DATA PRIVACY NOTICE
This Data Privacy Notice explains how Capco uses your personal data and which rights and options you have in this respect. It applies to personal data that you provide to Capco or which is derived from such data as part of our business relationship with you or when you visit our website.
For those interested in a career with Capco, we have developed a specific Job Candidate Privacy Notice which should be read in addition to this notice and can also be found when you create or access you on-line account in connection with a job application.
This notice applies in all countries throughout our global operation. Please note that where this notice explains applicable law and your rights, this applies only to personal data which is processed under the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). Where the processing of your personal data is not subject to this regulation or where additional country-specific data protection law applies, different rules will apply under your applicable law.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
The Capco entity operating in the country you engage us in will typically be the responsible data controller for any personal data you provide to us in connection with our business relationship. A full list of Capco Group companies across the globe can be found here.
If you are dissatisfied with any aspect of our Data Privacy Notice, you may have legal rights and, where relevant, we have described these in the ‘Your Data Protection Rights’ section below.
WHICH CATEGORIES OF PERSONAL DATA DO WE COLLECT?
We may collect and process the following categories of personal data:
- Job candidate data. See Capco’s Job Candidate Privacy Notice.
- Business contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address, mobile device unique identifier and the IP address of your computer if you use our website;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further business information necessarily processed in a business or other contractual relationship with Capco or voluntarily provided by you, such as orders placed, purchases, services and other business activities, product feedback, survey responses and any other information you may provide to us;
- Information about your interests and preferences and other information obtained by the analytics described above, in particular your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, ebooks, whitepapers) or other services we offer to you online. This includes which content you download, click or view for how often and how long;
- Information collected from publicly available resources, integrity databases and credit reference agencies;
- If legally required for compliance purposes: information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes;
- Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any use of such information is based on your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?
We will process your personal data for the following purposes ("Permitted Purposes"):
- Planning, performing, managing and administering your (or a third party's to whom you are related) contractual business relationship with Capco, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services or providing you with other services or things you may have requested;
- Maintaining and protecting the security of our products, services and websites or other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws or to prevent white-collar or money laundering crimes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for antitrust purposes;
- Informing you, where permitted in accordance with local laws, within an existing business relationship about Capco's products or services which are similar or relate to such products and services which have already been purchased or used within that business relationship;
- Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims, or;
- Ensuring compliance with legal obligations, e.g. to keep sales records for tax purposes or to send notices and other disclosures as required by law.
Where you have expressly given us your consent, we may also process your personal data for the following purposes:
- Communicating with you through the channels you have approved to keep you up to date on the latest announcements, events and other information about Capco’s products, technologies and services (including marketing-related newsletters) as well as events and projects of Capco;
- Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events, or;
- Profiling and automated processing: Collecting information about your preferences based on your activities when you use our websites and any products, downloadable content (e.g. registration for a software download, eBooks, whitepapers) or other services we offer to you online. Based on this information (e.g. which content is downloaded, clicked or viewed for how often and how long), we create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you.
Please note: Under the European Union General Data Protection Regulation you have the right to object to the use of your personal data, including for direct marketing purposes (which includes the profiling described above). Please refer to " Your data protection rights" below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will, where legally required, only provide you with such information after you have opted in and provide you the opportunity to opt out if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
The legal bases for the processing of your personal data are set forth in Article 6 of the European Union General Data Protection Regulation. Depending on the above purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with Capco or for compliance with our legal obligations or for purposes of legitimate interests pursued by us, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
HOW DO WE COLLECT AND USE PERSONAL DATA?
We will typically collect your personal data directly from you when you interact with us, e.g. when you visit our website, communicate with us in relation to our products and services, submit an order, register to receive our newsletter or participate in our customer surveys. We do not obtain personal data from third parties except where you have utilised the services of a recruitment agency, where applicable. In such cases, you will be informed about this in accordance with applicable law.
WHERE DO WE PROCESS PERSONAL DATA?
Capco is a globally active enterprise. In the course of our business activities, we may transfer your personal data to recipients in countries outside of the European Economic Area (“third countries”), in which applicable laws may not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data. Typically, this will be by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the
European Commission for the transfer of personal data by data controllers in the European Economic Area to data controllers and processors in jurisdictions without adequate data protection laws. You may contact us anytime using the contact details below if you would like further information on such safeguards.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data from unauthorized access or intrusion. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will strictly comply with applicable laws and regulations regarding the confidentiality and security of personal data.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data as follows:
- With our affiliates within Capco Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the personal data for the same purposes and under the same conditions as outlined in this Data Privacy Notice;
- We may also instruct service providers (so called data processors) within or outside of Capco Group, domestically or abroad, e.g. shared service centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Capco will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
- With courts, law enforcement authorities, regulators or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims;
- With credit reference agencies and other companies for use in credit decisions;
- We may also share your personal data with third parties if we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets, along with its professional advisers. If Capco or substantially all of its assets are acquired by a third party, personal data held by us about customers and other contacts will be one of the transferred assets.
Otherwise, we will only disclose your personal data when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
HOW LONG DO WE STORE PERSONAL DATA?
We will hold your personal data for as long as necessary to provide the services, products or information you have requested and to administer your business relationship with us.
Where your data is processed in accordance with a data processing agreement between us, we will comply with all specified data deletion requirements.
Otherwise, we will delete your personal data from our systems if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for 2 years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to "meaningful contact", we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our services.
If you have asked us not to communicate with you, we will keep a note of this as long necessary to comply with your request.
YOUR DATA PROTECTION RIGHTS
Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. You have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the
European Union General Data Protection Regulation for details on your data protection rights. As we want to make sure that your personal data is accurate and up to date you may also ask us to correct or remove any information which you think is inaccurate.
If you have given us your consent for the processing of your personal data you can withdraw the consent at any time, with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
For any of the above requests, please send a description of your personal data concerned stating your name, customer number or other Capco identification number (if applicable) as proof of identity to the contact details below. We may require additional proof of identity to protect your personal data against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact our Global Data Protection Officer at the contact details below, to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the relevant data protection supervisory authority. See the Data Protection Contact section below for further details.
CHANGES TO THIS NOTICE
This Data Privacy Notice was last updated in October 2018. From time to time, we may make change or amend it as required to reflect any changes to the way in which we use your personal data or changing legal requirements. So, you may wish to check back from time to time.
DATA PROTECTION CONTACTS
If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact our Global
Data Protection Officer at firstname.lastname@example.org.
You also have a right to make a complaint to your local data protection supervisory authority. Capco’s main establishment is in the UK, where the supervisory authority is the Information Commissioner’s
Office who can be contacted in the following ways:
Information Commissioner's Office
Phone: 0303 123 1113 from the UK or +44 1625 545700 from elsewhere
Where appropriate, you can also raise a complaint with another European Union supervisory authority which is based in the country where:
- you are living,
- you work, or
- the alleged infringement took place.
The current list of European Union data protection supervisory authorities can be accessed from here.