Ally’s GDPR Commitment

What is GDPR?

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. It is one of the most comprehensive changes made to data privacy regulations in the last two decades. The GDPR provides the citizens of the EU greater control over their personal data, and unifies a number of existing privacy and security laws under one umbrella law.

Does it affect us?

GDPR applies to all organizations that handle personal data of individuals from the EU region, irrespective of where they are located.

What data does Ally collect?

At Ally, we are committed to ensuring your data is secure with us. We only collect information that is absolutely necessary to support your organization’s OKR process, and deliver a good user experience. The data we collect and store is:
‍

Name
Email address
Password (unless your organization uses SSO like SAML, GoogleAuth, etc)
Job title
Manager’s name
Profile picture
Timezone
Objectives and Key Results
Check-ins and scores
Likes
Comments
IP Address
Operating system
Browser or mobile app version

How does Ally use this data?

Ally processes personal data to provide the products and services and for other limited purposes set forth in our Privacy Policy.

How is Ally GDPR compliant?

At Ally, fulfilling our privacy and data security commitments is important to us. We’ve built a robust security framework, and we regularly review our internal access design to ensure the right people have access to the right level of customer data. We have also:
‍

Invested in our security infrastructure
Audited our data architecture and retention policies
Audited our vendors and ensured they comply with the regulation
Updated our Privacy Policy
Enabled our customers to meet their GDPR obligations

Since we cater to organizations and process data on their behalf, any requests to remove or export an individual’s data has to be routed through the admins of the organization. Individuals can amend their own data.

Removal of data (‘Right to be forgotten’)

To permanently delete an individual’s data, admins can email us [email protected]
‍

Name
Email
Password
Profile picture
Timezone
Job title
IP Address
Operating system
Browser or mobile app version
Objectives and Key Results
Check-ins and scores
Likes and comments on check-ins

Note: It is possible that in some cases, due to legal or contractual obligations, we would not be able to delete your data immediately, but rest assured, Ally will remove data as soon as it is technically and legally possible

Exporting data (‘Right to portability’)

To export an individual’s data, admins can email us at [email protected]

Editing data (‘Right to rectification’)

To rectify inaccurate personal information, an individual can:

Click on their picture on the top right corner of the page, and select ‘Edit Profile’; here, they may update their names, job title, profile picture and timezone
To edit their email address or manager information, individuals can route the request to the Organization admin.
To update their passwords, individuals can click on their picture on the top right corner of the page, and select ‘Edit Settings’

Admins can edit their users’ information, including email and manager information by navigating to Admin > Users, and clicking on ‘Edit’ under the Actions dropdown.

For any other questions, requests or issues regarding your data and how it is used, please reach out to us atsuppo[email protected] we’ll be happy to help.