Privacy policy

THIS NOTICE DESCRIBES HOW PERSONAL DATA ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY.

Effective date: January, 2018

It is a fundamental principle in Alaya’s relationship with its users, clients and partners to protect the privacy and confidentiality of your personal data. This document states how we will ensure the privacy and confidentiality of the information with which you entrust us.

Access and use of this platform is provided by Alaya to you on the condition that you accept the terms of the Privacy Policy, and by accessing or using this website, you agree to these terms. If you do not accept and agree with this Privacy Policy you should not access or use this platform.

By accessing the Alaya platform, you agree to the collection, use and disclosure of your personal information in accordance with this policy. The clauses and terms of this policy apply to all personal information collected by Alaya on the www.alayagood.com platform. We have created this policy pursuant to the Federal Law on Data Protection of Switzerland. Your home jurisdiction may have privacy laws that are more or less protective than Switzerland.

This platform is operated by Alaya SA and may be accessed in Switzerland and abroad. For personal data protection purposes, Alaya is the controller and is also the processor of the personal information (unless otherwise noted). Information collected may be kept for as long as it is required for the purposes it was collected.

ALAYA SA

Alaya SA (Alaya, we, us or our) operates a social engagement platform at www.alayagood.com (the Platform).

Alaya is an innovative and measurable solution for your social responsibility and engagement program. An interactive platform that facilitates employee volunteering, corporate giving and impact reporting. Alaya enables your employees to pick their way of contributing and gives you a powerful tool to analyse the impact created by the entire company. The Platform, as well as the services, features, content or applications that may be offered from time to time by us in connection with the Platform and/or our business are collectively referred to as the Platform.

1. SCOPE OF APPLICATION

This privacy policy (the Policy) applies to you if you are a visitor of the website and/or a user of our Platform (the User, you and your). It describes how we and some of our trusted partners collect, use and disclose your protected personal data in relation to our Platform. Protected personal data means any information that you provide to us which personally identifies any person or entity, such as your name, email address or other data which can be reasonably linked to such information (the Personal Data). This Policy also describes your rights to access and control your Personal Data.

2. CONSENT

By visiting our website and/or using our Platform you agree to the collection and use of your Personal Data in accordance with this Policy.

3. WHAT INFORMATION IS COLLECTED

3.1. Personal Data you provide us

If you are a visitor of our website and would like to: donate, download our brochure, request a demo, subscribe to our newsletter or contact us; you may provide us with personal information (such as name, address, email address, telephone numbers and/or credit/debit card information) that you knowingly choose to disclose, which is collected on an individual basis for various purposes. If you decide to subscribe to our newsletter, we also may have access to your location (collected by our mail automation Mail Chimp). These purposes include registering to receive email newsletters or other materials, requesting further information from us about projects and services, donating to us, ordering merchandise, making requests, submitting a form on our website, or simply asking a question. We receive and store any information you enter on our website or give us in any other way, whether it is online or offline. We ask for personal information so that we can fulfill your request and return your message. This information is retained and used in accordance with existing laws, rules, regulations, and other policies. Alaya does not collect personal information from you unless you provide it to us. If you choose not to provide any of that information, we may not be able to fulfill your request or complete your order, but you will still be free to browse the other sections of the websites owned and administered by Alaya. This means that you can visit our site without telling us who you are or revealing any personally identifiable information about yourself.

 

If you are a user of our platform, all the above applies to you except that in order for you to be a user of our platform, you have to identify yourself through your company email. Additionally, since you will be able to act on the platform we will collect the following data:

  • Mandatory data to enter as a user: First Name, Last Name, Corporate Email, Country, City, Skills, Gender, Profession
  • Facultative data to enter as a user: Open data field (bio, interests, passions…), Address, Postal Code, Date of Birth, Department, Favorite country, Favorite quote, Favorite language, Social Accounts (Facebook, LinkedIn, Twitter)

Regarding the impact, we will use different metrics based on your activities (number of hours, and amount donated). However, if you decide to make the donation anonymously, the administrator of your company account, and any other members on the platform will not be able to see any amount given. Only we will use it to offer a “total-amount- given view” on your company’s profile, which is a sum of all donations made from your company.

During the course of your relationship with Alaya you may contact us by email, or in writing. We will retain this information also, supplementing the information we already have. We may also supplement any information you give us with information from social networks (LinkedIn, Facebook, Twitter and others) information. This information will also be retained by us and held confidentially in your personal data file in order to improve your user experience.

3.2. Information collected automatically

We will collect:

  • Log information (e.g. IP address, number and time of visits of the Platform by users)
  • Analytics information

We use third-party analytics tools (Google Analytics, Hotjar) to help us measure traffic and usage trends for the Platform. These tools collect information sent by your device or our Platform, including the web pages you visit, add-ons, and other information that assists us in improving the Platform. We collect and use this analytics information with analytics information from other Users so that it cannot reasonably be used to identify any particular individual User.

In addition to the user details that are covered above, the platform will capture the following data: An activity audit log, such as the number of connections on the platform, donations made by each user, Volunteering missions completed by user, comments and likes submitted, and the data they share on the newsboard and on other social media platforms.

Note: Every user will be able to selectively publish his actions on the Platform (ex: amount donated) to his Company and to other users.

3. COOKIES AND OTHER TECHNOLOGIES

Alaya uses “cookies” to allow you to sign in to our services and to help customize your online experience. A cookie is a small text file that is placed on your hard drive. Cookies contain information, including personal data, which may be used to inform us about your site visit and can later be read by a web server in the domain that issued the cookie to you. The information that cookies gather includes the pages you look at on this site, the time and date of your visit, the site you visited before coming to this website, your registration information, the name of your internet service provider, your navigational history and preferences, and your session identification number. The use of cookies has many advantages. They enable us to identify registered users when they return to the site so that they can retrieve previous information and interact with the site in a more efficient way.

From time to time our partners, corporate sponsors or third-party service providers may use cookies on our site, but we have no control or access over these cookies. This privacy policy covers the use of cookies by Alaya only, not the use of cookies by third parties. Alaya may use third parties to advertise its services and products on other sites. These third-party providers may also use cookies and other tracking mechanisms to collect information about your visits to other websites. This information may be used to tailor marketing messages or to evaluate our online advertising campaigns.

Moreover, Alaya may use third parties to advertise Alaya to you through the web. This third party may display relevant ads personalized to you based on the parts of the website that you have viewed by placing a cookie on your browser. These cookies do not give access to your computer or recognize you in any way. These services allow us to customize our marketing to better suit your interests and needs and only display ads that are relevant. You may decide to refuse cookies completely but most browsers automatically accept cookies unless the user turns them off. Please refer to your browser’s ‘help’ instructions to learn more about cookies and how to manage them.

If you choose to refuse cookies, you may not be able to sign in or use other interactive features of our site and services that depend on cookies. However, you will still be able to perform basic navigation through the website.

In addition to cookies, Alaya may use other technologies, including single-pixel gifs (web beacons) on our websites and on e-mail messages. These images assist us in determining how many users have visited certain pages or opened messages. We do not use these elements to collect personal information.

 

4. WHO COLLECTS YOUR PERSONAL DATA

As a general rule, your Personal Data we processed is collected by Alaya through the Platform or via e-mail. We may also have access to Personal Data provided by third party partners, such as Facebook, LinkedIn or your Gmail account, if you create your account through their services.

In certain circumstances, we may also outsource the collection of data to trusted third partners. In that case, we make sure that our partners undertake commit to comply with this Policy.

 

5. HOW WE USE YOUR PERSONAL DATA

In addition to some of the specific uses of information we describe in this Policy, we may use information that we collect to:

  • identify users and ensure that you are eligible to use the service you have requested and that our Platform is used in the appropriate way;
  • operate, maintain, protect and improve the Platform, to develop new services and to protect us and our other users;
  • offer tailored content, which could include online ads, mission recommendations, or other forms of marketing;
  • monitor metrics such as total number of visitors, traffic, and demographic patterns;
  • diagnose or fix any technology you may be facing;
  • remember information so you will not have to re-enter it during your visit or the next time you visit our Platform.

 

6. TO WHOM INFORMATION WE COLLECT IS SHARED?

Unless provided otherwise herein, Alaya will share your Personal Data only with your consent and the following rules.

For Users, the data are accessible only by the community (co-workers, managers) of your company account. NGOs do not have access to your data as long as you do not interact with the NGO. Whenever you decide to interact with an NGO (ex: by donating to them or by applying to their volunteering mission), the NGO can see your profile and information. This profile contains the following data that is transmitted as is: First & Last Name, Profession, Profile and cover picture, City, Company, Number of NGOs helped, the money donated (if not made anonymous by user), hours dedicated to volunteering.

As a rule, your Personal Data are stored as long as your Alaya’s account is active. Following termination or deactivation of your account, we may retain some personal information as showed hereafter: The impact of the user’s actions (amount donated and the hours he volunteered) are still considered for the total Company impact, but are anonymized when the user gets deleted.

In any event, we reserve the right to retain for an unlimited period of time information derived from your Personal Data in such a way that you will no longer be identified or identifiable (pseudonymized or anonymized data).

a. Information collected automatically

Personal Data of visitors are held confidentially and are, as a rule, not shared, subject to the permitted use (as detailed below).

b. Personal Data collected from Companies

When a company gets an access to the Platform, it will be entitled to create and administrate a profile (the Company’s Profile). One part of the company profile will be accessible to all users and an exclusive part will be only for certain registered company administrators (ex: HR Director, CEO, Chief Happiness Director). As for now, no user outside of the company can access the profile of your company, unless if the administrator of the company’s profile decides otherwise.

Every user will be able to anonymize his actions on the Platform (ex: amount donated) from its Company and from other users. We ask the company to comply with Personal Data of others (e.g. their employees), notably by anonymizing the data so that any individual, who has not expressly authorized the use of his Personal Data, will no longer be identifiable.

We do not verify whether the data submitted by the Company contains Personal Data of third parties and do not provide any guarantee in this regard.

 

c. For Users: The Company’s Profile and the data of its users is secured.

Different employees from different companies are all on the same platform and database, but users from different companies are separated programmatically. The user role, condition and rights are different for each employee/user to ensure that they only see what they are allowed to see. As such, employees can only create an account with their corporate email. Whenever a user creates an account with a company email and verified domain, he is immediately put into the company table. Users from different companies can’t see each other’s activity or profile through programmatic conditions.

Data for each Company’s employee would be protected by applying three levels of authorisation:

  • Level 1: exact domain registration. The corporate email used has to be an exact match with the submitted company domains.
  • Level 2: email registration. The employee has to verify the created account via email.
  • Level 3: Company user roles. Each Company user will be entitled for roles that will be exclusively reserved only for the use of Company and no one else.
d. For users: The right to erasure

Today, as soon as the Company informs us about the departure of an employee (you), we deactivate all his (your) data and his (your) login from the database. We have a deactivation process for a user account that the admin of a company can trigger by contacting the Alaya support team. The priority of this deletion action is defined by the client.
Note: The impact of the employee’s actions (amount donated and the hours he volunteered) are still considered for the total company impact, but are anonymized when the user gets deleted.

e. Personal Data collected from NGOs

We gather certain Personal Data from NGOs (1) and their administrator (2), such as (1) their name, location, activities, impact reports, jobs posted, financial projects for which they raise money; (2) their first and last name, job title, and key competences. This information will be accessible by any user and/or companies willing to help that NGO, as well as to visitors willing to donate to the NGO.

f. Permitted Use for all Personal Data
  • Alaya may share your Personal Data to service providers (e.g. payment processors, cloud provider). Our service providers will be given access to your Personal Data on a need to know basis to provide their services for the Platform under reasonable confidential terms.
  • If it is required under law to do so or we reasonably believe that such release is necessary to comply with applicable legislation or respond to a court order or to protect Alaya’s rights and interests.
  • If Alaya is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any Personal Data and give affected users notice before Personal Data is transferred or becomes subject to a different privacy policy.

7. TO WHOM BELONGS THE DATA

For visitors, your data is owned by Alaya under our sole responsibility.
For Users: Legally, the data is the responsibility of two entities (The user’s company and Alaya). There is therefore shared ownership of the data.

8. WHAT ARE THE DATA FLOWS?

The data is exclusively located on several (dedicated) servers hosted in Strasbourg via OVH. No other data is exported outside this place.

9. SECURITY

We use commercially reasonable safeguards to help keep the information collected through the Platform secure and take reasonable steps to verify your identity before granting you access to your account. However, Alaya cannot ensure the security of any information you transmit to Alaya or guarantee that information on the Platform may not be accessed, disclosed, altered, or destroyed. However, we are committed to provide the best service as possible. Best storing, classification, secured environment. Alaya partnered with a data protection industry-leader, Dathena S.A. and is regularly audited by this company to improve its data security policies and processes.

10. ACESSING YOUR PERSONAL INFORMATION AND PREFERENCES

If you would like to revise or review information that you previously provided to Alaya, you may contact our Customer Services by email at hello@alayagood.com.

Our company respects your right to make choices about the disclosure and use of your personal information. If at any moment you decide that you do not want to receive communications from us, please let us know by opting in or out on your online registration form when you sign up, or in your “user preferences” page of the platform. Alternatively, you can also contact our Customer Services following the instruction in the previous paragraph.

Whenever you use the Platform, we aim to provide you with access to your Personal Data we control. If that information is wrong, we strive to give you ways to update it quickly or to delete or to anonymize it – unless we have to keep that information for legitimate business or legal purposes. When updating your Personal Data, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical.

11. CHILDREN’S PRIVACY AND LINKS TO OTHER WEBSITES

Alaya does not have the intention of collecting personal information or soliciting donations from anyone under the age of 18 without parental authorization. If you are under 18, you should not use or enter information on this website without parental consent.

We may be connected to websites, including those of our partners, subsidiaries, sponsors and third-party providers that have different privacy policies from those disclosed in this document. Alaya takes no responsibility for the policies or practices of such linked sites, and encourages you to become familiar with them prior to use.

12. CHANGES TO THIS POLICY

Your access and use of the Platform is governed by the version of this Policy in effect on the date of access and use. We may modify this Policy at any time and without prior notice. If a revision, in our sole discretion, is material, we will notify you. You acknowledge that by accessing the Platform after we have made changes to this Policy, you are agreeing to the terms and conditions of this Policy as modified. If you do not agree to the new terms, please stop using the Platform.

HOW TO CONTACT US

If you have any queries, comments or complaints regarding this Policy, just get in touch with us at hello@alayagood.com

Alaya SA, a Swiss company having its registered office in Renens, IDE CHE-420.775.974.

Q&A
Data Information

Note: This document provides answers to frequently asked questions regarding the utilization of data and their protection. You may share this document with you IT and Legal Department.

What data does the employee enter into the platform when he/she creates an account?

  • Mandatory data to enter as a user: First Name, Last Name, Corporate Email, Title, Office location, Skills, Causes you’re Interests
  • Facultative data to enter as a user: Profile picture, Open text field (bio, motivations, interests…), Address, Postal Code, Date of Birth, Department, Favourite country, Work languages.

 

What employee data does the platform record?

 

In addition to the user details that are covered above, the platform will capture the following data:

 

An activity audit including donations made by each user, volunteering missions applied and completed, volunteered hours on field, amounts of goods collected, comments and likes submitted, and the data they share on the newsboard.

 

Note: Every user is able to anonymously publish its donations through the Platform to his Company and to other users.

 

What information do employees, NGOs (who have their projects on the platform) receive?

 

NGOs do not have access to the employee data as long as the employee does not interact with the NGO. Whenever an employee decides to interact with an NGO (ex: by donating to them or by applying to their volunteering mission), the NGO can see the public profile of the employee. This profile contains the following data that is transmitted as is: First & Last Name, Profession, Profile picture, Location, Company, the amount donated (if not made anonymous by user), hours dedicated to volunteering.

 

Only employees of the company can access the platform, how do you make sure?

 

Different employees from different companies are all on the same platform and database, but users from different companies are separated programmatically. An account is dependent on an organization, and thus to ensure that they only see what they are allowed to see according to the organization identifier. Users from different companies can’t see each other’s activity or profile through programmatic conditions.

 

Data for each Company’s employee would be protected by applying three levels of authorisation:

  • Step 1: Domain match. The corporate email used has to match one of the domains of a company already registered by our administration on the platform.
  • Step 2: Email registration. If a match is found, the employee receives a link by email to create his account.
  • Step 3: Account creation. By clicking on the link, the user is invited to submit basic information and a password. During the creation process, the account is linked to the company to which the email domain belongs.

 

How do guarantee the suppression of an employee account if this employee leaves the Company?

 

Today, as soon as the Company informs us about the departure of an employee, we deactivate and anonymize his account and erase his profile data from the database. We have a deactivation process for a user account that the admin of a company can trigger by contacting our support team. The priority of this deletion action is defined by the client (see support level policy in End-User Licence Agreement).

 

Note: The impact of the employee’s actions (amount donated and the hours he volunteered) are still considered for the total company impact, but are anonymized when the account gets deactivated. The account email is also replaced to delete all possible identification of the account owner.

 

To whom belong the data ?

 

Legally, the data is the responsibility of two entities: our Company and our Partner. There is therefore shared ownership of the data. The use of data by our company is specified in the Privacy Policy.

 

What are the data flows and where is the data storage?

 

The data is exclusively located on several (dedicated) servers hosted in Strasbourg via the OVH service, and in RaiseNow servers for donation payment details. No other data is exported outside these places.

 

Who has access to the data?

 

Only developers and IT managers have access (exclusively) to the data

 

English