Ally.io

Ally’s GDPR Commitment

What is GDPR?

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. It is one of the most comprehensive changes made to data privacy regulations in the last two decades. The GDPR provides the citizens of the EU greater control over their personal data, and unifies a number of existing privacy and security laws under one umbrella law.

Does it affect us?

GDPR applies to all organizations that handle personal data of individuals from the EU region, irrespective of where they are located.

What data does Ally collect?

At Ally, we are committed to ensuring your data is secure with us. We only collect information that is absolutely necessary to support your organization’s OKR process, and deliver a good user experience. The data we collect and store is:

  • Name
  • Email address
  • Password (unless your organization uses SSO like SAML, GoogleAuth, etc)
  • Job title
  • Manager’s name
  • Profile picture
  • Timezone
  • Objectives and Key Results
  • Check-ins and scores
  • Likes
  • Comments
  • IP Address
  • Operating system
  • Browser or mobile app version

How does Ally use this data?

Ally processes personal data to provide the products and services and for other limited purposes set forth in our Privacy Policy.

How is Ally GDPR compliant?

At Ally, fulfilling our privacy and data security commitments is important to us. We’ve built a robust security framework, and we regularly review our internal access design to ensure the right people have access to the right level of customer data. We have also:

  • Invested in our security infrastructure
  • Audited our data architecture and retention policies
  • Audited our vendors and ensured they comply with the regulation
  • Updated our Privacy Policy
  • Enabled our customers to meet their GDPR obligations

Since we cater to organizations and process data on their behalf, any requests to remove or export an individual’s data has to be routed through the admins of the organization. Individuals can amend their own data.

Removal of data (‘Right to be forgotten’)

To permanently delete an individual’s data, admins can email us [email protected]

  • Name
  • Email
  • Password
  • Profile picture
  • Timezone
  • Job title
  • IP Address
  • Operating system
  • Browser or mobile app version
  • Objectives and Key Results
  • Check-ins and scores
  • Likes and comments on check-ins

Note: It is possible that in some cases, due to legal or contractual obligations, we would not be able to delete your data immediately, but rest assured, Ally will remove data as soon as it is technically and legally possible

Exporting data (‘Right to portability’)

To export an individual’s data, admins can email us at [email protected]

Editing data (‘Right to rectification’)

To rectify inaccurate personal information, an individual can:

  • Click on their picture on the top right corner of the page, and select ‘Edit Profile’; here, they may update their names, job title, profile picture and timezone
  • To edit their email address or manager information, individuals can route the request to the Organization admin.
  • To update their passwords, individuals can click on their picture on the top right corner of the page, and select ‘Edit Settings’

Admins can edit their users’ information, including email and manager information by navigating to Admin > Users, and clicking on ‘Edit’ under the Actions dropdown.

For any other questions, requests or issues regarding your data and how it is used, please reach out to us [email protected] we’ll be happy to help.

© 2021 Ally.io All rights reserved  |  Privacy Policy  |  Terms of Service