This Data Privacy Notice explains how Capco uses your personal data and which rights and options you have in this respect. It applies to personal data that you provide to Capco or which is derived from such data as part of our business relationship with you or when you visit our website.
For those interested in a career with Capco, we have developed a specific Job Candidate Privacy Notice which should be read in addition to this notice and can also be found when you create or access your on-line account in connection with a job application.
This notice applies in all countries throughout our global operation. Please note that where this notice explains applicable law and your rights, it will state whether this applies to personal data which is processed under the European Union (“EU”) General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the Personal Data (Privacy) Ordinance (Chapter 486 of Laws of Hong Kong) (PDPO), Canadian federal or provincial personal information laws, or the US California Consumer Privacy Act of 2018 (the “CCPA”). Where the processing of your personal data is not subject to such regulations or where additional country-specific data protection law applies, different rules will apply under your applicable law. If you require any clarification on this matter, please contact our Global Data Protection Officer using the contact details below.
The Capco entity operating in the country you engage us in will typically be the responsible data controller for any personal data you provide to us in connection with our business relationship. A full list of Capco Group companies across the globe can be found here.
If you are dissatisfied with any aspect of our Data Privacy Notice, you may have legal rights and, where relevant, we have described these in the ‘Your Data Protection Rights’ section below.
We may collect and process the following categories of personal data:
We will process your personal data for the following purposes ("Permitted Purposes"):
Where you have expressly given us your consent, we may also process your personal data for the following purposes:
Please note: Under the GDPR you have the right to object to the use of your personal data, including for direct marketing purposes (which includes the profiling described above). Please refer to " Your data protection rights" below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Where processing takes place in the UK or EU, or you are a resident of the UK or EU, the legal bases for the processing of your personal data are set forth in Article 6 of the GDPR. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with Capco or for compliance with our legal obligations or for purposes of legitimate interests pursued by us, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
We will typically collect your personal data directly from you when you interact with us, e.g. when you visit our website, communicate with us in relation to our products and services, submit an order, register to receive our newsletter or participate in our customer surveys. We do not obtain personal data from third parties except where you have utilised the services of a recruitment agency, where applicable. In such cases, you will be informed about this in accordance with applicable law.
Capco is a globally active enterprise. In the course of our business activities, we may transfer your personal data to recipients in other countries, including countries where we operate outside of the European Economic Area (“third countries”), in which applicable laws may not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data. Typically, this will be by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the European Economic Area to data controllers and processors in jurisdictions without adequate data protection laws. You may contact us anytime using the contact details below if you would like further information on such safeguards.
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.
Capco Group does not and will not sell your personal data.
We may share your personal data as follows:
Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
We will hold your personal data for as long as necessary to provide the services, products or information you have requested and to administer your business relationship with us.
Where your data is processed in accordance with a data processing agreement between us, we will comply with all specified data deletion requirements.
Otherwise, we will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for 2 years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our services.
If you have asked us not to communicate with you, we will keep a note of this as long necessary to comply with your request.
Where processing takes place in the UK or EU, or you are a resident of the UK or EU, subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. You have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the GDPR for details on your data protection rights. As we want to make sure that your personal data is accurate and up to date you may also ask us to correct or remove any information which you think is inaccurate.
Where processing takes place in Hong Kong, Canada (or you are a resident of Canada), subject to certain legal conditions, you may request access to, rectification/correction of inaccurate or incomplete processing of your personal data.
US California residents about whom we have collected “personal information”, including through use of our website or mobile applications, by purchasing or utilizing our products or services, or by communicating with us electronically, in paper correspondence, or in person, have the right, under the CCPA to request what specific personal information we collect, use, disclose, and/or sell, as applicable. As a California resident, you may also have the right under the CCPA to request that we delete the personal information that we have collected about you. You also have a right not to receive discriminatory treatment by Capco for the exercise of the privacy rights conferred by the CCPA.
For the California residents’ rights stated immediately above, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. “Personal information” does not include publicly-available information or information that has been de-identified.
Capco Group do not sell “personal information” and did not sell “personal information” in the previous twelve 12 months.
Irrespective of where the processing takes place or where you reside, if you have given us your consent for the processing of your personal data you can withdraw the consent at any time, with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
For any of the above requests, you or your authorized agent (proof of authorization is required) should send a description of your personal data concerned stating your name, customer number or other Capco identification number (if applicable) as proof of identity to our Global Data Protection Officer at: email@example.com. California/US residents may also call 1-833-571-0888 (toll free). We may require additional proof of identity to protect your personal data against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact our Global Data Protection Officer at the contact details below, to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the relevant data protection supervisory authority. See the Data Protection Contacts section below for further details.
This Data Privacy Notice was last updated in 13 August 2020 and specifically complies with the transparency/notification requirements of the GDPR and those of the CCPA. From time to time. We may make change or amend it as required to reflect any changes to the way in which we use your personal data or changing legal requirements. So, you may wish to check back from time to time.
If you have any questions, comments, complaints or suggestions in relation to this notice, require an alternative format copy, or any other concerns about the way in which we process information about you, please contact our Global Data Protection Officer at: firstname.lastname@example.org.
You may also have a right to make a complaint to your local data protection supervisory authority.
Capco’s global management is based in the UK, where the supervisory authority is the Information Commissioner’s Office who can be contacted in the following ways:
Information Commissioner's Office
Cheshire, United Kingdom
Phone: 0303 123 1113 from the UK or +44 1625 545700 from elsewhere
Capco’s main establishment in the European Union is in Frankfurt, Germany, where the supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information who can be contacted in the following ways:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Phone: 06 11 14 080 from Germany or +49 611 14 080 from elsewhere
Where appropriate, you can also raise a complaint with an EU supervisory authority which is based in the country where:
The current list of EU data protection supervisory authorities can be accessed from here.
For complaints relating to our personal data processing in Hong Kong, you can contact the Privacy Commissioner for Personal Data in the following ways:
Post: Privacy Commissioner for Personal Data
13/F, Sunlight Tower
248 Queen's Road East
For complaints relating to our personal data processing in Singapore, you can contact the Singapore Personal Data Protection Commission in the following ways:
Post: Personal Data Protection Commission
10 Pasir Panjang Road
#03-01 Mapletree Business City
Attn: Officer-in-charge, Enforcement