top of page

Privacy Policy

This privacy policy (the "Privacy Policy") describes how Soulful by Amaly ("Amaly", "we," "our," or "us") obtains, uses and shares personal information and other information in connection with the operation of the site available at www.amalylegacy.com and related services, including online surveys, fundraising widgets, and will creation services (collectively, "Site").


Data Controller Information

Controller Name: Amaly
Email: info@amalylegacy.com

Email To Pass Enquiries to Our Data Protection Officer: strategic-affairs@amalylegacy.com


Personal Information We Collect


1. Will Creation Information

  • Full name (first, middle, last)

  • Date of birth

  • Post code, address, city and country

  • Email address

  • Phone number including WhatsApp number

  • Gender

  • Identification number (national ID/passport) for tax receipts

  • Marital status and information regarding family members and pets

  • Names and addresses of elected guardian(s), children, spouse, beneficiary(s), agents, trustees and/or executor(s)

  • Estimated estate value and asset information (including property descriptions/addresses)

  • Charitable donations (specific amounts or estate percentages)

  • Impact metrics across multiple categories per donation/transaction

  • Names and addresses of physicians, preferred hospitals, and place of burial

  • Favorite pastimes, charitable cause preferences, religious beliefs

  • End of life care and funeral preferences


2. Fundraising Widget Information

  • Donor/Buyer name

  • Email address

  • Address/location

  • Phone number (including WhatsApp number)

  • Preferred cause(s)

  • Payment information

  • Donation/transaction amount and currency

  • Tax receipt information including national ID or passport number

  • Impact metrics as designed by respective charities


3. Account Information

  • Email address

  • User password


4. Survey Information

We collect data through voluntary online surveys to assist with will creation of draft wills and charitable giving preferences.


Legal Basis for Processing

We process your personal data based on:

  1. Consent: For marketing communications and cookies

  2. Agreement: Service provision, donation processing, and will creation

  3. Legal Obligation: Tax receipts and compliance

  4. Legitimate Interests: Security, fraud prevention, service improvement


Use of Personal Information

We use personal information for:

  • Creating draft wills

  • Processing donations and generating tax receipts

  • Accepting legacy gifts

  • Providing requested services

  • Sending transactional communications

  • Marketing and advertising (with consent)

  • Analytics and service improvement

  • Fraud prevention and security

  • Charitable impact measurement

  • Legal compliance


Data Retention

  • Fundraising widget data: Retained until the charity or donor/buyer requests deletion

  • Will creation survey data: Retained until the charity or donor/testator requests deletion

  • Account information: Until account deletion is requested

  • Marketing preferences: Until consent withdrawal

We will comply with all data deletion requests in accordance with GDPR requirements, unless we are required to retain certain information for legal or compliance purposes.


Your Rights Under GDPR

Under GDPR, you have the following specific rights:

  1. Right to Access: You can request a copy of all personal data we hold about you

  2. Right to Rectification: You can request correction of inaccurate personal data

  3. Right to Erasure: You can request deletion of your personal data ("right to be forgotten")

  4. Right to Restrict Processing: You can limit how we use your personal data

  5. Right to Data Portability: You can request your data in a structured, commonly used format

  6. Right to Object: You can object to processing based on legitimate interests

  7. Rights Related to Automated Decision-Making: You can request human intervention in automated decisions

  8. Right to Withdraw Consent: You can withdraw previously given consent

To exercise these rights, contact our Data Protection Officer at didd.tuni@gmail.com. We will respond to all requests within 30 days.


International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards through:

  1. Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses

  2. Adequacy Decisions: We transfer to countries with EU adequacy decisions

  3. Additional Safeguards: We implement extra technical and organizational measures including:

    • End-to-end encryption

    • Access controls

    • Data minimization

    • Regular security assessments


Data Security

We implement comprehensive security measures including:

  1. Technical Measures:

    • End-to-end encryption for data in transit and at rest

    • Multi-factor authentication

    • Regular security updates and patches

    • Secure backup systems

    • Firewall protection

  2. Organizational Measures:

    • Regular staff training on data protection

    • Access control policies

    • Security incident response procedures

    • Regular security audits

    • Data protection impact assessments


Cookies and Tracking

We use the following types of cookies:

  1. Essential Cookies:

    • Purpose: Website functionality

    • Duration: Session-based

    • Legal Basis: Legitimate interest

  2. Marketing Cookies:

    • Purpose: Targeted advertising

    • Duration: Session-based

    • Legal Basis: Consent


You can manage cookie preferences through your browser settings at any time.


Children's Privacy

Our services are not intended for users under 21 years of age. We do not knowingly collect personal data from individuals under 21. If we learn that we have collected personal data from someone under 21, we will delete such information unless a parent or guardian provides explicit consent.

If you believe we have inadvertently collected data from someone under 21, please contact our Data Protection Officer immediately.


Changes to Privacy Policy

  1. We reserve the right to update this Privacy Policy at any time

  2. Material changes will be communicated through:

    • Email notification to registered users

    • Prominent notice on our website

    • Update to the "Last Updated" date

  3. Continued use of our services after changes constitutes acceptance of the updated policy

  4. Previous versions will be archived and available upon request


Contact Information

For privacy-related matters:

General Inquiries:

Response Time:

  • General queries: Within 2 business days

  • Data subject rights requests: Within 30 days

  • Data breach notifications: Within 72 hours


Data Breach Notification

In the event of a personal data breach, we will:

  1. Initial Response (Within 72 hours):

    • Notify affected individuals

    • Inform relevant supervisory authorities

    • Provide description of the breach

  2. Communication Will Include:

    • Nature of the breach

    • Categories of data affected

    • Approximate number of individuals affected

    • Likely consequences

    • Measures taken or proposed

    • Contact point for more information

  3. Follow-up Actions:

    • Investigation results

    • Additional security measures implemented

    • Updates on mitigation efforts


Automated Decision Making

  1. We use automated processing for:

    • Donation processing

    • Tax receipt generation

    • Will template selection

    • Fraud detection

  2. Your Rights:

    • Request human intervention

    • Express your point of view

    • Contest the decision

    • Obtain an explanation of the decision

  3. Safeguards:

    • Regular testing of automated systems

    • Human oversight of significant decisions

    • Clear processes for contesting decisions


Last Updated: October 1, 2024

bottom of page