Privacy Policy

ALLVUE SYSTEMS PERSONAL DATA PRIVACY POLICY

January 1, 2020

In this Privacy Policy (this “Policy”), Allvue Systems LLC (“Allvue”) explains how the Personal Data (as defined below) is collected, used, maintained, disclosed and transferred by Allvue. Allvue operates as a data processor of its customers, and as such, will process all Personal Data (as defined below) according to its contractual agreements with its customers (“Customer Agreements”) and as otherwise required by law.

“Personal Data” is defined as information relating to an identified or identifiable living individual that Allvue customers and their end-users input or upload into the software and other products, solutions or services offered by Allvue (collectively, “Allvue Products”) for processing. It does not include data Allvue collects from visitors to its websites, nor data Allvue collects about its customers or prospective customers, vendors, service providers, professional advisors, consultants, and other third parties otherwise in the course of doing business; for example, to manage Allvue customer accounts or to communicate with them or to engage Allvue vendors.

If you have any questions regarding this Policy, please email us at privacy@allvuesystems.com or contact Allvue as described in the “How to Contact Us” section below.

SCOPE

This Policy only applies to Personal Data for which Allvue is a data processor.

COLLECTION PURPOSES, USE OF PERSONAL DATA

The Personal Data transferred to Allvue for processing is determined, directed and controlled by customers, in their sole discretion. As such, Allvue has no control over the type, volume or sensitivity of Personal Data processed through the Allvue Products as input by its customers or their end users. Allvue only processes Personal Data on behalf of its customers and in accordance with their instructions provided in the applicable Customer Agreements with Allvue.

The Personal Data processed may include the following categories of data for data subjects:

  1. Identification information for customer’s employees, contractors, agents, end users or other third parties, including contact information (name, business entity, address, telephone number (fixed and mobile), e-mail address, fax number), employment information (job title, employer), username, geographic location, area of responsibility and IT information (IP addresses, usage data, cookies data, online navigation data, location data, browser data);
  2. Identification information for anyone who uses the Allvue Products at the request of and in connection with the business of Allvue customers.
  3. Any other Personal Data that Allvue customers or their users choose to input into the Allvue Products or in the content of the communications that are sent to and received by Allvue.

Allvue acts as a data processor or sub-processor with respect to this Personal Data. Allvue limits the interaction with Personal Data to the following purposes:

Allvue customers are responsible as data controllers for ensuring that (i) their end-users receive proper notice of the applicable customer’s privacy practices, (ii) Personal Data is obtained in accordance with all applicable laws, and (iii) their end-users are given a choice regarding Allvue’s processing activities with respect to Personal Data. If a customer’s end-user has any questions or concerns related to the handling of Personal Data, the end-user may contact Allvue as described in the How to Contact Us section and Allvue will work with the customer to address the end-user concerns.

DATA TRANSFERS TO THIRD PARTIES

Allvue does not sell or loan Personal Data to any third parties; however, Allvue may share Personal Data with third parties as follows:

  1. Within Allvue consistent with this Policy; and
  2. With subcontractors and other third parties under contract subject to appropriate confidentiality obligations in each case as necessary to perform business-related functions such as to help support and improve the Allvue Products on behalf of or at the direction of Allvue.

OTHER DISCLOSURES

Under certain circumstances, Allvue may be required to disclose Personal Data in response to valid requests by governmental authorities, including to meet national security or law enforcement requirements.

Allvue will attempt to refer any request for disclosure of Personal Data by governmental authorities, including those received for national security or law enforcement reasons, to the customer. Allvue may, where legally obligated to do so, disclose Personal Data to law enforcement or other government authorities, in which case Allvue will notify its customer of such a request (unless prohibited by law to do so) and will furnish only that portion of the Personal Data that is legally required. Allvue is liable for appropriate onward transfers of Personal Data to third parties.

SECURITY

Allvue maintains appropriate physical, technical, administrative, and organizational security measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, including where appropriate:

  1. the pseudonymisation and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  3. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

While Allvue employs security measures to protect Personal Data in the Allvue Products, Allvue customers, and their end-users, should only access the Allvue Products within a secure environment and take appropriate steps to always ensure that login credentials and passwords are always kept safe. Customers should notify Allvue as soon as possible if they become aware of any misuse of their user IDs, passwords, or accounts, and immediately change their passwords within the Allvue Products in accordance with the “How to Contact Us” section below.

RETENTION

Allvue retains Personal Data and any other data collected through the Allvue Products in accordance with the timeframes set out in the relevant Customer Agreements with its customers. Allvue’s retention periods may change:

  1. If there is a legal obligation (or change to a legal obligation) applicable to Allvue (for example, certain laws require Allvue to keep records of transactions for a certain period before Allvue can delete them); and
  2. If retention is advisable based on legal opinion (such as, for statutes of limitations, litigation or regulatory investigations).

CROSS BORDER TRANSFERS

Personal Data will not be transferred outside of the European Economic Area or the United States (where the EU-US Privacy Shield Framework applies) without additional contractual or extra contractual measures that have been adopted or approved by the European Commission being taken.

Allvue complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Economic Area to the United States.

Allvue has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Allvue’s certification, please visit https://www.privacyshield.gov

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Allvue is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and commits to cooperate with EU data protection authorities.

DATA ACCESS

Allvue takes reasonable steps to determine who gains access to Personal Data. Allvue’s User Access Management guidelines are based on the “Principle of Least Privilege,” and access to Personal Data shall be limited by that principle, which requires that privileged access must be provisioned with the minimum level of access to non-public data which is required to satisfy a user’s job responsibilities.

GENERAL DATA REQUESTS

If any data subjects have questions or concerns about the processing of Personal Data, they should contact Allvue’s customer (i.e., the controller) directly or read their privacy policy. Similarly, an individual who seeks to access Personal Data, or to correct, amend, or delete Customer Data, should direct their query to the customer. If a customer asks Allvue to retrieve, amend or remove the Personal Data, Allvue will do so in accordance with the Customer Agreements with such customer and Allvue’s Privacy Shield commitments.

Allvue’s customers who want to find out more about the data security settings on their account can refer to their agreement or other applicable Customer Agreements with Allvue or contact Allvue directly for further information.

You may decline to receive mail or email from Allvue that does not relate directly to your access to or use of the Allvue Products. If you wish to receive “support-only” communication at any time or if you wish to change your name, company name, email address, or any other part as your business contact information as listed in your contact profile, please email Allvue at privacy@allvuesystems.com

You can also unsubscribe from our marketing communications by following the unsubscribe mechanism in the applicable e-mail message. Please note that if you do opt-out of receiving marketing- related emails from Allvue, we may still send you important administrative messages, and you cannot opt-out from receiving account-related or other administrative messages.

DISPUTE RESOLUTION

Allvue commits to resolve complaints regarding processing, use and disclosure of Personal Data in accordance with this Policy. Individuals with inquiries or complaints regarding Allvue’s compliance with this Policy should first contact Allvue at: privacy@allvuesystems.com. Allvue will investigate and attempt to resolve all complaints and disputes.

Allvue has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint. If an individual has an unresolved complaint or concern that is not addressed satisfactorily or timely, that individual may contact our U.S. based third party dispute resolution provider (free of charge), the International Center for Dispute Resolution/American Arbitration Association (“ICDR/AAA”). Please contact or visit ICDR/AAA for more information or to file a complaint (http://go.adr.org/privacyshield.html).

In certain circumstances, you may have the ability to invoke binding arbitration to address any complaint that Allvue has violated its obligations under this Policy to you and has not been otherwise resolved such violation.

HOW TO CONTACT US

If you have any questions regarding this Policy or if you need to request access to or update, change or remove personal information that Allvue processes on your behalf, you can do so by contacting:

Allvue’s Systems Privacy Team at:
396 Alhambra Cir | Suite 1100 | Coral Gables | FL 33134
Main: +1.305.901.7060
Email: privacy@allvuesystems.com

AMENDMENTS

Allvue reserves the right to change, modify, add or remove portions of this Policy from time to time and in its sole discretion but will update the public that changes have been made by indicating on this Policy the date it was last updated.

COOKIES

For more information about cookies and how we use them, please read our cookie page.