Privacy Policy
This privacy policy (the "Privacy Policy") describes how Soulful by Amaly ("Amaly", "we," "our," or "us") obtains, uses and shares personal information and other information in connection with the operation of the site available at www.amalylegacy.com and related services, including online surveys, fundraising widgets, and will creation services (collectively, "Site").
Data Controller Information
Controller Name: Amaly
Email: info@amalylegacy.com
Email To Pass Enquiries to Our Data Protection Officer: strategic-affairs@amalylegacy.com
Personal Information We Collect
1. Will Creation Information
-
Full name (first, middle, last)
-
Date of birth
-
Post code, address, city and country
-
Email address
-
Phone number including WhatsApp number
-
Gender
-
Identification number (national ID/passport) for tax receipts
-
Marital status and information regarding family members and pets
-
Names and addresses of elected guardian(s), children, spouse, beneficiary(s), agents, trustees and/or executor(s)
-
Estimated estate value and asset information (including property descriptions/addresses)
-
Charitable donations (specific amounts or estate percentages)
-
Impact metrics across multiple categories per donation/transaction
-
Names and addresses of physicians, preferred hospitals, and place of burial
-
Favorite pastimes, charitable cause preferences, religious beliefs
-
End of life care and funeral preferences
2. Fundraising Widget Information
-
Donor/Buyer name
-
Email address
-
Address/location
-
Phone number (including WhatsApp number)
-
Preferred cause(s)
-
Payment information
-
Donation/transaction amount and currency
-
Tax receipt information including national ID or passport number
-
Impact metrics as designed by respective charities
3. Account Information
-
Email address
-
User password
4. Survey Information
We collect data through voluntary online surveys to assist with will creation of draft wills and charitable giving preferences.
Legal Basis for Processing
We process your personal data based on:
-
Consent: For marketing communications and cookies
-
Agreement: Service provision, donation processing, and will creation
-
Legal Obligation: Tax receipts and compliance
-
Legitimate Interests: Security, fraud prevention, service improvement
Use of Personal Information
We use personal information for:
-
Creating draft wills
-
Processing donations and generating tax receipts
-
Accepting legacy gifts
-
Providing requested services
-
Sending transactional communications
-
Marketing and advertising (with consent)
-
Analytics and service improvement
-
Fraud prevention and security
-
Charitable impact measurement
-
Legal compliance
Data Retention
-
Fundraising widget data: Retained until the charity or donor/buyer requests deletion
-
Will creation survey data: Retained until the charity or donor/testator requests deletion
-
Account information: Until account deletion is requested
-
Marketing preferences: Until consent withdrawal
We will comply with all data deletion requests in accordance with GDPR requirements, unless we are required to retain certain information for legal or compliance purposes.
Your Rights Under GDPR
Under GDPR, you have the following specific rights:
-
Right to Access: You can request a copy of all personal data we hold about you
-
Right to Rectification: You can request correction of inaccurate personal data
-
Right to Erasure: You can request deletion of your personal data ("right to be forgotten")
-
Right to Restrict Processing: You can limit how we use your personal data
-
Right to Data Portability: You can request your data in a structured, commonly used format
-
Right to Object: You can object to processing based on legitimate interests
-
Rights Related to Automated Decision-Making: You can request human intervention in automated decisions
-
Right to Withdraw Consent: You can withdraw previously given consent
To exercise these rights, contact our Data Protection Officer at didd.tuni@gmail.com. We will respond to all requests within 30 days.
International Data Transfers
We may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards through:
-
Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses
-
Adequacy Decisions: We transfer to countries with EU adequacy decisions
-
Additional Safeguards: We implement extra technical and organizational measures including:
-
End-to-end encryption
-
Access controls
-
Data minimization
-
Regular security assessments
-
Data Security
We implement comprehensive security measures including:
-
Technical Measures:
-
End-to-end encryption for data in transit and at rest
-
Multi-factor authentication
-
Regular security updates and patches
-
Secure backup systems
-
Firewall protection
-
-
Organizational Measures:
-
Regular staff training on data protection
-
Access control policies
-
Security incident response procedures
-
Regular security audits
-
Data protection impact assessments
-
Cookies and Tracking
We use the following types of cookies:
-
Essential Cookies:
-
Purpose: Website functionality
-
Duration: Session-based
-
Legal Basis: Legitimate interest
-
-
Marketing Cookies:
-
Purpose: Targeted advertising
-
Duration: Session-based
-
Legal Basis: Consent
-
You can manage cookie preferences through your browser settings at any time.
Children's Privacy
Our services are not intended for users under 21 years of age. We do not knowingly collect personal data from individuals under 21. If we learn that we have collected personal data from someone under 21, we will delete such information unless a parent or guardian provides explicit consent.
If you believe we have inadvertently collected data from someone under 21, please contact our Data Protection Officer immediately.
Changes to Privacy Policy
-
We reserve the right to update this Privacy Policy at any time
-
Material changes will be communicated through:
-
Email notification to registered users
-
Prominent notice on our website
-
Update to the "Last Updated" date
-
-
Continued use of our services after changes constitutes acceptance of the updated policy
-
Previous versions will be archived and available upon request
Contact Information
For privacy-related matters:
-
Email To Pass Enquiries to Our Data Protection Officer: strategic-affairs@amalylegacy.com
General Inquiries:
-
Email: info@amalylegacy.com
Response Time:
-
General queries: Within 2 business days
-
Data subject rights requests: Within 30 days
-
Data breach notifications: Within 72 hours
Data Breach Notification
In the event of a personal data breach, we will:
-
Initial Response (Within 72 hours):
-
Notify affected individuals
-
Inform relevant supervisory authorities
-
Provide description of the breach
-
-
Communication Will Include:
-
Nature of the breach
-
Categories of data affected
-
Approximate number of individuals affected
-
Likely consequences
-
Measures taken or proposed
-
Contact point for more information
-
-
Follow-up Actions:
-
Investigation results
-
Additional security measures implemented
-
Updates on mitigation efforts
-
Automated Decision Making
-
We use automated processing for:
-
Donation processing
-
Tax receipt generation
-
Will template selection
-
Fraud detection
-
-
Your Rights:
-
Request human intervention
-
Express your point of view
-
Contest the decision
-
Obtain an explanation of the decision
-
-
Safeguards:
-
Regular testing of automated systems
-
Human oversight of significant decisions
-
Clear processes for contesting decisions
-
Last Updated: October 1, 2024