Privacy Policy
Privacy Policy NAMEA Group (“NAMEA” “we” or “us”) is a global public affairs and business intelligence firm that provides clients with advice, analysis, and advocacy services, to include public policy, background checks, due diligence investigations, public relations, strategy, and geopolitical risk consulting services to its customers (“NAMEA clients”) who are investors, companies, and law firms. NAMEA’s business services are designed to detect all possible elements that could lead to operational, reputational, or headline risk of NAMEA’s client and include collecting and reporting on sensitive and confidential information. This Privacy Policy covers the information practices of NAMEA and describes the principles NAMEA follows with regard to personal information submitted to NAMEA by our clients and others. It also covers other information that we collect from Third Parties and other sources in connection with the services we provide our clients. These information privacy principles have been implemented by all members of NAMEA’s workforce regardless of their location. What NAMEA Does NAMEA’s primary clients are multinational corporations, law firms, and investors, such as hedge funds, private equity firms, family offices and high-net-worth individuals. NAMEA’s client services include investigating, from a non-financial standpoint only, potential investments (individuals or entities, and their associates or competitors); analyzing markets and political contexts; and performing due diligence and geopolitical risk analysis, including monitoring of industrial, political, regulatory, and security conditions, and other analytical services which are not financial risk analysis. Introduction This website, www.namea-group.com, is owned by NAMEA Group (NAMEA). NAMEA is committed to being transparent about how it collects and uses the Personal Information of individuals and to meeting its data protection obligations. “Personal Information” means data that identifies or may be used to identify a specific individual. From time to time, this Policy may be supplemented by communications from NAMEA’s Data Protection Officer. NAMEA workforce members, including third parties hired to carry out portions of the NAMEA Services (“Sub-Contractors”) are expected to be familiar with and comply with this Policy/Notice. Failure to do so may result in disciplinary action up to and including termination. Topics General Provisions • Email Communications • Internet Cookies • California Privacy Rights • Other Websites and Social Media • LinkedIn and Job-Search Websites • Children • Security of Personal Information • Transfers of Personal Information to NAMEA Sub-Contractors and Other Third Party Service Providers • Business Transfers of Personal Information • How to Contact Us • Changes to this Privacy Policy Provisions Applicable to Individuals in EU/EEA/UK and Switzerland • EU/EEA/UK Definitions • Notice to Individuals Located in the EU/EEA/UK and Switzerland • EU/EEA/UK/Swiss Personal Data NAMEA Collects • EU/EEA/UK/Swiss Data Protection Principles & Best Practice Standards • EU/EEA/UK/Swiss Personal Data Transfers to Independent Third Parties • How Long NAMEA Keeps EU/EEA/UK/Swiss Personal Data • EU/EEA/UK/Swiss Personal Data Rights including under the GDPR Other EU/EEA/UK and Swiss Provisions • International Transfers of Personal Data • EU-US and Swiss-US Privacy Shield GENERAL PROVISIONS Email Communications NAMEA communicates with its sub-contractors, clients, business partners and other people who have expressed interest in its services/products, through email. NAMEA protects its email address lists and other Personal Data used in email correspondence with the same reasonable security practices it uses to protect all Personal Data it collects and processes. If you receive an email from NAMEA you are someone who has either: 1. Expressly shared your email address to receive information about NAMEA services/products (“opt-in”); or 2. Provided your email address to NAMEA through an existing relationship, including advertising. NAMEA’s emails are sent with an automatic unsubscribe option if you would like to stop receiving emails from NAMEA. However, if you have a client or sub-contractor account with us, we retain the right to contact you via email regarding the status of your account or other subjects related to transacting the NAMEA Services. When we send emails, NAMEA sometimes tracks who has opened or clicked through the email contents. NAMEA tracks this information to measure interest in a subject, monitor an email campaign’s performance or better understand user trends so we can improve our services/products. NAMEA does not share, sell, or disclose your Personal Data to Third Parties for promotional use without your prior consent. If you consent, NAMEA would like to send you information about NAMEA services/products that you may be interested in. If you have consented to receive marketing messages from NAMEA you may opt-out at any time. Opt-out of NAMEA Marketing Emails If you no longer want to be contacted by NAMEA about our products and services, please notify us at Opt.Out at NAMEA-Group.com. If you continue to receive marketing messages from NAMEA after you opt-out, please let us know so that we can investigate the situation. Internet Cookies Cookies are text files placed on your computer by websites to collect standard log information and visitor behavior information. NAMEA and its service providers use cookies on NAMEA’s website, www.namea-group.com. Information from cookies is used to track visitors to our website and to make statistical reports on activity on our website. For more information about cookies visit the website at www.aboutcookies.org or http://www.allaboutcookies.org/. You can set your browser to reject cookies, and the above websites tell you how to remove cookies from your browser. In a few cases, some of NAMEA’s website features may not work when your browser does not accept cookies. California Privacy Rights NAMEA does not sell its website or its users’ data to third parties for marketing to its users. If you live in California, California law allows you to request and obtain from NAMEA once a year, free of charge, a list of the third parties to whom we have disclosed your personal information (if any, and as defined under California law) for the third party’s direct marketing purposes in the prior calendar year, as well as the type of your personal information disclosed to those parties. If you live in California and would like to request this information, please send your request in an email to Calif.Privacy at namea-group.com. Other Websites and Social Media Our website may contain links to other websites. This Privacy Policy only applies to NAMEA’s website so when you visit or use other websites you should read their own privacy policies. Our website and communications may contain links to other websites, which may collect and use Personal Information from you. We have no control over and are not responsible for the privacy practices, policies, or content of any other websites, even if you link to them from, or use them, on NAMEA’s website. We are not responsible for information, content, and/or the privacy practices of third parties operating websites that may link to this website. The inclusion of a link on this website does not imply endorsement by NAMEA of the linked site by us or our business partners. LinkedIn and Job-Search Websites You can apply for a job at NAMEA using LinkedIn and other job search websites. Those websites will verify your identity, give you the option to share personal information (such as your name and email address) with us, and auto-fill our job application. Children The website is not intended for use by children under the age of 16, and there is no assumption that children will be using these website services at any time. If NAMEA becomes aware that a child has submitted Personal Information on the website, we will immediately delete the information from our records. Security of Personal Information NAMEA takes the security of Personal Information seriously. NAMEA has internal policies and controls in place to protect Personal Information against loss, accidental destruction, misuse or disclosure, and to ensure that Personal Information is not accessed, except by NAMEA employees and Sub-contractors in the proper performance of their duties. NAMEA maintains appropriate organizational, administrative, physical and technical safeguards including encryption, resilience of processing systems and backing up Personal Information for protection of the security, confidentiality and integrity of its Personal Information. However, no Internet, email, or other electronic transmission is ever 100% secure or error free, thus NAMEA cannot guarantee that your Personal Information will never be accessed, used, or disclosed, so you should take special care in deciding what information you share with NAMEA. “Phishing" is a scam designed to steal your Personal Information. If you receive an email that looks like it is from NAMEA asking you for information about you, please contact us at Abuse at namea-group.com NAMEA regularly monitors compliance with these safeguards and will not materially decrease the overall security of its Personal Information and NAMEA is not responsible for any damages or liabilities relating to any such incidents if caused by factors outside its reasonable control to the extent permitted by law. If there is a data breach, NAMEA will give notice of any loss, misuse, or alteration of Personal Information to affected individuals as required by applicable laws. Transfers of Personal Information to NAMEA Sub-Contractors and Other Third-Party Service Providers NAMEA discloses Personal Information to NAMEA sub-contractors where such sub-contractors need to process or use that Personal Information in order to carry out portions of the NAMEA Services for our clients. NAMEA hires other companies to perform certain business-related functions. Examples include maintaining our website and processing payments, marketing and advertising, and marketing research and analysis. When NAMEA transfers Personal Information to a sub-contractor or other third party service provider, NAMEA only provides them with the Personal Information they need to perform their specific function under obligations of confidentiality and security as set forth in this Privacy Policy, and we do not authorize these service providers to use or disclose Personal Information except as necessary to perform the tasks we have asked them to do for us or to comply with legal requirements. How to Contact Us Please contact us if you have any questions about NAMEA’s Privacy Policy/Notice or our information practices email NAMEA at Privacy at namea-group.com or write to us at: NAMEA Privacy Officer 228 Park Ave S # 87056 New York City New York 10003 USA or call us at +1-212-220-5728 Changes to This Privacy Policy We keep this Privacy Policy/Notice under regular review, and we will provide notice of any changes to it in accordance with applicable law. Please review this policy periodically, and especially before you provide any Personal Information to us. We will also place any updates on our website. This privacy policy was last updated on 8 August 2023. PROVISIONS APPLICABLE TO INDIVIDUALS LOCATED IN THE EU/EEA/UK AND SWITZERLAND The provisions of this Privacy Policy below are applicable between NAMEA and individuals located in the EU/EEA/UK and Switzerland. EU/EEA/UK Definitions 'Consent’ or ‘Agree’ means your freely given, specific, informed and unambiguous expression of your wishes through a statement or other clear affirmative action such as checking a box or filling a consent form which indicates your agreement to NAMEA’s Processing of personal data relating to you. ‘Criminal Records Data’ means information about an individual's criminal convictions and offences, and information relating to criminal allegations and proceedings. 'Personal Data' means any Personal Information relating to you from which you can be identified, directly or indirectly, including name, identification number, location, online identifier such as your IP address or device ID, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity. It includes any personal information whether it is held in paper, electronic or any other format. ‘Process or Processing’ means any use of Personal Data including collecting, recording, organizing, structuring, storing, adapting or altering, amending, retrieving, consulting, sharing, disclosing, making available, aligning or combining, restricting, transferring outside the EU/EEA/UK or erasing or destroying it. ‘Special Categories of Personal Data’ means Personal Data about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, information on social security measures, trade union membership, health, sex life, sexual orientation and biometric data, or any past administrative or criminal proceedings and sanctions. 'Third Party' includes our business partners and service providers who we authorize to process your Personal Data or other information to help us with the activities described in this Privacy Policy. It may include government bodies and public agencies and authorities. Notice to Individuals Located in the EU/EEA/UK and Switzerland NAMEA has appointed a Data Protection Officer (DPO) as the person with responsibility for NAMEA’s EU/EEA/UK and Swiss data protection compliance. Our DPO can be contacted at [Privacy at Namea-group.com]. Questions about this policy, or requests for further information, should be directed to our DPO. If you are located in the EU/EEA/UK or Switzerland and NAMEA’s business client (the data “controller” under applicable laws) is using the NAMEA Services to Process your Personal Data, you may contact NAMEA’s business client to object, restrict, access, correct, transfer (data portability) or delete your Personal Data. If you need help finding contact information for a NAMEA business client’s privacy office, please contact us at Privacy at Namea-group.com. EU/EEA/UK/Swiss Personal Data NAMEA Collects Personal Data NAMEA collects includes current, past and prospective employment information in the context of an employment or prospective employment relationship, or other business association with a NAMEA business client. It includes any information that relates to a member or prospective member of a NAMEA client’s workforce who can be identified from that information whether it is held in paper, electronic or any other format, including: • Identification data such as name, home address, personal telephone number, personal e-mail address, date of birth, social security number, national insurance number, photograph, marital /dependent status, and emergency contact information; • Information concerning employment such as salary, work and compensation history, planned salary, earnings, paid time off, salary grade, performance information (including performance appraisal, performance and attendance records), decisions to offer employment, CVs/Resumes, employment applications, employment references and background verification information; • Financial information such as credit reports, bank account numbers, tax-related information, and salary-related information; • Benefits plan information such as details of any dependents, beneficiaries, or other individuals; • Past administrative or criminal proceedings and sanctions. • Only if disclosed to NAMEA by the individual subject of investigation or discoverable by NAMEA in open source media: Special Categories of personal data including ethnic origin; political opinions; religion or religious or philosophical beliefs; trade union membership; heath related data; sexual orientation and/or sex life. • Other Information necessary for NAMEA’s business purposes which may be voluntarily disclosed to NAMEA by an individual subject of investigation in relation to a NAMEA background investigation. EU/EEA/UK/Swiss Data Protection Principles & Best Practice Standards NAMEA Processes EU/EEA/UK and Swiss Personal Data in accordance with the following data protection principles and intelligence industry best practice standards: • NAMEA Processes Personal Data lawfully, fairly and in a transparent manner consistent with applicable law, and its obligations to its clients. • NAMEA collects Personal Data only for specified, explicit and legitimate purposes consistent with applicable law, and its obligations to its clients. • NAMEA Processes Personal Data only where it is adequate, relevant and limited to what is necessary for the purposes of Processing consistent with applicable law, and its obligations to its clients. • NAMEA keeps accurate Personal Data and takes all reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay consistent applicable law and its obligations to its clients. • NAMEA keeps Personal Data only for the period necessary for Processing consistent applicable law and its obligations to its clients. • NAMEA adopts appropriate measures to make sure that Personal Data is secure, and protected against unauthorized or unlawful processing, and accidental loss, destruction or damage. NAMEA and/or its client tells individuals located in the EU/EEA, the United Kingdom, and Switzerland the reasons for Processing their Personal Data, how it uses their Personal Data and the legal basis for Processing by providing them this Privacy Policy/Notice and related notices, disclosures, and consent forms. NAMEA will not process Personal Data for other reasons. Where applicable, individuals will be given the choice to Consent to having their Personal Data collected by way of a disclosure and consent form provided to them by NAMEA’s client prior to NAMEA beginning a background investigation. Individuals can decline to sign the disclosure form, thereby stating they do not give their Consent to have their Personal Data collected or used. By Consenting to a background investigation report, and submitting information to our client, the individual is Agreeing to allow NAMEA to disclose Personal Data and other information about them to our client and to our sharing that information with our sub-contractors. However, there may be circumstances under which NAMEA is permitted or even required to collect and process Personal Data without obtaining the individual’s consent, for example for the purposes of preventing money-laundering or fraud. In any event NAMEA takes appropriate steps to ensure that Personal Data in its possession is accurate, complete, and current consistent with applicable law and intelligence industry best practice standards. However, all individuals in the EU/EEA/UK or Switzerland are asked to inform NAMEA’s relevant client immediately about any changes in their Personal Data. NAMEA will not Process Personal Data that qualifies as Special Categories of Personal Data for purposes incompatible with those described in this Policy unless the Processing is: • (a) permitted by applicable UK, EU/EEA or Swiss law; • (b) necessary for administering justice or for exercising statutory, governmental, or other public functions; • (c) necessary for the establishment of legal claims or defenses; • (d) in the vital interests of an individual in in the EU/EEA/UK or Switzerland or another person; • (e) required to provide medical care or diagnosis; or • (f) necessary to carry out NAMEA’s legal obligations under applicable law. Where NAMEA processes Special Categories of Personal Data or Criminal Records data to meet its obligations to its clients, this is done in accordance with a policy on Special Categories of Personal Data and Criminal Records data. EU/EEA/UK/Swiss Personal Data Transfers to Independent Third Parties NAMEA will disclose Personal Data to Third Parties other than those identified above only if: • required by law or legal process (e.g., lawful requests by public authorities, including disclosures to law enforcement authorities in connection with their duties or to meet national security requirements); • to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law. • to protect and defend the legal rights, property/or and legitimate interests of NAMEA and/or members of its workforce, clients, business partners, Sub-contractors and/or Third Parties; or • where necessary for NAMEA to perform a contractual obligation owed to a client, member of its workforce or for other lawful purposes. How Long NAMEA Keeps EU/EEA/UK/Swiss Personal Data NAMEA will hold Personal Data • for the duration legally required or permitted by applicable law; and • as long as it is necessary to comply with NAMEA’s legal obligations or to resolve disputes and/or enforce our agreements. EU/EEA/UK/Swiss Personal Data Rights including under the GDPR Individuals in the EU/EEA/UK and Switzerland have a number of rights in relation to their Personal Data. NAMEA will maintain a program to ensure compliance with this Privacy Policy. All NAMEA workforce members whose responsibilities include the Processing of EU/EEA/UK/Swiss Personal Data are required to adhere to this Policy and any implementing policies. Failure to do so is deemed a serious offence, for which disciplinary action may be taken, potentially resulting in termination of employment. Equally, the misuse of Personal Data by an individual or organization acting as a Subcontractor, or service provider to NAMEA is deemed a serious issue for which action may be taken, potentially resulting in the termination of any agreement. NAMEA will assist individuals in the EU/EEA/UK and Switzerland in protecting their privacy and will provide them opportunities to raise concerns about the Processing of their Personal Data. Individuals in the EU/EEA/UK and Switzerland have the right to make Personal Data access requests. If an individual makes such a request, NAMEA will provide the information requested which may contain some or all of the following information, along with other information as required by applicable law: • Whether or not his/her Personal Data is Processed and if so why, the categories of Personal Data Processed and the source of the data if it is not collected from the individual consistent with applicable law, NAMEA’s obligations to its clients and industry best practices; • To whom his/her Personal Data is or may be disclosed consistent with applicable law, NAMEA’s obligations to its clients and with intelligence industry best practices, including to recipients located outside the EU/EEA/UK or Switzerland and the safeguards that apply to such data transfers; and • For how long his/her Personal Data is stored (or how that period is decided). Disclosures by NAMEA will normally be in electronic form if the requester has made a request electronically unless he/she agrees otherwise. If the requestor wants additional copies, NAMEA charges a reasonable fee, which will be based on the administrative cost to NAMEA of providing the additional copies. To make an access request, individuals in the EU/EEA/UK or Switzerland should send their request to NAMEA’s Data Protection Officer by email Privacy at namea-group.com or write to us at: NAMEA Privacy Officer 228 Park Ave S # 87056 New York City New York 10003 USA or call us at +1-212-220-5728 NAMEA may need to ask for proof of identification before a request can be processed. NAMEA will inform the requestor if it needs to verify his/her identity and the documents it requires. NAMEA will normally respond to a request within a period of 30 days from the date a request is received. In some cases, such as where NAMEA Processes large amounts of the individual’s data, it may respond within 90 days of the date the request is received. NAMEA will write to the requestor within 30 days of receiving the original request to tell him/her if more time is needed to complete the response to their request. If an EU/EEA/UK or Swiss individual submits a request which is manifestly unfounded or excessive, NAMEA is not required to comply with it. Alternatively, NAMEA can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. Individuals in the EU/EEA/UK and Switzerland also have a number of other rights in relation to their Personal Data. They can request NAMEA to: • Correct inaccurate Personal Data to the extent consistent with applicable law, NAMEA’s obligations to its clients and intelligence industry best practices; • Stop Processing or erase Personal Data that is no longer necessary for NAMEA’s purposes of Processing to the extent consistent with applicable law, NAMEA’s obligations to its clients and intelligence industry best practices; • Stop Processing or erase Personal Data if the individual's interests override NAMEA’s legitimate grounds for processing the Personal Data including to the extent consistent with applicable law, NAMEA’s obligations to its clients and intelligence industry best practices; • Stop processing or erase Personal Data if the processing is unlawful; and/or • Stop processing Personal Data for a period if the requestor asserts the Personal Data is inaccurate or if there is a dispute about whether or not the requestor's interests override NAMEA's legitimate grounds for processing the Personal Data. Where NAMEA determines that the requestor’s Personal Data is accurate to the extent consistent with applicable law and intelligence industry best practices, NAMEA will include in NAMEA’s Personal Data file the alternative text that the requestor believes to be appropriate alongside NAMEA’s original information. If it is determined that the Personal Data needs to be updated or corrected by NAMEA, NAMEA will use reasonable efforts to inform the relevant NAMEA client and Third Parties which were provided with the information previously. To ask NAMEA to take any of these steps, individuals in the EU/EEA/UK or Switzerland should contact NAMEA’s Data Protection by email at Privacy at namea-group.com or write to us at: NAMEA Privacy Officer 228 Park Ave S # 87056 New York City New York 10003 USA or call us at +1-212-220-5728 Individuals in the EU/EEA/UK and Switzerland may also make data privacy and/or data use complaint about NAMEA to the UK Information Commissioner’s Office (ICO) here https://ico.org.uk/concerns/ or by calling the UK ICO helpline at +44-0303-123-1113. Individuals in Switzerland can also make a complaint to the Swiss Federal Data Protection and Information Commissioner here https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html. Individuals in the EU/EEA/UK can also make a complaint to the Data Protection Authority in the EU/EEA/UK Member State where they live or work listed here http://ec.europa.eu/justice/dataprotection/article-29/structure/data-protection-authorities/index_en.htm OTHER EU/EEA/UK and SWISS PROVISIONS International Transfers of Personal Data NAMEA’s website is provided from within the United States and is subject to the state and federal laws of the United States. If you are located outside of the United States, your Personal Data is being transferred to, stored, used and shared in the United States. Personal Data is also transferred by NAMEA to countries outside the EU/EEA/UK or Switzerland for NAMEA’s legitimate interests in processing Personal Data where necessary to perform its obligations to its clients and to exercise its rights and fulfill its duties under law. If you have any questions about this Privacy Policy, or if you believe you have received unwanted, unsolicited email sent via NAMEA or purporting to be sent via NAMEA, please contact us at: NAMEA Attn: Data Privacy Officer 228 Park Ave S # 87056 New York City New York 10003 USA +1-212-220-5728 Email: Privacy at NAMEA-Group.com