Privacy Policy 2025

Preamble and Purpose

Last updated on 30 April 2025

The purpose of this privacy policy (“Privacy Policy”) is to inform Our suppliers, service providers, consultants, partners, Customers, and applicants, as well as their staff (“You”/ “Your”) about how companies within the ActiveViam group process Your Personal Data in their capacity as Data Controllers and Your rights in this respect.

This Privacy Policy may be amended to take into account any newly-implemented developments with regards to processing Personal Data and the applicable legislation. To this end, We may provide to You additional and/or amended data privacy notices from time to time. Please ensure that You read any new versions that We make available.

1. Definitions

  • Cookies”: means tracers that can be deposited or read, for example when consulting a website, a mobile application or when setting up or using software. A cookie may include:
    • Cookie and HTTP variables which can be transmitted by invisible pixels or web beacons;
    • “Flash” cookies;
    • Access to terminal information from APIs (LocalStorage, IndexedDB, advertising identifiers such as IDFA or Android ID, GPS access, etc.); or
    • Any other identifier generated by software or an operating system (serial number, MAC address, unique generated identifier (UTI), or any set of data that is used to calculate a unique fingerprint of the terminal (e.g. through a “fingerprinting method”).
  • Customer”: means one of Our customers (including prospective customers).
  • Data Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
  • Personal Data”: means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • process”/ “processing”/ “processed”: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, transmission, or otherwise making available, combination, restriction, erasure or destruction.
  • Recipient”: means a third party who receives the Personal Data.
  • User”: means any of You that use the Website.
  • Website”: means Our website.

2. The Data Controller & Your protection under this Privacy Policy

Quartet Financial Systems, Inc., d/b/a as ActiveViam, a Delaware corporation, with its office located at 550 7th Avenue, 19th Floor, New York, New York 10018 (“ActiveViam”) and its Affiliates listed below (together referred to as “We”, “Us”, “Our”) are together responsible for all processing conducted by Our business and We are committed to protecting Your Personal Data, as well as being transparent about the manner in which Your Personal Data is being processed.

Our management tools are shared between ActiveViam and its Affiliates, so that each Affiliate can process Personal Data both in and outside their country of operation. Given the global nature of ActiveViam’s activities, ActiveViam may transmit Personal Data for the purposes described in this policy, within the ActiveViam group, with Recipients located in different jurisdictions.

ActiveViam’s Affiliates are the following:

  • ActiveViam Ltd, a company incorporated under the laws of England and Wales with offices located at 6th floor, Shaftesbury House, 151 Shaftesbury Avenue, London WC2H 8AL, UK;
  • ActiveViam SAS, a company incorporated under the laws of France with offices located at 46 rue de l’Arbre Sec 75001 Paris, France;
  • ActiveViam PTY Ltd, a company incorporated under the laws of Australia, whose registered address is Gupta & Co Pty Ltd, Suite 2, L 9, 122 Arthur Street, North Sydney NSW 2060;
  • ActiveViam Germany GmbH, a company incorporated under the laws of Germany whose registered office is located at Junghofstrasse 16, 8th Floor, 60311 Frankfurt;
  • ActiveViam HK Ltd, a company incorporated under the laws of Hong Kong whose registered office is located at 21/F, On Hing Building, 1 On Hing Terrace, Central, Hong Kong; and
  • ActiveViam PTE Ltd, a company incorporated under the laws of Singapore, with office located at 10 Anson Road #14-06 International Plaza Singapore 079903.

As the processing is conducted globally by ActiveViam and its Affiliates, We consider them as joint Data Controllers. Generally, the ActiveViam Affiliate operating in the country where You are located will act as joint Data Controller with other ActiveViam Affiliates, in the operation of their activities, including the management of Your commercial relationship with Us.

ActiveViam’s Affiliates have executed a joint controllership agreement (the “JCA”), which sets out each Affiliate’s obligation to protect Your Personal Data, in particular: (i) facilitating You exercising Your data privacy rights; (ii) implementing security and data protection measures to protect Your Personal Data; and (iii) complying with rules governing Personal Data transfers. The JCA ensures Affiliates’ harmonized compliance with all global data privacy legislation.

Each ActiveViam Affiliate is subject to global data privacy legislation, including the European Regulation 2016/679 of 27 April 2016 (“GDPR”), the UK Data Protection Act 2018, and the California Consumer Privacy Act (together the “Regulations”).

3. Sources of Personal Data

Data that You provide to Us – We collect Personal Data directly from You, including via data collection forms on the Website, license registration, during meetings, negotiations, email exchanges, or as part of performing Our contract obligations. This Personal Data is updated directly by You. Any update by You of Your Personal Data must be immediately communicated to Our relevant departments (marketing department/customer service, accounts, etc.). You are responsible for the content of the Personal Data that You provide to Us and must ensure it is legal, honest, truthful, accurate and not misleading in any way. If You do not provide certain categories of Personal Data, We may not be able to accomplish some of the purposes outlined in this Privacy Policy.

Personal Data obtained by third parties – Personal Data can also be provided indirectly from Your personal devices (computer, cell phones or other devices), through a secure connection to Our information system or through an application programming interface (API) such as Google, Twitter or Instagram. We also use YouTube’s API services. Only where You use the community edition of Our software, we will also gather telemetry data. These third parties’ privacy policies are available on their respective websites. Additionally, We collect Personal Data using Cookies that can analyze Your browsing behavior. We may also receive Personal Data about You via banking or credit institutions where necessary.

Personal Data regarding third parties provided to Us by You – If You provide Us with or give access to Personal Data relating to a third party (e.g. Your colleagues’ or employees’ Personal Data e.g. for maintenance purposes or for partner recommendations), You guarantee that You are authorized to give access to or share such Personal Data and that You can receive any correspondence relating to their Personal Data on their behalf.

4. Characteristics of the processing

Personal Data collected as part of processing is strictly limited to the purpose for which it has been collected. As such, the Personal Data that We collect from You, includes first and last names, email address and phone numbers, employer’s identity (if identifiable by the email’s domain), telemetry and browsing Personal Data (via Cookies).

We also collect Personal Data from Users’ comments particularly when they are reporting events and/or issues on the dedicated ActiveViam GitHub repository.

In addition to the above Personal Data, we process the following Personal Data concerning Users and their employees: position / job title, login and login details.

Personal Data relating to suppliers that we collect include the following: First and last names, email address, contact phone number, banking details, contract documents and qualifications. In addition to the above Personal Data, if You provide us with this information, We also process the following Personal Data concerning Your and Your employees’: position / job title, login details, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives Us information about how You accessed Our Website.

4.1  Contact and information request on the Website

Purposes of the processing

  • Allowing Customers to contact Us on various subjects relating to the company and the services provided, or to contact sales and support teams;
  • Conducting a demo of certain of Our services; and
  • Sending documentation on case studies and on services provided by Us.

Legal basis for processing

Our legitimate interest in facilitating contact, communication and, where appropriate, the beginning of commercial relations, especially since the Customer necessarily expects their Personal Data to be processed for this purpose when contacting Us.

Category of Data Subject

Our Customers.

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region);
  • Professional data (employer name, job title); and
  • Any other Personal Data that may be communicated by the Customer in their communications with Us.

Duration of processing

  • Personal Data relating to prospects are stored for a period of 3 years from the last contact with the prospect; and
  • Personal Data relating to all other Customers’ and their staff are stored for a period of 3 years from the end of the commercial relationship for prospect engagement purposes.

4.2 Management of applications through the Website (re-directed to our HR tool)

For all details of all processing conducted in respect of applicants, including categories of Personal Data, duration of processing and the legal basis for processing, please refer to the HR tool (Bamboo’s) own privacy notice when submitting the application.

4.3 Processing of ActiveViam community

Purposes of the processing

  • Administration of the ActiveViam community: including via a third-party tool (e.g. GitHub),
  • Provision of services: Answering Your comments, questions, dealing with reported issues and providing services. Enforcing Our Website’s Terms and End User License Agreement and protecting Our activities, assets, and Users.
  • License management: We collect and process Personal Data relating to Customers that are using Our software, as set out in the relevant software license and end user license agreements.
  • Auditing: An audit may be carried out and include access to the Personal Data. Internal audits may also be carried out to check that Our processes are being correctly implemented or to verify processing from the Customer database.
  • End user relationship management: In order to provide You with the best service and improve Our solutions, We also process Customers’ Personal Data when managing the termination of a license or in order to offer new services, commercial offers and discounts. As part of Our end user relationship management, We must also record all email exchanges with Users and their employees. Finally, We may conduct surveys on the quality of the services provided in order to improve such services.
  • Marketing: Creation of a database of people interested in Our software and services and conduct possible marketing actions, as well as to manage and send newsletters (where individuals have opted-in).
  • Subscription to a 30-day free trial of Atoti.

Legal basis for processing

  • Performance of a contract (in accordance with license agreements and the Website Terms of Use);
  • Compliance with law and regulations (audits are part of Our legal obligations under DORA and other digital operational resilience legislation and also Our certification process in respect of SOC 2 and ISO27001); and
  • Your consent, particularly with regard to Cookies and marketing activities.

Category of Data Subject

Customers and Users, in particular Our ActiveViam community.

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region);
  • Professional data (company name, job title);
  • Any other data that may be communicated by the Customer or Users in their email or message;
  • Personal Data provided indirectly from Your personal devices (computer or other devices), through a secure connection to Our information system or through an application programming interface (API) such as Google, LinkedIn, GitHub or Instagram, or also YouTube’s API services;
  • For Users: username, password, interests, preferences, feedback and survey responses, information about how You use Our Website, products and services, marketing and communications.
  • IP address, job title, login details, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives Us information about how You accessed Our Website.
  • Telemetry data [MOU1] only when Customers use the community edition of Our software.

Duration of processing

  • Personal Data relating to all other Customers and their staff are stored for a period of 3 years from the end of the commercial relationship for prospect engagement purposes.

4.4 Processing relating to the management of Customers’ relations

Purposes of the processing

  • Negotiation, execution and follow-up of contracts including license agreements;
  • Management of exchanges with Customers;
  • Provision of services;
  • Organization of events and management of invitations and attendees;
  • Communications to Customers about additional product offerings; and
  • Conducting external audits including access to the Personal Data, and internal audits to check that the processes are being correctly implemented.

Legal basis for processing

Execution of a license / contract (Customers’ contracts) and Our legitimate interest in managing and building Customer relations.

Category of Data Subject

Customers

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region);
  • Professional data (company name, job title);
  • Any other data that may be communicated by the Customer or Users in their communications;
  • Personal Data provided indirectly from Your personal devices (computer or other devices), through a secure connection to Our information system or through an application programming interface (API) such as Google, LinkedIn, GitHub or Instagram, or also YouTube’s API services;
  • For Users: username, password, interests, preferences, feedback and survey responses, information about how You use Our Website, products and services, marketing and communications.
  • IP address, job title, login details, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives Us information about how You accessed Our Website.

Duration of processing

For Customers: Duration of the contractual relations and a reasonable period afterwards (depending on the software and services licensed).

4.5 Processing relating to the management of prospects’ relations

Purposes of the processing

  • Commercial and promotional operations for Our products and services and activities;
  • Management of exchanges with prospects (commercial newsletters);
  • Organization of events and management of invitations and attendees; and
  • Managing prospects.

Legal basis for processing

Our legitimate interest to engage with prospects.

Category of Data Subject

Prospects

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region);
  • Professional data (company name, job title);
  • IP address, job title, login details, traffic data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other communication data which gives Us information about how You accessed Our Website.

Duration of processing

3 years from their collection by Us or the last contact from the prospect (request for documentation or a click on a hyperlink contained in an email).

4.6 Processing relating to the management of suppliers

Purposes of the processing

  • Supplier due diligence and selection;
  • Negotiation, execution and follow-up of contracts; and
  • Management of exchanges with suppliers.

Legal basis for processing

Fulfillment of a contract (supplier contracts) or Our legitimate interest in selecting and managing suppliers.

Category of Data Subject

Suppliers

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region); and
  • Professional data (company name, job title);

Duration of processing

Duration of contractual relationships.

4.7 Processing related to billing management

Purposes of the processing

  • Administration of invoicing;
  • Editing of invoices;
  • Receipt of invoices;
  • Payment management; and
  • Accounting entries.

Legal basis for processing

Legal obligation

Category of Data Subject

Customers and suppliers

Category of Personal Data

  • Identity data (name);
  • Contact data (professional email address, phone number, region); and
  • Professional data (company name, job title).

Duration of processing

10 years from the end of the accounting period.

4.8 Management of possible disputes, litigation and pre-litigation

Purposes of the processing

  • Retaining evidence for a possible dispute;
  • Management of exchanges in the event of a dispute; and
  • Drafting the necessary documents in case of litigation or pre-litigation.

Legal basis for processing

Our legitimate interest in preparing, defending and/or settling a dispute.

Category of Data Subject

Suppliers, service providers, consultants, partners, Customers, and applicants, as well as their staff, and Users.

Category of Personal Data

All of the above-mentioned Personal Data as soon as they are necessary for the management of the dispute.

Duration of processing

Retention throughout the duration of the dispute and until: (i) signature of the settlement agreement; or (ii) exhaustion of the means of appeal (litigation).

5. Legal basis for the processing

To summarize, the legal bases for Our processing of Personal Data are as follows:

  1. Compliance with a legal obligation (e.g. anti-money laundering regulation and other Know Your Customer obligations);
  2. Performance of a contract (e.g. of ongoing License Agreements and the Website Terms of Use);
  3. Legitimate interest (e.g. engaging with Customers i.e. e-mailing campaigns about Our products and services and Cookies strictly necessary for the proper functioning of the Website);
  4. Your consent, particularly with regard to non-essential Cookies.

When the provision of Personal Data is mandatory, it will be clearly indicated (e.g. marked with an asterisk in the forms).

6. Who can access Your Personal Data?

Subject to sections 7 and 12 of this Privacy Policy, access to Personal Data is limited to the individuals and departments who require access to such information in order to fulfil their duties within Our organization. Only the appropriate departments can process Your Personal Data and only for their respective legal basis (e.g. Our sales department for contractual relationships, legal department for disputes, IT department for maintenance, etc.).

7. Third party Recipients and Personal Data transfer

We may sometimes use the services of subcontractors or service providers offering SaaS solutions e.g. those in charge of providing administrative services such as accounting or payroll, which require access to the Personal Data to perform their service. Sometimes those services may be located outside of the country where Customer is located, including outside of the European Union. In this case, We impose strict obligations on these third parties in particular regarding the processing of Personal Data, and also confidentiality and security commitments in compliance with the Regulations.

In the following specific cases, We may also communicate Personal Data to third parties:

  • when We have Your consent, including when You choose to disclose information published on the ActiveViam Community section of the Website.
  • As part of the processing for auditing purposes as provided for above, Personal Data may be shared with auditors.
  • If all or part of Our assets are acquired by a third party, Personal Data will become one of the transferred assets. Personal Data will be processed by the purchaser who will act as the new data controller and the purchaser’s privacy policy will then govern the processing of the Personal Data.
  • If We are obliged to disclose or provide access to Personal Data in order to comply with any legal obligation or a court decision, or in order to enforce or perform the service agreement or to protect the rights, property or safety of ActiveViam (including its Affiliates) its Customers and its staff; or
  • If Our transfer of Personal Data is permitted by law.

We never sell Your Personal Data to third parties.

8. Personal Data retention

Personal Data (especially Personal Data that relates to agreements concluded with Us) is stored as long as is strictly necessary and authorized by applicable regulations in order to allow Us to perform Our services, until: (i) You unsubscribe from the Atoti Community; (ii) the termination of any formal agreements with Us; (iii) the duration required by law; or (iv) for a proportionate duration for the services. In any case, the maximum retention term set forth in Regulations will prevail.

9. Actions carried out on Personal Data

The following actions are conducted on Personal Data:

  • Collection and recording;
  • Organization and structuring;
  • Hosting or retention using third-party software;
  • Consultation;
  • External archiving;
  • Transmission, distribution or the equivalent;
  • Modification/consultation by Our Customer services, marketing, accounts or IT departments; and
  • Deleting or destroying.

10. Personal Data localization and security measures

Where Personal Data is hosted by providers globally, such hosting is always in compliance with the Regulations.

We take all suitable precautions to guarantee the confidentiality and security of the Personal Data and to prevent it from being tampered with, corrupted or accessed by unauthorized persons. We have implemented a security policy for Our information systems. Access to your Personal Data is solely limited to people who require such access. This Personal Data is stored on secured servers. A login and password is required to access Personal Data.

11. Your rights

You have the following rights in respect of Your Personal Data as processed by Us:

  • Access to or the right to obtain a copy of Your Personal Data;
  • Rectification of Your Personal Data;
  • Deletion of Your Personal Data that: (i) is no longer needed for the purposes for which it was collected; (ii) is exclusively processed on the basis of Your consent and such consent is withdrawn; or (iii) where We have a legitimate interest in processing Your Personal Data for a specific purpose but You object to the processing (and such objection is upheld).
  • Limit the processing of Your Personal Data temporarily, when: (i) the accuracy of Your Personal Data is challenged; (ii) You have objected to its processing; or (iii) when Your Personal Data is no longer needed by Us, but Your Personal Data is still necessary for the enforcement, exercise or defense of Our/Your rights in court.
  • Unsubscribe or opt out of receiving Our marketing and commercial documents (emails) at any time by clicking on the “unsubscribe” link in any emails or communication sent by Us.
  • Object to the processing or withdraw Your consent at any time when processing of Your Personal Data is based on consent.
  • Request a copy of Your Personal Data that is being processed by Us.
  • File a complaint before the CNIL, the UK Information Commissioner’s Office or any other competent data protection authority.

To exercise any of these rights or for any questions relating to this Privacy Policy, You may contact Us at the following  email address: privacy@activeviam.com.

We may ask You to clarify Your request where: (i) the information required as part of Your request is not sufficiently clear; or (ii) the right You wish to exercise is not easily identifiable.

Before We can comply with any request from You in respect of Your Personal Data, We will require you to provide proof of identity, which will be deleted as soon as possible after verification of Your identity. For individuals submitting a request on behalf of another person, We may require proof of authorization and verification of identity directly from the person for whom the request is made.

In addition, We will not be obliged to respond to Your request if it is manifestly unfounded or excessive, and in particular if it formulates repetitive requests or requests that are too complex to process, which would have the purpose or effect of destabilizing Our activities.

12. CCPA Information

Under the CCPA California residents have the following rights (subject to certain limitations). Please note, while California provides residents with the ability to opt-out of any ‘sales’ or ‘sharing of Personal Data for the purpose of cross-contextual behavioral advertising’ We do not ‘sell’ or ‘share’ Your Personal Data, so this opt-out is not available. 

Additionally, California also provides residents with the ability to limit the use of sensitive personal information to certain enumerated purposes if a company uses sensitive personal information to infer characteristics about a consumer. Since We do not collect information that is sensitive, We do not provide an option to limit the use of sensitive personal information.

We will endeavor to respond to a verified request within 45 days. If We require more time, We will inform You of the reason and extension in writing.

We do not charge a fee to process or respond to a verified Customer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will provide an explanation and a cost estimate prior to completing the request.

We will not discriminate against You for exercising any of Your privacy rights.

13. Cookies

We respect Your privacy. This section applies to the Cookies used by Us on the Website. It describes the information We collect automatically through the use of automated information gathering tools, such as Cookies.

Cookies are small pieces of information or text that are sent to Your computer when You visit a website and are used to store or track information about Your use of that site.

We use Cookies to collect specific information, improve Your browsing experience and make Your interactions with the Website more relevant. For example, We may use Cookies to determine if You have ever visited the Website and to know the features of the Website in which You are interested, which allows Us to better customize the content of Our Website.

We use both session-based cookies and persistent cookies. Session-based cookies only exist for the duration of Your web session and expire when You close Your web browser. Persistent cookies are files that are kept in one of Your browser subfolders until they are manually deleted by You or until they are deleted by Your browser based on the time specified in the persistent cookie file.

The Cookies used by the Website are the following:

  • “Google Analytics”: to find out the number of site visitors and improve Your user experience on the Website;
  • “Targeting cookies”: these cookies allow targeted advertisements to be sent according to the interests of the user.

In addition, the use of the Website may lead to the installation of certain Cookies issued by third parties (communication agencies, audience measurement companies, social networks, YouTube, etc.) that are not controlled by Us. The issue and use of these cookies are subject to the privacy policies of these third parties and subject to Your specific consent.

Web beacons (also known as pixel tags and clear GIFs) are transparent electronic images that can recognize certain types of information on Your computer, such as the type of browser used to display a web page, Your visit to a particular site linked to the web beacon and the description of a site linked to it. Certain pages of the Website, or emails may contain web beacons for the operation and improvement of the Website by Us.

An IP address is a unique identifier that some electronic devices used to identify and communicate with each other on the internet. When You visit the Website, We may consult the IP address of the electronic device You are using to connect to the internet. We use this information to determine the general physical location of the device and to deduce the geographic area in which Our visitors are located. This is Personal Data within the meaning of the Regulations.

Cookies are installed during Your first visit to the Website, but only subject to Your prior consent through the cookies banner which allows You to select the cookies you accept (except the cookies that are technically necessary to access the Website or the services).

You can stop the download of Cookies on Your computer by setting Your browser appropriately. Most browsers will tell You how to stop accepting new cookies, be notified when You receive a new cookie and disable existing cookies. You can get directions by Internet visiting www.allaboutcookies.org and You can also manage, disable or allow cookies by changing Your browser settings by visiting the sites below (depending on the browser):

Please note that the lack of Cookies may prevent You from taking full advantage of the features of Our Website.

We would like to draw Your attention to the fact that Your opposition to the installation or use of a Cookie will be taken into account by the installation of a “refusal cookie” on Your terminal. Therefore, please do not delete this refusal cookie if You wish Your choice to be considered.

14. Contacts

You may address any questions, complaints, recommendations or comments regarding this policy to Us by email at the following address: privacy@activeviam.com

Last updated on 30 April 2025