In addition to covering how we collect, use, disclose, transfer, and store your information, this policy also discloses our purpose and lawful basis for processing your personal information, and your related rights. Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be that the processing (i) is necessary for our legitimate interests in carrying out our business with you, including direct marketing, provided those interests are not outweighed by your rights and interests, or (ii) is necessary to perform a contract with you. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.
If you are a resident of California, please see the California Addendum below for additional details on how Jamf handles your personal information.
Our Services are not directed to anyone under the age of 16, and Jamf does not knowingly solicit or collect information from anyone under 16 years of age. If you are a parent or guardian and believe we may have collected information about a child, please contact us at firstname.lastname@example.org.
B. Collection and Sources of Information
Depending on the context in which you interact with us, Jamf may collect or receive the following information:
- Account and Profile Information: This includes information you provide when you create an account with our Services, request a trial, contact support, register for events, complete surveys and may include name, username, email address, phone number, company name, state, country, LinkedIn URL, Twitter URL, GitHub URL, and your photo.
- Service Information: When you use our Services, we receive information generated through your use of the Services, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include, but is not limited to, name, username, company/organization, company/organization address, email address, phone number, IP address, MAC address, latitude, longitude, AppleCare ID, Apple ID, device name(s), device ID(s), and directory ID or other information you place within the Services. The information collected is kept to a minimum and depends on the use case and platforms used.
- Performance and Usage Data: We may collect statistical, usage, configuration, and performance data of the Services to monitor the performance, integrity, and stability of the Services. Further, we may use and disclose this information for any purpose, provided that such data is first de-identified.
- Payment Information: We use third party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors whose use of your personal information is governed by their privacy policies. The privacy policies of our current third party processors may be viewed at https://stripe.com/us/privacy, https://www.digitalriver.com/privacy-policy/, https://home.bluesnap.com/privacy-policy/, https://www.cleverbridge.com/corporate/privacy-policy/ and https://usaepay.info/policy.
- Information from Third Parties: We receive information from third party business partners such as the contact details of prospects and sales leads from our resellers. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
- Location Information: Some of our applications collect general location information based on IP address. This information is used to customize the services provided to you, such as location-based information of specific managed devices. Location information is only viewable by the end user. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.
C. Use of Collected Information
We may use the information we collect or receive for the following purposes:
- To carry out the purpose for which it was originally collected or received.
- To provide, operate, maintain, and improve our products and services.
- To respond to your inquiries and provide support.
- To process and complete transactions, and send you related information.
- To market and sell our products and services. If we do so, we will provide you with an easy way to opt-out of receiving such communications in the future.
- To monitor the performance, integrity, and stability of the Services.
- To address or prevent technical or security issues.
- To customize your experience related to the Services and display content that we think you might be interested in according to your preferences.
D. Cookies and Similar Technologies
Controlling or Modifying Cookies. If you accept a cookie, you can delete it at any time (e.g., as soon as you leave our websites) through your web browser. If you do not wish to receive cookies or wish to manage when you accept cookies in general, you can set your browser to reject cookies or to alert you when a cookie is placed on your computer. If you choose to decline cookies, you may not be able to use certain features or functionality of our Services that depend on your web browser accepting cookies. You can also use opt-out tools provided by third party partners, or by the Digital Advertising Alliance (http://www.aboutads.info/choices), the EU Internet advertising industry (http://www.youronlinechoices.eu), or similar entities. Where required, Jamf obtains consent prior to using cookies.
Analytics. Jamf uses analytical services provided by Google to monitor our Services, such as Firebase, Google Analytics for Firebase, and Crashlytics. You can find out more about the types of analytical data collected, how that data is processed, and how to opt out of certain features by visiting www.google.com/policies/privacy/partners/.
Do Not Track Signals. Jamf Services do not respond to Do Not Track Signals.
E. Sharing of Personal Information & Accountability for Onward Transfer
From time to time, Jamf may engage third-party business partners, vendors, or sub-processors to perform functions such as sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, data storage, processing credit card payments, providing search results and links (including paid listings and links), and providing customer service. Such companies shall only use your information for those purposes required to perform their functions. Additionally, Jamf may share your information, without your prior consent, in the event of any reorganization, merger, sale, joint venture, or transfer of assets. When information is shared, Jamf will ascertain that the third parties receiving the information are obligated to provide at least the same level of privacy protection as is required under this policy. Should Jamf transfer information outside of a local jurisdiction, it shall only be done with adequate protections in place and in compliance with applicable laws and standards.
Jamf may be required to disclose an individual’s information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Jamf shall remain liable under applicable law and relevant contract obligations for its sub-processors, if they process your information in a manner inconsistent with applicable law and contract obligations, unless Jamf proves that it is not responsible for the event giving rise to the damage.
F. International Data Transfer
Your personal information might be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection and privacy laws that are different than the laws of your home country. Jamf only transfers personal information to other countries in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information. A list of Jamf’s global offices is available here.
If you are a resident of the European Economic Area (“EEA”) and your personal information is transferred outside of the EEA, we will:
- Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by EEA Standard Contractual Clauses (“EEA SCCs”) or another lawful transfer mechanism approved by the European Commission.
If you are a resident of the United Kingdom (“UK”) and your personal information is transferred outside of the UK, we will:
- Process it in a territory which the Information Commissioner’s Office (“ICO”) has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by appending the UK Addendum to the EEA SCCs or another lawful transfer mechanism approved by the Information Commissioner’s Office.
If you are a residence of Switzerland and your personal information is transferred outside of Switzerland, we will:
- Process it in a territory which the Swiss government has determined provides an adequate level of protection for personal information; or
- Otherwise implement appropriate safeguards to protect your personal information, including by using the EEA SCCs, subject to modifications and amendments prescribed by the Swiss Federal Data Protection and Information Commissioner.
In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, Jamf commits to refer unresolved privacy complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs, which is based in the United States. If you do not receive timely acknowledgment of your DPF Principles complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers or more information or to file a complaint. The services of BBB National Programs is provided at no cost to you.
Under certain conditions, you may invoke binding arbitration for certain residual claims as to data covered by the EU-U.S. DPF, the UK Extension to the EU.U.S. DPF and Swiss-U.S. DPF. The purpose of this option is to provide a prompt, independent, and fair mechanism, at your option, for resolution of any claimed violations of the EU-U.S. DPF, UK Extension to the EU-U.S. DPF or Swiss-U.S. DPF Principles not resolved by any of the other EU-U.S. DPF, UK Extension or Swiss-U.S. DPF mechanisms. For additional information on binding arbitration, see Annex I to the EU-U.S. DPF Principles found here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
G. Protection and De-Identification of Information
Taking into account the risks involved in the processing, the nature of information processed, and to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction while maintaining data accuracy, Jamf has put in place appropriate physical, electronic, and managerial policies and procedures to safeguard the information Jamf collects. Any payment transactions will be encrypted using SSL technology. However, the safety and security of your information also depends on you. Where you have chosen or we have given you a username and password for access to certain parts of the Services, you are responsible for keeping the username and password confidential. Although we do our best to protect the information, we cannot and do not guarantee the security of your information.
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
For more information on how we protect information, see https://www.jamf.com/trust-center/.
Jamf retains your information (including your sensitive information) in an identifiable form for as long as needed or permitted in light of the purposes for which it was collected. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide Services to you, for example, for as long as you have an account with us or keep using our Services, and the length of time thereafter during which we may have a legitimate need to reference your information to address issues that may arise;
- Whether there is a legal obligation to which we are subject, for example, certain laws may require us to keep records of your transactions for a certain period of time before we can delete them; and
- Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations.
I. Other Limits to Your Privacy
The Services may contain links to other non-Jamf websites. Jamf is not responsible for the privacy practices or the content of such websites. Jamf has no control over the use of such websites, and you should exercise caution when deciding to disclose any information on these websites.
We seek to provide you with choices regarding the information you provide to us. You can always opt not to disclose information. However, if you elect to opt out of disclosing information, such election may impact functionality or prevent the use of Jamf’s products or Services. You have the right, at any time, to opt-out of receiving marketing messages from Jamf by sending an email to email@example.com, by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing here. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important operational or administrative messages.
K. Privacy Requests
If you would like to request to access, correct, update, suppress, restrict, or delete your personal information, object to or opt out of the processing of your personal information, or receive a copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us via Section M below.
To protect your privacy and security, Jamf may also take reasonable steps to verify your identity before making corrections to or deleting your account.
Jamf processes some personal information solely on behalf of its customers in the course of delivering Services. This personal information is processed to accomplish the business purposes of the customer to whom the Services are provided, and often, Jamf will not have a direct relationship with the subject of this personal information. In these cases, Jamf recommends first contacting the organization to which your personal information was originally provided with any data privacy questions. The organization can contact Jamf if escalation of your query is necessary.
L. Regulatory Oversight
M. How to Contact Us
JAMF Software, LLC
100 Washington Avenue South
Minneapolis, MN 55401
California Addendum—For Residents of California
Collection and Disclosure of Personal Information
|Categories of personal information||Disclosed to which categories of third parties for operational business purposes|
|Identifiers, such as name, contact details (address, phone number, email), IP address, and online identifiers.||Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement|
|Personal information as defined in the California customer records law such as name, contact information, and employment information.||Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement|
|Characteristics of protected classifications under California or federal law, such as sex, age, gender, race, medical conditions, and primary language||Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement|
|Commercial information, such as purchase history and transaction information||Our affiliates; vendors that provide services such as data analysis, data storage, payment processing, and customer service; trusted business partners; public and governmental authorities, such as regulatory authorities and law enforcement|
|Internet or network activity information, such as browsing history, search history, and interactions with our online properties or ads||Our affiliates; vendors that provide services such as data analysis and data storage; public and governmental authorities, such as regulatory authorities and law enforcement|
|Geolocation data, such as approximate location derived from IP address and device location||Our affiliates; vendors that provide services such as data analysis, data storage, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement|
|Audio, electronic, visual, and similar information, such as photos and call or video recordings||Our affiliates; vendors that provide services such as data storage and customer service; public and governmental authorities, such as regulatory authorities and law enforcement|
|Professional or employment-related information, such as current employer|
| ||Our affiliates; vendors that provide services such as data analysis, data storage, and customer service; public and governmental authorities, such as regulatory authorities and law enforcement|
Without limiting the foregoing, we do not “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.
Purposes for the Collection, Use, and Disclosure of Sensitive Personal Information
We collect, use, and disclose sensitive personal information for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, countering wrong or unlawful actions, short term transient use such as displaying first party, non-personalized advertising, order processing and fulfillment, servicing accounts, providing customer service, verifying customer information, processing payments, activities relating to quality and safety control or product improvement, and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal information for additional purposes.
You may, subject to applicable law, make the following requests:
- You may request that we disclose to you the following information:
a. The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
b. The business or commercial purpose for collecting personal information about you; and
c. The categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
- You may request to correct inaccuracies in your personal information.
- You may request to have your personal information deleted.
- You may request to receive the specific pieces of your personal information, including a copy of the personal information you provided to us in a portable format.
We will not unlawfully discriminate against you for making an individual request. To make a request, please contact us at either firstname.lastname@example.org or 888-755-1421. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your personal information. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
Date Updated: August 23, 2023