Table of Content

  • Privacy Policy
  • Client Data Processing Agreement
  • CCPA
  • Cookie Settings
  • Accessibility Statement
1
Privacy Policy

Effective date: December 10, 2025

At Andela, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy. 

Remember that your use of Andela’s Services is at all times subject to our Terms of Use which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use. 

You may print a copy of this Privacy Policy by clicking here.

As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. Upon such changes, we will alert you to material changes by placing a notice on the Andela website, by sending you an email and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

Privacy Policy Table of Contents

What this Privacy Policy Covers
Personal Data
- Categories of Personal Data We May Collect
- Our Commercial or Business Purposes for Collecting or Disclosing Personal Data
- Other Permitted Purposes for Processing Personal Data
- Categories of Sources of Personal Data
How We Disclose Your Personal Data
Data Security
Data Retention
Personal Data of Children
California Resident Rights
European Union, United Kingdom, and Swiss Data Subject Rights
Contact Information

What this Privacy Policy Covers

This Privacy Policy covers how Andela collects and processes data that identifies or relates to you (“Personal Data”). This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage, including if we process your Personal Data on behalf of Andela customers in connection with providing our Services.

Personal Data

Categories of Personal Data We May Collect

Below are the categories of Personal Data that we may collect and may have collected over the past 12 months, depending on your relationship with us:

Profile or Contact Data. In order to provide, customize, improve, and market the Services, as well as to correspond with you, we may collect profile or contact data such as first and last name, email, phone number, country, and unique identifiers. 

  • Device or Web Data. In order to provide, customize, improve, and market the Services, as well as to correspond with you, we may collect device or web data such as IP address, IP address-based location information, type of device/operating system/browser, web page interactions, referring webpage/source, log data, and statistics associated with your interactions with the Services.
  • Demographic Data. In order to provide, customize, and improve the Services, as well as to correspond with you, we may collect certain demographic data such as age and/or date of birth, zip code, gender.
  • Professional or Employment-Related Data. In order to provide, customize, improve, and market the Services, as well as to correspond with you, we may collect professional or employment-related data such as resume, job title, job history, employer, English proficiency, primary skills, years of experience, and other information about your professional background.
  • Sensory Data. In order to provide, customize, improve, and market the Services, as well as to correspond with you, we may collect sensory data such as photos, videos, or recordings of you and/or of your environment.
  • Categories of Data Considered “Sensitive” Under Applicable Privacy Laws. In order to provide, customize, and improve the Services, as well as to correspond with you, we may collect categories of data that are considered “Sensitive” under applicable privacy laws such as precise geolocation, and personal identification numbers. 
  • Other Identifying Information that You Voluntarily Choose to Provide. In order to provide, customize, and improve the Services, as well as to correspond with you, we may collect other identifying information that you voluntarily choose to provide such as emails, letters, texts, or other communications you send us.

Our Commercial or Business Purposes for Collecting or Disclosing Personal Data

  • Providing, Customizing and Improving the Services
    • Creating and managing your account or other user profiles.
    • Processing orders or other transactions; billing.
    • Providing you with the products, services or information you request.
    • Meeting or fulfilling the reason you provided the information to us, including processing any job applications you submit.
    • Providing support and assistance for the Services.
    • Improving the Services, including testing, research, internal analytics and product development.
    • Personalizing the Services, website content and communications based on your preferences.
    • Doing fraud protection, security and debugging.
    • Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA”). For additional information, please see the “California Resident Rights” section.
  • Marketing the Services
    • Marketing and selling the Services.
    • Showing you advertisements, including Interest-Based Advertisements. 
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Andela or the Services.
    • Sending emails and other communications according to your preferences.

Other Permitted Purposes for Processing Personal Data

In addition, each of the above referenced categories of Personal Data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Andela or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice or obtaining your consent. 

Categories of Sources of Personal Data

From You. We collect Personal Data when you provide it directly to us (e.g., you create an account, join the Andela Talent Network, or otherwise contact us). We also collect certain Personal Data (such as Device or Web Data) automatically when you use our Services (e.g., through Cookies – as defined in the “Cookie Settings” tab on the left-hand side of the page), or if you download or install an application as part of our Services. 

Third Parties. We may collect Personal Data from third parties such as: 

  • Vendors that provide analytics on how you interact an engage with our Services or that help provide you with customer support. We may also use Vendors to help generate leads. 
  • Advertising Partners who may assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements or communications.
  • Third Party Credentials that you provide to us or use to sign-in to the Services, such as your social network account credentials, to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.

How We Disclose Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information if you are a California resident, please refer to the “California Resident Rights” section below.

Service Providers. These parties help us provide the Services or perform business functions on our behalf. We may disclose profile or contact data, payment data, device or web data, demographic data, professional or employment-related data, sensory data, categories of data considered “sensitive” under applicable privacy laws, and other identifying information you may choose to provide to our Service Providers, including hosting, technology and communication providers, analytics providers for web traffic or usage of our Services, security and fraud prevention consultants, support and customer service vendors, product fulfillment and delivery providers. 

  • Advertising Partners. These parties help us market our services and provide you with other offers that may be of interest to you such as ad networks, marketing providers, and analytics providers that assist with our Interest-Based Advertisements.
  • Affiliate Partners. These parties’ partner with us in offering various services. We may disclose profile or contact data, device or web data, demographic data, professional or employment-related data, sensory data, sensitive personal data, and other identifying information you may choose to provide to our Affiliate Partners, including businesses that you have a relationship with and companies that we partner with to provide promotional offers or other opportunities, including but not limited to Andela customers.
  • Parties You Authorize, Access or Authenticate. At your direction, we may disclose your Personal Data to Parties You Authorize, Access or Authenticate, including third parties you access through the Services, social media services, other users, and Andela customers.

Legal Obligations

We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Our Commercial or Business Purposes for Collecting or Disclosing Personal Data” section above. 

Business Transfer

Your Personal Data may be provided or transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). 

Data that is Not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you. We will not attempt to reidentify any aggregated, de-identified or anonymized data except to the extent permitted by applicable law (such as reidentification solely for the purpose of determining whether our de-identification processes satisfy the requirements of applicable law).   

Data Security

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Data Retention

We retain Personal Data about you for as long as necessary to provide you with our Services or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Personal Data of Children

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data from children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us at [email protected]. 

California Resident Rights

If you are a California resident, you have the rights set forth in this section. Please note that we may process certain Personal Data on behalf of business customers as part of our services, in which case you may need to contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Please note that the rights below are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request. You can find more information on how to exercise your rights in the “Valid Requests under the CCPA” section below.

  • Access. You have the right to request certain information about our collection and use of your Personal Data, including the categories of Personal Data that we have collected about you, the categories of sources of such Personal Data, the business or commercial purpose for collecting or selling your Personal Data, the categories of third parties to whom we have disclosed your Personal Data, and the specific pieces of Personal Data that we have collected about you. 
  • Deletion. You have the right to request that we delete the Personal Data that we have collected from you. 
  • Correction. You have the right to request that we correct any inaccurate Personal Data we have collected about you. 
  • Limit the Use of Sensitive Personal Information. Consumers have the right to request that we limit the use or sharing disclosure of their Sensitive Personal Information (“Right to Limit”). However, since our use and disclosure of Sensitive Information are limited to the purposes set forth in section 7027(m) of the CCPA regulations, including: 1) performing the services or providing the goods reasonably expected, 2) preventing, detecting, and investigating security incidents, 3) resisting malicious, deceptive, fraudulent, or illegal actions, 4) ensuring physical safety of natural persons, 5) for short-term transient use, 6) performing services on behalf of the business, 7) verifying or maintaining quality or safety of a product or service, and 8) collecting or processing Sensitive Personal Information but not for the purpose of inferring characteristics, we do not offer a way for you to submit such a request. 
  • Opt-Out from Sales/Shares. Under the CCPA, disclosing your data through third party Cookies for Interest-Based Advertising may be considered “selling” or “sharing” of information; and as a result, we may “sell” or “share” Personal Data for these purposes (we do not “sell” Personal Data for monetary consideration). This includes the disclosure of profile or contact data and device or web data to our Advertising Partners. You may opt-out from our “selling” or “sharing” your Personal Data by: (1) accessing your "Cookie Preferences" at the bottom of our website, or (2) by implementing the Global Privacy Control or similar universal privacy control that is legally recognized by a government agency or industry standard and that complies with applicable State Privacy Laws. The signal issued by the control must be initiated by your browser and applies to the specific device and browser you use at the time you cast the signal. Please note this does not include Do Not Track signals.

Valid Requests Under the CCPA

To exercise your CCPA rights, you or your Authorized Agent (as defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable law. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing such request. You may submit a Valid Request for any rights afforded to you in this Privacy Policy by emailing us at [email protected].

You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Appealing a Denial

If we refuse to take action on your Valid Request within a reasonable period of time after receiving such Valid Request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original Valid Request pertains and to identify the original Valid Request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the CCPA. We will respond to your appeal within the time period required under the applicable law. You can submit a Valid Request to appeal by emailing us at [email protected] (title must include “CCPA Appeal”).

We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA

We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

European Union, United Kingdom, and Swiss Data Subject Rights

If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Lichtenstein, Norway or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below. For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR. Andela will be the controller of your Personal Data processed in connection with the Services; however, note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].

Personal Data Use and Processing Grounds. The “Our Commercial or Business Purposes for Collecting or Disclosing Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

  • Contractual Necessity. We process the following categories of Personal Data as a matter of “contractual necessity”: profile or contact data, payment data, demographic data, professional or employment-related data, sensory data, categories of data considered “Sensitive” under applicable privacy laws, and other identifying information that you voluntarily choose to provide.
    • We need to process this data to perform under our Terms of Use with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.
  • Legitimate Interest. We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties: profile or contact data, payment data, device or web data, demographic data, professional or employment-related data, sensory data, categories of data considered “Sensitive” under applicable privacy laws, inferences drawn from other Personal Data collected, and other identifying information that you voluntarily choose to provide. We may also de-identify or anonymize Personal Data to further our legitimate interests.
    • Examples of these legitimate interests include (as described in more detail above) providing, customizing and improving the Services, marketing the Services, corresponding with you, meeting legal requirements and enforcing legal terms, and completing corporate transactions.
  • Consent. In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds. From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

EU, UK and Swiss Data Subject Rights

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected]. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request. Please note that your rights may be subject to certain conditions or exceptions in accordance with the GDPR.

  • Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your Andela account.
  • Rectification: If you believe that any Personal Data, we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your Andela account.
  • Erasure: You can request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
  • Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
  • Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
  • Right to File Complaint: You have the right to lodge a complaint about Andela’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Transfers of Personal Data

The Services are hosted and operated in the United States (“U.S.”) through Andela and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Andela in the U.S. and will be hosted on U.S. servers, and you authorize Andela to transfer, store and process your information to and in the U.S., and possibly other countries. In some circumstances, your Personal Data may be transferred to the U.S. pursuant to a data processing agreement incorporating standard data protection clauses. 

Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:

  • www.andela.com 
  • [email protected]
  • 169 Madison Avenue, STE 15766, New York, New York 10016  

If you are located in the EU or UK, you may use the following information to contact our EU or UK Member Representatives:

2
Client Data Processing Agreement

Last Updated: 12/10/2025

This Data Processing Addendum (“DPA”) supplements the Master Services Agreement (the “Agreement”) entered into by and between the client entity that is party to the Agreement (“Client”) and Andela, Inc. (“Andela” and, together with Client, the “Parties”). This DPA incorporates the terms of the Agreement. Andela may update this DPA from time to time, and we will provide reasonable notice of any such updates. Any terms not defined in this DPA shall have the meaning set forth in the Agreement. 

1. Definitions

  1. “Authorized Subprocessor” means a third-party entity engaged by Andela to process Personal Data in order to provide the Services and that has been approved by Client in accordance with Section 6.
  2. “Andela Account Data” means personal data that relates to Andela’s relationship with Client, including the names or contact information of individuals authorized by Client to access Client’s account and billing information of individuals that Client has associated with its account.
  3. “Andela Usage Data” means Service usage data collected and processed by Andela in connection with the provision of the Services, including without limitation data used to identify the source and destination of a communication, activity logs, and similar data.  
  4. “Data Privacy Framework” means, as applicable, EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and/or the Swiss-U.S. Data Privacy Framework.  
  5. “Data Subject” means a natural person whose Personal Data is protected by Privacy Laws. For the avoidance of doubt, “Data Subject” includes the term “Consumer” under Privacy Laws.
  6. “Data Subject Request” means a request from a Data Subject to exercise their rights over Personal Data afforded pursuant to Privacy Laws.
  7. “EU SCCs” means standard contractual clauses approved by the European Commission in Commission Decision 2021/914 dated 4 June 2021, for transfers of personal data to countries not otherwise recognized as offering an adequate level of protection for personal data by the European Commission (as amended and updated from time to time), as modified by Section 9 of this DPA. 
  8. “ex-EEA Transfer” means the transfer of Personal Data subject to the GDPR from the European Economic Area (the “EEA”) to a country where the transfer is not governed by an adequacy decision made by the European Commission in accordance with the relevant provisions of the GDPR. 
  9. “ex-UK Transfer” means the transfer of Personal Data subject to Chapter V of the UK GDPR from outside the United Kingdom (the “UK”) where such transfer is not governed by an adequacy decision made by the Secretary of State in accordance with the relevant provisions of the UK GDPR and the Data Protection Act 2018. 
  10. “Personal Data” means any information provided to Andela by or on behalf of Client in connection with the Services that relates to an identified or identifiable Data Subject and constitutes “personal data,” “personal information,” or equivalent term under Privacy Laws.  
  11. “Privacy Laws” means any applicable laws and regulations in any relevant jurisdiction relating to the processing of Personal Data including, each to the extent applicable (i) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and the EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”) (together, collectively, the “GDPR”), (ii) the Swiss Federal Act on Data Protection, (iii) the UK Data Protection Act 2018, (iv) the Privacy and Electronic Communications (EC Directive) Regulations 2003, and (v) the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA); in each case, as updated, amended or replaced from time to time. The terms “affiliates,” “business purpose,” “Controller,” “Processor,” “process” or “processing,” “sell,” “share,” or “supervisory authority,” shall have the meanings set forth for those or equivalent terms under Privacy Laws. For the avoidance of doubt, the terms “Controller” and “Processor” include “Business” and “Service Provider,” respectively, as defined in the CCPA.
  12.  “Standard Contractual Clauses” means, as applicable, the EU SCCs and the UK SCCs.
  13. “UK Addendum” means the template International Data Transfer Addendum issued by the Information Commissioner and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022 (as may be amended from time to time), as completed by Exhibit D. 
  14. “UK SCCs” means the EU SCCs, as amended by the UK Addendum.

2. Role of the Parties; Description of Processing.

  1. Except as expressly set forth in this DPA or the Agreement, with respect to Personal Data, Client is the Controller and Andela is a Processor, or to the extent Client is a Processor to a third-party Controller, Andela is a subprocessor. 
  2. Andela shall process Personal Data only (i) for purposes set forth in the Agreement, (ii) in a manner consistent with the documented instructions provided by Client, which shall include the Agreement and this DPA, and (iii) as required by Privacy Laws or a supervisory authority; in such case, Andela shall inform Client of that legal requirement before processing to the extent legally permitted. The subject matter, nature, purpose, and duration of this processing, as well as the types of Personal Data collected and categories of Data Subjects involved, are described in Exhibit A to this DPA.

3. Compliance with Privacy Laws.

Client shall, in its use of the Services, at all times process Personal Data, and provide instructions for the processing of Personal Data, in compliance with Privacy Laws. Client shall ensure that the processing of Personal Data in accordance with Client’s instructions will not cause Andela to be in breach of the Privacy Laws. Client is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Andela by or on behalf of Client, (ii) the means by which Client acquired any such Personal Data, and (iii) the instructions it provides to Andela regarding the processing of such Personal Data. Client shall not provide or make available to Andela any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services and shall indemnify Andela from all claims and losses in connection therewith. Andela shall immediately notify Client if an instruction, in Andela’s opinion, infringes Privacy Laws or instruction of a supervisory authority.

4. Use of Personal Data

Andela shall not: (i) sell or share Personal Data; (ii) retain, use, or disclose Personal Data outside of Andela’s direct business relationship with Client or for any purpose other than for a business purpose under the CCPA on behalf of Client or as necessary to perform the Services for Client pursuant to the Agreement, except as otherwise permitted in Agreement or by Privacy Laws; and (iii) combine Personal Data received from, or on behalf of, Client with Personal Data that it receives from, or on behalf of, another party or person, except as necessary to provide the Services or as otherwise instructed by Client.  

5. Audit

  1. Andela shall maintain records sufficient to demonstrate its compliance with its obligations under this DPA. Upon Client’s written request at reasonable intervals, and subject to reasonable confidentiality controls, Andela shall, either (i) make available for Client’s review copies of certifications or reports demonstrating Andela’s compliance with prevailing data security standards applicable to the processing of Personal Data, or (ii) if the provision of reports or certifications pursuant to (i) is not reasonably sufficient under Privacy Laws, allow Client’s independent third party representative to conduct an audit or inspection of Andela’s data security infrastructure and procedures that is sufficient to demonstrate Andela’s compliance with its obligations under Privacy Laws, provided that (a) Client provides reasonable prior written notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Andela’s business; (b) such audit shall only be performed during business hours and occur no more than once per calendar year; and (c) such audit shall be restricted to data relevant to Client. Client shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Andela for any time expended for on-site audits. If Client and Andela have entered into Standard Contractual Clauses as described in Section 9 (Transfers of Personal Data), the parties agree that the audits described in Clause 8.9 of the EU SCCs shall be carried out in accordance with this Section 5.2. 

6. Authorized Subprocessors.

  1. Client acknowledges and agrees that Andela may (1) engage its affiliates as well as the Authorized Subprocessors listed in Exhibit B to this DPA to access and process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the processing of Personal Data pursuant to Section 6.2. By way of this DPA, Client provides general written authorization to Andela to engage subprocessors as necessary to perform the Services.
  2. A list of Andela’s current Authorized Subprocessors (the “List”) will be made available to Client upon request and such List may be updated by Andela from time to time. Client acknowledges that certain subprocessors are essential to providing the Services and that objecting to the use of a subprocessor may prevent Andela from offering the Services to Client. 
  3. If Client reasonably objects to an engagement of a new subprocessor in accordance with Privacy Laws, and Andela cannot provide a commercially reasonable alternative within a reasonable period of time, Client may discontinue the use of the affected Service by providing written notice to Andela.  Discontinuation shall not relieve Client of any fees owed to Andela under the Agreement. 
  4. Andela will enter into a written agreement with the Authorized Subprocessor imposing on the Authorized Subprocessor data protection obligations comparable to those imposed on Andela under this DPA with respect to the protection of Personal Data.  In case an Authorized Subprocessor fails to fulfill its data protection obligations under such written agreement with Andela, Andela will remain liable to Client for the performance of the Authorized Subprocessor’s- obligations under such agreement.
  5. If Client and Andela have entered into Standard Contractual Clauses as described in Section 9 (Transfers of Personal Data), (i) the above authorizations will constitute Client’s prior written consent to the subcontracting by Andela of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Andela to Client pursuant to Clause 9(c) of the EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by Andela beforehand, and that such copies will be provided by Andela only upon request by Client.

7. Confidentiality; Security of Personal Data.

  1. Andela shall ensure that any person it authorizes to process Personal Data has agreed to protect Personal Data in accordance with Andela’s confidentiality obligations in the Agreement. Client agrees that Andela may disclose Personal Data to its advisers, auditors or other third parties as reasonably required in connection with the performance of its obligations under this DPA, the Agreement, or the provision of Services to Client.
  2. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Andela shall maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing Personal Data, as described in Exhibit C. 

8. Personal Data Breach.

  1. In the event of a Personal Data Breach, Andela shall, without undue delay, inform Client of the Personal Data Breach and take such steps as Andela in its sole discretion deems necessary and reasonable to remediate such Personal Data Breach, to the extent that remediation is within Andela’s reasonable control.
  2. In the event of a Personal Data Breach, Andela shall, taking into account the nature of the processing and the information available to Andela, provide Client with reasonable cooperation and assistance necessary for Client to comply with its obligations under Privacy Laws with respect to notifying (i) the relevant supervisory authority or regulatory agency and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
  3. The obligations described in Sections 8.1 and 8.2 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Client. Andela’s obligation to report or respond to a Personal Data Breach under Sections 8.1 and 8.2 will not be construed as an acknowledgement by Andela of any fault or liability with respect to the Personal Data Breach.  

9. Transfers of Personal Data.

  1. The parties agree that Andela may transfer Personal Data processed under this DPA outside the EEA, the UK, or Switzerland as necessary to provide the Services. Client acknowledges that the transfer of Personal Data to the United States is necessary for the provision of the Services to Client. If Andela transfers Personal Data protected under this DPA to a jurisdiction for which the European Commission has not issued an adequacy decision, Andela will ensure that appropriate safeguards have been implemented for the transfer of Personal Data in accordance with Privacy Laws.
  2. Ex-EEA Transfers. The Parties agree that ex-EEA Transfers shall either be made pursuant to (i) the Data Privacy Framework to the extent the recipient of the ex-EEA Transfer is certified accordingly, or (ii) the EU SCCs, which are deemed entered into (and incorporated into this herein by reference) and completed as follows:
    1. Module One (Controller to Controller) of the EU SCCs applies when Andela is processing Personal Data as a controller pursuant to Section 9 of this DPA. 
    2. Module Two (Controller to Processor) of the EU SCCs applies when Client is a controller and Andela is a processor of Personal Data in accordance with Section 2 of this DPA.
    3. Module Three (Processor to Subprocessor) of the EU SCCs applies when Client is a processor and Andela is a subprocessor of Personal Data in accordance with Section 2 of this DPA. 
  3. For each module, where applicable the following applies: 
    1. The optional docking clause in Clause 7 does not apply. 
    2. In Clause 9, Option 2 (general written authorization) applies, and the minimum time period for prior notice of subprocessor changes shall be 30 days.
    3. In Clause 11, the optional language does not apply. 
    4. All square brackets in Clause 13 are hereby removed. 
    5. In Clause 17 (Option 1), the EU SCCs will be governed by the laws of the Republic of Ireland. 
    6. In Clause 18(b), disputes will be resolved before the courts of the Republic of Ireland. 
    7. Exhibit B to this DPA contains the information required in Annex I of the EU SCCs. 
    8. Exhibit C to this DPA contains the information required in Annex II of the EU SCCs,
    9. By entering into this DPA, the Parties are deemed to have signed the EU SCCs incorporated herein, including their Annexes. 
  4. Ex-UK Transfers. The Parties agree that ex-UK Transfers shall either be made pursuant to (i) the Data Privacy Framework to the extent that recipient of the ex-UK Transfer is certified accordingly, or (ii) the UK SCCs, which are deemed entered into and incorporated herein by reference. The UK Addendum (including the EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales.
  5. Transfers from Switzerland. The Parties agree that transfers from Switzerland shall either be made pursuant to (i) the Data Privacy Framework to the extent that recipient of the transfer from Switzerland is certified accordingly, or (ii) the EU SCCs with the following modifications: 
    1. The terms “General Data Protection Regulation” or “Regulation (EU) 2016/679” as utilized in the EU SCCs shall be interpreted to include the Federal Act on Data Protection of 19 June 1992 (the “FADP,” and as revised as of 25 September 2020, the “Revised FADP”) with respect to data transfers subject to the FADP.
    2. Clause 13 of the EU SCCs is modified to provide that the Federal Data Protection and Information Commissioner (“FDPIC”) of Switzerland shall have authority over data transfers governed by the FADP and the appropriate EU supervisory authority shall have authority over data transfers governed by the GDPR. Subject to the foregoing, all other requirements of Clause 13 shall be observed. 
    3. The term “EU Member State” as utilized in the EU SCCs shall not be interpreted in such a way as to exclude Data Subjects in Switzerland from exercising their rights in their place of habitual residence in accordance with Clause 18(c) of the EU SCCs. 
  6. Supplementary Measures. In respect of any transfer of Personal data made pursuant to the Standard Contractual Clauses, the following supplementary measures shall apply:
    1. If Andela receives a formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) such Personal Data (each, a “Government Agency Request"), Andela shall attempt to redirect the government agency to Client. As part of this effort, Andela may provide Client’s basic contact information to the government agency. If Andela is compelled to disclose Personal Data, to the extent legally permitted, Andela shall notify Client of the demand and reasonably cooperate to allow Client to seek a protective order or other appropriate remedy. Andela shall not voluntarily disclose Personal Data to any law enforcement or government agency. The Parties shall determine whether all or any transfers of Personal Data pursuant to this DPA should be suspended in light of such a Government Agency Request.
    2. The Parties will confer as appropriate to consider whether: (i) the protection afforded by the laws of the country of Andela to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, as applicable; (ii) additional measures are reasonably necessary for the transfer to comply with Privacy Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Andela, taking into account all relevant information available, including guidance by supervisory authorities, to the Parties. 
    3. If either (i) any of the means of legitimizing a transfer cease to be valid or (ii) any supervisory authority requires transfers of Personal Data pursuant to those means to be suspended, the Parties agree to amend the means of legitimizing transfers in accordance with Privacy Laws. To the extent necessary to ensure the enforceability of the Standard Contractual Clauses, the Parties shall execute the Standard Contractual Clauses as a separate agreement.

10. Data Protection Assessments.

Taking into account the nature of Andela’s processing and the information available to Andela, Andela shall reasonably cooperate with Client to conduct any data protection or privacy impact assessments as required by Privacy Laws, including by providing Client with information and documents necessary for such assessments that Client cannot otherwise obtain without Andela’s assistance. Notwithstanding the foregoing, Client and Andela each remain responsible only for the measures respectively allocated to them under Privacy Laws pertaining to any such assessment.

11. Data Subject Request.

  1. Andela shall, to the extent permitted by Privacy Laws, notify Client upon receipt of Data Subject Request. If Andela receives a Data Subject Request in relation to Personal Data, Andela will advise the Data Subject to submit their request to Client and Client will be responsible for responding to such request, including, where necessary, by using the functionality of the Services. Client is solely responsible for ensuring that Data Subject Requests communicated to Andela, and, if applicable, for ensuring that a record of consent to processing is maintained with respect to each Data Subject.
  2. Andela shall, at the request of Client, and taking into account the nature of the processing applicable to any Data Subject Request, apply appropriate technical and organizational measures to assist Client in complying with Client’s obligation to respond to such Data Subject Request and/or in demonstrating such compliance, where possible, provided that (i) Client is itself unable to respond without Andela’s assistance and (ii) Andela is able to do so in accordance with all applicable laws, rules, and regulations. Client shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Andela.

12. Return or Destruction of Personal Data.

Upon the termination or expiration of the Agreement, at Client’s choice, Andela shall return or delete Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, Andela shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control. If Client and Andela have entered into Standard Contractual Clauses as described in Section 9 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 8.1(d) and Clause 8.5 of the EU SCCs (as applicable) shall be provided by Andela to Client only upon Client’s request.

13. Andela’s Role as a Controller.

The parties acknowledge and agree that with respect to Andela Account Data and Andela Usage Data, Andela is an independent controller, not a joint controller with Client. Andela will process Andela Account Data and Andela Usage Data as a controller (i) to manage the relationship with Client; (ii) to carry out Andela’s core business operations, such as accounting, audits, tax preparation and filing and compliance purposes; (iii) to monitor, investigate, prevent and detect fraud, security incidents and other misuse of the Services, and to prevent harm to Client; (iv) for identity verification purposes; (v) to comply with legal or regulatory obligations applicable to the processing and retention of Personal Data to which Andela is subject; and (vi) as otherwise permitted under Privacy Laws and in accordance with this DPA and the Agreement. Andela may also process Andela Usage Data as a controller to provide, optimize, and maintain the Services, to the extent permitted by Privacy Laws. Any processing by Andela as a controller shall be in accordance with Andela’s privacy policy.

14. Miscellaneous

In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) the applicable terms in the Standard Contractual Clauses; (2) the terms of this DPA; (3) the Agreement, and (4) Andela’s privacy policy. Any claims brought in connection with this DPA will be subject to the Agreement, including, but not limited to, the exclusions and limitations set forth in the Agreement. 

Exhibit A

Details of Processing

Nature and Purpose of Processing: Andela will process Personal Data as necessary to provide the Services under the Agreement, for the purposes specified in the Agreement and this DPA, and in accordance with Client’s instructions as set forth in this DPA. The nature of processing includes, without limitation: 

- Receiving data, including collection, accessing, retrieval, recording, and data entry
- Holding data, including storage, organization and structuring
- Using data, including analysis, consultation, and testing
- Updating data, including correcting, adaptation, alteration, alignment and combination
- Protecting data, including restricting, encrypting, and security testing
- Sharing data, including disclosure, dissemination, allowing access or otherwise making available 
- Returning data to the data exporter or data subject
- Erasing data, including destruction and deletion

Duration of Processing: Andela will process Personal Data as long as required (i) to provide the Services to Client under the Agreement; (ii) for Andela’s legitimate business needs; or (iii) by applicable law or regulation. Andela Account Data and Andela Usage Data will be processed and stored as set forth in Andela’s privacy policy.

Categories of Data Subjects: Client employees and/or contractors; Talent on behalf of Client as Agent on Record.

Categories of Personal Data: Andela processes Personal Data contained in Andela Account Data, Andela Usage Data, and any Personal Data provided by Client (including any Personal Data Client collects from its end users and processes through its use of the Services) or collected by Andela in order to provide the Services or as otherwise set forth in the Agreement or this DPA. Categories of Personal Data include name, location, email address, phone or fax number, address, Talent payment data, demographic data, and resume or other professional or employment related data.

Sensitive Data or Special Categories of Data: Solely to the extent provided or instructed by the Client in accordance with Data Protection Laws.

Exhibit B

The following includes the information required by Annex I and Annex III of the EU SCCs, and Table 1, Annex 1A, and Annex 1B of the UK Addendum. 

1. The Parties 

Data exporter(s): 

Name: Client 

Address: As designated within the Client’s account

Signature and Date: By entering into the Agreement, Client is deemed to have signed these Standard Contractual Clauses incorporated herein, as of the date that Client entered into the Agreement.

Role (controller/processor): As provided in Section 2 of this DPA.

Data importer(s): 

Name: Andela Inc. 

Address: 169 Madison Avenue, STE 15766, New York, New York 10016 

Contact: Mrs. Kirsten Canton, General Counsel, [email protected].

Signature and date: By entering into the Agreement, Data Importer is deemed to have signed these Standard Contractual Clauses incorporated herein, as of the Effective Date of the Agreement.

Role (controller/processor): As provided in Section 2 of the DPA. 

2. Description of the Transfer

Table contents:

Data Subjects: As described in Exhibit A of the DPA

Categories of Personal Data: As described in Exhibit A of the DPA

Special Category Personal Data (if applicable): As described in Exhibit A of the DPA

Nature of the Processing: As described in Exhibit A of the DPA

Purposes of Processing: As described in Exhibit A of the DPA

Duration of Processing and Retention (or the criteria to determine such period): As described in Exhibit A of the DPA

Frequency of the transfer: As necessary to provide perform all obligations and rights with respect to Personal Data as provided in the Agreement or DPA

Recipients of Personal Data Transferred to the Data Importer: Andela will maintain and provide a list of its Authorized Subprocessors upon request.

3. Competent Supervisory Authority

The supervisory authority shall be the supervisory authority of the Data Exporter, as determined in accordance with Clause 13 of the EU SCCs. The supervisory authority for the purposes of the UK Addendum shall be the UK Information Commissioner’s Officer.

4. List of Authorized Subprocessors

Client can request a list of Andela’s current Authorized Subprocessors by emailing [email protected].

Exhibit C

Description of the Technical and Organisational Security Measures implemented by the Data Importer

The following includes the information required by Annex II of the EU SCCs and Appendix II of the UK Addendum. 

  1. Confidentiality. Andela maintains electronic access control designed to prevent unauthorized access to or use of Andela’s data processing and data storage systems, including through the use of secure passwords, automatic blocking/locking mechanisms, two-factor authentication, and encryption of data carriers/storage media. Andela’s employees and contractors are bound by written confidentiality agreements, receive training on privacy and security obligations, and are only permitted to process Client Personal Data in accordance with the obligations under the Agreement, including this DPA, and Client instructions.
  2. Internal Access Controls. Andela has implemented permission-based access controls designed to prevent unauthorized access to, modification of, or deletion of data through a central management system.
  3. Isolation Control. Andela segregates Personal Data depending on the purpose for collection, including but not limited to logical segregation on a per client basis.
  4. Pseudonymisation. Where appropriate, and taking into account the state of the art, costs of implementation, and the nature, scope, context, and purposes of the processing, Andela employs pseudonymization to protect Personal Data.
  5. Data Entry Control. Andela has policies in place designed to provide a process for verification of modification to or deletion of Personal Data, including but not limited to logging of changes and document management.
  6. Availability Control. Andela has implemented policies designed to prevent the accidental destruction or loss of Personal Data, such as through the use of regular backups, a “UPS” or uninterruptable power supply, virus protection, firewalls, reporting procedures, and contingency planning.
  7. Vendor Controls. Andela has implemented procedures for vendor diligence, contracting, onboarding, and order management designed to provide necessary oversight for Andela’s vendors to mitigate the risk of unauthorized processing. 

Exhibit D

UK Addendum 

International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Part 1: Tables

Table 1: Parties

Table 2: Selected SCCs, Modules and Selected Clauses

Table 3: Appendix Information

Table 4: Ending this UK Addendum when the Approved UK Addendum Changes

Part 2: Mandatory Clauses 

The Mandatory Clauses of the UK Addendum are incorporated herein by reference.  

      3
      CCPA

      Last Updated: 09/01/2022

      This California Data Processing Addendum (the “Addendum”) forms an addendum to part of the Andela Agreement (including any associated Order Form, Statement of Work, or Master Service Agreement entered into there with, the “Agreement”), executed between the entity that executed the Agreement (“Client”) and Andela Inc. (“Andela”) (each a “Party”; collectively the “Parties”), and is in furtherance of obligations under the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”),

      Definitions

      Capitalized terms used in this Addendum are defined in this section or the section of the Agreement they were first used. All capitalized terms not defined in this Addendum shall have the meanings set forth in the Agreement. For the purposes of this Addendum—

      • Business,” “Business Purpose,” “Collect,” “Consumer,” “Deidentified,” “Sale,” “Sell,” “Services,” “Service Provider,” and “Personal Information” have the meaning given to them in the CCPA.
      • Client Personal Information” means Personal Information provided by the Client to, or which is Collected on behalf of Client by, Andela to provide Services to Client pursuant to the Agreement or to perform a Business Purpose.

      Roles and Scope

      • This Addendum applies only to the Collection, retention, use, disclosure, and Sale of Client Personal Information.
      • The Parties acknowledge and agree that Client is a Business and appoints Andela as a Service Provider to process Client Personal Information on behalf of Client.
      • The Parties adopt this Addendum for so long as Andela maintains Personal Information on behalf of Client.

      Restrictions on Processing

      Except as otherwise permitted by the CCPA, Andela is prohibited from (i) retaining, using, or disclosing Client Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Client, as set out in this Addendum and (ii) further Collecting, Selling, or using Client Personal Information except as necessary to perform the Services.

      Consumer Rights

      Andela shall provide commercially reasonable assistance to Client for the fulfillment of Client’s obligations to respond to CCPA-related Consumer rights requests regarding Client Personal Information.

      Indemnification

      To the extent that the Agreement requires Andela to Collect, use, retain, disclose, or reidentify any Client Personal Information as directed by Client, Client shall be solely liable and shall hold harmless and indemnify Andela for any damages or reasonable costs, including attorneys’ fees and interest, arising from or related to the Collection, use, retention, disclosure, or reidentification of such Client Personal Information by Andela as directed by Client.

      Sale of Information

      The Parties acknowledge and agree that the exchange of Personal Information between the Parties does not form part of any monetary or other valuable consideration exchanged between the Parties with respect to the Agreement or this Addendum.

      Miscellaneous

      • Andela may modify the terms of this Addendum as provided in the Agreement. Andela will notify Client of any such changes and effectiveness of such changes in accordance with this Addendum or the Agreement.
      • Any conflicts between the Agreement and this Addendum, the terms of this Addendum shall prevail.
      • If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this Addendum, and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
      4
      Cookie Settings

      In connection with offering Andela’s Services (as such term is defined in the Terms of Use), we use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). 

      We use the following types of Cookies:

      • Essential Cookies.
        Essential Cookies are necessary for the Services to function. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
      • Personalization Cookies.
      • Personalization Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, provide enhanced features, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
      • Analytics Cookies.
        Analytics Cookies allow us to measure usage of our Services and improve your experience. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. These Cookies help us better understand user of our Services and can also help us measure our targeted advertising efforts 
      • Marketing Cookies.
        Marketing Cookies collect data about your online activity and identify your interests so that we can provide targeted advertising that we believe is relevant to you. For more information about this, please see the section below titled “Targeted Advertising.”

      You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work. 

      To explore what Cookie settings are available to you or to modify your preferences with respect to Cookies, you can access your “Cookie Preferences” at the bottom of our website. To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/ or https://ico.org.uk/for-the-public/online/cookies/ if you are located in the European Union.

      Targeted Advertising

      We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

      5
      Accessibility Statement

      Accessibility Statement

      Andela exists to unlock human potential at scale. We envision a world where the most talented people can build a career commensurate with their ability – not their race, gender, ability or geography.

      Andela is committed to digital accessibility, conforming to the Web Content Accessibility Guidelines (WCAG) 2.1, Level A and AA, and complying with Americans with Disabilities Act (ADA) effective communication requirements and other applicable regulations.

      To accomplish this, we have partnered with Level Access to administer our accessibility program and oversee its governance. Their accessibility program evaluates our digital products on an ongoing basis in accordance with best practices. It is supported by a diverse team of accessibility professionals, including users of assistive technologies. The platform, moreover, goes beyond minimum compliance requirements by making an assistive CX technology application available to customers who have trouble typing, gesturing, moving a mouse, or reading. The application is free to download, and it incorporates tools such as mouse and keyboard replacements, voice recognition, speech enablement, hands-free/touch-free navigation, and more.

      We want to hear from you if you encounter any accessibility barriers on our digital properties. Please contact our Customer Support at [email protected].