Get in Touch

Actimize Product Privacy Notice (Controller)

Last Updated: April 14, 2026

Introduction & Scope

This Product Privacy Notice (the "Notice") explains how Actimize and its affiliates (collectively, "Actimize," "we," "us," or "our") collect, use, disclose, and otherwise process Personal Data as a data controller when you access, subscribe to, or use any Actimize Software, or Service that references this Notice (the "Products"). This Notice applies only where Actimize alone determines the purposes and means of processing the Personal Data. Depending on the Product and configuration, Actimize may act as a controller, or processor/service provider. This Notice does not apply to: (a) Product uses where Actimize acts solely as a processor/service provider to our customers which are subject to the applicable customer privacy notice and a data processing agreement, or (b) our public websites or marketing properties, which are governed by the NICE Corporate Privacy Policy available at Privacy Policy | NiCE.

Who We Are

Actimize is part of the NICE group of companies. The controller is the Actimize entity that provides the applicable Product to you or your organization (for example, Actimize Inc., Actimize Ltd., or Actimize UK Limited). Contact details for privacy inquiries are provided in the “How to Contact Us” section below.

Definitions

"Personal Data" means any information that identifies or relates to an identified or identifiable natural person and that is protected as personal data or personal information under applicable law. "Cookies and Similar Technologies" means cookies, SDKs, pixels, web beacons, local storage, and similar tracking technologies.

Personal Data We Collect as Controller

We collect the following categories of Personal Data directly in connection with the Products when acting as a controller:

  • Account and identity data (e.g., names, business contact details, usernames).
  • Financial data (e.g., transactional information, banking activity).
  • Authentication and security data (e.g., passwords, multi‑factor tokens, role/permission assignments).
  • Support and communications data (e.g., support tickets, call/chat recordings, screenshots, metadata about your requests).
  • Audit and event logs (e.g., access logs, administrative actions, change history).
  • Device and technical data (e.g., IP address, device identifiers, browser and OS information, language, time zone settings).
  • Cookies and similar technologies as described in the Cookies section of this Notice.

Sources of Personal Data

We obtain Personal Data (i) directly from you or your financial institution’s administrators; (ii) automatically from your use of the Products; and (iii) from our affiliates and service providers who support the Products. Where permitted by law, we may also combine Personal Data with information from publicly available sources.

 Purposes and Legal Bases for Processing

We process Personal Data for the purposes and under the legal bases set out below. Where GDPR/UK‑GDPR applies, our legal bases are identified in parentheses:

1. Provide, operate, and support the Products; create and manage accounts; authenticate users; enable features; and deliver customer support (performance of a contract; legitimate interests).

2. Secure the Products, users, and our operations, including fraud prevention, incident detection, monitoring, troubleshooting, and auditing (legitimate interests; legal obligation).

3. Improve and develop the Products, including analytics, quality assurance, and service enhancements (legitimate interests).

4. Comply with legal obligations and respond to lawful requests, court orders, and regulatory inquiries (legal obligation).

5. Communicate with you about updates, security notices, and transactional information (performance of a contract; legitimate interests).

6. With your consent where required by law, conduct optional surveys or send certain marketing communications (consent).

7. AML-related processing conducted to comply with applicable anti-money laundering and counter- terrorist financing laws and regulatory obligations (legitimate interests; legal obligation) and to support customers in meeting their own regulatory obligations.

8. Fraud detection and prevention activities not mandated by law (performance of a contract; legitimate interests), subject to documented balancing assessments conducted by participating institutions.

Cookies and Similar Technologies

We use strictly necessary cookies within the Products for authentication, security, session management, and load balancing. Where the Product integrates with web properties that use analytics or advertising cookies, we will seek consent where required by law (e.g., under the EU/UK rules on electronic communications). You can manage cookies through your browser settings and, where applicable, through product‑specific preferences. For our broader website cookie practices, please refer to the NICE Corporate Privacy Policy (Privacy Policy | NiCE).

Disclosures of Personal Data

We disclose Personal Data to: (i) Actimize affiliates for intra‑group operations consistent with this Notice;

(ii) service providers and vendors who host, support, or otherwise process data on our behalf under appropriate contractual safeguards; (iii) competent authorities where required by law; and (iv) other third parties in connection with a corporate transaction (e.g., merger, acquisition, or asset sale). We do not sell or share Personal Data as those terms are defined by the California Consumer Privacy Act (as amended by the CPRA).

International Data Transfers

Actimize is a global organization. Where Personal Data is transferred outside the country of collection (including transfers from the EEA/UK/Switzerland), we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum or other legally recognized mechanisms. We also rely on adequacy decisions where available. Copies of relevant transfer safeguards may be requested using the contact information below, subject to redactions for confidentiality and security.

Data Security

We implement technical and organizational measures designed to protect Personal Data, including access controls, encryption in transit and at rest where appropriate, network and endpoint security, logging and monitoring, vulnerability management, and workforce training. No method of transmission or storage is fully secure; we maintain and test controls intended to reduce risks to an acceptable level.

Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Notice, including to comply with legal obligations, resolve disputes, enforce agreements, maintain business and security records, and meet retention requirements in applicable laws and standards. Retention periods vary by data category and Product; we apply documented criteria such as the nature and sensitivity of the data, potential risk of harm from unauthorized use or disclosure, and legal/regulatory requirements.

Where required under applicable law, we will delete or anonymize Personal Data upon verified request, subject to legal, regulatory, or contractual retention requirements.

Where Personal Data has been irreversibly anonymized such that individuals are no longer identifiable by any reasonably likely means, such data is no longer considered Personal Data and may be retained for analytical and service improvement purposes. Certain aggregated, statistical, or anonymized outputs generated through risk insights network-based analytics may be technically incapable of being separated from the broader dataset once anonymized. Such data will not identify any individual and is retained solely for lawful economic crime prevention purposes.

Your Privacy Rights

Your rights depend on your location and the applicable law. Subject to limitations, you may have the right to: (i) access your Personal Data; (ii) request correction; (iii) request deletion; (iv) object to or restrict processing; (v) data portability; and (vi) withdraw consent where processing is based on consent. Where we rely on legitimate interests, you may object and we will consider your request consistent with applicable law.

California Privacy Rights (CCPA/CPRA)

For California residents, we provide the following disclosures: (a) we collect the categories of personal information described in the “Personal Data We Collect” section; (b) we use and disclose such information for the purposes described above; (c) we do not “sell” or “share” personal information (including for cross‑context behavioral advertising); (d) we do not use or disclose sensitive personal information for purposes that require a right to limit under the CPRA; and (e) we do not offer financial incentives tied to the collection, retention, sale, or sharing of personal information. You have rights to know/access, correction, deletion, portability (to the extent required), and non‑discrimination. You may exercise these rights using the contact methods below.

Other Jurisdictions

  • U.S. State Privacy Rights: We do not process Personal Data for targeted advertising and do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects for the purposes of detection and prevention of fraud, money laundering, and fighting financial crime and compliance related issues.
  • EU/UK: We process Personal Data under the GDPR/UK‑GDPR legal bases such as performance of contract, legitimate interests or compliance with legal obligations, and honor data subject rights.
  • Brazil (LGPD): We process Personal Data under LGPD legal bases such as performance of contract, compliance with legal obligations, and legitimate interests, and honor LGPD rights (access, correction, deletion, portability, anonymization, review of automated decisions, and information about processing).
  • Canada (PIPEDA): We process Personal Data consistent with the principles of accountability, identifying purposes, consent (where required), limiting collection/use/retention, accuracy, safeguards, openness, individual access, and challenging compliance.
  • Israel and Asia-Pacific (APAC): We process Personal Data in accordance with applicable local laws and guidance, including Israel’s Privacy Protection law and regulations, and comparable laws in APAC jurisdictions where we operate. Where local law requires consent for certain processing (e.g., electronic marketing), we will obtain it.
  • South Africa (POPIA): We process Personal Data in accordance with the Protection of Personal Information Act, 2013, including requirements relating to lawful processing, transparency, security safeguards, and data subject participation rights (including access and correction).
  • Australia (Privacy Act 1988): We process Personal Data in accordance with the Australian Privacy Act and the Australian Privacy Principles, including requirements relating to collection, use and disclosure, data quality, security, and cross-border disclosures.
  • New Zealand (Privacy Act 2020): We process Personal Data in accordance with the New Zealand Privacy Act and the Information Privacy Principles, including requirements relating to purpose limitation, transparency, data minimization, security safeguards, access and correction rights, and cross-border disclosures.
  • Singapore (PDPA): We process Personal Data in accordance with the Singapore Personal Data Protection Act, including obligations relating to consent (where required), purpose limitation, protection, retention, and transfer limitation.
  • Japan (APPI): We process Personal Data in accordance with Japan’s Act on the Protection of Personal Information (APPI), including requirements relating to purpose specification, lawful acquisition, security safeguards, restrictions on third-party transfers (including cross-border transfers), and individual rights such as access, correction, and suspension of use.
  • India (DPDP Act): We process Personal Data in accordance with India’s Digital Personal Data Protection Act, 2023 (DPDP Act), including requirements relating to lawful processing (consent or legitimate uses), purpose limitation, data minimization, security safeguards, and data principal rights (including access, correction, erasure, and grievance redressal).

Children’s Privacy

The Products are enterprise solutions and are not directed to children. We do not knowingly collect Personal Data directly from children. If you believe a child has provided Personal Data to us, please contact us and we will take appropriate steps to delete such data as required by law.

Changes to this Notice

We may update this Notice from time to time. We will post the updated version within the Product or otherwise notify you where required by law. The “Last Updated” date at the top of this Notice reflects the effective date of the most recent changes.

How to Contact Us

To exercise your rights or contact us about this Notice, email privacy@nice.com. When contacting us, please include the name of the Product, your organization, and the country/region where you use the Product. We may request additional information to verify your identity in accordance with applicable law before fulfilling your request.