To Customers, Vendors, Suppliers, Website Users
Last updated: 6/2024
INTRODUCTION
Cap4Lab Group S.A (hereinafter “Cap4Lab”, "company", "we", “us” or “our”) attaches great importance to the protection of personal data and undertakes to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 ("GDPR") as well as any other applicable laws and regulations.
Cap4Lab includes the following companies and brands:
- Cap4 Group SA
- Cap4 Lab S.r.l.
- Cap4 Lab S.à.r.l
- Cap4 Lab SARL France
- Cap4 Lab GmbH
- Cap4 Lab Learning
- Cap4 Lab S.à.r.l Switzerland
- Cap4 Lab Unipessoal
SCOPE
This Personal Data Protection Notice (“Notice”) explains how Cap4 Lab collects, uses, shares and otherwise processes your personal data in connection with your relationship with us as a supplier, partner, visitor, customer or acting for a customer or being generally interested in our services, in accordance with applicable data protection laws and regulations.
UPDATE
This Notice will be reviewed on a periodic basis. Any changes to this Notice shall be approved by Cap4Lab. The latest version of this Notice will always be available on https://www.cap4group.com/
CATEGORIES OF PERSONAL DATA PROCESSED
The term “personal data” means any information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold.
We may collect personal information from you in the course of our business, including through your use of our websites (https://www.cap4group.com/, https://www.cap4.com/, https://www.cap4cloud.com/, https://www.cap4learning.com/) when you contact us using our contact form, engage our services or as a result of your relationship with one or more of our consultants or customers or when you visit our premises.
Thus, the information we collect may include your name, contact details, communication data and any other personal data you may provide in the course of your pre-contractual, contractual and commercial relationship with Cap4Lab.
Some of your information is collected automatically. Thus, when you access our websites, we may automatically collect, through log files, certain information from your device, such as the IP address, the operating system of your device, the pages visited, the requests made, the day and time of connection, the time zone and the browser version. The use of such files allows us to offer you a more consistent experience on the websites.
During your visit, a banner appears at the bottom of the screen informing you of the use of cookies when browsing the website. A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on the hard drive of your device (computer, tablet, mobile, etc.). Some cookies do not collect any personal data but simply ensure smooth and optimal navigation on our website. It is up to you to make a choice between accepting or refusing the use of optional cookies depending on the services provided. To learn more about the types of cookies and similar technologies we use and how you can control these technologies, please see our Cookie Notice.
LEGAL BASES AND PURPOSES OF PROCESSING
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose.
Legal bases |
Purposes |
---|---|
The processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract |
Performance of our contract with you and provision of the services requested by you |
Maintenance of our files (including e-mails), accounting, processing and payment of fees, claims and expenses |
|
The processing is necessary for the respect of our legal obligations |
Complying with our legal obligations such as accounting and bookkeeping obligations |
The processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by our own interests |
Responding to your information requests (where no contractual relationship exists) |
Maintaining the IT infrastructure, information systems and websites |
|
Ensuring physical security of the people, items and confidential information located in or accessible from our premises |
|
Where applicable, managing disputes and complaints concerning you and exercise or defence of legal claims in relation to you |
We will only use your personal data for the purposes for which we collected it and which we informed you about, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
RECIPIENTS OF PERSONAL DATA
We may use or disclose personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
To achieve the purposes mentioned above, the personal data is transmitted to the following recipients:
- Internal employees who have permission;
- Network, technology systems and IT service providers acting as processors and on instruction from Cap4Lab.
Any relationship with a processor is managed in accordance with the provisions of Article 28 of the GDPR. Cap4Lab only uses processors that provide sufficient guarantees and abide by the same obligations.
Some of the above-mentioned recipients may be based in third countries. Where this is the case, transfers will be undertaken in line with Chapter V of the GDPR and applicable data protection laws and regulations. Where a third-party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually in the form of standard contractual clauses.
PERSONAL DATA RETENTION PERIOD
Your personal data is stored by Cap4Lab only for as long as is necessary for the purposes for which we obtained them.
Thus, the log files collected during interactions with the websites are destroyed after 1 month after the moment of the collection.
Furthermore, the personal data we collect when responding to your requests will not be kept for more than 3 years from the last contact with Cap4Lab if no contact is signed between you and Cap4Lab.
We may also keep and process your personal data after the termination of our contractual or commercial relationship for specific purposes such as the compliance with other legal obligations (as a rule, data must be kept for a period of 10 years for commercial matters) or the establishment, exercise, or defence of legal claims.
Upon expiry of the applicable retention period, we will securely destroy your personal data using cryptography in accordance with applicable laws and regulations.
SECURITY OF PROCESSING
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk so that the processing complies with the GDPR and applicable data protection laws.
These measures must provide for a level of security considered appropriate considering the technical standards and the type of personal data processed but also:
- the state of the art and implementation costs.
- the nature, scope, context, and purposes of processing; and
- the likelihood and severity of the risk to the rights and freedoms of natural persons.
Security requirements are continually evolving, and effective security requires frequent assessment and regular improvement of outdated security measures. We are committed to continuously evaluate, strengthen, and improve the measures we implement.
DATA SUBJECTS’ RIGHTS
As a natural person, you have several rights regarding your personal data that we can exercise in certain circumstances, including:
- the right of access: You can request access to the data concerning you at any time as well as a copy of the data.
- the right to rectification: You can request at any time that inaccurate or incomplete data be rectified.
- the right to erasure: You can request that your data be deleted when, for example, the data is no longer necessary for the purposes for which it was collected or processed.
- the right to restriction of processing: You can request that Cap4Lab restrict the processing of data if, for example, you question the accuracy of the data concerning you or if you object to the processing of data concerning you.
- the right to data portability: You have the right to have your data transferred to another data controller in a structured, commonly used, and machine-readable format, if the processing is carried out by automated means or if it is based on prior consent.
- the right to object to processing: You can object to the processing of your data and can withdraw your consent if the processing is based on consent, for example if the data is used for commercial prospecting purposes.
If you wish to exercise your rights, please contact us at dpo@cap4group.com
Your request will be responded to within 1 month at the latest, starting from the moment of your identity confirmation. We may extend the time limit by a further 2 months if the request is complex or if we have received a high number of requests.
You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you are not satisfied with our response, you also have the right to lodge a complaint at any time with the competent supervisory authority within the EU depending, among other things, on the country the place of your habitual residence (where you live most of the time), on the place where you work or on the place where you believe infringement may have happened. Depending on your choice, these supervisory authorities may be relevant to you if you wish to complain:
ITALY
Garante per la protezione dei dati personali
Piazza Venezia 11 - 00187 Roma (Italy)
Phone: +39 06 696771
LUXEMBOURG
Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Phone: +352 26 10 60-1
FRANCE
Commission nationale de l’informatique et des libertés (CNIL)
3 place de Fontenoy
TSA 80715
75334 Paris Cedex 07
Phone: +33 1 53 73 22 22
GERMANY
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 981 180093-0
PORTUGAL
Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 - 1.º
1200-651 Lisboa
Phone: +351 21 392 84 00
LINKS
Our websites contain links to other websites but note that this Notice applies only to personal data collected by Cap4Lab and to how Cap4Lab processes personal data. We are not responsible for the privacy practices of other websites.