top of page

Privacy Policy

This Privacy Policy explains how ActtraQ (“ActtraQ”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you visit our website, interact with us as a business contact, or use services we provide to our clients.

 

We are committed to handling personal information responsibly and in accordance with applicable privacy laws, including Quebec’s Act respecting the protection of personal information in the private sector (as amended by Law 25), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other laws that apply to our operations.

(Last update: 2026-04-05)

1. Who we are and how to contact us

ActtraQ is operated by a company incorporated under the laws of Canada (Quebec), with its registered office at 951-200 rue Peel Montréal (Québec) H3C0Z7 Canada. For any question about this Privacy Policy, to exercise your rights under applicable law, or to submit a privacy-related complaint, you can contact Marcel Vienneau (“Privacy Officer / Responsable de la protection des renseignements personnels”) by email at privacy@acttraq.com.

2. Scope of this policy

This Privacy Policy applies to personal information we collect:

  • when you visit acttraq.com or any ActtraQ-operated webpage linking to this policy;

  • when you communicate with us (including through contact forms, email, phone, events, or social media);

  • in the course of our business relationships with existing or prospective clients, partners, suppliers, and job applicants.

 

What this policy does not cover

ActtraQ provides card-linked marketing, loyalty, and payment-related services to financial institutions, merchants, and other business clients. When we process personal information on behalf of those clients — for example, transaction data of their cardholders — we do so as a service provider (processor) under their instructions and subject to a written agreement with them. In those cases, our clients are the controllers of that information, and their own privacy notices govern the collection and use of that data. Individuals should contact the relevant financial institution, merchant, or program operator directly for questions about data processed in that context.

3. Personal information we collect

The categories of personal information we collect depend on how you interact with us.

 

A. Website visitors

When you visit our website, we automatically collect limited technical information such as IP address, browser type and version, device type, operating system, referring URL, pages visited, date/time of access, and similar log data. We also place cookies and similar technologies as described in Section 12.

 

B. People who contact us or fill in forms

If you submit a contact form, request a demo, subscribe to communications, or otherwise reach out, we collect the information you provide, which typically includes name, business email, company, job title, country, and the content of your message.

 

C. Business contacts, clients, partners, and suppliers

In the course of commercial relationships, we collect business contact details, information relating to the services being provided or procured, correspondence, meeting notes, contract and billing information, and similar records. Some of this may be collected from public business sources (e.g., LinkedIn, public company registries) for prospecting purposes.

 

D. Job applicants

If you apply to work with us, we collect the information in your application (CV, cover letter, references) and any information generated during our recruitment process.

 

E. Cardholder and end-user data (processed on behalf of clients)

As noted in Section 2, when our clients engage us to deliver card-linked offers, loyalty, or related services, we receive and process personal and transaction information about cardholders and end users under our clients’ instructions. We do not determine the purposes and means of that processing. See Section 2 above for where to direct questions about this data. We do not knowingly collect sensitive personal information (such as information about health, racial or ethnic origin, religious beliefs, political opinions, sexual orientation, or biometric data) through the website.

4. How we use personal information

We use personal information for the following purposes:

  • Operating and securing the website — ensuring it functions, detecting and preventing abuse, malfunction, and security incidents.

  • Responding to inquiries — answering your questions, providing demos, and following up on your request.

  • Business development and client management — communicating with prospects, clients, and partners about services, proposals, events, contracts, invoices, and account matters.

  • Marketing communications — sending information about ActtraQ products, events, and insights, where permitted by law or with your consent. You can opt out at any time (see Section 7).

  • Recruiting — evaluating applications and contacting candidates.

  • Legal and compliance — meeting our legal, regulatory, tax, and contractual obligations; establishing, exercising, or defending legal claims.

  • Service delivery to clients — as a processor on behalf of clients, strictly according to their instructions and the underlying services agreement.

 

We do not sell personal information.

5. Legal bases for processing

Where applicable privacy law requires us to identify a legal basis for processing personal information, we rely on one or more of the following:

  • Performance of a contract — to provide services requested by you or our clients.

  • Legitimate interests — for example, to operate and improve our website, develop our business, protect our systems, and pursue commercial relationships, provided those interests are not overridden by your rights.

  • Consent — for example, for certain marketing communications and for non-essential cookies, where consent is required.

  • Compliance with a legal obligation — when processing is required by law.

 

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

6. Automated decision-making and AI

Some services we provide to our clients involve the use of artificial intelligence, machine learning, and other automated analytical techniques — for example, to score the relevance of a card-linked offer for a cardholder. Where an ActtraQ-operated system renders a decision based exclusively on automated processing that produces legal or similarly significant effects concerning you, the relevant controller (typically our client — the bank, issuer, or merchant) is responsible for informing you, upon request, of:

  • the personal information used to render the decision;

  • the reasons and the principal factors and parameters that led to the decision; and

  • your right to have the personal information corrected.

 

You also have the right to submit observations to a person in a position to review the decision. Please contact the controller — the financial institution, program operator, or merchant — for these requests in respect of data processed under their control.

 

For decisions made by ActtraQ itself (for example, in evaluating job applications), no decision producing legal or similarly significant effects is made on a fully automated basis. 

7. Your rights

Depending on your location, you may have the following rights regarding your personal information:

 

  • Access — obtain confirmation of whether we hold personal information about you, and a copy of that information.

  • Rectification — ask us to correct inaccurate or incomplete information.

  • Erasure / de-indexing — ask us to delete personal information, or cease its dissemination, in certain circumstances.

  • Portability — receive personal information you provided to us in a structured, commonly used technical format, where applicable.

  • Objection / restriction — object to, or ask us to restrict, certain processing.

  • Withdraw consent — where processing is based on consent.

  • Opt out of marketing — unsubscribe from marketing communications at any time using the link in the message or by contacting us.

  • Lodge a complaint — with the supervisory authority for your jurisdiction, for example:

    •  

      Quebec: Commission d’accès à l’information du Québec

    • Canada (federal): Office of the Privacy Commissioner of Canada

    • Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)

    • EU/EEA: your local data protection authority

 

To exercise any of these rights, contact our Privacy Officer using the details in Section 1. We will respond within the timeframe required by applicable law (for Quebec residents, within 30 days). We may need to verify your identity before acting on a request.

8. Sharing of personal information

We share personal information only as needed and with appropriate safeguards:

 

  • Service providers (subprocessors) — including hosting, email and marketing platforms, who process personal information on our behalf under written contracts. 

  • Clients — where we have processed information on their behalf, we return it to, or handle it as instructed by, the client controller.

  • Professional advisors — lawyers, auditors, insurers, and similar advisors, under duties of confidentiality.

  • Authorities — when required by law, court order, or to protect our rights, property, or safety, or those of others.

  • Corporate transactions — in connection with a proposed or actual merger, acquisition, financing, reorganization, or sale of assets.

 

We do not sell personal information.

9. International transfers

ActtraQ is based in Montreal, Canada. Because we operate across North America and Latin America, personal information we collect may be stored and processed in countries other than the one where you reside, including Canada, Mexico, the United States, and countries where our service providers operate. Laws in those countries may differ from those in your country of residence.

 

Before communicating personal information outside Quebec, we conduct a Privacy Impact Assessment as required by Quebec law, taking into account the sensitivity of the information, the purposes of the communication, and the legal regime applicable in the destination jurisdiction. Where transfers occur, we use appropriate safeguards, including contractual protections, to ensure a level of protection equivalent to that required under applicable Quebec and Canadian law.

10. Data retention

We retain personal information only for as long as necessary for the purposes described in this policy, unless a longer retention is required or permitted by law. Retention periods are determined based on:

 

  • the nature and sensitivity of the information;

  • the purposes for which it was collected;

  • applicable legal, regulatory, tax, accounting, and reporting obligations;

  • the need to establish, exercise, or defend legal claims.

11. Security

We implement technical, physical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, and alteration. These measures include access controls, encryption in transit (and where appropriate at rest), network security monitoring, secure software development practices, employee training, and contractual obligations on our service providers. No system is perfectly secure, but we work to meet and maintain industry standards appropriate to the sensitivity of the information we handle.

 

In the event of a breach of confidentiality involving personal information that poses a risk of serious injury, we will notify affected individuals and the Commission d’accès à l’information du Québec as required by law.

12. Cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device that allow us and our providers to recognize your device, remember preferences, and understand how the site is used.

 

We use the following categories:

  • Strictly necessary cookies — required for the site to function (e.g., session management, security). These cannot be switched off.

  • Analytics cookies — help us understand how visitors use the site so we can improve it.

  • Marketing cookies — used to measure the effectiveness of our communications and, where relevant, to serve relevant content on other sites.

 

You can manage non-essential cookies at any time through the cookie preferences banner, and you can also adjust your browser settings to refuse cookies. Refusing some cookies may affect your experience on the site.

13. Children

Our website and services are not directed to children, and we do not knowingly collect personal information directly from children. If you believe a child has provided personal information to us, please contact our Privacy Officer and we will take steps to delete it. 

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy here and update the “Last updated” date at the top. For material changes, we will take reasonable additional steps to notify you (for example, a prominent notice on the website).

15. Questions or complaints

If you have any question, concern, or complaint about this Privacy Policy or our handling of personal information, please contact our Privacy Officer at the address in Section 1. We take every complaint seriously and will respond within the time required by applicable law. If you are not satisfied with our response, you have the right to contact the supervisory authority in your jurisdiction (see Section 7).

Section1
Section 7
Section 2
Section 12
bottom of page