Privacy Policy

Last Updated: 02/20/2024

Table of Content

Privacy Policy

Effective Date: February 20, 2024

Andela Inc., its subsidiaries and affiliates (“Andela”, “we”, “our”, and/or “us”) are committed to upholding the privacy rights of individuals (“you”, “Users”). Andela provides this Privacy Policy (“Privacy Policy”) to let you know our policies and procedures regarding the collection, use and disclosure Personal Information from Users of our website https://www.andela.com (the “Site”), and any other related websites, features, applications, widgets or online services that are owned or controlled by Andela and that post a link to or incorporate the terms of this Privacy Policy (together with the Site, the “Services”), as well as any information Andela collects offline in connection with the Services and through other means such as our events, sales and marketing activities. If you are a California resident, our California Resident Privacy Notice provides more information about your California privacy rights and explains how you can exercise those rights.

This Privacy Policy applies to the activities for which Andela is a “data controller” which means that Andela decides why and how Personal Information is processed. This Privacy Policy also explains the collection, use, purpose, and sharing of Personally Identifiable Information related to Andela’s providing of services to Andela Clients. When we process Personal Information on behalf of Andela Clients, Andela Clients determine “why” and “how” the Personal Information is processed. To learn more about the processing of your Personal Information in this context, please refer to their respective privacy policies.

Andela does not require you to register or provide Personal Information to visit our Site. By accessing our Site or using our Services, you agree to this Privacy Policy in addition to any other agreements we might have with you.

Definitions

Andela Client” means any customer that has entered into an agreement with Andela to use Andela’s Services.

Andela Talent” means any authorized member of the Andela Talent Network who has agreed to the TalentNetwork Terms & Conditions.

PII”, “Personally Identifiable Information”, and/or “Personal Information” means any information which may identify anindividual, directly or indirectly or, if you are located in the EuropeanEconomic Area (“EEA”) or UnitedKingdom (“UK”) any informationrelating to an identified or identifiable individual. Examples of PII include,but are not limited to, first and last name, home address, billing address orother physical address, email address, telephone number, etc. PII does not includeinformation which is anonymized, and other information which is excluded fromthe scope of applicable privacy and data protection laws.

QUICK LINKS:

We recommend that you read this Privacy Policy to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.

1.    PERSONAL INFORMATION WE COLLECT

2.    HOW WE USE THE PERSONAL INFORMATION WE COLLECT

3.    HOW WE SHARE THE PERSONAL INFORMATION WE COLLECT

4.    INTERNATIONAL DATA TRANSFERS

5.    YOUR CHOICES & RIGHTS

6.    SECURITY

7.    LINKS TO EXTERNAL SITES

8.    RETENTION

9.    CHILDREN’S PRIVACY

10.  CONTACT US

11.  CHANGES TO OUR PRIVACY POLICY

1.         PERSONAL INFORMATION WE COLLECT

We may collect a variety of Personal Information from or about you or your devices from various sources, as described below.

A. Personal Information You Voluntarily Provide to Andela

Registration and Profile Information. You may choose to sign up for an accounton our Services, including to join the Andela Talent Network. Upon your signupto the Andela Talent Network, we may ask you for your name, email address,phone number, country location, English proficiency, primary skill, years ofworking experience, years of experience with primary skill, informationincluded in your resume, and name of a person who referred you.

Communications. If you contact us directly, we may receive additional PersonalInformation about you. For example, if you contact us for technical support, wemay receive your name, email address, phone number, the contents of yourmessage, attachments that you may send to us, and other Personal Informationyou choose to provide. If you subscribe to our newsletter, we will collectPersonal Information such as your email address. When we send you emails, wemay track whether you open them to learn how to deliver a better experience andimprove our Services.

Hire Talent Through Andela. You may choose to use our Services to access pre-vetted talent if youare interested in hiring through Andela. Upon submitting your request form, wemay ask you for your name, company name, job title, work email, company URL,phone number, employee range, your current role and country.

Additional Services. If you make use of our Site to register for certain services, includingto download e-books, attend virtual events or webinars, or submit a testimonyto be published on our Services, we may ask you to provide your name, companyname, job title, (work) email address, phone number, employee range, primaryskill, years of experience in framework and country.

Andela Learning Community. If you choose to submit your interest in joining the Andela LearningCommunity, we may ask you for your name, email address, country, senioritylevel, most proficient framework, professional years of experience inframework, top 5 tech skills, top 5 tech tools, and resume.

Become a Partner. If you are interested in becoming our Partner, we may ask to submityour name, company name, work email address, phone number, and your currentrole.

Careers. If you decide that you wish to apply for a job with Andela, we mayask you to submit your name, email address, phone number, location (city), yourresume, cover letter, the name of the Andela employee who referred you, thenumber of years of experience relevant for the job profile, desiredcompensation range, the information on how you learned about the job offer, andother relevant information. We will collect the information you choose toprovide on your resume and in your cover letter, such as your education andemployment experience. You may choose to voluntarily provide information onyour gender, race/ethnicity, veteran status, and disability status. If youapply for a job with us through a third-party platform (such as LinkedIn), wewill collect the Personal Information you make available to us through suchthird-party platform.

If you do not provide your Personal Information when requested, you maynot be able to use our Services if that Personal Information is necessary toprovide our Services or if we are legally required to collect it. For example,while Users visiting our Site do not have a statutory obligation to provide uswith any Personal Information, Andela Talent may have a contractual obligation(pursuant to the Talent Network Terms & Conditions) to do so. Whererequired by applicable law, we indicate whether and why you must provide uswith your Personal Information, as well as the consequences of failing to doso. If you have any questions regarding whether the provision of PersonalInformation is mandatory and the consequences for withholding such information,please contact our Privacy Officer using the contact information provided insection “Contact Us” below.

B. Personal Information We Collect When You Use Our Services

Like other companies with online services, we receive technical information when you use our Site or access certain Services. We use these technologies to analyze how people use the Site Services and to improve how ourSite and Services function.

Location Information. When you use our Services, we may approximate your geographic regionand Internet Service Provider based on your internet protocol (IP) address.

Device Information. We receive information about the device and software you use toaccess our Services, including IP address, web browser type, and operatingsystem version.

Usage Information. To help us understand how you use our Services and to help us improvethem, we automatically receive information about your interactions with ourServices, like log files, performance logs, diagnostic reports, the pages orother content you view, mouse movements, the searches you conduct, yourcomments, any content you post, and the dates and times, and duration of yourvisits.

Talent Information.

Talent Assessment - Andela runs a rigorousTalent assessment and vetting process. During the assessment and vettingprocess you may be asked to permit Andela to verify information about you viaimage and/or video, and this verification will be recorded for internal reviewpurposes only. All images and videos sourced during the vetting process will bestored in accordance with Andela’s Data Security and Protection Policy. Youreserve the right to refuse to be recorded and/or have your image captured. Inthe event you choose not to have your image captured and/or recorded, Andelareserves the right to discontinue the vetting process.

Talent Profiles – Andela creates profiles for all Talents. Your profile will include your image, location, and a summary of your technical experience. Your profile is fully visible to Andela’s Talent management teams and Clients. It can also be visible to others who access your Talent profile link to engage Talents.

Information from Cookies and Similar Technologies. We and third-party partnerscollect information using cookies, pixel tags, or similar technologies(collectively “Cookies”). Our third-party partners, such as analyticsand advertising partners, may use these technologies to collect informationabout your online activities over time and across different services. Cookiesare small files of letters and numbers that we store on your browser or thehard drive of your computer. We may use both session Cookies and persistentCookies. A session Cookie disappears after you close your browser. A persistentCookie remains after you close your browser and may be used by your browser onsubsequent visits to our Services. For more information, including disclosuresrelated to the active cookies on our Site, please see our Cookie Notice.

C. Personal Information We Receive from Third Parties.

Social Sign-In. We may collect Personal Information about you when you log in to ourServices via third-party services (such as Google). This information may include your social media user id, email address, full names and profile picture.

Third-Party Services. You may also post photos, comments, or reviews on our pages available through third-party platforms, including Facebook, LinkedIn, Twitter, andInstagram. If you do so, we and other users on those third-party platforms maybe able to view the Personal Information you make available through these third-party platforms.

Professional social media link/identifier. If you include a professional social media link/identifier or your personal website in your job application with us, we may retrieve information about your professional social media / online presence from such sites.

Partners. We may receive additional Personal Information about you from third parties (such as partners that provide publicly available demographic information about you), affiliate partners, or marketing partners and combine it with other Personal Information we have about you.

Andela Clients. We also may receive PII from Andela Clients to perform services forthem. Any PII used for such purposes will be limited to access by only those who require it given their job function at Andela, and except as otherwise provided herein, we only share the PII back with our respective Clients. Andela does not retain, use, or disclose any Personal Information collected on behalfof our Clients for any purpose (including any commercial purpose) other than the specific purpose of performing the services as specified in the applicableMaster Services Agreement with the Client.

2.         HOW WE USE THE PERSONAL INFORMATION WE COLLECT

We use the Personal Information we collect:

  • To provide, maintain, improve, and enhance our Services.
  • To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer service and support.
  • For marketing purposes, such as developing and providing promotional and advertising materials that may be useful, relevant, valuable, or otherwise of interest to you, to market events, promotions, competitions, webinars, reports, our services, news, or relevant industry updates.
  • To personalize your experience on our Services such as presenting tailored content.
  • To conduct research to understand and analyze how you use ourServices and develop new products, services, and features.
  • To process job applications.
  • To process your submissions, including to become our talent, client or partner, join the Andela Learning Community, to download e-books, or attend webinars or events.
  • To find and prevent fraud and respond to trust and safety issues that may arise.
  • For compliance purposes, including enforcing our legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
  • To enforce and comply with the law, including to conduct an investigation, to protect the property and rights of Andela or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, fraudulent, unethical or legally actionable activity.
  • For other purposes for which we provide specific notice at the time the Personal Information is collected.

Legal Bases for Processing European Personal Information

If you are located in the EuropeanEconomic Area or the United Kingdom, we only process your Personal Information when we have a valid “legal basis,” including as set forth below.

• Consent. You have consented to the use of your Personal Information. For example, we may process your Personal Information to send you marketing communications or to use Cookies where you have consented to such use.

• Contractual Necessity. We need your PersonalInformation to provide you with our Services. For example, we may need to process your Personal Information to respond to your inquiries or requests.

• Compliance with a Legal Obligation. We have a legal obligation to use your Personal Information. For example, we may process yourPersonal Information to comply with tax and accounting obligations.

Legitimate Interests. We or a third party have a legitimate interest in using your Personal Information. Specifically, we have a legitimate interest in using your Personal Information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

3.         HOW WE SHARE THE PERSONAL INFORMATION WE COLLECT

Affiliates. We may share your Personal Information with our affiliates for any of the purposes described in this Privacy Policy.

Vendors, Affiliate Partners and Service Providers. We may share any Personal Information we receive with vendors, affiliate partners and service providers retained in connection with the provision of our Services. Andela actively engages third-party resources, applications, and websites. These services provided by third parties are established to enhance user experience, provide ease of navigation through Andela’s sites, and to promote access to information. Andela may provide PII of Users to only those of its personnel and third-party vendors that (1) need to know such information to process it on Andela’s behalf or to provide services as described above, and (2) have agreed in writing not to disclose it to any other parties without Andela’s consent.Some of those employees, contractors, vendors, affiliate partners and affiliated organizations may be located outside of your home country; by using the Site and/or Services, you consent to the transfer of information to such individuals and organizations to accomplish these purposes.

Marketing. Andela does not buy or sell PII for its business practices or for commercial purposes unless we have your permission. From time to time, Andela may engage in joint marketing events with select business partners. If you register for a joint webinar or specifically express an interest in a jointly offered product, promotion or service, we may share relevant PII with those partner(s). Where you have given your consent to do so, these business partners may send you marketing communications about their own products and services.

Sweepstakes, Contests, andPromotions: We may offer sweepstakes, contests, and other promotions (any, a “Promotion”) that may require registration. By participating in a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of thePromotion to use your name, voice, likeness, or other indicia of persona in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, your Personal Information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winner’s list.

Social Networks and OtherOnline Services. Please note that Andela does not control, moderate, or endorse any comments or opinions provided by visitors on third-party websites. The use and creation of official Andela accounts may cause PII to become available or accessible to Andela. Such information may become available to Andela when a user provides, submits, communicates, links, posts, or associates information with designated Andela accounts on social media (e.g., by using “hashtags”, “liking”, “friending”, “tweeting”, commenting on any content or media on our designated accounts). At times, Andela, through its personnel, employees, officers, directors, agents, and assignees, may respond publicly to content or media made available though “share,” “retweet,”“friend,” “follow,” or similar activities, or respond publicly on content made on designated and official Andela accounts. Andela may disseminate any of such information or PII to law enforcement officials, as required by law or court order.

Analytics Partners. We use analytics services such as Google Analytics, Fullstory, Hubspot Analytics, Pendo, Segment Analytics, Marketo and Mouseflow to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/.To help us understand how you use our Services and to help us improve them, we automatically receive Personal Information about your interactions with ourServices, like the pages or other content you view, the searches you conduct, purchases you make, your comments, any content you post, and the dates and times of your visits.

Advertising Partners. We work with third-party advertising partners such as Adwords to show you ads that we think may interest you. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt-out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt-out of personalized ads in mobile apps.

As Required by Law and Similar Disclosures. We may access, preserve, and disclose your Personal Information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety. This includes exchanging information with other companies and organizations, including law enforcement agencies, for the purposes of fraud protection and to prevent cyber or other suspected or alleged crime. For the avoidance of doubt, the disclosure of yourPersonal Information may occur if you post any objectionable content on or through the Services.

Merger, Sale, or Other Asset Transfers. We may disclose your Personal Information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our assets.

With Your Consent. We may also disclose your Personal Information with your permission.

4.         INTERNATIONAL DATA TRANSFERS

We may transfer your Personal Information to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country. If you are located in the EEA, we will comply with applicable EEA data protection law when transferring your PersonalInformation outside of the EEA. We may transfer your Personal Information to countries that have been found to provide adequate protection by the EUCommission, use contractual protections for the transfer of PersonalInformation, transfer to recipients who have adopted Binding Corporate Rules, or rely on an appropriate legal derogation.        

For more information about how we transfer outside of the EEA and the UK, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us using the contact details as indicated in the“Contact Us” section below.

5.         YOUR CHOICES & RIGHTS

Marketing Communications. You have the right to object if we are processing your PII for direct marketing purposes. You can unsubscribe from Andela’s own marketing emails at any time by clicking the “unsubscribe” link they contain or by accessing theEmail Preferences Center. Depending on which jurisdiction you are in, we may be required to give you an option to “opt-in” and we will always provide you with an option to “opt-out” with each marketing communication. Even if you opt-out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Individuals also can choose whether their PII is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

In accordance with applicable law, you may have the right to:

• Access Personal Information. You may request confirmation of whether we are processing your Personal Information and obtain a copy of the categories of Personal Information we may have collected on your behalf.

• Request Correction. You may request correction of your Personal Information where it is inaccurate, incomplete, or outdated.For Andela Talent, you may update your Personal Information within your Andela accounts by logging in and updating your profile.

• Request Deletion (“Opt Out”) or Withdraw Consent. You may request to remove your PII from our records. Note that if your Personal Information is deleted, you may no longer access or be able to use certain Services, and any account you have with us may become deactivated.

If you wish to access, correct, amend, or delete PII you have provided directly to us, please contact our Privacy Officer at privacy@andela.com. For deletion/opt-out requests, please include the subject line “OPT OUT”. We will respond to requests within thirty (30)days. If we require more time, we will inform you of the reason and extension period for a response in writing.

If you wish to access, correct, amend, or delete PII you have provided to our Clients, please contact those Andela Clients directly. Alternatively, you may contact our Privacy Officer at privacy@andela.com and we will pass your request along to the applicable Andela Client.

When any Client requests Andela to remove any Client data that Andela may have on its systems, Andela will respond as soon as practicably as possible, and no more than forty-five (45) days after such receipt from our Client. If you wish to no longer have your PII used or disclosed by ourClients, or by us in connection with our work for our Clients, please contact the Client that you interact with directly. Alternatively, you may contact ourPrivacy Officer at privacy@andela.com and we will pass your request along to our Clients.

How to Block Cookies. You can block Cookies by setting your internet browser to block some or all Cookies. You can withdraw your consent at any time by deleting placedCookies and disabling Cookies in your browser, or as explained below. You can change your browser settings to block or notify you when you receive a Cookie, delete Cookies, or browse our Services using your browser’s anonymous usage setting. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings. If you do not agree to our use of Cookies or similar technologies which store information on your device, you should change your browser settings accordingly. If you use your browser settings to block all Cookies (including essential Cookies) you may not be able to access all or parts of our Services, and some features of our Website may not function properly.

California Privacy Rights. If you are a California resident, you can review our California Resident Privacy Notice for information about your privacy rights and choices under California law.

Your European Privacy Rights. If you are located in the EEA or the United Kingdom, you have the rights described below:

• When we process your Personal Information based on your consent, you have the right to withdraw your consent at any time and free of charge. We will apply your choice going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

• You may request access to and information about the Personal Information we maintain about you, update, and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have your Personal Information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Information to another company. Please note that there are exceptions and limitations to each of these rights.

• If you would like to exercise these rights, please contact us as specified in the “Contact Us” section below.Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Applicable law may allow or require us to refuse your request to exercise a right with respect to your PersonalInformation, or we may have destroyed, erased, or made your PersonalInformation anonymous in accordance with our record retention obligations and practices. If we refuse your request to exercise a right, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

• You also have the right to lodge a complaint with the data protection authority of your habitual residence, your place of work or the place of an alleged infringement. Our Services may contain links to websites created and maintained by other public or private organizations that we do not own or operate. We provide these links as a service to our Users. Please note that when you follow a link to an external site, you will be leaving Andela’s Services and are subject to the privacy and security policies of the site to which you are visiting. Andela is not responsible for the security and privacy practices of these third parties or the content of such external sites.

6.         SECURITY

Andela uses reasonable efforts to protect the security, confidentiality, and integrity of information or data collected by us.

However, as no website, service, mobile application, database, or system is completely secure or “hacker proof,” we can make no guarantees as to the security or privacy of your Personal Information. You are responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or misuse.

7.         LINKS TO EXTERNAL SITES

Our Services may contain links to websites created and maintained by other public or private organizations that we do not own or operate. We provide these links as a service to our Users. Please note that when you follow a link to an external site, you will be leaving Andela’s Services and are subject to the privacy and security policies of the site to which you are visiting. Andela is not responsible for the security and privacy practices of these third parties or the content of such external sites.

8.         RETENTION

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when your Personal Information is no longer necessary for the purposes for which we process it unless we are required by law to keep your Personal Information for a longer period. When determining the specific retention period, we consider various factors, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations.

9.         LEGAL DISCLOSURES

Andela may be required to share Personal Information where this is required by law. It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you;(3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of our Services (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Andela and/or Andela’s Clients, directors, personnel or others.

10.         CHILDREN’S PRIVACY

We do not knowingly collect, maintain, or use Personal Information from children under 16 years of age (“Minors”), and no parts of our Services are directed at children.  If you learn that a Minor has provided us with Personal Information in violation of this Privacy Policy, please alert us at privacy@andela.com.

11.      CONTACT US

Andela is the controller or entity responsible for the processing ofyour Personal Information pursuant to this Privacy Policy. We welcome feedbackfrom all our Users and if you have any question regarding this Privacy Policyor the use of your Personal Information, please contact us. You can email ourprivacy officer at privacy@andela.com or you can send mail to us at:

Andela Inc.

Attn: Privacy Officer

580 Fifth Avenue, Suite 820

New York, NY 10036

United States

If you are located in the EEA, you can email our EU representative at andela@dpr.eu.com or you can send mail to us at:

Data Protection Representative Limited (DataRep)

12 Northbrook Road

Dublin, Ireland

email - andela@datarep.com

web form - www.datarep.com/andela

11.      CHANGES TO OUR PRIVACY POLICY

Andela may amend this Privacy Policy at any time by posting a new version to our Site. It isyour responsibility to review this Privacy Policy periodically as your continued use of the Site and the Services represents your agreement with the then-current Privacy Policy.

1
Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Andela Agreement (including any associated Order Form, Statement of Work, or Master Service Agreement entered into therewith) by and between Client and Andela (the “Agreement”). All capitalized terms not defined in this DPA will have the meanings set forth in the Agreement.

1. Definitions

  1. Controller,Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, and “Supervisory Authority” will have the meanings given to them in the GDPR.
  2. Data Protection Laws” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”), and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), their national implementations in the European Economic Area (“EEA”), and all other data protection laws of the EEA including laws of the European Union (“EU”), the United Kingdom (“UK”) and Switzerland, each as applicable, and as may be amended or replaced from time to time.
  3. Data Subject Rights” means all rights granted to Data Subjects by Data Protection Laws, including the right to information, access, rectification, erasure, restriction, portability, objection, the right to withdraw consent, and the right not to be subject to automated individual decision-making.
  4. “International Data Transfer” means any transfer of Client Personal Data from the EEA, UK or Switzerland to an international organization or to a country outside of the EEA, UK, or Switzerland, and includes any onward disclosure of Client Personal Data to another recipient within that country, as well as any onward transfer of Client Personal Data from the international organization or the country outside of the EEA, UK, or Switzerland to another country outside of the EEA, UK, or Switzerland.
  5. Client Personal Data” means any Personal Data that is subject to Data Protection Laws, for which Client or Third-Party Controller is the Controller, and which is Processed by Andela to provide the Services to Client.
  6. Personnel” means any natural person acting under the authority of Andela.
  7. Sensitive Data” means any type of Personal Data that is designated as a sensitive or special category of Personal Data or otherwise subject to additional restrictions under Data Protection Laws.
  8. Standard Contractual Clauses” or “SCCs” mean the clauses annexed to the EU Commission Implementing Decision 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (OJ L 199, 7.6.2021, p. 31-61), as amended or replaced from time to time.
  9. Sub-processor” means a Processor engaged by another Processor to carry out Processing on behalf of a Controller.
  10. Third-Party Controller” means a Controller for which Client is a Processor.
  11. UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner under Section 119A of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022), available at https://ico.org.uk/media/for-organisations/documents/4019483/international-data-transfer-addendum.pdf.

2. Scope and Applicability

  1. The DPA applies to Processing of Client Personal Data by Andela to provide the Services.
  2. The subject matter, nature, and purpose of the Processing, the types of Client Personal Data and categories of Data Subjects are set out in Appendix I and the Agreement.
  3. Client is a Controller and appoints Andela as a Processor on behalf of Client. Client is responsible for compliance with the requirements of Data Protection Laws applicable to Controllers.
  4. To the extent Client is a Processor on behalf of a Third-Party Controller, Client engages Andela as a Sub-processor to Process Client Personal Data on behalf of that Third-Party Controller. When Client is acting on behalf of Third-Party Controller(s), then Client: (i) is the single point of contact for Andela; (ii) must obtain all necessary authorizations from such Third-Party Controller(s); (iii) undertakes to issue all instructions and exercise all rights on behalf of such Third-Party Controller(s); and (iv) is responsible for compliance with the requirements of Data Protection Laws applicable to Processors.
  5. Client acknowledges that Andela may Process Personal Data relating to the operation, support, or use of the Services for its own business purposes, such as billing, account management, data analysis, benchmarking, technical support, and product development. Andela is the Controller for such Processing and will Process such data in accordance with Data Protection Laws

3. Duration of this DPA

  1. This DPA is effective for as long as Andela Processes Client Personal Data on behalf of Client.

4. Collecting, Processing and Subprocessing of Client Personal Data

  1. Client Data Collection and Processing
  2. Client will comply with its obligations under the Data Protection Laws in respect of its collecting and processing of Client Personal Data and any processing instructions it issues to Andela. Client represents that it has all rights, consents, and authorizations necessary for Andela to process Client Personal Data pursuant to Data Protection Laws and the Agreement.
  3. Client authorizes Andela, in providing the Services, to Process Client Personal Data in accordance with applicable laws.
  4. Upon notice in writing to Client, Andela may terminate the Agreement if Andela has determined, or has reason to believe, that Client is not in compliance with Data Protection Laws as a Controller or Processor.
  5. Andela Data Processing
  6. Andela will comply with its obligations as a Processor under applicable Data Protection Laws and will process Client Personal Data to provide Services and in accordance with Client’s documented instructions. Client’s instructions are documented in this DPA and the Agreement. Client agrees that this DPA is its complete and final agreement with Andela in relation to the Processing or sub-processing of Client Personal Data.
  7. Andela will comply with documented instructions of Client related to Processing Client Personal Data. Unless prohibited by applicable law, Andela will inform Client if Andela is subject to a legal obligation that requires Andela to Process Client Personal Data in contravention of Client ’s documented instructions.
  8. Client may reasonably issue additional instructions as necessary to comply with Data Protection Laws. Andela may charge a reasonable fee to comply with any additional instructions.
  9. Upon notice in writing, Client may terminate the Agreement if Andela declines to follow Client’s reasonable instructions that are outside the scope of, or changed from, those given or agreed to in this DPA, to the extent such instructions are necessary to enable Andela to comply with Data Protection Laws.
  10. Sub-processing
  11. Client hereby authorizes Andela to engage Sub-processors, including its subsidiaries. A list of Andela’s current Sub-processors is available upon request to privacy@andela.com. Subject to any applicable disclaimers or limitations of liability, Andela remains responsible for the acts, errors, or omissions of its sub-processors to the extent applicable to Andela’s obligations under this DPA.
  12. Andela will enter into a written agreement with Sub-processors which imposes the same obligations as required by Data Protection Laws.
  13. Andela will inform Client prior to any intended change to Sub-processors. Client may object to the addition of a Sub-processor based on reasonable grounds relating to a potential or actual violation of Data Protection Laws by providing written notice detailing the grounds of such objection within thirty (30) days following Andela’s notification of the intended change. Client and Andela will work together in good faith to address Client’s objection. If Andela chooses to retain the Sub-processor, Andela will inform Client at least thirty (30) days before authorizing the Sub-processor to Process Client Personal Data, and Client may immediately discontinue using the relevant parts of the Services, and may terminate the relevant parts of the Services within thirty (30) days.

5. Technical and Organizational Security Measures

  1. Measures by Andela
  2. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, prior to the commencement of any processing, Andela shall implement, establish and maintain commercially reasonable technical and organizational security measures. Andela shall present and document such technical and organizational security measures for review by Client. Such technical and organizational security measures shall become the foundation of the Services and are subject to technical progress and development. Andela may, from time to time, modify such technical and organizational security measures, so long as such measures do not materially reduce the protection afforded to Client Personal Data, and are reasonably documented.
  3. Measures by Client
  4. Client is responsible for using and configuring the Services to enable Client to comply with Data Protection Laws, including implementing Client’s own appropriate and adequate technical and organizational measures. Client shall provide Andela with a copy of such measures and notify Andela in writing of any modifications. If Andela Developers use Client devices, laptops, or computers, Client shall present and document all technical and organizational security measure for review by Andela. Such technical and organizational security measures shall become the foundation of the Services and are subject to technical progress and development. Client may, from time to time, modify such technical and organizational security measures, so long as such measures are not reduced, and are appropriately documented.
  5. Personnel
  6. Andela will take steps to ensure that all Personnel authorized Andela to Process Client Personal Data are subject to an obligation of confidentiality.
  7. Prohibited Data
  8. Client acknowledges and agrees that the Agreement may prohibit the submission of certain types of Personal Data (such as financial or health information). Client represents and warrants that neither Client nor any entity acting for or on behalf of Client will submit to Andela any Client Personal Data which is regulated under the Health Insurance Portability and Accountability Act without a separate Business Associate Agreement. In such events, Andela will take reasonable and appropriate steps to notify Client of its receipt of any prohibited data.

6. Notification and Assistance

  1. Andela will notify Client without undue delay after Andela becomes aware of a Personal Data Breach involving Client Personal Data.
  2. Andela will provide information relating to the Personal Data Breach as reasonably requested by Client to the extent such information is available to Andela. Andela will use reasonable efforts to assist Client in mitigating, where commercially reasonable and technically feasible, the adverse effects of a Personal Data Breach.
  3. Taking into account the nature of the Processing, and the information available to Andela, Andela will assist Client, including, as appropriate, by implementing technical and organizational measures, with the fulfilment of Client ’s own obligations under Data Protection Laws to: (i) comply with requests to exercise Data Subject Rights; (ii) conduct data protection impact assessments and prior consultations with Supervisory Authorities; and (iii) notify a Personal Data Breach. Andela may charge a reasonable fee to Client for support services rendered in connection with this Section 7, which are not included in the description of the Services, and which are not attributable to failures on the part of Andela. If such support services reveal the failure of Andela to materially comply with its obligations under applicable Data Protection Laws or as otherwise set forth in this DPA, Andela and Client shall each bear their own costs related to assistance.
  4. Andela’s notification of or response to a Personal Data Breach pursuant to this Section 7 will not be construed as an acknowledgement by Andela of any fault or liability with respect to the such Personal Data Breach.

7. Deletion or Return

  1. Pursuant to the Agreement, Andela will delete or return Client Personal Data that in its possession and control as set forth in the Agreement except to the extent Andela is required by law to retain any Client Personal Data. Client may request return of Client Personal Data up to thirty (30) days after termination of the Agreement. Unless required or permitted by applicable law, Andela will delete all remaining copies of Client Personal Data within thirty (30) days after returning Client Personal Data to Client. Andela will notify Client prior to deletion.

8. Cooperation, Supervision and Audit

  1. Request for Data Protection
  2. Upon notice from data subjects or data protection authorities (including requests from individuals seeking to exercise their rights under Data Protection Laws) to the extent regarding the Processing of Client Personal Data by Andela pursuant to the Agreement, Andela will forward such requests to Client. Unless legally required to do so, Andela will not respond to such communication without Client’s authorization. If Andela is required to respond to any request, Andela will notify Client and provide Client with a copy of the request, unless legally prohibited from doing so.
  3. Client Requests
  4. Andela will cooperate with Client, at Client’s sole cost and expense, to respond to any requests from individuals or data protection authorities relating to the processing of Client Personal Data under this DPA to the extent that Client may be unable to access relevant Client Personal Data.
  5. Andela shall inform Client if Andela believes any instruction or request violates Data Protection Laws.
  6. Client shall document immediately any oral instructions in text form.
  7. Audit Requests
  8. Andela audits its Technical and Organizational Security Measures against data protection and information security standards on a regular basis. Such audits are conducted by Andela’s internal team or a designated third party as engaged by Andela. Upon written request and subject to the confidentiality provisions of the Agreement, Andela will make available to Client all information necessary to demonstrate compliance with the obligations of this DPA and allow for and contribute to audits, including inspections, as mandated by a Supervisory Authority or reasonably requested by Client and performed by an independent auditor as agreed upon by Client and Andela.
  9. Andela may request audits of Client’s Technical and Organizational Security Methods to ensure compliance with this DPA. Client will make available to Andela a summary of the most recent audit report and any other document reasonably required by Andela.
  10. Either party requesting such audit information does so at their sole expense, and agrees to remunerate the other party of any costs associated with such audit requests.
  11. Client’s request for an audit will not require Andela either to disclose to Client or its third-party auditor, or to allow Client or its third-party auditor to access:
  12. Any data of any other client of Andela;
  13. Andela’s internal accounting or financial information;
  14. Any trade secrets of Andela or any client of Andela;
  15. Any information that, in Andela’s reasonable opinion, could (i) compromise the security of Andela systems or premises; or (ii) cause Andela to breach its obligation under applicable law or its security and/or privacy obligations to any client or any third party; or
  16. Any information that Client or its third-party auditor seeks to access for any reason other than the good faith fulfillment of Client’s obligation under Data Protection Laws.

9. International Data Transfers

  1. Andela may transfer and process Client Personal Data as requested by Client in other locations around the world where Andela and its Sub-processors maintain operations as necessary to provide Services.
  2. Client hereby authorizes Andela to perform International Data Transfers:
  3. to any country subject to a valid adequacy decision of the EU Commission or the competent authorities, as appropriate;
  4. to the extent authorized by Supervisory Authorities or by the competent authority on the basis of an organization’s binding corporate rules;
  5. to any data importer with whom Andela has entered into SCCs.
  6. By signing this DPA, Client and Andela hereby agree to include the provisions of module two (Controller to Processor) and, to the extent Client is a Processor on behalf of a Third-Party Controller, module three (Processor to Sub-processor) of the Standard Contractual Clauses, which are hereby incorporated into this DPA and completed as follows: the “data exporter” is Client ; the “data importer” is Andela; the optional docking clause in Clause 7 is implemented; Clause 9(a) option 2 is implemented and the time period therein is specified as thirty (30) days; the optional redress clause in Clause 11(a) is struck; Clause 17 option 1 is implemented and the governing law is the law of Belgium; the courts in Clause 18(b) are the Courts of Belgium; Annexes I and II to the SCCs are Appendixes I and II to this DPA respectively.
  7. By signing this DPA, Client and Andela conclude the UK Addendum, which applies to International Data Transfers out of the UK in addition to the Standard Contractual Clauses, and which is hereby incorporated, and Part 1 of the UK Addendum is completed as follows: (i) in Table 1, the “Exporter” is Client and the “Importer” is Andela, their details and signatures are set forth in the Agreement; (ii) in Table 2, the first option is selected and the “Approved EU SCCs” are the Standard Contractual Clauses referred to in section 10.3 of this DPA; (iii) in Table 3, “Annex 1A” and “Annex 1B” to the “Approved EU SCCs” is Appendix I to this DPA and “Annex II” to the “Approved EU SCCs” is Appendix II to this DPA; and (iv) in Table 4, both the “Importer” and the “Exporter” can terminate the UK Addendum.
  8. If Andela’s compliance with Data Protection Laws applicable to International Data Transfers is affected by circumstances outside of Andela’s control, including if a legal instrument for International Data Transfers is invalidated, amended, or replaced, then Client and Andela will work together in good faith to reasonably resolve such non-compliance. In the event that additional, replacement or alternative SCCs are approved by the Supervisory Authorities or the new version of UK Addendum is approved, Andela reserves the right to amend the Agreement and this DPA by adding to or replacing, the SCCs or UK Addendum that form part of it at the date of signature in order to ensure continued compliance with Data Protection Laws.

10. Notifications

  1. Client will send all notifications, requests, and instructions under this DPA to Andela via email to: legal@andela.com.
  2. Andela will send all notifications under this DPA to Client’s contact indicated in the Agreement.

11. Limitations of Liability

  1. To the extent permitted by applicable law, where Andela has paid compensation, damages, or fines, Andela is entitled to claim back from Client that part of the compensation, damages, or fines, corresponding to Client ’s part of responsibility for the compensation, damages or fines.
  2. Parties agree that the total combined liability limit (including indemnifications of any kind) to one another shall be set as provided under the terms of the Agreement as executed between the Parties.

12. Miscellaneous

  1. Andela may modify the terms of this DPA as provided in the Agreement. Andela will notify Client of any such changes and effectiveness of such changes in accordance with this DPA or the Agreement. Changes to this DPA include, but are not limited to, the following circumstances:
  2. If required or ordered to do so by any supervisory, judicial, governmental, or regulatory entity.
  3. As required to implement or adhere to standard contractual clauses, various codes of conducts, policies, rules, procedures and any other mechanisms as required under Data Protection Laws.
  4. In the event of a conflict between the Agreement and this DPA with respect to the subject matter of this DPA, the terms of this DPA shall control to the extent of such conflict.
  5. If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this DPA, and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.

APPENDIX I

DESCRIPTION OF THE TRANSFER

A. LIST OF PARTIES

Data exporter:

  • Name: Client
  • Contact person’s name, position and contact details
  • Activities relevant to the data transferred under these Clauses: Providing the Services as described in the Agreement.
  • Role (controller/processor): Controller, or Processor on behalf of Third-Party Controller

Data importer:

  • Name: Andela Inc.
  • Address:  580 Fifth Avenue, Suite 820, New York, NY 10036
  • Contact person’s name, position and contact details: Mrs. Kirsten Canton, General Counsel, privacy@andela.com
  • Activities relevant to the data transferred under these Clauses: Providing the Services as described in the Agreement.
  • Role (controller/processor): Processor on behalf of data exporter, or Sub-processor on behalf of Third-Party Controller


B. DESCRIPTION OF TRANSFER

Categories of Data Subjects whose Personal Data is transferred:

Data subjects include Clients and the individuals about whom data is provided to Andela via the Services by (or at the direction of) Client.

Categories of Personal Data transferred:

Data relating to Clients or other individuals provided to Andela via the Services, by (or at the direction of) Clients. The personal data transferred may include: name, username, password, email address, telephone and fax number, title and other business information, general information about interest in and use of Andela’s services, and demographic information.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. Sensitive data is pseudonymized.

  • None anticipated.

The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis):

  • On a continuous basis during the duration of the Services.

Nature of the processing:

  • The Personal Data will be processed and transferred as described in the Agreement.

Purpose(s) of the data transfer and further processing:

  • The Personal Data will be transferred and further processed for the provision of the Services as described in the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

  • Personal Data will be retained for as long as necessary taking into account the purpose of the Processing, and in compliance with applicable laws, including laws on the statute of limitations and Data Protection Law.  

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

  • For the subject matter and nature of the Processing, reference is made to the Agreement and this DPA. The Processing will take place for the duration of the Agreement.

C. COMPETENT SUPERVISORY AUTHORITY

Pursuant to Clause 13, the supervisory authority of the EEA country where (i) Client is established; or where (ii) the EU representative of Client is established; or where (iii) the data subjects whose personal data are transferred under the SCCs in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.

APPENDIX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

  1. Confidentiality
  2. Electronic Access Control
  3. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media
  4. Internal Access Control (permissions for user rights of access to and amendment of data)
  5. No unauthorized Reading, Copying, Changes or Deletions of Data within the system as approvals are managed centrally, e.g., rights authorization concept, need-based rights of access, logging of system access events
  6. Isolation Control
  7. The isolated Processing of Personal Data, which is collected for differing purposes, e.g., multiple Client support, sandboxing;
  8. Employee Control
  9. Employees are bound by written confidentiality agreements
  10. Employees receive training on data privacy and data security
  11. Pseudonymisation (Article 32 Paragraph 1 Point a GDPR; Article 25 Paragraph 1 GDPR)
  12. The processing of Personal Data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organizational measures.
  13. Integrity
  14. Data Transfer Control
  15. No unauthorized Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature;
  16. Data Entry Control
  17. Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management
  18. Job Control
  19. Andela’s employees and contractors may only process Client and personal data strictly in accordance with the Agreement’s obligations and Client instructions.
  20. Availability and Resilience
  21. Availability Control
  22. Prevention of accidental or willful destruction or loss, e.g.: Backup Strategy (online/offline; on-site/off-site), Uninterruptible Power Supply (UPS), virus protection, firewall, reporting procedures and contingency planning
  23. Rapid Recovery
  24. Procedures for Regular Testing, Assessment and Evaluation
  25. Data Protection Management
  26. Incident Response Management;
  27. Data Protection by Design and Default (Article 25 Paragraph 2 GDPR)
  28. Order or Contract Control
  29. No third-party data processing as per Article 28 GDPR without corresponding instructions from Client, e.g.: clear and unambiguous contractual arrangements, formalized order management, strict controls, duty of pre-evaluation, supervisory follow-up check.

      2
      CCPA

      CCPA

      Last Updated: 09/01/2022

      This California Data Processing Addendum (the “Addendum”) forms an addendum to part of the Andela Agreement (including any associated Order Form, Statement of Work, or Master Service Agreement entered into there with, the “Agreement”), executed between the entity that executed the Agreement (“Client”) and Andela Inc. (“Andela”) (each a “Party”; collectively the “Parties”), and is in furtherance of obligations under the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”),

      Definitions

      Capitalized terms used in this Addendum are defined in this section or the section of the Agreement they were first used. All capitalized terms not defined in this Addendum shall have the meanings set forth in the Agreement. For the purposes of this Addendum—

      • Business,” “Business Purpose,” “Collect,” “Consumer,” “Deidentified,” “Sale,” “Sell,” “Services,” “Service Provider,” and “Personal Information” have the meaning given to them in the CCPA.
      • Client Personal Information” means Personal Information provided by the Client to, or which is Collected on behalf of Client by, Andela to provide Services to Client pursuant to the Agreement or to perform a Business Purpose.

      Roles and Scope

      • This Addendum applies only to the Collection, retention, use, disclosure, and Sale of Client Personal Information.
      • The Parties acknowledge and agree that Client is a Business and appoints Andela as a Service Provider to process Client Personal Information on behalf of Client.
      • The Parties adopt this Addendum for so long as Andela maintains Personal Information on behalf of Client.

      Restrictions on Processing

      Except as otherwise permitted by the CCPA, Andela is prohibited from (i) retaining, using, or disclosing Client Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Client, as set out in this Addendum and (ii) further Collecting, Selling, or using Client Personal Information except as necessary to perform the Services.

      Consumer Rights

      Andela shall provide commercially reasonable assistance to Client for the fulfillment of Client’s obligations to respond to CCPA-related Consumer rights requests regarding Client Personal Information.

      Indemnification

      To the extent that the Agreement requires Andela to Collect, use, retain, disclose, or reidentify any Client Personal Information as directed by Client, Client shall be solely liable and shall hold harmless and indemnify Andela for any damages or reasonable costs, including attorneys’ fees and interest, arising from or related to the Collection, use, retention, disclosure, or reidentification of such Client Personal Information by Andela as directed by Client.

      Sale of Information

      The Parties acknowledge and agree that the exchange of Personal Information between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Agreement or this Addendum.

      Miscellaneous

      • Andela may modify the terms of this Addendum as provided in the Agreement. Andela will notify Client of any such changes and effectiveness of such changes in accordance with this Addendum or the Agreement.
      • Any conflicts between the Agreement and this Addendum, the terms of this Addendum shall prevail.
      • If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this Addendum, and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
      3
      Modern Slavery Statement

      Modern Slavery Statement

      This statement is made pursuant to s.54 of the United Kingdom’s Modern Slavery Act 2015 and sets out the steps that Andela Inc. has taken during the 2023 financial year to ensure that modern slavery and human trafficking are not taking place within our business or supply chain.

      Andela has a zero-tolerance approach to any form of modern slavery in its business and supply chains. Modern slavery encompasses slavery, servitude, human trafficking and forced labour. We are committed to acting ethically and with integrity and transparency in all business dealings and reject any form of modern slavery or human trafficking taking place within our business or our supply chain.

      This statement covers the following entities within the Andela group (collectively, “Andela”):

      • Andela Inc.
      • Andela Talent Accelerator Limited
      • Andela Kenya Limited
      • Andela Developers Uganda Limited
      • Andela Rwanda Limited
      • Andela Egypt LLC

      Our Business

      Andela has evolved to become a global remote talent marketplace that connects tech talent across the world with opportunities globally across various technology verticals, including: Software Development, Design, Cloud, Data and Product Management. Andela provides clients with vetted software engineers, through a matching and assessment process that includes client interviews and assessments of the soft and technical skills of talent. Andela supports talent through onboarding and working with clients. Andela offers a wide range of services and products to meet client and talent needs, including job placements, assessments, payroll services, and value added services for the Andela talent community such as insurance, education and financial services offerings. Andela is a fully distributed, remote operation.

      Our Supply Chains

      Although identifying, recruiting and onboarding engineering talent is our main focus, we also procure goods and services generally required for the smooth operation of any international business - including IT services and software. Our supply chains also include professional services from our lawyers, accountants, consultants and other advisors.

      Andela is mindful that, particularly across certain parts of the globe, it operates in locations where the prevalence of modern slavery and human trafficking abuses is statistically higher than average. To date, Andela is pleased to confirm that no such abuses have been identified in its business or supply chains in any Andela location.

      Policies to Prevent Modern Slavery and Human Trafficking

      Given the nature of its business, Andela has comparatively limited procurement activities (talent acquisition aside). Nevertheless, the company takes a robust approach to determining which suppliers it contracts with and is not prepared to maintain business relations with any supplier found to have committed, or been involved with, modern slavery, human trafficking or forced labour abuses. Our opposition to modern slavery and human trafficking is codified in our Employee Handbook, which also provides for incident reporting, and reflects our commitment to acting ethically and with integrity in all our business relationships and to implementing and enforcing effective systems and controls to eliminate, as far as possible, the risk of modern slavery and human trafficking taking place anywhere in our business or supply chains.

      By way of example, steps we have taken to help ensure modern slavery and human trafficking are not taking place in our business or supply chain include:

      1. Global Procurement Policy
        We have a comprehensive procurement policy in place to regulate how we deal with our global suppliers in a well-managed, fair and ethical manner. This incorporates a strict employee code of conduct and whistleblowing procedure so that any malpractice can swiftly be dealt with and resolved. It also provides for an organized tracking system of vendors and periodic audits of vendor and procurement procedures to ensure compliance.
      2. Vendor Code of Conduct
        Our suppliers are contractually obligated to comply with our vendor code of conduct. This code requires compliance with local employment laws and diversity practices, and expressly prohibits child labour, discriminatory treatment of workers, and other forms of modern slavery and forced labour or involuntary servitude.
      3. Adult Hiring Policy
        Our adult hiring policy expressly prohibits the use of child labour, forced labour and the exploitation of children in our global operations. Notwithstanding any local laws permitting employment at a lower age, Andela does not hire employees below the age of 18.

      Our compliance, audit and legal teams are involved in ensuring this process works and will monitor it regularly, adapting as necessary to the changing needs of our business.

      Training

      To ensure a high level of understanding of the risks of modern slavery and human trafficking in our business and in our supply chains, where appropriate, we will be asking our vendors to provide training to their staff and suppliers.

      Looking Forward

      Given the global shift to remote, distributed work, Andela will prioritize our efforts to ensure that all our suppliers provide safe working conditions for their workers, particularly in labor service supply chains.

      Andela’s compliance plan for 2024 includes a commitment to provide an on-line compliance module for ethical sourcing training, including steps to prevent modern slavery, for all staff and contractors providing services to Andela or Andela clients. The module will be mandatory for all personnel and will further embed Andela’s efforts to prevent modern slavery and human trafficking within our global company culture.

      Approval

      This statement constitutes Andela’s modern slavery and human trafficking statement for the financial year ending December 31, 2023 as approved by the Andela Inc. Board of Directors (“Board”) on behalf of the Andela group on February 6, 2024.

      Signed on the Board’s behalf by:

      Jeremy Johnson
      Director, Andela Inc. for and on behalf of itself and the Andela group

      4
      Cookie Settings

      Your privacy

      When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link. More information

      Strictly Necessary Cookies

      These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

      Sale of Personal Data

      Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link. If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

      Performance Cookies

      These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

      Targeting Cookies

      These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

      5
      Accessibility Statement

      Accessibility Statement

      Andela exists to unlock human potential at scale. We envision a world where the most talented people can build a career commensurate with their ability – not their race, gender, ability or geography.

      Andela is committed to digital accessibility, conforming to the Web Content Accessibility Guidelines (WCAG) 2.1, Level A and AA, and complying with Americans with Disabilities Act (ADA) effective communication requirements and other applicable regulations.

      To accomplish this, we have partnered with Level Access to administer our accessibility program and oversee its governance. Their accessibility program evaluates our digital products on an ongoing basis in accordance with best practices. It is supported by a diverse team of accessibility professionals, including users of assistive technologies. The platform, moreover, goes beyond minimum compliance requirements by making an assistive CX technology application available to customers who have trouble typing, gesturing, moving a mouse, or reading. The application is free to download, and it incorporates tools such as mouse and keyboard replacements, voice recognition, speech enablement, hands-free/touch-free navigation, and more.

      We want to hear from you if you encounter any accessibility barriers on our digital properties. Please contact our Customer Support at accessibility@andela.com.