10 June 2019
When you install All In’s mobile application (the “Application”), create a user account and/or use our services we may collect and process personal data about you. For a description of what personal information we process, see Section 3.
There are certain requirements pertaining the processing of personal data under applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation (“GDPR”)). GDPR applies as law in all EU member states and aims to protect individuals’ rights to protection and control over their personal data.
The personal data about you that you provide and data that we collect (e.g. when you create a user account in the Application) will be handled with care and respect. We aim to be as transparent and clear as possible about the personal data that we process. If you have any questions about how we handle and process your personal information, please contact us by sending an email to [firstname.lastname@example.org].
”Personal Data” refers to all information relating, directly or indirectly, to a natural person, e.g. name, personal identification number, address, email address, and bank details.
”Process” refers to all actions or set of actions (independent of automatic means) such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. WHO IS RESPONSIBLE FOR YOUR DATA?
2. WHEN AND HOW DO WE PROCESS PERSONAL DATA?
All In collects personal data that you provide when you use our Application and/or our Services, for example when you create a user account, make a donation via the Application or contact our support services.
Personal data may also be collected from external sources such as social networks (for example Facebook or Google) that you have connected to the Application.
3. WHAT PERSONAL DATA DO WE PROCESS?
In order to create a user account in the Application and access our services, you must provide personal information about yourself. How and what personal data we collect depends on the extent to which you use the Application and our services. The personal data that we collect may include the following:
Personal and contact information
When you install the Application and create a user account you are required to register your (i) name and (ii) phone number. While not required, you are also able to leave additional information such as (iii) email, (iv) date of birth, (v) country of residence, and (vi) your profile picture.
If you make a donation via the Application you are required to provide payment details. Any payment details, however, are not processed by All In but are handled by our payment solution providers Stripe, inc and Getswish AB.
When you use the Application, we automatically collect technical information such as (i) User data (e.g. IP address, your mobile web browser, number or clicks and application open date and time) and (ii) details about your smartphone (e.g. hardware model, operating systems, language settings and network information).
We may also collect information when you visit our website, including your type of browser or device, your IP address, details of the web pages you have visited and links you have clicked on.
We use Google Analytics on our Sites to help us analyze Your use of our Sites and diagnose technical issues.
4. WHY DO WE PROCESS PERSONAL DATA?
All In collects and processes data to provide you with the required services or information with the aim to simplify donations to charity organizations and to inform you of the impact of your Donation.
We will only process data about you i) to fulfil our obligations under an agreement with you, ii) to comply with a legal requirement, iii) if we have a legitimate interest, or iv) if you have given your explicit consent.
All In processes personal data for the following purposes:
- To provide our services and administer donations made via the Application;
- To administer your account (e.g. managing your account);
- To fulfil an agreement with you (e.g. sending necessary information to you in connection with a donation);
- To communicate with you to inform you about updates, content, events, special activities and advertisements that may be of interest to you;
- For other administrative or legal operations (e.g. communicating updates in our terms and conditions and policy documents or in connection with a compliant by you);
- To be able to offer good service (e.g. managing potential requests, sending information to you and sending or offering to send newsletters);
- To do market research and analyses; and
- To improve, analyse, develop and maintain the platform and the Application in order to continually develop and improving our services.
Other than the purposes listed above, All In also processes personal data to comply with legal or contractual obligations as well as accounting and tax legislation. Thus, we may have additional grounds for processing data. In such case, we will inform you in connection with the collection of information.
5. WHAT IS THE LEGAL BASIS FOR OUR PROCESSING?
The legal basis for our processing of personal data depends on your relationship to us and to what extent that you use our services.
5.1. TO FULFIL A CONTRACTUAL OBLIGATION
All In may use personal data to fulfil an agreement with you. For example, if you create and have a user account in the Application or if you make a donation via the Application, we must process certain data about you. The personal data we process typically include name, email address, and mobile telephone number, donation history, country of residence, date of birth and profile picture
5.2. LEGAL REQUIREMENTS
All In may be legally obligated to process and save personal data about you (e.g. under accounting or tax legislation). In such case, the processing of personal data will be limited to what is required by law.
All In may process personal data if there is a legitimate interest to do so. This means that we may process personal data when All In or a third party has a legitimate interest that outweigh any of your opposing interest or fundamental rights and freedoms.
- Processing for purposes when there is a legitimate interest as legal ground include the following operations:
- Marketing All In to people who have not previously used our services;
- Sending information about updated versions of the Application;
- Performance and administration in relation to donations;
- Segmentation and analysis of persons with a registered user account in the Application;
- Improving and developing the Application;
- Performing market researches and analyses;
- Preventing and combating frauds and money laundering; and
- Communicating changes in the general terms and conditions and policies.
In relation to some processing of personal data, we will have received your explicit and informed consent. You have the right to withdraw your consent at any time. For more information about withdrawal of consent, see Section 9.1.
We only process the following personal data about you for the purposes listed below if we have received your explicit, specific, informed and unambiguous consent:
- Your contact details in order to contact you for marketing purposes if you have made a donation through us or if you have registered to receive newsletters or any other information via email;
6. TO WHOM WILL THE PERSONAL DATA WE PROCESS BE DISCLOSED
If it is necessary and in line with the purposes for the processing of personal data, if you have given your explicit consent or if you have a user account in the Application, All In may give selected third parties access to your personal data.
By default, we do not share your personal data (name, mobile phone number and email address)) with our partner organizations without your explicit consent. We may however share anonymized information about your donation amount(s), your age and your country of residence with partner organizations.
If it is necessary in order for us to be able to deliver our services, your personal data may also be shared with the following:
- External advisors engaged by All in to perform marketing research and other analyses;
- IT consultants and developers engaged by All In to oversee the running and the security of our IT systems;
All transfers of data to outside the EU/EEA are made in compliance with applicable data regulation regulations and with the purposes listed above. If data is transferred outside EU/EEA we will ensure that the party receiving the data has satisfactory levels of protection of personal data. If data is transferred to a party in the US, we control that they have joined Privacy Shield.
All In will not sell your data to any third party. Selling your personal data would require us getting your explicit consent.
7. HOW DO WE PROTECT YOUR PERSONAL DATA?
All In employs appropriate technical and organisational security measures to protect your personal data that we process from loss, misuse or any unauthorised access by persons. [The processing and transfer of personal data between your mobile phone and our server is stored and protected by Google Services.
If you make a donation using the payment services available in the Application, all data will be transferred via a secure connection. All payments are done through Getswish AB or Stripe, Inc and are protected by them.
8. HOW LONG WILL WE KEEP PERSONAL DATA?
All In only saves your personal data for as long as it is necessary given the purpose of the processing. If you have a user account in the Application, we will save your personal data as long as you have an active account.
Personal data which is no longer necessary for the purposes of the processing will be deleted or anonymized (i.e. the information is no longer attributable to a person).
9. WHAT ARE YOUR RIGHTS?
You may have rights concerning how we process your personal data. In this section we will describe your rights and what you can do to control which personal data we process, to what extent we process it and how you can withdraw consent to processing.
If you have a user account, you have the right to delete your account at any time. In the event that you delete your account, all personal data will be anonymised. All In may be required to save some personal data to comply with its legal obligations. If that is the case, All in will be unable to erase the data from the database.
If you do not have a user account with All In or need help, please contact us by sending an email to email@example.com.
9.1. WITHDRAWAL OF CONSENT
Some processing of your personal may be based on your consent. You have the right to withdraw your consent at any point in time by contacting us directly. If you withdraw your consent, we will stop the processing of personal data that is based on the withdrawn consent. Please note that you can only withdraw your consent to any future processing of information, and not in relation to any processing that has already been done. Should you withdraw your consent, it could, for example, result in a less tailored experience of our services and that you may be unable to use our services fully.
You have the right to decline receiving any marketing material from us. If you do not wish to receive any marketing notices or other material, you can unregister by clicking on the link available in such material or contact us by sending an email to firstname.lastname@example.org. If you wish to change what kind of marketing material you want to receive, do so by contacting us.
9.2. THE RIGHT TO KNOW WHAT PERSONAL DATA WE PROCESS
If you would like to know more about the personal data about you that we process, you have the right to request to read the data. Should you want access the personal data that we process, you will request a copy of your personal data from our register by sending us a written notice by mail. In order for us to ensure that the transfer of data is secure, the written request must (i) be signed by you, (ii) contain a verified copy of a valid ID (e.g. a passport), (iii) contain your user account details or the email address used in your communication with us.
We do not disclose any data unless we are able to verify the identity of the person requesting it.
9.3. THE RIGHT TO CORRECTION AND DELETION
If your personal data that we process is inaccurate, incomplete, or irrelevant, you have the right to request that we correct, complete or delete the data. You may make adjustments under “Profile” in the Application, or notify us and we will all necessary adjustments as soon as possible.
9.4. THE RIGHT TO BE FORGOTTEN
You have the right to request that we delete your personal data without undue delay if (i) the personal data is no longer needed for the purpose, (ii) if you withdraw your consent and there is no other legal basis for the processing, (iii) if you object to the processing and there is no legitimate interest that overweigh your rights, or (iv) erasing is required under applicable law.
The right to erasing is, however, does not apply if the processing of personal data is necessary in order to (i) exercise the right of expression and information, (ii) to fulfil a legal obligation or a task of public interest, or (iii) determine, make applicable, establish, exercise or defend legal claims. Please note that deletion may result in All In not being able to perform our services and that your user account may be terminated.
9.5. RIGHT TO RESTRICTION
You have the right to request that the processing of your personal data is restricted or terminated. Restricting the use of your personal data entails that the data is marked for restricted processing in the future. Please note that this may result in All In not being able to provide its services to you.
9.6. RIGHT TO COMPLAIN
If you feel that we process your personal data in an incorrect manner, you are welcome to contact us. You also have the possibility to submit a grievance to the Swedish Data Protection Authority.
9.7. RIGHT TO OBJECT
At any point in time you have the right to raise an objection against any processing of personal data that is based on a legitimate interest in accordance with Section 5.3.
If All In cannot demonstrate that the legitimate interest on which the processing is based overweigh your interests, rights and freedoms or that the processing is done for the establishment, exercise or defense of legal claims, All In will stop the processing of your personal data.
9.8. THE RIGHT TO DATA PORTABILITY
You have the right to request to receive the personal data about you that we process in a machine-readable format and to transfer it to another data protection officer.
All In may update or make changes to this policy from time to time. We will communicate any material changes to you and the latest version of the policy will always be available in the Application.
11. HOW YOU CAN CONTACT US
All In Foundation
Birger Jarlsgatan 57c, Box 33
113 56 Stockholm, Sweden