Capgemini Service SAS (referred to as “Capgemini”, “Capgemini Engineering”, “We”, “Us”, “Our” in this Privacy Notice) a company incorporated in France, having its registered office at 11 rue de Tilsitt, 75017 , Paris France, is committed to protecting the privacy and security of your personal data.
1. WHO WE ARE
Capgemini is the data controller and is responsible for this website in terms of European Data Protection Regulations (GDPR).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us.
2. THE PERSONAL DATA WE COLLECT ABOUT YOU
Personal data means any data or information about an individual from which that person can be identified. It does not include data where your identity has been removed (anonymous data).
We may collect, use, store, and transfer different types of personal data about you, which we have grouped together as follows:
- Contact data which includes your postal address, email address(es) and telephone numbers.
- Identity data, which includes your first name, last name, title, gender, birth date and job title.
- Marketing and communications data, which includes your preferences in receiving marketing from us, and your communication preferences.
- Profile data includes your username and password, preferences, feedback and survey responses.
- Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage data includes information about how you use our website.
We may use the above personal data to form a view on what we think you may want or need, or what may be of interest to you.
You may receive marketing communications from us if you have requested information from us or purchased services from us, or if you have provided us with your details when you entered a survey or registered for an event or a promotion, and, in each case, you have not opted out of receiving that marketing.
You can tell us not to contact you with marketing communications either at the point such information is collected or by following the unsubscribe instructions in any communication sent to you.
Please note that where you opt out of receiving marketing messages, this will not delete other personal data we hold on you.
We do not collect personal data about you other than the information that you voluntarily provide to us through this site to fulfil the purpose of your request such as to subscribe to a newsletter.
Please note that this website is not intended for children, and Capgemini does not knowingly collect data relating to children. If you are younger than 16, you may not register with or use this website. If you think that we may have unintentionally collected data relating to a child, please contact us.
We do not collect any special categories of personal data (as defined by the GPDR) about you through our website or any of the products or services mentioned herein.
3. HOW WE COLLECT YOUR PERSONAL DATA
- Direct interactions.You may give us your identity, contact, marketing, and communications data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- fill in a form on this website (such as the one on our ‘connect with us’ page)
- create an account on our website (such as on our ‘career opportunities’ page)
- subscribe to any publications (such as our ‘white papers’)
- request marketing to be sent to you; or
- when you give us some feedback
- Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the GDPR allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message.
We have set out below, in a table format, a description of all the ways we may use your personal data, and the corresponding legal basis we rely on to do so. We have also identified therein what our legitimate interests are, where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data:
5. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the third parties for the purposes set out in the table in paragraph 4 above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS
We are a global enterprise with operations in countries around the world.
Capgemini has implemented global privacy practices for processing personal data protected under various data protection laws. Capgemini transfers personal data between the countries in which we operate in accordance with the standards and conditions of applicable data privacy laws, including standards and conditions related to security and processing.
If you reside outside of the European Economic Area (EEA, by providing your personal data, you consent to the sharing of your personal data as described above and any resulting cross-border transfers.
Transferring data between Capgemini Group companies or to third parties may involve transferring your data outside the EEA.
Whenever we transfer your personal data out of the EEA whether to Capgemini Group companies or to third parties, we ensure an adequate degree of protection is applied to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; or
- Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal data the same protection it has in the European Union. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Collection of information by third party sites
Like many other commercial websites, our site contains links to other sites whose information collection practices may be different than ours. Users should consult the other sites’ privacy policies, as we do not have any control over any information that may be submitted to, or collected by such third parties.
Although we employ security measures to prevent unauthorized access to information we collect online, we cannot guarantee the privacy of personal data you transmit over the web, or that may be collected in transit by third parties, including any consultants that provide services to us.
8. HOW LONG WE RETAIN YOUR PERSONAL DATA FOR
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. YOUR LEGAL RIGHTS
Under certain circumstances and depending on your location you have rights under applicable data protection laws in relation to your personal data.
If you are located in the European Union, you are entitled to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Withdraw your consent
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out above, please use the contact details below.
10. CONTACT DETAILS
You can contact our DPO : firstname.lastname@example.org
If you are a European Union citizen, you have the right to formulate a complaint to the supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement.
The following link will help you find your local supervisory authority https://edpb.europa.eu/about-edpb/board/members_en.
We would, however, appreciate the chance to deal with your concerns before you approach your local supervisory authority.
11. REVISIONS TO THIS PRIVACY NOTICE
We may periodically update this Notice to comply with privacy regulations, describe new website features, products or services we offer and how it may affect our use of information about you.
This Privacy Notice was last updated March 29, 2019.