You are here

en-GB BYOD Privacy Policy

Primary tabs

Clone Agreement Document

Body Content

NIKE BRING YOUR OWN DEVICE POLICY (EMEA) 

Effective Date: 28/04/2020 

Your participation in Nike’s Bring Your Own Device (“BYOD”) Program is voluntary. By connecting a personal device to Nike Systems, you acknowledge having read and understood this Policy, agree to fully comply with your obligations under this Policy at all times and acknowledge that failure to comply with your obligations will at a minimum result in denial of access to Nike Systems with a personal device, and subject to applicable law, may also lead to disciplinary action, including termination. 

1. OVERVIEW & DEFINITIONS                                   

Nike, Inc., and its subsidiaries and affiliates ("Nike" – see complete list of entities and their addresses {{agreement:localentities:here}}) have adopted a Bring Your Own Device Program (“BYOD Program”) to allow employees and contingent workers (“users”) to use their own devices such as mobile phones, tablets, and personal computers for professional purposes at Nike. 

Users participating in the BYOD Program are permitted to connect their personal devices to Nike Systems to conduct Nike business only as described in this Policy and as consistent with other Nike policies.  Hourly employees who enroll in the BYOD Program must record all hours worked in accordance with Nike’s time and attendance policies.  Also, participation in and availability of the BYOD Program may be subject to local legal requirements or restrictions in certain jurisdictions.  Please check here for additional information.  

Participation in the BYOD Program is voluntary and offered as a convenience to users who are eligible to use Nike Systems.  Users who prefer to use a Nike-owned and issued device and who are eligible for such a device based on their role and responsibilities should do so.  

As used in this policy: 

"Nike Systems" are composed of Nike-owned hardware or Nike-licensed and approved software including company servers, company email accounts, applications and programs (such as those available through Nike Tools), company shared drives or file shares, message boards, instant messaging systems, blogs, internet channels, company cloud storage locations and various other systems owned or provided by Nike.   

Nike Material” is any Nike-related information held in electronic form, including company emails and other communications, documents, data, databases, images, graphics, photos and other materials, which may include, but is not limited to, personal information, proprietary or confidential information of Nike, its clients, consumers, suppliers, partners or other third parties.  

Secure Access Method” is a Nike-provided and approved method that enables secure access to Nike Systems and Material that a participating user will be required to use (or, depending on the particular access method, may require the download and local installation of software) on his or her device to participate in the BYOD Program. 

Participating Device” is the user-owned device on which the user accesses Nike Systems and Nike Material through the Secure Access Method and thereby participates in the BYOD Program. 

2. REGISTERING FOR THE BYOD PROGRAM 

A user’s request to participate in the BYOD Program will be granted only when Nike is satisfied that the user’s participation meets all applicable requirements and therefore will not present undue risk or burden to Nike. 

a. Eligible Devices 

Only devices and operating systems approved by Nike are permitted to be used in the BYOD Program.  Devices may be excluded from this BYOD Program based on compatibility of technology or failure to meet the security requirements listed below. Only devices personally owned by participating users are allowed for the BYOD Program. See the list of approved devices here

b. Connecting a Participating Device 

To participate in the BYOD Program, and before accessing any Nike Systems or Nike Material on a personal device, the user must use the Secure Access Method provided and approved by Nike, as appropriate to the type of Participating Device to be used for that access.  For mobile phones, this includes downloading and locally installing the Mobile Device Management Software approved by Nike which is available here

c. Information collected from a Participating Device 

By participating in the BYOD Program, Nike may need to collect device information, user identification, and other information for Nike’s records to enable the operation of the Secure Access Method. This information may be used to identify and, where location services have been activated, locate a Participating Device and to verify a user’s compliance at all times with this Policy.  

Depending on the Secure Access Method used, information that may be collected from a user may include: 

  • Country;
  • Location (subject to limitations, as set forth under Section 7.B below);
  • Corporate email address;
  • Device status information;
  • Device ID and name;
  • Device manufacturer;
  • Device type;
  • Device OS version;
  • User name and ID;
  • UDID;
  • IMSI;
  • IMEI;
  • IP address;
  • Asset number;
  • Phone number;
  • Wifi / MAC address;
  • Available RAM and storage;
  • Display size;
  • Power status;
  • Physical memory;
  • List of apps (on mobile Participating Devices);
  • SIM card status;
  • BYOD Program inventory; and/or
  • Jailbroken/rooted information. 

Detailed information about the information collected for each Secure Access Method provided is available here

d. The BYOD Program Software 

Participating users will be required to use only Nike-provided Secure Access Methods on their device to access Nike Systems and Nike Material. Depending on the particular access method used, this may require the download and local installation of software to enable the Secure Access Method. The user agrees to follow all security controls required by the Secure Access Method and implement any updates to any enabling software as needed.  The Secure Access Method allows Nike to manage access to Nike Systems and Nike Material on the Participating Device, which may include the ability to limit access to Nike Systems and Nike Material or with certain technologies (such as the mobile device management client used for mobile devices) enable remote wiping of all Nike Material on the Participating Device.  

The “Managed Space” of a Participating Device is that space on the Participating Device comprised of the Secure Access Method and the Nike Systems and Nike Material accessed through that method. The user is prohibited from conducting Nike business outside of the Managed Space of the Participating Device; this includes sending Nike Material or other confidential business communications via personal email or storing images of confidential or proprietary Nike Material on the Participating Device. 

The user is prohibited from using the Managed Space for personal use.  All personal use of the user’s personal device, including sending and receiving personal communications, shall take place outside of the Managed Space. The Secure Access Method will maintain logical segregation of Nike Material in the Managed Space of the Participating Device from the user’s personal content or information outside of the Managed Space, to maintain confidentiality of all Nike Material. The user shall not change, disable or circumvent the Secure Access Method settings or methods, or otherwise seek to store or access Nike Materials outside of the Managed Space. 

The Secure Access Method is not intended to provide Nike with remote access to content in areas outside of the Managed Space that have not been accessed, backed up-to or restored to any Nike System. The user should not store non-Nike personal resources in the Managed Space of the device, and should not back up their device to the Nike Network in a manner that would provide Nike with access to non-Nike personal resources.  The user agrees that s/he is solely responsible for maintaining backups of any personal information on a Participating Device. 

3. SECURITY REQUIREMENTS FOR PARTICIPATION IN THE BYOD PROGRAM 

a. Participating Device Security Requirements 

All Participating Devices must be enabled with industry standard security methods as appropriate to the device, which methods must be kept current and up to date. The user agrees to manage the security of the Participating Device by maintaining up-to-date software patches and malware, anti-virus and anti-spyware updates from all relevant telecommunications, hardware and software providers.  To meet the BYOD Program’s minimum security requirements the Secure Access Method will, as needed, verify that the Participating Device meets the appropriate security requirements, which may include: 

  • file or disk encryption;
  • up-to-date security patches;
  • strong password or PIN authentication for all accounts that can access the device;
  • setting a maximum number of invalid log-in attempts;
  • up-to-date anti-malware, anti-virus and anti-spyware software; and
  • no jailbreak or other security circumvention software, applications or tools (except for device unlock software provided by the telecommunications carrier for the device). 

From time to time Nike may implement additional settings and security requirements, such as password complexity requirements and lockout rules resulting from invalid login attempts, through the Secure Access Method. Where permissible under applicable law and where Nike has a reasonable basis to justify such a request, Nike may request the user to present the Participating Device to confirm appropriate security requirements are installed on the Participating Device. 

b. Participating Device Security Settings 

To the extent permitted by applicable law, Nike may access the Managed Space on a Participating Device for legitimate security purposes – including by remote access – to manage the security settings of that device when the user is accessing Nike Systems, without providing further notice to the user of such access or of any changes to such security settings. 

4. EXPENSE REIMBURSEMENT 

Certain users may be eligible for a subsidy, reimbursement, or payment of certain services charges for Participating Devices (e.g., carrier and data charges), either at Nike’s sole discretion or as otherwise required by applicable law.  Please contact your manager for more information.  

5. NIKE CONFIDENTIAL AND PROPRIETARY INFORMATION 

The user acknowledges that a Participating Device may provide access to proprietary or confidential information of Nike, its clients, suppliers, partners, consumers, or other third parties. The user must protect all Nike Material from unauthorized access or use and maintain the strict confidentiality of all Nike Material, and particularly such proprietary and confidential information, regardless of how accessed. 

The user will not permit any other person, including colleagues, family members and friends, to access Nike Systems or Material using the Participating Device. 

Subject to applicable law, users have no ownership rights in Nike Material accessible through their Participating Device. 

Without limiting Nike’s other rights, Nike may access any Nike Material stored on any Participating Device consistent with Nike polices and subject to any legal restrictions or requirements.  

6. USE OF DEVICES ON NIKE SYSTEMS 

a. Compliance with Other Nike Policies 

Use of a Participating Device on the Nike Systems or otherwise in connection with any Nike-related work or activities is also subject to other Nike policies and guidelines, including without limitation: 

The user agrees to comply with such policies and agreements at all times when accessing the Nike Network or Nike Materials. 

b. Authorized and Unauthorized Use 

The user is only authorized to conduct Nike business within spaces on the Participating Device that are managed by the Secure Access Method.  The user must not use the space on a Participating Device outside of the Managed Space (see above, Section 2.d) to conduct any Nike business or to access, use or store any Nike Material. 

The user must not engage in any prohibited, unlawful, improper, offensive or otherwise inappropriate communications, conduct, activities or behavior in Nike Systems using a Participating Device, or otherwise in connection with any Nike-related work or activities. 

The user is not permitted to back up any Nike Material outside of the Managed Space (including personal cloud storage). Users shall not synchronize their Participating Device with any other device in their home in a manner that would allow the transfer of Nike Material to that other device.  

For more information regarding authorized and unauthorized use of Nike Systems, please refer to Nike’s Global Acceptable Policy and its regional addenda, as applicable. 

7. REPORTING, MONITORING, AND OTHER PURPOSES 

a. Reporting Security Incidents 

Security Incident” means any event that potentially or actually allows another person to access any Nike Material through a Participating Device. This includes, but is not limited to: 

  • Temporary misplacement or permanent loss of the device;
  • Suspected or actual bypassing of access controls;
  • Suspected or actual misuse of the device and Nike accounts;
  • Suspected or actual infection of the device; or
  • Suspected or actual use of the device by any other person. 

The user must immediately report any lost, stolen or damaged Participating Device or any Security Incident to the Nike Cyber Defense Center: NCDC@nike.com

b. Replaced, Lost, Stolen or Damaged Participating Device 

Before replacing a Participating Device, the user should remove all Nike Material from the device and uninstall or unenroll from the Secure Access Method (the Nike Global Service Desk at NikeNow or a local Tech Bar can assist with this as needed). If the user wishes to continue to participate in the BYOD Program, the user will be required to use a Secure Access Method as appropriate to their new device and the user authorizes Nike to remotely wipe any Nike Material from the old device when such action is enabled by the Secure Access Method. 

Nike will not access the location of a Participating Device, except in limited cases such as to assist recover a device. If a Participating Device is lost or stolen and the user has chosen to enable location service inside the Secure Access Method, at the user’s request Nike may remotely track its location to assist in attempting to recover the device. 

c. Remote Wipe of Information on Participating Device 

To the extent the Secure Access Method includes this capability, Nike may perform a remote wipe of any Nike Material in the Managed Space of any Participating Device that is lost, stolen or damaged, or when there is suspicion or threat of a Security Incident or other similar incident.  

Nike will not purposefully remotely wipe non-Nike Material on the Participating Device, unless requested by the user.  However, the user is hereby informed that because a remote wipe requires wiping part or all of the memory or storage of a Participating Device, personal or private content or information stored on a Participating Device may inadvertently be permanently damaged, erased or destroyed by operation of the remote wipe capability of the Secure Access Method.  Subject to applicable law, Nike does not assume any liability for any damage, erasure or destruction of such content or information. 

d. Investigations 

The user agrees to cooperate with Nike as requested by Nike or its representatives or any legal, governmental, regulatory or quasi-regulatory authorities in the event of an internal or external investigation, examination, litigation, discovery request or other similar inquiry or process (an "Investigation"), including by preserving and providing access to the Nike Material stored in the Managed Space of the Participating Device for forensic or other analysis. 

Where permissible under applicable law and where Nike has a reasonable basis to justify such a request, Nike may request and the user must present the Participating Device to confirm no confidential Nike Materials have been stored outside of the Managed Space of the device.  If Nike finds Nike Material outside of the Managed Space of the device, Nike will take appropriate and necessary actions to remove, retrieve, migrate or delete that information from the non-Managed Space. Nike will allow the user to delete personal or private information and correspondence stored in the non-Managed Space on the Participating Device prior to taking such actions. Nike will take reasonable steps to prevent accessing, copying or disclosing any user personal or private information stored in the non-Managed Space on the Participating Device (in particular private applications such as contacts, photo gallery, web email and messaging platforms), but if such information is accidentally accessed in the course of an investigation it will be kept confidential by the personnel conducting the investigation and will not be transmitted to Nike Systems, or otherwise be promptly deleted.  Where a Participating Device must be retained for the reasons above, Nike shall return the device within a reasonable period of time.  

Information on how internal investigations are conducted is included in the EMEA Addendum to Nike’s Global Acceptable Use Policy and in Nike’s Global Investigations Policy

e. Participating Device Monitoring

When a user decides to use a Participating Device to access Nike Systems and Nike Material, s/he understands that the Managed Space on that Participating Device is treated like any other Nike System, and monitored in compliance with and for the legitimate purposes described in Nike’s Global Acceptable Use Policy.

If you are located in the EMEA,Nike does not actively monitor the activity in the Managed Space of a particular employee’s Participating Device. If and to the extent permitted under applicable law, Nike uses automated tools to detect unusual activities or irregularities within the Managed Space affecting Nike Systems and generates an alert, flag or other indication that further inspection of the issue is required. 

For more information on Nike’s monitoring practices regarding the use of Nike Systems, please refer to the EMEA Addendum to Nike’s Global Acceptable Use Policy.  

Nike’s access to device and user information is limited to those persons with a need to access such information to administer and support the BYOD Program or who are authorized to enforce Nike policies in accordance with existing process.   Where permissible under applicable law, device and user information may be used as the basis for disciplinary action against a user, up to and including termination for improper use/disclosure of Nike’s proprietary or confidential information. 

8. TECHNICAL SUPPORT 

Prior to taking a Participating Device to any service provider, vendor, technician or other person for support or updates, the user must first logout of the Secure Access Method to disable access to the Nike Networks and Nike Materials prior to service. Please contact the Nike Global Service Desk for any questions or concerns. 

The Nike Global Service Desk will provide limited support for a Participating Device. Support may be limited to installation, setup and support for the Secure Access Method or other Nike-provided software or applications (like Nike Tools), or taking action in response to a reported theft, loss, damage, replacement, or other potential or actual Security Beach. The Nike Global Service Desk will not provide general support for any Participating Device or assist with issues involving non-Nike applications. 

9. DE-REGISTRATION, TERMINATION AND BREACH OF THIS POLICY

a. De-Registration and Termination 

If at any time a user would like to cease participating in the BYOD Program, that user can opt-out of the program by logging out of and, as appropriate, uninstalling the Secure Access Method.  Please contact the Nike Global Service Desk with any questions or concerns.  

When a user leaves Nike’s employ for any reason, the user will allow Nike to remove access to the Secure Access Method and remove any Nike Material from the Participating Device. Nike may retain copies of such Nike Materials as needed. Where permitted by applicable law, Nike retains the right, at its sole discretion, to wipe all Nike Material from the Participating Device by remote and/or direct means upon de-registration or termination of employment.  As allowed by local law, the user may be asked to present their Participating Device to ensure and/or confirm that the device has been wiped of all Nike Material and that access through the Secure Access Method has been properly removed from the Participating Device such that the user’s access to Nike Systems has been fully revoked. 

b. Breach of this Policy

The user agrees to immediately notify the Nike Legal Department if s/he has breached or is unable or unwilling to comply with any or all of the requirements of this Policy. Subject to applicable law, failure to comply with this Policy may result in disciplinary action, up to and including termination of employment. 

In the event Nike has reason to believe that a user may not be in compliance with all the requirements of this Policy, Nike may remove, limit, modify or suspend that user’s participation in the BYOD Program, as permitted under applicable law.  For example, actions that Nike might take could include: 

  • Notifying the user, management and human resources of the issue and providing remediation instructions;
  • Limiting a Participating Device’s access to certain applications and services;
  • Blocking a Participating Device’s access to all or some Nike Systems; and
  • Bringing a Participating Device into compliance by forcing (including remotely) installation of software, packages or settings on the device, which could result in loss or corruption of user personal information or information stored on the device. Nike will allow the user to delete personal or private information and correspondence stored in the non-Managed Space of the Participating Device, prior to taking such actions. Subject to applicable law, Nike does not assume any liability for any damage, erasure or destruction of such content or information. 

10. SHARING AND TRANSFERRING USER PERSONAL INFORMATION

In the context of the BYOD Program, Nike may disclose user personal information collected from the Participating Device with the following recipients for the purposes set forth in this Policy: 

  • Nike IT Department,
  • Nike Global Investigations Department,
  • Nike Human Resources,
  • Nike legal department or outside counsel, legal advisors, courts or public authorities as necessary for investigations and legal proceedings,
  • Third-party software vendor in connection with administering the software, and
  • Vendors or suppliers who provide information security, data storage, investigation, or forensic services to Nike, including IT forensic companies, external investigators and investigatory companies. 

We contractually require third parties who perform services on our behalf to only process user personal information based on our instructions and to implement data security measures. 

Except as provided above, such information will not be shared with anyone else outside of Nike unless required for law enforcement, legal proceedings, or otherwise by applicable law. 

User personal information may be transferred and stored outside of the country of your employment, to Nike, Inc., in the United States, where different privacy laws apply. When we transfer personal information outside the EU, Switzerland or other countries with data transfer restrictions,  to a country that does not have an adequate level of protection, we implement appropriate safeguards to protect the personal information, including by entering into appropriate data transfer agreements, such as the European Commission’s EU Standard Contractual Clauses with the data recipients, ensuring that the data recipient has certified to the EU-U.S. or Swiss-U.S. Privacy Shield Framework, or has implemented Binding Corporate Rules, as applicable. Nike’s intra-group data transfer agreement is available upon request. 

11. PROTECTING YOUR PERSONAL INFORMATION

In the context of the BYOD Program, we may need to collect and process certain types of user personal information, as described in section 2 c. above.  The entity responsible for the collection and processing of user personal information in the context of the BYOD Program is the Nike entity who is your direct employer.  

Any user personal information Nike collects and processes in furtherance of this Policy will be processed and stored for the purposes and by the recipients described in this Policy and in compliance with Nike’s Global Employee Privacy Policy and the data protection safeguards described in Nike’s Global Acceptable Use Policy, including any regional addenda of those policies, to the extent such policies or addenda are in effect in your location and are applicable to you as a company employee. 

We process user personal information to pursue our legitimate interests of managing the program, enabling the operation of the Secure Access Method, locating a Participating Device at the request of a user if location services are activated, ensuring network security, verifying a user’s compliance with our policies and applicable law, conducting investigations and as otherwise necessary for the establishment, exercise or defense of legal claims. When processing personal information for our legitimate interests, we take appropriate measures to ensure that the interests we pursue are balanced with your interests, rights and freedoms, which we are happy to explain to you upon request. Where required under applicable law, we will collect your consent to process personal information. 

You have the right to request access to and rectification or erasure of your user personal information processed in the context of Nike’s BYOD program, or to request the restriction of the processing of such personal information, as permitted by applicable law. You also have the right to object to that processing on grounds relating to your particular situation. Subject to applicable law, you may also request an electronic copy of your personal information and the transfer of such personal information. If you are not satisfied with our responses, you have the right to consult with the supervisory authority in your country.  You can contact us as described below to exercise your rights. 

We protect user personal information by applying technical and organizational measures to prevent unauthorized access, destruction, loss, alteration, misuse or any other unlawful form of processing of user personal information.  We make reasonable efforts to ensure a level of security appropriate to the risk of the processing of personal information. User personal information will be retained for a limited period of time, as necessary to achieve the purposes outlined in this Policy, unless further retention is required by applicable law or legal process. For more information on Nike’s privacy safeguards with regard to monitoring the use of Nike Systems in EMEA, please refer to the EMEA Addendum to Nike’s Global Acceptable Use Policy.  

12. POLICY STATUS, CHANGES, AND UPDATES 

This BYOD Program and Policy does not form part of any employment contract with Nike. Nike may modify this Policy at any time and will inform the user of any material change by providing the user with access to the new Policy. Nike will collect the user express consent if any update or modification of this Policy requires it.  Nike may at any time revoke this Policy and discontinue permitting users to use their devices to access Nike Systems and Nike Material. 

13. CONTACT US 

For any questions regarding this Policy and how we protect user personal information in the context of Nike’s BYOD Program or to exercise your rights, please contact your HR department or Nike’s Data Protection Officer at privacy.office@nike.com

 

YOUR PARTICIPATION

BY CONTINUING WITH THE REGISTRATION PROCESS, YOU AGREE TO BE BOUND BY THE TERMS OF THIS POLICY AND ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS POLICY AND AGREE TO COMPLY WITH YOUR OBLIGATIONS UNDER THIS POLICY AT ALL TIMES.  SUBJECT TO APPLICABLE LAW, FAILURE TO COMPLY WITH YOUR OBLIGATIONS UNDER THIS POLICY MAY RESULT IN DISCIPLINARY ACTION UP TO AND INCLUDING IMMEDIATE TERMINATION OF EMPLOYMENT. YOU ACKNOWLEDGE THAT NIKE SHALL HAVE THE RIGHTS SET OUT IN THIS POLICY, INCLUDING THE RIGHT TO ACCESS AND MODIFY THE MANAGED SPACE OF YOUR PARTICIPATING DEVICE, SUBJECT TO APPLICABLE LAW.

 

CONSENT 

TO THE EXTENT PERMITTED OR REQUIRED BY APPLICABLE LAW, YOU EXPRESSLY AUTHORIZE ALL ACTIONS (INCLUDING WIPING OF NIKE MATERIALS FROM THE MANAGED SPACE OF YOUR PARTICIPATING DEVICE) FOR THE PURPOSES AND UNDER THE CONDITIONS DESCRIBED IN THIS POLICY. 

YOU UNDERSTAND THAT NIKE WILL NOT INTENTIONALLY OR ROUTINELY ACCESS NON-BUSINESS RELATED MATERIALS STORED IN THE NON-MANAGED SPACE OF YOUR PARTICIPATING DEVICE.  IN THE EVENT THAT NIKE ACCESSES SUCH INFORMATION FOR THE PURPOSES AND UNDER THE CONFIDENTIALITY CONDITIONS DESCRIBED IN THIS POLICY, INCLUDING IN THE CONTEXT OF AN INVESTIGATION, YOU FREELY AND EXPRESSLY CONSENT TO SUCH ACCESS.  YOU MAY WITHDRAW YOUR CONSENT AT ANY TIME BY CONTACTING US AT [COMPLETE], BUT WE MAY NO LONGER BE ABLE TO PROVIDE YOU WITH THE BYOD SERVICES IF POTENTIAL ACCESS TO PRIVATE MATERIALS CANNOT BE TECHNICALLY EXCLUDED IF YOU CHOOSE TO USE THE PROGRAM. 

YOUR PARTICIPATION IN THE BYOD PROGRAM IS VOLUNTARY. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, INCLUDING HOW USER PERSONAL INFORMATION IS PROCESSED, PLEASE DO NOT REGISTER TO PARTICIPATE IN THE PROGRAM AND USE YOUR NIKE-OWNED DEVICE TO PERFORM YOUR DUTIES.

 

 

Locales *

User login