Schedule a demo

TRUSTe

Namely Privacy Policy

This Privacy Policy (the “Privacy Policy”) describes how Namely, Inc. (“Namely,” “We,” “Our,” or “Us”) collects, uses, secures, and discloses Personal Information, and what choices you have with respect to that information.

Updates in this latest version of the Privacy Policy reflect changes in applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”). Additionally, We have made this Privacy Policy more clear, concise, and accessible by organizing it into the sections listed in the hyperlinked Table of Contents below.

This Privacy Policy Covers the Following Topics:

Applicability of this Privacy Policy

Information We Collect and Receive About You and How We Use It

Data Retention

Data Security

International Transfer of Personal Information: Privacy Shield and Contractual Terms

GDPR Data Representative in the European Union

Marketing

Rights with regard to Your Personal Information

Changes to this Privacy Policy

Contacting Namely If You Have Questions or Concerns

Applicability of this Privacy Policy

This Privacy Policy describes the policies and procedures of Namely with a principal office located at 195 Broadway, 15th Floor, New York, NY 10007 on the collection, use, access, correction, and disclosure of your personal information on namely.com (the “Site”) and Our mobile applications: Namely and Namely Time Mobile (together, the “Mobile Apps”). Your personal information will include any information which, either alone or with other data, is reasonably available to Us and relates to you (“Personal Information”).

This Privacy Policy also covers any of your Personal Information which is provided to Us and which is used in connection with the marketing of the services, features or content We offer (the “Services”) to Our Clients and/or the support that We may give you in connection with the provision of our Services and the Mobile Apps.

Finally, this Privacy Policy also describes the choices available to you regarding the use of, your access to, and your rights in relation to your Personal Information.

This Privacy Policy does not apply to any third party applications or software that can be accessed from the Site, the Services or the Mobile Apps, such as applicant tracking systems, social media websites or partner websites (“Third Party Services”).

A separate agreement governs the delivery, access, and use of the Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through Services accounts. The organization (e.g., your employer) that entered into the Client Agreement (“Client”) is the data controller for its instance of the Services (their “Platform”) and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator for the Platform you use.

Information We Collect and Receive About You and How We Use It

We generally collect and process the following types of Personal Information:

Information You Provide Us:

  • Personal Information. When using the Site or Mobile Apps, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to (i) communicate with you by responding to your requests, comments and questions, (ii) improve the Site and (iii) perform the Services provided by Namely. The GDPR legal basis for processing this information is (i) the legitimate interest in communicating with you and improving Our Site and (ii) the contractual obligation to perform the Services.

  • Contact Information When you express an interest in obtaining additional information about the Services, the Site, or Mobile Apps, Namely may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.

  • Device Information. When using the Mobile Apps, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Mobile Apps on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Mobile Apps. When you download and use the Mobile Apps, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.

  • Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Mobile Apps. However, if you are using the Namely Time Mobile App, your employer may enable location tracking technology for time keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. If you apply for a job at Namely through the Site, You may provide Us with your location information by selecting the “Locate me” button. We use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your consent.

  • Log Data. As is true of most Websites, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.

  • Tracking Technologies. Namely and its partners use cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about Our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on Our Site or Service. We partner with third parties to either display advertising on Our Site or to manage Our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on Our Site and other sites in order to provide you with advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.

Other Information:

  • Social Media Features. Our Site includes social media features, such as the Facebook “Like” button and widgets, such as the “Share This” button or interactive mini-programs that run on Our Site. These features may collect your IP address, which page you are visiting on Our Site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on Our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

  • Single Sign-On. You can log in to Our Services using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.

  • Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us at info@namely.com. If you choose to use Our referral service to tell a friend about our Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting him or her to visit the Site. Namely stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at info@namely.com to request that We remove this information from our database. The GDPR legal basis for processing this information is your consent.

  • Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, Namely only collects information under the direction of its Clients. The Client Agreement governs the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through Services accounts. The Client (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.

  • Client data will be used by Namely in accordance with the Client’s instructions, applicable terms in the Client Agreement, Client’s use of Services functionality, and as required by applicable law. Under applicable GDPR, Namely is a processor of Client data and Client is the controller.

  • Namely also uses other information in furtherance of Our legitimate interests in operating Our Services, the Site, and business.

How, and With Whom, Your Information Is Shared

  • Third Party Services.
    At times, you may be able to access other Third Party Services through the Site, for example by clicking on links to those Third Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies.

  • Information Shared with Our Service Providers.
    We may share your information with third parties who provide services to Us.  These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include the provision of (i) email services to send marketing communications, (ii) mapping services, (iii) customer service or support, and (iv) providing cloud computing infrastructure.

  • Information Shared with Our Sub-Processors.
    We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf, mapping service providers, and customer support providers Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us. Transfers to subsequent third parties are covered by onward transfer agreements between Namely and each Sub-Processor. A list of Namely Sub-Processors that process Personal Information of individuals located in the EU can be found here.

  • Information Disclosed Pursuant to Business Transfers.
    In some cases, We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if We, or substantially all of Our assets, Were acquired, or if We go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Us or Our assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on Our Site of any change in the legal owner or uses of your Personal Information, as Well as any choices you may have regarding your Personal Information.

  • Information Disclosed for Our Protection and the Protection of Others.
    In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as We reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request (ii) enforce this Privacy Policy, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect Our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors We share your Personal Information with to use it for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions.

Except as set forth above, you will be notified when your Personal Information is shared with third parties, and will be able to prevent the sharing of this information. Unless We otherwise have your consent, We will only share your Personal Information in the ways that are described in this Privacy Policy.

Data Retention

We will retain your Personal Information and the Personal Information We process on behalf of Our Clients for as long as needed to provide Services to Our Clients in accordance with Namely data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. You may request removal of your Personal Information at any time by contacting support@namely.com.

Data Security

The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Sub-Processors or other third party service providers, We base our selection on said parties having adequate safeguards in place that meet Our data protection standards. We audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.

If you have any questions about security on Our Site, you can contact Us at info@namely.com.

International Transfer of Personal Information: Privacy Shield, and Contractual Terms

Namely is based in the U.S., the Site is hosted in the U.S., and many of Namely’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to Namely, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union), where the local applicable law may provide you with less protection than under European Union law. However, any transfer of Personal Information from the European Union to the U.S. or elsewhere will be strictly in accordance with applicable European Union data protection law.

  • The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Namely participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view Our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov.

Namely is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Namely complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Namely is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact Our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

  • European Union Model Clauses. Namely also enters into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, with its Clients to meet the adequacy, privacy, and security requirements for Our Clients that operate in the European Union, and other international transfers of client data.

GDPR Data Representative in the European Union

VeraSafe has been appointed as Our representative in the European Union for data protection matters relating to Personal Information of persons located in the EU, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted only on matters related to the processing of Personal Information of persons located in the EU. To make such an inquiry, please contact VeraSafe using this contact form:

https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

Marketing

As part of the Services, you may choose to opt-in to receive occasional email and other communications from Us, such as communications relating to promotions. You may opt-out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at info@namely.com. In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.

Rights with regard to Your Personal Information

In the event that you have provided Personal Information to Us in your use of the Site, We will provide you with information about whether We hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting Us at info@namely.com. We will respond to your request within a reasonable timeframe.

When acting as a service provider of Our Clients, Namely has no direct relationship with the individuals whose Personal Information is provided to Namely through the Services. An individual who is or was employed by one of Our Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her Personal Information in the Platform, should direct his/her query to the HR department of the Client that uses the Platform and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the Platform provided by the Client.

If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:

  • Right of Access.
    You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.

  • Right of correction.
    At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide US.

  • Right to be forgotten.
    At your request, We will delete your Personal Information if:

    1. it is no longer necessary for Us to retain your Personal Information;
    2. you withdraw the consent which formed the legal basis for the processing of your Personal Information;
    3. you object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
    4. the Personal Information was processed illegally;
    5. the Personal Information must be deleted for Us to comply with Our legal obligations.

We will decline your request for deletion if processing of your Personal Information is necessary: 1. for Us to comply with Our legal obligations; 2. for the establishment, exercise or defense of legal claims; or 3. for the performance of a task in the public interest.

  • Right to restrict processing.
    At your request, We will restrict the processing of your Personal Information if:
    1. you dispute the accuracy of your Personal Information;
    2. your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
    3. We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim; or
    4. you object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.

We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.

  • Right to data portability.
    At your request, We will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if:
    1. you provided Us with your Personal Information;
    2. the processing of your Personal Information is required for the performance of a contract; or
    3. the processing is carried out by automated means.
  • Right to object.
    Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.

  • Right not to be subject to decisions based solely on automated processing.
    You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.

  • Right to withdraw consent
    You have the right to withdraw any consent you may have previously given Us at any time. In order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact Us at support@namely.com. We will respond to your request within 30 days or provide you with reasons for the delay.

Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.

In so far as practicable, We will notify Our Clients and third parties We have disclosed your Personal Information with of any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee our Clients or other third parties will comply with your requests and We encourage you to contact them directly.

Please note that if you decide to exercise some of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site and Mobile Apps.

Right to complain to a supervisory authority. If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.

Changes to this Privacy Policy:

We may amend this Privacy Policy from time to time to reflect changes to Our information practices. Our use of Personal Information We collect is subject to the Privacy Policy in effect at the time such information is used. If We make material changes in the way We collect or use information, We will notify you by posting an announcement on Our Site or sending you an email prior to the changes becoming effective.

Contacting Namely If You Have Questions or Concerns

If you have any questions or concerns regarding this Privacy Policy, please send Us a detailed message to info@namely.com or at Our mailing address at 195 Broadway, 15th Floor, New York, NY 10007. We will make every effort to resolve your concerns. You may also raise any concerns or complaints with your local Data Protection Authority.

Effective Date: May 25, 2018.