Privacy Policy

By downloading the Software, User is indicating that the User has read and understood this Software License Agreement and accepts and agrees to its terms and conditions. If the User does not agree with the terms and conditions of this Software License Agreement, do not download or use the Software.

1

Introduction and Objective

This Privacy Policy was last updated on Jan 10, 2018.

ActiveCollab, Inc (“ActiveCollab”, “we“, ”us“, or ”our“) is committed to the lawful, transparent, and fair handling of your personal data and your data privacy. We treat everything related to your personal data with integrity and respect.

2

Scope and Related Policies

This Privacy Policy explains which personal data we process, how we process it, and for which purposes. It also explains your choices about how we use your data.

When we refer to “ActiveCollab”, “we”, or “us” in this policy, we mean ActiveCollab, Inc, which controls the data ActiveCollab collects when you use our services. ActiveCollab offers a collaborative tool, used for project management. References to our product in this policy include our self-hosted and cloud-based tool, website, mobile apps, and desktop app. Together with our support, they are referred to as Services in this policy.

The scope of this policy, along with our Terms of Service and Security Policy, determine how we process your personal data, and they also determine your rights and obligations as our users.

3

Definitions

Personal data is any information relating to an identified or identifiable natural person (‘data subject’). In a nutshell, any data that can identify or point in the direction of a living person.

Processing is any operation or set of operations which are performed on personal data or sets of personal data, whether or not by automated means.

Under this policy, ActiveCollab may be the data controller (“controller”) or the data processor (“processor”) of your personal data, depending on the context of personal data you provide.

A controller can be the natural or legal person, public authority, agency, or another body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. ActiveCollab is a controller when using personal data for the purposes of marketing, reporting, and incentive programs. We do this only when we have a legitimate interest, or when you’ve given us your consent.

A processor can be a natural or legal person, public authority, agency, or another body which processes personal data on behalf of the controller. ActiveCollab is a Processor in cases of user authorization, providing customer support, profile, invoicing and billing functionality, and in other scenarios as defined in our Terms of Service.

User/Client Data for any personal data/information you upload, transmit, or connect while using ActiveCollab services - the natural person or persons to which this data relates are data subjects, and you are the data controller. In our Terms of Service and Privacy Policy, we refer to this data as User/Client Data. Using ActiveCollab to manage your data means that you have engaged ActiveCollab as a data processor to carry out certain processing activities on your behalf.

End Users are users who are not direct users of our Services, meaning they are not the ones being charged for our Services, and there is an administrator or organization administering the Services to them.

Cookies are very small files that are placed on your device when you visit a website. These files usually contain data like the site’s name and a unique user ID. They can be easily viewed and deleted. Cookies are used for a variety of purposes and, since some cookies are used for identifying the user, all cookies are subject to the GDPR.

4

Summary

Your privacy matters. That’s why our policies are all about transparency. In this Policy, we will explain how we collect, use, and share your information. We will also explain how and where we store your data and how we process it. In the next section of our Policy, we will cover these questions:

  1. 1 What data we collect about you
  2. 2 How we use your information/personal data
  3. 3 ActiveCollab as a processor of User/Client Data
  4. 4 How we share your information
  5. 5 Service Processors
  6. 6 Security
  7. 7 How and where we store and process your information
5

Principles

What follows are the principles regarding the data we collect.

5.1 What personal data we collect about you

We collect your data only when you provide it to us while using our Services, and when our third-party processors, which we have appropriate contracts with that are subject to EU regulations, provide it to us. We encourage you to read below our detailed list of all the data we collect and which purposes we do it for.

Many of our features and options require some personal data (essential features and options like communication email and invoicing details), but for non-essential features, you can choose not to provide us your personal data (username, profile picture, etc.). Bear in mind that, in certain situations, providing data is required by law.

Account and profile information
When you register for a trial account, we ask for your email only. When you switch to a paid account, we need more information for billing purposes. In both cases, we collect data for account personalization - it is optional for you to add a profile photo and other details.

Your content provided through our websites
We collect the content you upload while using our websites, including our social media channels. This refers to the feedback you give on our surveys, promotions, events.

Data needed for support channels
When you experience a problem or need assistance, you may need to contact our Support. Whatever the context is (email, ticket, social media channels, audio/video call, chat), you will be asked to provide information related to the problem. This means providing any type of data (contact information, problem explanation, screenshots, etc.) which is necessary for troubleshooting and which may speed up the process of resolving the issue. This process is defined in our Terms of Service, and any issue-related details are necessary in order to provide you with our support services.

Billing information
can be the naWhen you register for a paid account, we collect your payment and billing details through secure payment processing services. We collect information about you or your billing representative: billing information (name and contact information), payment address and payment details (credit card or bank account number). tural or legal person, public authority, agency, or another body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. ActiveCollab is a controller when using personal data for the purposes of marketing, reporting, and incentive programs. We do this only when we have a legitimate interest, or when you’ve given us your consent.

Your content uploaded through our products Using our products (web app, desktop app, mobile apps) means uploading your content for collaboration The content you upload on your cloud account is stored on our servers, and only you can access it. In specific cases, when troubleshooting is needed, our Support may need to check your instance - with your explicit consent and login details. We don’t have any information about the content you upload on your self-hosted account since that content is uploaded to your own servers.

Your use of the Services
We collect information about you while you’re using our Services. We basically keep track of your visits and interactions with our Services. This information includes the features and add-ons you use, details about your collaborating activity, details about your device and operating system, browser type.

Cookies and other tracking technologies
We and our third-party processors use cookies and other tracking technologies to recognize you across different Services and devices and to provide better experience and functionality.

Data from other sources
We also receive data about you from third-party services. This happens when you link or integrate our Services with a third-party service, or when you give consent to other services to use your information. For example, we use third-party service for payment and billing purposes, or our advertising and market research partners provide us with information about your interests and engagements with our Services and online ads. You can see the list of all our third-party processors in section 5.5 of this policy.

5.2 How we use your personal data

Based on the purpose, here we explain how we use your data.

To provide the Services and personalize your experience
We need your data so we can provide our Services to you. Basic activities include transaction processing, authentication, providing customer support, operating and maintaining the Services. For example, we use your email and the photo you provided to identify you to other users on your account. We also use your data to personalize your experience by offering you relevant features and making recommendations.

Research and development
We always strive to improve our Services and integrate them better with other apps you use. That means we use data we collect about how you (and other people) use our Services to shorten the onboarding process, identify trends in user behavior, and create a map of activity patterns. This helps us pinpoint the exact areas for future improvement. Along with this data, we also use all the feedback we get for precise troubleshooting and creating a more friendly and engaging user experience. We keep relying on legitimate interest when it comes to beta testers as well, and the feedback we get from them is solely for the purpose of improving and developing our services.

To communicate with you about the Services
In order for you to successfully use our Services, we create certain communications to shorten your learning curve and create a satisfactory user experience. These communications include onboarding emails, transactional emails, purchase confirmations, subscription expiration reminders, responses to comments, requests and questions, complete customer support service, technical notices and updates, security alerts, administrative messages, promotions, new features. Depending on your settings, we send you email notifications about collaborating activity on your account.
When you sign up for our Services, you agree to these communications, and in most cases, you can’t opt-out of them. When the opt-out option is available, you will find it within the communication itself or in the settings section of your account.

For marketing, promotion, and engagement
We create promotional content that may be of specific interest to you, and that is why we send it via email or display it in our ads. This is why we use your contact information and information about how you use our Services - so the content is as relevant to you as possible. Those ads appear on different websites and platforms (like Facebook and Google). All this content has a purpose of driving engagement and helping you use our Services to the fullest. Besides emails and ads, we also create survey requests, newsletters, informational product content.

To provide Customer Support
When it comes to Support, there are different scenarios in which we need your data, e.g., to assist you with different kinds of requests and needs, to resolve technical issues you reported, to analyze crash details, to repair and improve our Services. When you give us your information, it is shared only with our experts (employees), only for the purpose of giving feedback and resolving the issues as soon as possible, as defined in our Terms of Service.

Security and safety reasons
There are situations when, for certain safety and security reasons, we need to use the data about you and your use of our Services - e.g., to verify accounts, to monitor suspicious or fraudulent activity, to identify violations of our policies.

Legitimate interest and legal rights
We use your data when we need to protect our legal rights, interests, and the interests of others, as well as when we’re required by law to do so. In these cases, as always, we use your data only when necessary.

With your consent
There are specific purposes, not listed above, that require your consent so we can use data about you. We always ask for your permission in these cases (e.g., quoting you on our sales website, or publishing your customer story on our blog). When you give us consent to use your data for a specific purpose, you have the right to change your mind at any time, but if any processing has already taken place, it will stay unaffected.

5.3 ActiveCollab as a processor of User/Client Data

As specified in Article 28 of the GDPR, the relationship between the controller and the processor has to be made in writing. The electronic form is also acceptable under subsection (9) of the same Article. Our Terms of Service and Privacy Policy serve as your data processing agreement. ActiveCollab will process your data based on your written instructions as the data controller unless required by law to act without such instructions.

You may upload and transmit your data inside our Services. We do not view nor control such data, and we process it on behalf of you in accordance with our Terms of Service. You have the responsibility to ensure that all the data you upload and transmit has all the relevant consents or a suitable privacy policy in place to cover the transmission and processing. This means that it is also your responsibility to ensure that any private, sensitive, or confidential information you upload in connection with your use of the Services does not become available or disclosed to unauthorized or unintended viewers. We expressly disclaim any responsibility for your unauthorized or unpermitted sharing, distribution, publication, or display of any private, sensitive, or confidential information.

5.4 How we share your data

When we collect or process your data, our employees here at ActiveCollab are in charge of handling it. Depending on the context, purpose, and data type, members of different teams are in charge. All our employees have gone through extensive and proper training programs, so they are aware of relevant privacy principles and law requirements.

We will never share your data, unless in the ways discussed below.

Sharing with other Service users
When you sign up and start using our Services, other users on your account will be able to see your data. Some of the collaboration features display some or all of your profile information. For example, when you comment on a task, we email subscribers to the task with the comment, your name, and your profile photo.

Sharing with third-party apps
We work with third-party apps to make our Services more integrated and collaboration-friendly for you, our users. When you add new functionality or change the behavior of the Services by enabling third-party apps, you may give those apps access to your data, such as name, email, and any content you decide to share. What you share with those apps and on their websites is governed by their policies, not this one.

Sharing with third-party widgets
Some of our Services contain widgets and social media features. They collect your IP address, details of the page you are visiting on the Services, and they may set a cookie to enable the feature to function properly. These widgets and features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.

Sharing with law enforcement
We will share your data in the situations when: we need to comply with any applicable law, regulation, legal process or governmental request, including meeting national security requirements; enforce our Terms of Service, Privacy Policy and other agreements; protect the security and integrity of our products and services; we believe need to respond to an emergency related to preventing someone’s death or serious injury; we need to protect ActiveCollab, our customers, or the public from harm or illegal activities.

Sharing with your consent
When you give us your consent, we will share your data with third parties. For example, we might share, with your consent, your name and the name of your company as part of the testimonial on our website. You can revoke your consent at any given moment, just contact us and send us your request.

Sharing in business transfers
If a merger, sale of company assets, financing, or acquisition of all or a portion of ActiveCollab to another company happens, you will be notified via email. This will inform you about the choices you may have regarding the situation.

Sharing with third-party service processors
In the next section, we listed all the third-party processors we have contracts with. We work with them to provide website and application development, hosting, maintenance, backup, storage, payment processing, and other services for us, which may require them to access or use some data about you. When these Service Providers require to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.

5.5 Service Processors

Sometimes we use third-party processors to process some or all of your personal data. Here we listed all of them. We made sure that we’ve signed contracts only with third-party processors who are GDPR compliant. These third-party processors have access to your personal data only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purposes.

Help Scout: our Customer Care team uses this help-desk software to stay in touch with you. This software uses only your email and name, for the purpose of us getting back to you, assisting with your requests, and resolving the issues you might have. Here you can read how Help Scout deals with privacy.

Crisp: this is a messaging platform our Customer Care team uses to chat with you. Crisp uses only your email, and we chat with you wherever you start a conversation over our website or straight from our app. The most frequent case is the need for customer support.

Stripe: this tool processes your payments to us. We use it for billing purposes only. Stripe collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how Stripe deals with privacy, read this.

FastSpring: this is a cloud-based eCommerce that we use as a billing platform. Like Stripe (mentioned above), Fastspring collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how FastSpring deals with privacy, read this.

Google Analytics: : this is a web analytics service that tracks and reports website traffic. Google uses the collected data to track and monitor the use of our Services. It may use the data to contextualize and personalize the ads of its own advertising network. For more information about Google’s privacy practices, read this.

Google AdWords: this is a remarketing service provided by Google Inc. Here you can control the information Google uses to show you ads or make the ads more useful to you. If you want to learn more about Google’s privacy policy, follow this link.

Meta Ads Manager: This is an advertising management tool developed by Meta (the owner of Facebook, Instagram, WhatsApp, and Threads). It’s designed to create ads, manage when and where they’ll run, and track how well those advertisements perform. Meta can match a business’s CRM data (email, telephone number) to people in their database to create a Custom Audience for advertising campaigns. Meta Pixel Code uses cookies for advertising purposes on the Meta advertising network.

LinkedIn Ads Manager: This is an advertising management tool that LinkedIn developed. It is designed to create ads, manage when and where they’ll run, and track how well those advertisements perform. LinkedIn can match a business’s CRM data (email, telephone number) to people in their database to create a Custom Audience for advertising campaigns. LinkedIn Insight Tag uses cookies for advertising purposes on the LinkedIn advertising network.

MailChimp: we use this marketing automation platform for staying in touch with you via email. This occurs when we send you our newsletter or include you in our incentive program. This is where you can read more about MailChimp’s policy.

Google Drive: this is a service developed by Google, and we use it for file storage. This is the place where we temporarily keep your data for the purposes of reporting, customer care, feedback analysis, usability testing, marketing, incentive programs. For more information about Google’s security policy follow this link.

Zoom: this is a cloud platform we use for video calls. With your permission, sometimes we record video calls, only for the purposes of improving our customer care and sales process. Videos along with your name and number (if given) are always deleted within 2 weeks.

Skype:: this software temporarily collects only your number when you leave us a message. We use that data only to get back to you and for no other reason. After a successful call, your number is deleted.

Intercom: We use this tool to provide you with customer support and improve your experience while using ActiveCollab. For this purpose, we may provide a limited amount of your information to Intercom, such as your sign-up date, your name, your email address, your organization name, your interactions with ActiveCollab, and similar to be able to assist with your requests, resolve any issues you may have, and provide you with interactive guidance regarding ActiveCollab. At the same time, we may collect information using Intercom about your interactions with ActiveCollab, your feedback about our product, and some personal information like your name, email address, organization details, etc. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles, and physical addresses, to enhance your user experience. For more information, please visit Intercom's Terms and Policies and Product Privacy Notice.



5.6 Security

We’ve designed our platform to offer you a secure-by-default experience. When it comes to customer data security, encryption, storage, and backups, everything we do is described in our Security Policy. We encourage you to read it and contact us if you have any questions or concerns.

In case of a data breach, we will follow the implemented procedures which ensure we will inform you and respond to the data breach in a timely manner.

5.7 How and where we store and process your data

Where we store and process your data
Personal data collected by ActiveCollab is stored and processed in the United States, Canada, France, and in Serbia, where ActiveCollab’s operating facility is located. Our primary storage locations are in Canada and the USA, with an offsite backup in France. We make sure that the data we collect under this privacy statement is processed according to the provisions of this policy, our Terms of Service, and the requirements of applicable law wherever the data is located.

How we handle data transfers
We transfer, process, and store your data from your region to Serbia or wherever our third-party processors operate, only with the purpose of providing you with our Services. Serbia is not a member of the European Economic Area, but we use a variety of legal mechanisms and contracts to ensure that your rights and protections travel and apply with your data.

Deleted data
When you cancel your account, we’ll delete all of your data in the following 30 days.

6

Rights of data subjects

We will always make sure you’re allowed to correct, amend, delete, or limit the use of your data. You can update your data directly within your account settings section. However, if you’re unable to do that, please contact us to make the required changes. Also, if you want to exercise any of the rights listed below, contact us. Keep in mind that, if you are an end user, you may need to contact your administrator to assist with your requests first.

Right to be informed
You can ask for details about the collection and use of your data at any time. This also includes the purposes for processing your data, retention periods for that personal data, and who it will be shared with.

A right of access and rectification
A right of access is your right to access all the personal data we hold about you, and your right to obtain information about how we share, store, secure and process that data. A right of rectification is your right to request correction of any inaccurate personal data we hold about you.

Right to delete personal data and data retention
This is your right to request the deletion of all personal data we hold about you. This right is subject to certain limitations under applicable law. If we fulfill your request, you might not be able to use our Services any longer. Your data will be deleted from all our storage devices and servers in the following 30 days after the fulfillment of your request.

Right to data portability
This is your right to request a copy of the personal data we hold about you, in a commonly used electronic format, and the right to transmit it to another party.

Right to restrict personal data processing
This is your right to request restriction of how and why we use or process your personal data.

Right to object to processing justified on legitimate interest grounds
This is your right to object to how or why we process your personal data.

Right to withdraw consent
You have the right to withdraw your consent at any time. This action won’t affect the lawfulness of processing based on consent before its withdrawal.

Right to not be subject to Automated Decision-Making
This is your right not to be subjected to a decision based solely on automated processing, including profiling.
This right is limited and not applicable in cases when the decision is: authorized by law (e.g., for the purposes of fraud); based on your explicit consent; necessary because of the contract between an organization and you.

Right to submit complaints or report abuse for EU-based users
If you think that the processing of your personal data infringes applicable laws, you have the right to lodge a complaint with a supervisory authority in your country of residence.
If you need to report abuse, or if you have any questions about exercising the rights listed above, we strongly advise you to contact us.

7

Children & minors

Even though our website and Services are not designed for children under 16 years old, we realize that a child under the age of 16 might try to access our Website and Services. We do not knowingly collect personal data from children under the age of 16. If you are under 16 years old, don’t use or provide any data on our Website and Services. If we find out that we’ve collected or received personal data from a child who is under 16 years old, we will delete all that data within a reasonable period of time. Before we remove any data, we may ask for proof of identification to prevent malicious removal of account information. If you believe we might have information about or from a child who is under 16 years old, contact us at privacy@activecollab.com. You acknowledge that we don’t verify the age of our users nor do we have any liability to do so.

8

Updates and changes to privacy policy

We may change this privacy policy from time to time, only to provide greater transparency and inform you of any changes. If a significant change happens, you’ll be notified via email, or we’ll provide prominent notice on our website. All the prior versions of this policy will be kept in an archive, for your review. You can review our privacy policy at any time, and we encourage that, so you are always up to date with our practices and your rights when it comes to protecting your privacy.

9

Contact Us

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to privacy@activecollab.com. For other ways of contacting us, please visit this page on our website.

10

Other optional elements that you should consider adding to the policy

10.1 Links to other websites

Our Services (website and apps) contain links to other websites. We are not responsible for the content of those websites, or their privacy policies. If you visit those websites, keep in mind that any information that you disclose and/or share on them becomes public information. We strongly advise you to review privacy policies and other general terms of use of every website you visit.

10.2 Do not track

ActiveCollab is a collaboration tool. People want and need to know who they are working with and talking to, which is why our Services don’t respond to DNT signals. There’s a wide range of other tools to control data collection and usage. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.

10.3 Notice to End Users

If our Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the end-users and/or Service sites over which it has control. This means that you should direct your questions about data privacy to your administrator since your use of the Services is subject to that organization’s policies. Administrator organization’s security policies may be different from ours, and we are not responsible for it.

If you are a member of a team administered by an organization, or if you use an email address provided by an organization to access the Services, then the administrator of that team, or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. Administrators are able to control and restrict your access and privileges within our apps. In some cases, they might even be able to edit your account information and control integrations with third-party apps. If you need any clarifications or more information, contact your organization, or learn more by reading the organization’s policies.