Ally’s GDPR Commitment

What is GDPR?

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018. It is one of the most comprehensive changes made to data privacy regulations in the last two decades. The GDPR provides the citizens of the EU greater control over their personal data, and unifies a number of existing privacy and security laws under one umbrella law.

Does it affect us?

GDPR applies to all organizations that handle personal data of individuals from the EU region, irrespective of where they are located.

What data does Ally collect?

At Ally, we are committed to ensuring your data is secure with us. We only collect information that is absolutely necessary to support your organization’s OKR process, and deliver a good user experience. The data we collect and store is:

Employee information

Employees' goals & updates

Employee interactions

Information that helps us deliver a better experience

How does Ally use this data?

Ally processes personal data to provide the products and services and for other limited purposes set forth in our Privacy Policy.

How is Ally GDPR compliant?

At Ally, fulfilling our privacy and data security commitments is important to us. We’ve built a robust security framework, and we regularly review our internal access design to ensure the right people have access to the right level of customer data. We have also:

Since we cater to organizations and process data on their behalf, any requests to remove or export an individual’s data has to be routed through the admins of the organization. Individuals can amend their own data.

Removal of data (‘Right to be forgotten’)

To permanently delete an individual’s data, admins can email us at [email protected]

What gets deleted

What does not get deleted

Note: It is possible that in some cases, due to legal or contractual obligations, we would not be able to delete your data immediately, but rest assured, Ally will remove data as soon as it is technically and legally possible

Exporting data (‘Right to portability’)

To export an individual’s data, admins can email us at [email protected]

Editing data (‘Right to rectification’)

To rectify inaccurate personal information, an individual can:

Admins can edit their users’ information, including email and manager information by navigating to Admin > Users, and clicking on ‘Edit’ under the Actions dropdown.

For any other questions, requests or issues regarding your data and how it is used, please reach out to us at [email protected] and we’ll be happy to help.