time-keeping purposes. The GDPR and UK GDPR legal basis for processing this information is the contractual obligation to your employer to provide access to the Platform and to perform certain Services.

  • Log Data. As is true of most websites and platforms, We gather certain information automatically when you visit the Site or access the Platform. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR and UK GDPR legal basis for processing this information is the legitimate interest in improving the relevance of the Site, the Platform, and performing certain Services.

  • Tracking Technologies. Namely and its partners may use cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about Our user base as a whole. You can control the use of cookies at the individual browser level or as provided in this Privacy Policy, but if you choose to disable cookies, it may limit your use of certain features or functions on the Site or Platform, or Our ability to perform certain Services. We partner with third parties to either display advertising on the Site or to manage Our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on the Site or Platform and other sites in order to provide you with advertising based upon your browsing activities and interests.If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if you are located in the EU or the UK, by clicking here). Please note this does not opt you out of being served ads. You will continue to receive generic ads. The GDPR and UK GDPR legal basis for processing this information is the legitimate interest in improving the relevance of the Site and the Platform.

Other Information:

  • Social Media Features. The Site and Platform may include social media features, such as the “Like” button and certain widgets, the “Share This” button or interactive mini-programs that run on the Site or Platform. These features may collect your IP address, which page you are visiting on the Site or Platform, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Site or the Platform. Your interactions with these features are governed by the privacy policy of the company providing such service.

  • Single Sign-On. You can log in to the Platform using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.

  • Blog, Testimonials, and Referrals. The Site offers publicly accessible blogs or community forums. You should be aware that any information you elect to provide in these areas (including comments) may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on the Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us at privacy@namely.com. If you choose to use Our referral service to tell a friend about the Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting them to visit the Site. Namely stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at privacy@namely.com to request that We remove this information from our database. The GDPR and UK GDPR legal basis for processing this information is your consent.

How, and With Whom, Your Information Is Shared

  • Third-Party Services.
    At times, you may be able to access other Third-Party Services through the Site or accessing Third-Party Services via the Platform. Namely is not responsible for the privacy policies and/or practices of these Third-Party Services, and you or your employer acting as a Namely Client are responsible for reading and understanding those Third-Party Services’ privacy policies. Your or your employer’s purchase of such Third-Party Services shall serve as consent to Namely’s use and collection of your information pursuant to the Third-Party’s applicable privacy policy.

  • Information Shared with Our Subprocessors.
    We employ and contract with individuals and other entities that perform certain tasks on Our behalf. These individuals and entities may in some instances collect your data on Our behalf and pursuant to their contractual obligations with Us and in accordance with Our established privacy and security standards (collectively, “Subprocessors”). Our subprocessors include, but are not limited to email service providers, data storage providers, and other services that support the Site, Platform and certain Services provided to you or your employer. We may need to share Personal Information with Our Subprocessors in order to provide the Site, access to the Platform, or the Services to you. Unless We tell you differently, Our Subprocessors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us in the provision of Services on your or your employer’s behalf. Transfers of your data to Subprocessors are carried out pursuant to subprocessor agreements between Namely and each Subprocessor. A list of Namely Subprocessors that process Personal Information of individuals located in the EU, the UK, and Switzerland may be found here and may be updated from time to time at our discretion and, where applicable, pursuant to a processing agreement between Namely and your employer.

  • Information Shared with Our Service Providers.
    We may share your information with entities with which Namely has contracted to provide certain services to Us (“Service Providers”) on your or your employer’s behalf. These Service Providers are authorized to use your Personal Information only as necessary to provide the contracted services to Namely, and in furtherance of such services, and may not collect, sell, retain or use your Personal Information except in such context. These services may include, but are not limited to the provision of: (i) email services to send marketing communications; (ii) mapping services; (iii) customer service or support; and (iv) verification of your income and employment.

  • Information Disclosed Pursuant to Business Transfers.
    In some cases, We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if We, or substantially all of Our assets, are acquired, or if We go out of business or enter bankruptcy, user information would be one of the assets that may be transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Us or Our assets may continue to use your Personal Information as set forth in this Privacy Policy.

  • Information Disclosed for Our Protection and the Protection of Others.
    In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as We reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce this Privacy Policy, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect Our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

We require all Third Parties, Subprocessors, Service Providers and subcontractors to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow Subprocessors and subcontractors to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions or the provision of services on Namely’s behalf, and strictly as detailed herein.

Unless We otherwise have your consent or a legitimate legal basis for doing so, We will only share your Personal Information in the ways that are described in this Privacy Policy.

Data Retention

Subject to applicable law or regulation, in certain cases, We will retain your Personal Information and the Personal Information We process on your or your employer’s behalf for as long as your account is active or as needed to provide you or your employer’s access to the Platform or to perform certain Services in accordance with Namely data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. In certain cases, and as detailed further herein, you may request removal of your Personal Information by contacting privacy@namely.com. In order to determine whether or not we are required to retain your Personal Information, your right to removal of your Personal Information is subject to applicable law or regulation, and may be further subject to Namely’s obligation on behalf of your employer who authorized the collection of your Personal Information to provide access to the Platform or to provide certain Services.

Data Security

The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using Transport Layer Security (TLS). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Subprocessors, Service Providers, subcontractors or other Third Parties, We base our selection on said partners having adequate safeguards in place as detailed herein and that meet Our data protection standards. We ensure their compliance with such standards and incorporate contractual provisions ensuring compliance with: (i) such standards; and (ii) applicable data privacy laws and regulations.

If you have any questions about security on the Site, the Platform, or in Our provision of Services, you can contact Us at privacy@namely.com.

Data Privacy in the European Union and the United Kingdom

International Transfer of Personal Information: Privacy Shield, and Contractual Terms

Certain EU and UK residents have additional privacy rights as provided in the GDPR or the UK GDPR. For such residents, We will collect, process, and store your Personal Information strictly in accordance with the applicable GDPR regulation. The GDPR further governs the transfer of subject personal information from certain countries outside of the EU, while the UK GDPR governs the transfer of subject Personal Information from the UK to jurisdictions outside of the UK, including the US. Namely is based in the US, the Site and Platform servers are hosted in the US, and many of Namely’s suppliers and Subprocessors are also based in the US or otherwise outside of the EU and the UK. In providing your Personal Information to Namely, your Personal Information will be sent to the US (or otherwise outside of the EU or the UK). In such cases, Namely will transfer such data in accordance with the GDPR or the UK GDPR and the following transfer mechanisms:

  • European Union Model Clauses. At your employer’s request, Namely shall enter into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, to meet the adequacy, privacy, and security requirements for organizations that operate in the EU or the UK, and other international transfers of Personal Information (as provided in the Agreement between Namely and Client).

  • The EU-US and Swiss-US Privacy Shield Frameworks as designed by the US Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide subject-organization with a mechanism to comply with data protection requirements when transferring Personal Information from the European Union and Switzerland to the United States in support of transatlantic commerce.

Namely complies with the EU - US Privacy Shield Framework, and the Swiss - US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the United States in reliance on the applicable Privacy Shield Framework. Namely has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Namely continues to participate in and remains certified in its compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Although this framework as implemented in 2018 was invalidated by the Court of Justice of the EU (“CJEU”) in July 2020 and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) in September 2020, We will continue to maintain Privacy Shield certification. We will rely, where applicable and as instructed by your employer, on the Standard Contractual Clauses, and secondarily, and only as may be permitted by applicable law, on the Privacy Shield as Our transfer mechanism for EU - US, UK - US, and Swiss - US data transfers. Should you or your employer wish to understand which transfer mechanism applies to the transfer of the Personal Information collected on behalf of your organization by Namely, please contact Us at privacy@namely.com. In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To address the CJEU decision of July 2020 as it relates to state authority to access Personal Information by law enforcement agencies, Namely has adopted the following law enforcement policy.

Namely is responsible for the processing of Personal Information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Namely complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, the UK, and Switzerland, including the onward transfer liability provisions.

With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, Namely is subject to the regulatory enforcement powers of the US Federal Trade Commission. To learn more about the Privacy Shield Frameworks and their adequacy, and to view Our certification, visit the US Department of Commerce’s Privacy Shield List.

If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact Our US-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Rights with Regard to Your Personal Information

In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain individuals residing in the EU, the UK, or Switzerland additional rights over Our use of your Personal Information. Namely respects your control over your information and, in the event that you have provided Personal Information to Us in your use of the Site, We will, in consultation with your employer provide you with information about whether We hold any of your Personal Information as We detail below. If you are located in the EU, UK, or Swiss citizen or national, you may access, correct, or request deletion of your Personal Information by contacting Us at privacy@namely.com. We will respond to your request within a reasonable timeframe, and subject to applicable law or regulation.

As a preliminary matter, when providing access to the Platform or in Our provision of certain Services to you or your employer and/or when collecting your Personal Information at the direction and instruction of your employer in order to provide access to the Platform or in Our provision of certain Services, Namely may have no direct relationship with the individuals whose Personal Information is provided to Namely through the Platform and/or the provision of Services. If you seek access to, seek to correct, amend, object to the processing or profiling of, or to delete your Personal Information in the Platform, you should first direct your query to your employer’s HR department to understand if the collection of your Personal Information is required by your employer to be processed by Us in providing you or your employer access to the Platform or the provision of certain Services. If your query is directed to Us, in certain cases, Namely may direct your subject access rights request to your employer for further instructions as to whether Namely may carry out such request.

If located in the EU, the UK, or Switzerland, you have the following rights regarding your Personal Information We control:

  • Right of Access.
    You can request details of your Personal Information We hold. In coordination with your employer, We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers, subject to the limitations set out in applicable laws and regulations. Where applicable We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.

  • Right of correction.
    At your request, and in coordination with your employer, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide to Us.

  • Right to be forgotten.
    At your request, and in coordination with your employer, We will delete your Personal Information if:

    1. it is no longer necessary for Us to retain your Personal Information;
    2. you withdraw the consent which formed the legal basis for the processing of your Personal Information;
    3. you object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
    4. the Personal Information was processed illegally;
    5. the Personal Information must be deleted for Us to comply with Our legal obligations.

We will decline your request for deletion if processing of your Personal Information is necessary: (i) for Us to comply with Our legal obligations; (ii) for the establishment, exercise or defense of legal claims; (iii) for the performance of a task in the public interest; or (iv) we are directed by your employer to continue to use your Personal Information to provide access to the Platform or to perform certain Services on your or your employer’s behalf.

  • Right to restrict processing.
    At your request, and in coordination with your employer, We will restrict the processing of your Personal Information if:
    1. you dispute the accuracy of your Personal Information;
    2. your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
    3. We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim; or
    4. you object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.

We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.

  • Right to data portability.
    At your request, and in coordination with your employer, We will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if:
    1. you provided Us with your Personal Information;
    2. the processing of your Personal Information is required for the performance of a contract; or
    3. the processing is carried out by automated means.
  • Right to object.
    Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will coordinate with your employer to comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.

  • Right not to be subject to decisions based solely on automated processing.
    You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us and at the direction of your employer.

  • Right to withdraw consent
    You have the right to withdraw any consent you may have previously given Us at any time. In order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact Us at privacy@namely.com. We will, in coordination with your employer, respond to your request within 30 days or provide you with reasons for the delay.

Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will, in coordination with your employer, notify you of the relevant reasons.

In so far as practicable, We will notify your employer and third parties to whom We have disclosed your Personal Information with any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee your employer or other third parties will comply with your requests and We encourage you to contact them directly.

Please note that if you decide to exercise some or all of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site, Platform, and Services.

If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.

GDPR Data Representative in the European Union and the United Kingdom

VeraSafe has been appointed as Our representative in the European Union for data protection matters relating to Personal Information of persons located in the EU, pursuant to Article 27 of the GDPR and Article 27 of the UK GDPR. VeraSafe can be contacted only on matters related to the processing of Personal Information of persons located in the EU or the UK as provided below. To make such an inquiry, please contact VeraSafe using this contact form:

EU: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at, for individuals residing in the EU:

VeraSafe Ireland Ltd Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland

And VeraSafe may be contacted at, for individuals residing in the UK:

UK: https://verasafe.com/public-resources/contact-data-protection-representative

Alternatively, VeraSafe may be contact at, for individuals residing in the UK:

VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom

Marketing

Namely uses your contact information to send marketing communications from Us, such as communications relating to promotions. You may opt out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at privacy@namely.com. In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.

California Data Privacy

California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”). This portion of the Privacy Policy applies solely to residents of California and applies to our processing of Personal Information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a California consumer on his or her household (“California Personal Information”).

Namely collects various categories of California Personal Information when you or your employer use the Namely Platform or Services, including location information, log data, tracking information, and personal information related to your employment. Namely may use your California Personal Information for permitted business purposes, such as providing services requested by you or your employer, improving our product, protecting the rights, property or safety of Namely, our Clients or others, and responding to law enforcement requests. A more detailed description of the information Namely collects or shares, or has collected or shared in the past twelve months, and how We use it is provided above in the sections entitled:Information We Collect and Receive About You and How We Use It, Other Information, and How, and With Whom, Your Information Is Shared. In the preceding twelve months, Namely collected the following categories of California Personal Information:

     
Category Examples Collected ? (Y/N)
A. Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Y
B. Personal Information as defined in Cal. Civ. Code § 1798.80(e) A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information (see Cal. Civ. Code § 1798.80(e)). Y
C. Protected Classification Characteristics of protected classifications under California or federal law (i.e., age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Y
D. Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. N
E. Biometric Information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. N
F. Internet or other similar activity Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. Y
G. Geolocation Data Physical location or movements. N
H. Sensory Data Audio, electronic, visual, thermal, olfactory, or similar information N
I. Professional or employment related information Current or past job history or performance evaluations. Y
J. Non-public education information Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. N
K. Inferences drawn from other PI Profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Y
L. Sensitive Personal Information Social Security Number, Driver’s License Number, State ID or Passport Number; Racial or ethnic origin, religious or philosophical belief, or union membership Y

Namely may disclose your California Personal Information to Third Parties, Subprocessors, Service Providers and subcontractors for a business purpose. In the preceding twelve months, Namely has disclosed California Personal Information in categories A, B, C, F, I, K and L to these Third Parties, Subprocessors, Service Providers and subcontractors. In the preceding twelve months, Namely has not sold or shared any California Personal Information.

Your Rights and Choices. California privacy laws provide California consumers with specific rights regarding their California Personal Information. This section describes your rights under those laws and explains how to exercise those rights.

Right of Access to Specific Information and Data Portability Rights. You have the right to request that We disclose certain information to you about our collection and use of your personal information over the past twelve months. Once We receive and confirm your verifiable consumer request (see “Exercising Your California Consumer Privacy” section below), We will disclose to you:

  • The categories of California Personal Information We collected about you.
  • The categories of sources from which We collect the California Personal Information about you.
  • Our business or commercial purpose for collecting, selling, or sharing that California Personal Information.
  • The categories of third parties to whom We disclose that California Personal Information.
  • The specific pieces of California Personal Information We collected about you (also called a data portability request).

To the extent a business sells or shares California Personal Information, a consumer shall have the right to request the business to identify, during the past 12 months: (1) categories of Personal Information that the business sold or shared, and (2) categories of Personal Information disclosed for business purpose and each category of recipient. The sale or sharing California Personal Information as defined under the California Privacy Laws is not applicable to how We collect or use your Personal Information. However, We have described this right as it is a core part of your rights as a California consumer.

Right to Deletion. You have the right to request that We delete any of your California Personal Information that We collected from you and retained, subject to certain exceptions and as permitted under the California Privacy Laws. Once We receive and confirm your verifiable consumer request (see “Exercising Your California Consumer Privacy” section below), We will delete (and direct our service providers to delete) your California Personal Information from our records, unless an exception applies.

Right to Opt-out of “Sale” and Certain “Sharing” Practices: You have the right to opt-out of certain data sharing practices with third parties, who may use your California Personal Information solely for their own purposes. Your right to opt-out is limited to information We “sell” or “share” to these third parties. “Sell” in this case does not mean providing data in exchange for money – we don’t do that.  “Sell” or “sharing” instead means the disclosure or release of Personal Information, including technical device data that does not identify you directly but can be attributed back to identify you, when a third party might use that data for its own purposes, such as for personalized advertising or cross-context behavioral advertising, whether or not for monetary or other valuable consideration. You may opt out by using the contact information set out in the section “Exercising Your California Consumer Privacy Rights” below.

If you are sixteen (16) years of age or older, you have the right to direct us to not sell your California Personal Information at any time (the “right to opt-out”). Our business, as a business-to-business provider, is targeted to business professionals. Therefore, We do not knowingly collect or sell the California Personal Information of consumers We actually know are less than sixteen (16) years of age. Consumers who opt-in to California Personal Information sales may opt out of future sales at any time.

Right to Correct. You have the right to correct inaccurate Personal. Our goal is to keep your Personal Information accurate, current and complete. If you believe your Personal Information is not accurate (other than Personal Information stored in your account that you may modify at any time), you may submit a request by using the contact information set out in the section “Exercising Your California Consumer Privacy Rights” below.

Right to Limit Use and Disclosure of Sensitive Personal Information. In cases where We collect “sensitive personal information” as defined under California Privacy Laws, you have a right to limit the use of sensitive personal information to uses necessary to perform services or provide goods reasonably expected by an average consumer.

Right to Non-Discrimination. Namely will not discriminate against you for exercising any of your CCPA rights. To this end, unless permitted by the CCPA, Namely will not:

  • Deny you access to the Namely Platform or Services;
  • Charge you a different price or rate for the Platform or Services, including the granting of discounts or other incentives;
  • Provide a different or downgraded Platform or Service;
  • Suggest that you may receive a different price or rate for the Namely Platform or its Services or a different or downgraded Platform or Service;

Exercising Your California Consumer Privacy Rights. To exercise your rights under the CCPA please submit a verifiable consumer request to Namely by either calling Namely at 1-855-626-3591 by or emailing us at privacy@namely.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must:

  • Be made by a natural person;
  • Provide sufficient information to allow Namely to reasonably verify your identity and that you are the person about whom we collected Personal Information, or you are an authorized representative;
  • Describe your request with sufficient detail that allows Namely to properly understand, evaluate, and respond to your request.

In certain cases, Namely collects and processes Personal Information on you at the contractual obligation of your employer. In order to respond to a verified request, Namely may be required to provide notice to your employer of your request, and to follow your employer’s instructions as they relate to carrying out your request. Namely cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a verifiable request does not require you to create an account, but we may ask you to verify your request by logging into your account if you have one. We will only use Personal Information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Changes to this Privacy Policy

Namely may amend this Privacy Policy from time to time to reflect changes to applicable laws and regulations or other requirements applicable to us, changes in technology, or changes to Our information practices. Our use of Personal Information We collect is subject to the Privacy Policy in effect at the time such information is used. If We make material changes in the way We collect or use information, We will notify you by posting an announcement on Our Site or in the Platform, or by sending you an email prior to the changes becoming effective.

Contacting Namely If You Have Questions or Concerns

If you have any questions or concerns regarding this Privacy Policy, please send Us a detailed message to privacy@namely.com or at Our mailing address at 195 Broadway, 15th Floor, New York, NY 10007. We will make every effort to resolve your concerns. You may also raise any concerns or complaints with your local Data Protection Authority.

Effective Date: December 20, 2022.