ActiveViam is responsible for all data processing in its professional capacity and within its business activity. In this capacity, ActiveViam is subject to the obligations imposed upon it by the regulations in force in France and in the European Union regarding personal data, in particular Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “Regulation“).
Data subjects are suppliers, service providers, consultants, partners, customers and prospects, as well as their employees and, more generally, anyone using the Website (the ” Users ” or ” You “).
“Personal Data” or the “Data” means any information that allows either to directly identify an individual, for example their first and last names, or to indirectly identify one , for example their IP address, social security number or personal ID number.
A “Processing” of Personal Data refers to any operation or set of operations (automated or manual) applied to Data or to Data sets. This includes the collection, recording, organisation, retention, modification, consulting, use, transfer, distribution or otherwise display, reconciliation, interconnection, limitation, or destruction etc. of said Data.
3. Collected and processed data
Data that You provide us with – ActiveViam collects Data directly from Users, including via Data collection forms on the Website or otherwise, or during meetings, negotiations, email exchanges or as part of performing a contract. This Data is updated directly by Users. To this end, any update of said Data must be immediately communicated to the relevant ActiveViam department (marketing department/customer service, accounts, etc.)
Data obtained by third parties – Data can also be provided indirectly from your personal devices (mobile phones or other devices), through a secure connection to our information system or through an application programming interface (API) such as Google, Twitter or Instagram. ActiveViam also uses YouTube’s API services. The privacy policies for these services offered by YouTube and Google is available at the following link: http://www.google.com/policies/privacy.
Additionally, ActiveViam collects Data using cookies and/or trackers that can analyse the behaviour of Users.
We may also receive Data about You via banking or credit institutions. In such cases, we will update your Data in our database.
Data regarding third parties that You provide us with – If You provide us with Data relating to another Data subject (e.g. your employees’ Data for maintenance purposes or for partner recommendations), You guarantee that You are authorized to consent to the processing of Data in their name and, more generally, to send us said Data and that You can receive any correspondence relating to their Data on their behalf.
The type of Data being processed – Data collected as part of a Processing is strictly limited to the purpose for which it has been collected. As such, the Data that we collect from prospects include first and last names, professional email address and phone numbers, employer’s identity and browsing Data (cookies).
In addition to the above Data, we process the following Data concerning customers and their employees: IP address, position / job title, login and login details.
Data relating to suppliers that we collect include the following: First and last names, email address, contact phone number, banking details, contract documents and qualifications.
4. Legal basis for the Data Processing
The legal basis for ActiveViam’s Processing of Data are as follows:
(i) compliance with a legal obligation;
(ii) performance of a contract;
(iii) legitimate interest;
(iv) Your consent, particularly with regard to trackers and prospecting activities.
In addition, when the provision of Data is mandatory, it will be clearly indicated (e.g. marked with an asterisk in the forms).
5. The purposes of Data Processing
Depending on the Data subjects (prospects, customers, service providers or suppliers) ActiveViam conducts various types of processing.
Data relating to prospects is collected to create a database of prospects and conduct commercial actions, as well as to manage and send commercial newsletters (unless the recipient has opted out).
Data relating to Customer’s employees is processed as per the following purposes:
- Provision of services: this relates to, in particular, allowing contracts to be drafted, services to be provided and invoices to be issued and sent. As part of our activities, ActiveViam archives and logs all actions performed on the platform by Customer’s employees.
- Litigation management: ActiveViam collects and processes Data relating to Customer payment delays and defaults in order to prepare, start and manage any recovery or legal action and, where applicable, enforce the decision issued.
- Auditing: As part of an audit or potential purchase operation of ActiveViam, audits by potential investors, buyers or purchasers may be carried out and include an access to the Data. Internal audits may also be carried out to check that our processes are being correctly implemented or to verify Data processing from the Customer database.
- Customer relationship management: In order to provide Customers with the best service and improve our solutions, ActiveViam also processes customer Data when managing the termination of a contract or in order to offer new services, commercial offers and discounts to its customers. As part of its customer relationship management, ActiveViam must also record all email exchanges with the customer’s employees. Finally, ActiveViam may conduct surveys on the quality of the services provided in order to improve said services.
Supplier Data is only processed for the purposes of establishing, negotiating and monitoring a contractual relationship (carrying out services, invoicing, payment, etc.) as well as for the purposes of dealing with any disputes that may arise in this relation.
6. Who can access your Data at ActiveViam?
Access to Data is limited to the individuals and departments who require an access to such information in order to fulfil their duties within ActiveViam. Data collected can thereby be accessed within ActiveViam by the appropriate departments in order to manage the different Processing concerned (sales department for contractual relationships, legal department for disputes, IT department for maintenance, etc.). Customer’s employee Data may also be accessed to by the Customer itself.
7. Third party recipients and Data transfer
For certain purposes, ActiveViam may sometimes use the services of subcontractors or service providers (e.g. those in charge of maintaining ActiveViam’s information system or providing administrative services such as accounting and payroll) such as IT service providers (e.g. hosting website) offering SaaS solutions who require an access to the Data to perform their service, including some which may be located outside of France. In this case, ActiveViam imposes strict obligations on these co-contracting parties in particular regarding the Processing of such Data, confidentiality and security commitments in compliance with Regulation. This is particularly important if these transfers take place outside of the EU.
In the following specific cases, ActiveViam may also communicate Data to third parties:
- As part of the Processing for auditing purposes as provided for above, Data may be communicated to a purchaser, prospective purchasers and their counsels.
- If ActiveViam is obliged to disclose or provide access to Data in order to comply with any legal obligation or a court decision, or in order to enforce or perform the service agreement or circumstances other than those accepted, or to protect the rights, property or safety of ActiveViam, its customers or its employees;
- If this transfer of Data by ActiveViam is permitted by law.
ActiveViam does not sell any Data to third parties.
8. Data retention
Data (especially Data that relates to agreements concluded with ActiveViam) is stored as long as is strictly necessary in order to allow us to perform our services, until (i) the termination of the agreement, (ii) the duration required by law or (iii) for a duration proportionate to the purpose followed to be secured. In any case, this Data must be stored in accordance with CNIL recommendations.
- Data relating to prospects or Customers is deleted within 3 years of its collection or within 3 years of the last contact with the prospect or Customer,
- Pre-litigation: Data is kept until a settlement agreement has been concluded or, failing this, until the corresponding legal action has been prescribed; Judicial litigation: Data is kept until the decision is final and binding.
Furthermore, anonymous data and data relating to Users may be kept for an unlimited period of time when it does not contain or no longer contains any Personal Data.
9. Actions carried out on Data
The following actions are conducted on Data:
- Collection and recording
- Organisation and structuring
- Hosting or retention using third-party software,
- Selection(using a solution published by a third party),
- External archiving
- Transmission, distribution or otherwise in any form making available of the concerned services
- Modification/consultation by customer service, marketing, accounts or IT department
- Deleting or destroying
10. Data localisation and security measures
All Data is hosted by providers located in the European Union, in compliance with the Regulations applicable for this type of Data transfer.
Unless if the User is located overseas, no Data is transferred to a third party located outside of the European Union, except in cases where ActiveViam must submit and/or enforce judicial acts (summons, rulings, conservatory measures, etc.) overseas due to the User residing outside the European Union or when ActiveViam uses the service of a provider located overseas. In any case, ActiveViam ensures that all transferred Data is adequately protected in order to guarantee the Data’s security, integrity and confidentiality in accordance with the applicable Regulation.
ActiveViam shall take all suitable precautions to guarantee the confidentiality and security of the Data and to prevent it from being tampered with, corrupted or accessed by unauthorised persons. A security policy for the information system has been implemented. For example, access to your Data is solely limited to persons/services who require such access. This Data is stored on secured servers and banking details are encrypted. A login and password is required to access Data.
However, transferring Data via Internet is not without risk. Therefore, ActiveViam does not guarantee the security of any Data transferred online even when ActiveViam has complied with its security commitments.
11. User rights
, Users have the following rights on their Data as processed by ActiveViam:
- Access to or obtain a copy of their Data
- Rectification of their Data
- Have all or part of their Data deleted when the Data, (i) is no longer needed for the purposes for which it was collected, (ii) is exclusively based on User’s consent, (iii) and their Processing undergoes an objection proceeding
- Limit the processing of their Data temporarily, when the accuracy of said Data is challenged, when the User has objected to its Processing and when the Data is no longer needed by ActiveViam but is still necessary for the enforcement, exercise or defense of their rights in court
- Unsubscribe or opt out of receiving marketing and commercial documents (emails) at any time by clicking on the “unsubscribe” link in any emails or communication sent by ActiveViam
- Object to the Processing or withdraw their consent at any time when Data Processing is based on consent
- Portability of their Data when Data Processing is based on consent and when the Processing is carried out using automated processes
- Decide how their Data will be used after their death
- File a complaint before the CNIL.
Last updated on 19/06/2019