Jamf Software, LLC Employee Privacy Notice
This notice provides you with further details about the employee personal information that Jamf may process and is intended to supplement our Privacy Policy. Jamf may update this notice periodically. If material changes are made, we will notify you by email or by posting the revised notice on our corporate website. The effective date of the latest revision will appear at the end of this notice, and any updates will take effect seven (7) calendar days after posting on our corporate website.
For the purposes of this notice, “employee personal information” is included within the definition of “personal information” unless otherwise specified. An “Employee” at Jamf is defined as any current or former full-time, part-time, temporary, or contract worker, as well as interns, job applicants, and individuals whose personal information is collected in the employment context.
JAMF Software, LLC, or its affiliates (collectively, “Jamf”) may collect personal information from prospective and present Employees only for legitimate business purposes, as described in the Appendix to this notice and in accordance with applicable laws, including data privacy/protection laws and regulations. Employee personal information related to health, performance evaluations, disciplinary actions, and other sensitive Employee matters, whether it is stored manually or electronically, is only accessible to other Jamf Employees when required to fulfill authorized HR functions or comply with privacy obligations.
For legitimate human resources purposes, Employees may choose to voluntarily disclose personal information about family members and other individuals, including the beneficiaries of employment benefits and emergency contacts. If Jamf Employees choose to do this, the individual’s personal information shall be treated, for the purposes of this notice, the same as an Employee’s personal information. It is the Employee’s responsibility to inform any such individuals about this notice and ensure that the Employee has the right to provide the individual’s personal information to Jamf.
Employee personal information is never sold, leased, or rented to any third party. Employee personal information will never be disclosed to third parties except as follows:
- To those retained by Jamf for processing only for the purposes set out in this Notice;
- Where required pursuant to an applicable law, governmental or judicial order, law, or regulation, or to protect the rights or property of Jamf;
- In the event of sale of the business, merger, acquisition, etc.;
- Where authorized electronically or in writing by the Employee; and
- Where the Employee voluntarily provides personal information, and the context makes it clear that Employee personal information will be provided to a third party/processor (ex. payroll, benefits, travel, reimbursement, and other systems used in the Employment context).
Where personal information is transferred from the EU, UK, or Switzerland to the US in the context of the employment relationship, we will cooperate in investigations by and comply with the advice of relevant data protection authorities.
If you are a resident of California, please see the California Addendum below for additional details on how Jamf handles your personal information.
Appendix – Description and Uses of Employee Personal Information
1. Who is responsible for processing and who can I contact?
The data controller is Jamf Software, LLC, or its affiliates as applicable (“Jamf” or the “Company”) and the responsible person can be contacted with any questions about this Notice or Jamf’s privacy practices at privacy@jamf.com.
2. What sources and information do we use?
We may obtain your information directly from you (during the recruitment process and during employment) and from third parties, such as recruitment agencies, our affiliates, your colleagues and managers, references you provide, prior employers or schools, pre-employment screening services, such as background check providers (where permitted by law), job board websites, providers of employee benefits, social media networks, and publicly available databases.
Please see point 3 below for more information.
3. What categories of personal information do we process, why do we process the personal information, and on what legitimate basis?
| Categories of personal information | Purpose of processing | Legitimate basis |
| Name and surname, date of birth, contact details (address, phone number, e-mail address), PESEL number, ID number, education, qualifications, previous employment, tax number (NIP), place of birth, information on family members, bank account number, information on contract of employment (start and end dates, role and location, working hours, salary, benefits and holiday entitlement), information related to pension schemes, performance at work, training records, absences (sick leave, holiday, etc.), information on disciplinary measures, image, information about military duty and other information required by employment and social security laws or needed to carry out Jamf's business | Realization of employment duties and carrying out Jamf’s business | Compliance with legal obligations of Jamf as an employer Jamf’s legitimate interests consistent with carrying out business activity Necessity to perform employment contract Employee's consent for use of their image for marketing Jamf’s legitimate interest consistent with carrying out emergency notification Jamf’s legitimate interest in enrolling employees in benefit plans |
| Racial or ethnic origin, gender, veteran status, disability, marital status, LGBTQIA+ status | DEIB analysis and reporting | Employee’s explicit consent |
| Information needed through the carrier service includes name, e-mail address, phone number, call history, SMS history (not messages), aggregated data usage, network traffic, SIM, device identifiers (if device is managed) | Provide optional Jamf-purchased telecommunication service and/or hardware | Compliance with legal obligations Jamf’s legitimate interests consistent with ensuring that its business activities and continuity |
| Geolocation coordinates (optional) Geolocation data, such as device location and approximate location derived from IP address | Emergency notification based on dynamic location for business continuity Relative location, like IP address, is used for dynamic management of devices and protecting Jamf’s networks | Jamf’s legitimate interest consistent with carrying out emergency notification Jamf’s legitimate interests consistent with carrying out business activity |
| Name, position, PESEL, NIP, date and place of birth, contact details, information about accident, information about suffered harm, ID number, position, name, surname, and contact details of the third party – contact person in case of accidents at work | Documenting accidents at work | Compliance with legal obligations of Jamf as an employer |
| Information relating to the course of employment, including appraisals, efficiency / utilization reports and evaluation reports | Promotion and career development opportunities | Compliance with legal obligations of Jamf as an employer Necessity to perform employment contract Legitimate interest pursued by Jamf consistent with promotion of Jamf as an employer |
| Name, passport details, nationality, date of birth, address, work phone numbers, e-mail and other information required for organizing business travel or visas | Business travel & visas | Necessity for performance of a contract between employee and Jamf (including with regard to business travel outside of the EEA) Legitimate interests pursued by Jamf consistent with ensuring travel documents where necessary |
| Name, e-mail address, phone number, role in the company, image | Promotion of Jamf (e.g., through promotional materials) | Jamf’s legitimate interests consistent with promoting its business Necessity for the performance of employment contract Employee’s consent (image) |
| Name and surname, information relating to conduct subject to disciplinary investigations or proceedings, information on actions or omissions necessary to detect fraud or other criminal offences related to Jamf’s business | Carrying out disciplinary investigations Prevention and detection of fraud or criminal offences related to Jamf’s business | Compliance with legal obligations, including employment law Jamf’s legitimate interests consistent with ensuring that its business activity is compliant with law |
| Personal information concerning health, to the extent permitted by law | Initial and periodic medical check-ups, sick leave, adjustment of workplace in case of disabilities | Carrying out legal obligations of employer |
| Name, position in the company, work phone numbers and e-mail, business correspondence and any other information required in legal proceedings | Participating in legal proceedings by Jamf | Legitimate interests pursued by Jamf consistent with establishment, exercise, or defense of legal claims Compliance with legal obligations |
| Racial or ethnic origin, information concerning health or any other information of special categories – only if needed in legal proceedings | Participating in legal proceedings | Establishment, exercise, or defense of legal claims by Jamf |
| Cameras on external doors and in sensitive areas Information related to the use of Jamf assets, productivity applications and systems Access information collected from office badge readers | Monitoring of activity relevant to protecting employees and company assets | Legitimate interests pursued by Jamf consistent with ensuring security and privacy |
| Name, contact details (personal and work emails, phone number), date of birth, gender, image, nationality, professional, trade union, and union memberships | Social and Economic Committee Elections (Applicable only to employees in France) | Compliance with legal obligations Employee’s explicit consent |
Occasionally, and where appropriate, we may seek your consent in writing to process specific personal information. If we do that, we will explain the purpose of the processing. In these situations, you have the right to refuse or withdraw your consent at any time by contacting the appropriate person named in the consent document.
4. Who is the recipient of my information?
We will share your personal information with:
- Jamf affiliates;
- Jamf’s customers and vendors;
- private health and benefit providers;
- insurers and pensions scheme providers;
- federal and state authorities, e.g., tax authority, social security authority, law enforcement;
- entities providing services to Jamf, such as IT or payroll services;
- potential purchasers and their professional advisers in the context of the sale or restructuring of the whole or part of our business; and
hotels, airlines, reservation centers (for business travel purposes).
5. Is personal information transferred to a third country or to an international organization?
Jamf is a global organization and to ensure the provision of effective and efficient services and communication throughout Jamf, we are required to transfer your personal information internationally.
Your personal information may therefore be stored and processed abroad in countries that may have different data protection rules. However, Jamf will only transfer your personal information outside of the EEA and the UK where appropriate safeguards have been put in place. Jamf will ensure that the Employee personal information will remain protected as required by applicable law and regulations, even when transferred across borders to a third party including, but not limited to, the use of European Commission-approved model clauses, UK Addendum, intra company group transfer agreement and other data transfer safeguards.
For more information on how Jamf safeguards Employee personal information, please contact privacy@jamf.com.
6. How long will my personal information be retained?
Jamf retains your Employee personal information (including your sensitive personal information) for as long as needed or permitted in light of the purposes for which it was collected and in accordance with applicable laws, including data privacy/protection laws and local labor laws. The criteria used to determine our retention periods include:
- The duration of your employment or contract with us;
- The length of time we have an ongoing relationship with you or your dependents/beneficiaries, plus the time needed thereafter to address any legitimate issues that may arise;
- Whether there is a legal obligation to which we are subject, for example, certain laws may require us to keep your employment records for a certain period of time; and
Whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation, or regulatory investigations.
7. How does Jamf secure my personal data?
Jamf takes your personal data seriously and implements technical, organizational, and administrative measures designed to prevent unauthorized access, loss, misuse, or disclosure and align with industry standards and data protection laws. This includes:
- Limiting access to personal data to only those who need it for their job.
- Using encryption and secure systems to keep data safe in storage and transit.
- Monitoring networks and systems to detect potential security threats.
- Training Employees in privacy and data protection best practices.
- Ensuring vendors and partners meet Jamf’s security standards.
If a data incident occurs, Jamf investigates, mitigates, and notifies affected individuals as required by applicable data privacy/protection laws.
8. What choices and rights do I have?
You may request further details regarding Jamf’s processing of your Employee personal information in accordance with applicable local laws.
You may have certain rights over your personal information, depending on the applicable jurisdiction, including but not limited to:
- A right to receive details about or access to your personal information;
- A right to erase certain personal information;
- A right to stop your personal information being processed in certain circumstances;
- A right related to automated profiling;
- A right to portability;
- A right to correct your personal information; and
- A right to opt-out of the sale of your personal information.
There are limitations in relation to these rights. Please contact privacy@jamf.com or your human resources representative for more details.
9. Do I have an obligation to make personal information available?
Providing the following personal information is necessary for the conclusion and performance of your employment with Jamf and has its legal basis in employment law: (a) first name (names) and surname; (b) date of birth; (c) contact details that you share with us (at least residential address); (d) education; (e) qualifications, if required to perform work in a given position or of a given type; (f) work experience (previous employment); (g) your personal identification number or type and series number of another document confirming your identity (e.g., government issued identification card); (h) your other personal information, as well as names and dates of birth of your children and other members of your immediate family, if the provision of such information is necessary due to the use of special rights provided for in the labour law; and (i) bank account number, unless you have requested cash payment of your remuneration. It is not possible to create and sustain an employment relationship or perform an employment contract (as applicable) without processing your personal information within the above scope.
Jamf as your employer may also request you to provide other personal information, if the obligation to provide it results from other provisions of law or if another lawful purpose exists.
10. Is Jamf a participant of the EU-U.S., UK, and Swiss Data Privacy Frameworks?
JAMF Software, LLC complies with the EU-U.S. Data Privacy Framework (DPF), including the UK Extension and the Swiss-U.S. DPF, as set forth by the U.S. Department of Commerce. JAMF Software, LLC has certified its adherence to the relevant DPF Principles for processing personal information received from the EU, United Kingdom (and Gibraltar), and Switzerland under these frameworks.
JAMF Software, LLC is certified under the Data Privacy Framework (DPF). No other Jamf affiliates or subsidiaries are covered by this certification. In the event of a conflict between this Employee Privacy Notice and the EU-U.S., UK Extension, or Swiss-U.S. DPF Principles, the relevant DPF Principles will govern. To learn more or view our certification, visit the DPF website. JAMF Software, LLC cooperates with the appropriate European data protection authorities—including the EU DPAs, the UK Information Commissioner’s Office, the Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner, and follows their guidance on human resources data. In compliance with the DPF Principles, JAMF Software, LLC is committed to resolving complaints related to personal data collected or used under the DPF. Individuals from the EU, UK, or Switzerland with inquiries or complaints should first contact us via Section 12 below.
In compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF, JAMF Software, LLC refers unresolved privacy complaints regarding personal data handled under these frameworks to Data Privacy Framework Services, an independent dispute resolution mechanism operated by BBB National Programs in the United States. If you do not receive timely acknowledgment or are unsatisfied with our response, please visit here for more information or to file a complaint. This service is provided to you at no cost.
Under certain conditions, you may invoke binding arbitration for unresolved residual claims related to data covered by the EU-U.S. DPF, the UK Extension, or Swiss-U.S. DPF. This option provides a prompt, independent, and fair mechanism to resolve any claimed violations not settled through other DPF mechanisms. For additional information on binding arbitration, see Annex I to the EU-U.S. DPF Principles found here.
11. California Addendum—For Residents of California
This California Addendum applies to California residents and supplements the information provided above in the Employee Privacy Notice.
11.1 Categories of Personal Information Collected and Disclosed
We may collect and process the personal information listed below for our operational, business and employment purposes, and we may also disclose certain categories of this information to third parties. The following chart details the categories of personal information we may have collected and processed, as well as the categories we may have disclosed to third parties, in the 12 months preceding the date this notice was last updated.
| Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes |
| Identifiers, such as name, contact details (address, phone number, email), date of birth, unique personal identifiers, IP address, account name, online identifiers, photo badges, beneficiary designations, and government-issued identifiers (e.g., Social Security number, driver’s license number, passport number) | Our affiliates; our customers; service providers that provide services such as payroll, background check vendors (where permitted by law), consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
| Personal information as defined in the California customer records law, such as name, contact information, signature, Social Security number, passport number, and medical, insurance, financial, education and employment information. | Our affiliates; our customers; service providers that provide services such as payroll, background check vendors, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
| Characteristics of protected classifications under California or federal law, such as sex, age, gender, race, disability, religion, medical conditions, citizenship, military/veteran status, gender identity and expression, primary language, immigration status, and requests for leave | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
| Commercial information, such as purchasing information and payment history related to business and travel expenses | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
| Internet or network activity information, such as browsing history and interactions with our and others’ websites, applications, and systems | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Telecommunication information, such as name, e-mail address, phone number, call history, SMS history (not messages), data usage, network traffic, SIM, device identifiers (if device is managed) | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Geolocation data, such as device location, approximate location derived from IP address | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Audio, electronic, visual, and similar information, such as call and video recordings, security camera footage, and information about the use of electronic devices and systems | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Education information subject to the federal Family Educational Rights and Privacy Act, such as student transcripts and confirmation of graduation | Our affiliates; service providers that provide services such as payroll, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Professional or employment-related information, such as work history and prior employer, information from reference checks, employment application, membership in professional organizations, personnel files, personal qualifications and training, eligibility for promotions and other career-related information, work preferences, business expenses, wage and payroll information, benefit information, information on leaves of absence or PTO, performance reviews, and information on internal investigations | Our affiliates; service providers that provide services such as payroll, consulting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
| Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences, characteristics, predispositions, and abilities | Our affiliates; service providers that provide services such as payroll, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement |
| Sensitive Personal Information Personal information that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless Jamf is the intended recipient of the communication; The processing of biometric information for the purpose of uniquely identifying an individual; Personal information collected and analyzed may include an individual’s racial and ethnic origin, gender, veteran status, disability status, marital status, and LGBTQIA+ status, for DEIB reporting and government employment reporting. These identifiers may be optional, except where required by law; Personal information collected and analyzed concerning an individual’s health; and Personal information collected and analyzed concerning an individual’s sex life or sexual orientation. | Our affiliates; service providers that provide services such as analysis, payroll, benefits, consulting, reporting, training, expense management, medical/health, IT, and other services; health, insurance, and benefits providers; professional advisors, such as accountants, auditors, bankers, and lawyers; third-party travel providers, for business travel purposes; public and governmental authorities, such as regulatory authorities and law enforcement |
11.2 No Sale or Sharing of Personal or Sensitive Information
We do not “sell” or “share” your personal information, including your sensitive personal information, as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act. We have not engaged in such activities in the 12 months preceding the date this notice was last updated. Without limiting the foregoing, we do not “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.
11.3 Purposes for the Collection, Use, and Disclosure of Sensitive Personal Information
We collect, use, and disclose sensitive personal information to perform business services, support your employment, ensure security and safety, manage payroll and benefits, maintain workforce diversity, comply with legal obligations, and to prevent fraud or illegal activities. We do not use or disclose sensitive personal information for additional purposes.
11.4 Individual Requests
Subject to applicable law, California residents may make the following requests regarding their personal information:
a. Right to Know
You may request that we disclose to you the following (if applicable):
- The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
- The business or commercial purpose for collecting, “selling,” or “sharing” personal information about you;
- The categories of personal information about you that we “sold” or “shared” and the categories of third parties to whom we “sold” or “shared” such personal information; and
- The categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
b. Right to Correct
- You may request to correct inaccuracies in your personal information.
c. Right to Delete
- You may request to have your personal information deleted.
d. Right to Access and Data Portability
- You may request to receive the specific pieces of your personal information, including a copy of the personal information you provided to us in a portable format.
e. Right to Opt Out of Sale or Sharing
- You may opt out of the “sale” or "sharing” of your personal information for cross-context behavioral advertising through cookie consent.
We will not unlawfully discriminate against you for exercising your privacy rights. To submit a request, please contact us at privacy@jamf.com or 888-755-1421. We will verify and respond to your request in accordance with applicable law, considering the type and sensitivity of the personal information involved.
To protect against fraudulent requests, we may ask you to provide additional information to verify your identity. If you have a password-protected account with us, we may verify your identity through our standard authentication process and require you to re-authenticate yourself before fulfilling certain requests. For deletion requests, we may ask you to confirm the request before proceeding.
We also process opt-out preference signals, such as the Global Privacy Control. These signals set your opt-out preferences only for the particular browser or device you are using. For information about how to use Global Privacy Control, please visit https://globalprivacycontrol.org/.
11.5 Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted in sub-section 11.4. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in sub-section 11.4 or confirm that you provided the agent permission to submit the request.
12. How to Contact Us
If you have any questions or complaints about this Employee Privacy Notice, please contact us as follows:
JAMF Software, LLC
100 Washington Avenue South
Suite 900
Minneapolis, MN 55401
If you would like to request access to the personal information that we may maintain about you, please submit a request here.
We have a designated Data Protection Officer (“DPO”) to respond to questions and complaints. If you have questions regarding our privacy practices or how we handle your information, please email our DPO at privacy@jamf.com.
DATE UPDATED: December 11, 2025