Where applicable, a separate agreement may govern the delivery, access, and use of the Platform, Services and Mobile Apps (the “Client Agreement”), including the processing of Personal Information and data submitted through employer-based accounts (“Clients”). The Client that entered into the Client Agreement with Namely may authorize Us to collect, process, and store your personal information and associated Client data. If you have any questions about specific Platform settings or what information Namely has been authorized by Client to process on your behalf, you may contact Namely at the contact information in this notice or your Client administrator for the Platform you use.
We generally collect and process the following types of Personal Information:
Personal Information. When using the Site, Platform, or Services, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to: (i) provide login information to the Platform as well as to carry out Platform processing functions and the Services Namely has been contracted to provide by Client; (ii) communicate with you by responding to your requests, comments and questions; (iii) improve the Site; and (iv) perform various account functions provided by Namely. The GDPR legal basis for processing this information is: (a) the legitimate interest in communicating with you and improving Our Site; and (b) the contractual obligation to perform the Services.
Contact Information When you express an interest in obtaining additional information about the Site, Platform, or Services, Namely may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments, and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Device Information. When using the Platform, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Platform on your phone or computer. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Platform. When you download or access the Platform, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Platform. However, if you are using the Namely Time Mobile App, your employer may enable location tracking technology for time-keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. If you apply for a job at Namely through the Site, You may provide Us with your location information by selecting the “Locate me” button. We use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your consent.
Log Data. As is true of most websites and platforms, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of Our Site.
Single Sign-On. You can log in to Our Platform using sign-in services such as Log in With Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with Us such as your name and email address to pre-populate Our sign-up form.
Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact Us email@example.com. f you choose to use Our referral service to tell a friend about our Site, We will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting them to visit the Site. Namely stores this information for the sole purpose of sending this one-time email and tracking the success of Our referral program In addition to their other rights, your friend may contact Us at firstname.lastname@example.org to request that We remove this information from our database. The GDPR legal basis for processing this information is your consent.
Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, Namely collects information under the direction of its Clients. The Client Agreement may govern the delivery, access, and use of the Platform and Services, including the processing of Personal Information and data submitted through Client accounts. The Client (e.g., your employer) controls their Platform and any associated Client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.
Namely also uses other information in furtherance of Our legitimate interests in operating Our Site, Platform, and Services.
Third Party Services.
At times, you may be able to access other Third-Party Services through the Site, for example by clicking on links to those Third-Party Services from within the Site. Namely is not responsible for the privacy policies and/or practices of these Third-Party Services, and you or your employer acting as a Namely Client are responsible for reading and understanding those Third-Party Services’ privacy policies.
Information Shared with Our Service Providers.
We may share your information with third parties who provide services to Us. These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include, but are not limited to the provision of: (i) email services to send marketing communications; (ii) mapping services; and (iii) customer service or support, and (iv) providing cloud computing infrastructure.
Information Shared with Our Sub-Processors.
We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf, mapping service providers, and customer support providers Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us in the provision of Services on your or Client’s behalf. Transfers to third parties are covered by subprocessor agreements between Namely and each Sub-Processor. A list of Namely Sub-Processors that process Personal Information of individuals located in the EU can be found here.
Information Disclosed Pursuant to Business Transfers.
Information Disclosed for Our Protection and the Protection of Others.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions or the provision of services on Namely’s behalf.
We will retain your Personal Information and the Personal Information We process on behalf of Our Clients for as long as your account is active or as needed to provide Services to Our Clients in accordance with Namely data retention policies, and as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. You may request removal of your Personal Information at any time by contacting email@example.com.
The security of your Personal Information and Our Clients’ information is important to Us. We put in place appropriate technical and organizational measures to ensure your Personal Information is kept secure and protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. When you enter sensitive information (such as login credentials), We encrypt the transmission of that information using Transport Layer Security (TLS). We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. When We share your Personal Information with Sub-Processors or other third-party service providers, We base our selection on said parties having adequate safeguards in place that meet Our data protection standards. We audit their compliance with such standards and incorporate contractual provisions ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.
If you have any questions about security on Our Site, you can contact Us firstname.lastname@example.org.
Certain European Union residents have additional privacy rights as provided in the GDPR. For such residents, Namely will collect, process, and store your personal information strictly in accordance with the GDPR. The GDPR further governs the transfer of subject personal information from the certain European Area countries outside of the European Union. Namely is based in the U.S., the Site and Platform servers are hosted in the U.S., and many of Namely’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to Namely, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union). In such cases, Namely will transfer such data in accordance with the GDPR and the following transfer mechanisms:
Namely participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view Our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov.
Namely is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Namely complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Namely is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact Our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield Website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
In addition to the lawful transfer, processing and storage of your Personal Information, the GDPR gives certain European Union members additional rights over Our use of your Personal Information. Namely respects your control over your information and, in the event that you have provided Personal Information to Us in your use of the Site, We will provide you with information about whether We hold any of your Personal Information as We detail below. You may access, correct, or request deletion of your Personal Information by contacting Us at email@example.com. We will respond to your request within a reasonable timeframe.
As a preliminary matter, when acting as a service provider of Our Clients, Namely may have no direct relationship with the individuals whose Personal Information is provided to Namely through the Platform and Services. An individual who is or was employed by one of Our Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete their Personal Information in the Platform, should direct the query to their employer’s HR department if they cannot make the appropriate changes via its access to the Platform provided by the Client.
If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:
Right of Access.
You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.
Right of correction.
At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide to Us.
Right to be forgotten.
At your request, We will delete your Personal Information if:
We will decline your request for deletion if processing of your Personal Information is necessary: (i) for Us to comply with Our legal obligations; (ii) for the establishment, exercise or defense of legal claims; or (iii) for the performance of a task in the public interest.
We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.
Right to object.
Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing.
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.
In so far as practicable, We will notify Our Clients and third parties to whom We have disclosed your Personal Information with any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that We cannot guarantee our Clients or other third parties will comply with your requests and We encourage you to contact them directly.
Please note that if you decide to exercise some of your rights, We may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site, Platform, and Services.
If you are not satisfied with Our response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against Us in any court of competent jurisdiction.
VeraSafe has been appointed as Our representative in the European Union for data protection matters relating to Personal Information of persons located in the EU, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted only on matters related to the processing of Personal Information of persons located in the EU. To make such an inquiry, please contact VeraSafe using this contact form:
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
You may choose to opt in to receive occasional email and other communications from Us, such as communications relating to promotions. You may opt out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing Us at firstname.lastname@example.org. In the context of Us providing you marketing, We may analyze your preferences to make sure the information We provide you is relevant.
California residents have certain privacy rights as specified under California law, including the California Consumer Privacy Act of 2018 (“CCPA”). If you are a resident of California, you have the right to know what personal information has been collected about you, and to access that information. You have the right to request deletion of your personal information, though exceptions under the CCPA may allow Namely to retain and use certain personal information notwithstanding your deletion request.
Namely collects various categories of personal information when you or your employer use the Namely Platform or Services, including location information, log data, tracking information, and personal information related to your employment. A more detailed description of the information Namely collects and how we use it is provided above in the sections entitled: Information We Collect and Receive About You and How We Use It, Other Information, and How, and With Whom, Your Information Is Shared.
In addition to Our collection of your Personal Information, Namely may engage certain third parties to perform a function or provide services to you on behalf of Namely including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer and account relationship management, database storage and management, and direct marketing campaigns. Namely may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. Namely requires these third parties to maintain the privacy and security of the Personal Information they process on our behalf.
Namely does not sell your Personal Information when you use the Namely Platform or when you use a Namely Service and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law. Namely does not offer financial incentives associated with the collection, use, or disclosure of your personal information.
Namely will not discriminate against you for exercising any of your CCPA rights. To this end, unless permitted by the CCPA, Namely will not:
To exercise your rights under the CCPA please submit a verifiable consumer request to Namely by either calling Namely at 1-855-626-3591 by or emailing us at email@example.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your data twice within a twelve (12) month period. Your verifiable consumer request must:
In certain cases, Namely collects and processes personal information on you at the contractual obligation of your employer. In order to respond to a verified request, Namely may be required to provide notice to your employer of your request, and to follow your employer’s instructions as they relate to carrying out your request. Namely cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable request does not require you to create an account, but we may ask you to verify your request by logging into your account if you have one. We will only use personal information provided by a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Effective Date: January 1, 2020.