Capco Alumni Privacy Policy
This policy (“Privacy Policy”) applies in all countries throughout the Capco Group’s (“Capco”) global operation. Please note that where this policy explains applicable law and your rights, it will state whether this applies to personal data which is processed under the European Union (“EU”) General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the Personal Data (Privacy) Ordinance (Chapter 486 of Laws of Hong Kong) (PDPO), Canadian federal or provincial personal information laws, the Brazil General Data Protection Law (LPGD), the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (PDPA), the Thailand Personal Data Protection Act (PDPA) or the US California Consumer Privacy Act of 2018 (the “CCPA”). Where the processing of your personal data is not subject to such regulations or where additional country-specific data protection law applies, different rules will apply under your applicable law. If you require any clarification on this matter, please contact our Data Protection Officer using the contact details below.
The Capco entity operating in the country you engage us in will typically be the responsible data controller for any personal data you provide to us in connection with our business relationship. A full list of Capco Group companies across the globe can be found here.
Capco offers a platform to enable persons with a user account (hereafter, the “Users”) to connect with each other, build communities, or also do networking (hereafter, the “Service”). Please see our Terms of Use for more details of the Service.
In this regard, Capco collects and processes User’s personal data in accordance with this Privacy Policy. How Capco uses information that is gathered by cookies or other web-tracking or analytics technologies is explained in our cookie policy.
Capco commits to ensure the compliance of the processing it carries out as data controller is in accordance with applicable data protection law.
This Privacy Policy is intended for the Users of this Service from Capco.
Date of last update: 9 April 2024
- COLLECTED PERSONAL DATA
-
- When creating a User account
The User is informed that the following personal data is collected for the purpose of creating a user account and to support the Service:
Mandatory data
- First name ;
- Last name ;
- Email address;
- Current Job Title;
- Current residency (Country required, with option to be more specific)
- Cluster (e.g. Alumni, Current Capco Employee)
Optional data:
- Profile picture
- Gender
- Summary biography and skills
- Capco Employment Information (including Capco office location, year leaving Capco, job level at leaving, Capco Domain Group)
- Experience (including current employer and employment experience)
The User is informed that it is not possible to access the Service without providing the mandatory data strictly necessary to create an account and authenticate the User.
-
- During the use of the Service
The User may add or post, at their own initiative, any content on the Service which shall be retained by Capco (subject to the User exercising their rights – see clause 6 below) .
The User is aware that when using the Service, the User may decide to freely provide “sensitive data” within the meaning of applicable data protection law, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual orientation, medical conditions, etc. By providing such sensitive data, the User agrees to their processing by the Service in the conditions set forth in this Privacy Policy.
- THE PURPOSE OF THE DATA PROCESSING
Capco and its subcontractors process personal data that are freely transferred by the User when accessing the Service for the following purpose:
|
Purpose |
Legal basis |
|
Creation and management of a user account |
User consent |
|
Providing the User with all functionalities of the Service, meaning:
|
|
Users
|
|
|
Management of data subjects rights according to the Personal Data Legislation. |
Legal obligation |
|
Making statistics in order:
|
Legitimate business interests |
|
Making statistics regarding the effective use of the Service;
|
Legitimate business interests |
|
Making statistics regarding the different levels of User activity on the Service. |
Legitimate business interests |
|
Enable the synchronization of the User’s LinkedIn profile;
|
Consent |
- DATA RETENTION PERIOD
Capco informs the User that the personal data related to the User’s account is retained only during the length of the User’s engagement with the Service, including when a User views posts and other content using links incorporated in Capco Alumni emails periodically sent to them. It is considered that no engagement with the Service for greater than 18 months is classified as ‘non-use’ and the User Account will then be deleted accordingly.
- DATA TRANSFERS
The Users’ data are stored in the European Economic Area (EEA) and United Kingdom (UK) by Capco and its trusted service providers. However, depending on the processing (see the purposes in clause 2 above), the Users’ data may also be transferred to a country outside the EEA/UK, to our other Capco group companies, including our parent company Wipro Limited.
When transferring data outside the EEA, Capco ensures that the data are transferred in a secured manner and with respect to applicable data protection law. When the country where the data are transferred does not have a protection comparable to that of the EU/UK, Capco uses “appropriate or suitable safeguards” in the form of standard contractual clauses adopted by the European Commission or UK Government, as applicable.
Users can obtain further information about such safeguards by contacting Capco’s Data Protection Officer at [email protected].
- COMMITMENT OF CAPCO AS THE DATA CONTROLLER
Capco commits to process User’s personal data in compliance with all applicable data protection laws and undertakes to, notably, respect the following principles:
- Process User’s personal data lawfully, fairly, and in a transparent manner;
- Only collect and process the Users’ data for the strict purposes as described under clause 2 of this Privacy Policy;
- Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Take all reasonable steps to ensure that the personal data processed are accurate and, if necessary, kept up to date and, where found to be inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
- Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
- Limit the access to the Users’ data to the persons duly authorized to this effect;
- Ensure Users their rights under applicable data protection laws in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.
- EXERCISE OF THE USERS’ RIGHTS
Where processing takes place in the UK or EU, or you are a resident of the UK or EU, subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. You have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. Please refer to Articles 15-22 of the GDPR for details on your data protection rights. As we want to make sure that your personal data is accurate and up to date you may also ask us to correct or remove any information which you think is inaccurate.
Where processing takes place in Canada (or you are a resident of Canada), Hong Kong, Singapore, subject to certain legal conditions, you may request access to, rectification/correction of inaccurate or incomplete processing of your personal data. In addition, in Brazil and Thailand, subject to certain legal conditions, you may also to erase/anonymise your personal data.
US California residents about whom we have collected “personal information”, including through use of our website or mobile applications, by purchasing or utilizing our products or services, or by communicating with us electronically, in paper correspondence, or in person, have the right, under the CCPA to request what specific personal information we collect, use, disclose, and/or sell, as applicable. As a California resident, you may also have the right under the CCPA to request that we delete the personal information that we have collected about you. You also have a right not to receive discriminatory treatment by Capco for the exercise of the privacy rights conferred by the CCPA.
For the California residents’ rights stated immediately above, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. “Personal information” does not include publicly available information or information that has been de-identified.
Capco Group do not sell “personal information” and did not sell “personal information” in the previous twelve 12 months.
We collect, and in the past 12 months have collected, the following categories of personal information for our business purposes:
- Personal Identifiers.
- Information collected by cookies and other technologies, including IP address.
- Internet or other electronic network activity information`, including content you view or engage with, and browser and device information.
We have shared in the preceding 12 months personal information as necessary for specific business purposes and specified in the section 8 “ Recipient and persons authorized to access the users’ data”. This includes sharing personal identifiers and internet or other electronic network activity with advertising networks and website analytics companies. You have a right to direct us to not share your personal information.
Irrespective of where the processing takes place or where you reside, if you have given us your consent for the processing of your personal data you can withdraw the consent at any time, with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing.
For any of the above requests, you or your authorized agent (proof of authorization is required) should send a description of your personal data concerned stating your name, customer number or other Capco identification number (if applicable) as proof of identity to our Data Protection Officer at: [email protected]. California/US residents may also call 1-833-571-0888 (toll free). We may require additional proof of identity to protect your personal data against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer at [email protected] to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the relevant data protection supervisory authority.
The relevant data protection supervisory authorities are as follows:
For the UK:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, United Kingdom
SK9 5AF
Phone: 0303 123 1113 from the UK or +44 1625 545700 from elsewhere
Website: www.ico.org.uk
Capco’s main establishment in the EU is in Frankfurt, Germany, where the supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information who can be contacted in the following ways:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Phone: 06 11 14 080 from Germany or +49 611 14 080 from elsewhere
Email: [email protected]
Where appropriate, you can also raise a complaint with an EU supervisory authority which is based in the country where:
- you are living,
- you work, or
- the alleged infringement took place.
The current list of EU data protection supervisory authorities can be accessed from here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
For Brazil:
Data Protection Authority (ANPD)
Praça dos Três Poderes
Brasília (DF)
Planalto Palace, Annex I, Wing B, Room 101.
Phone: +55 (61) 3411-5961
Email: [email protected] Website: www.gov.br/anpd/pt-br
For Hong Kong:
Privacy Commissioner for Personal Data
Room 1303
13/F, Sunlight Tower
248 Queen's Road East
Wanchai
Hong Kong
Email: [email protected]
Website: www.pcpd.org.hk
For Singapore:
Personal Data Protection Commission
10 Pasir Panjang Road
#03-01 Mapletree Business City
Singapore 117438
Attn: Officer-in-charge, Enforcement
Website: www.pdpc.gov.sg
- COOKIES
Capco uses tracking technology on a User’s device, such as cookies whenever the User navigates the Service, subject to the conditions described in the Capco Alumni Cookie Policy.
- RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA
Only authorized persons working for Capco can access your personal data. Capco makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of User’s personal data.
Capco also uses trusted service providers to carry out a set of operations on his behalf for hosting. Capco can also use service providers in the tech industry, editors of specific tools integrated in the Service for technical purposes.
Capco only provides service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. The Data Controller does his best to ensure that all these trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing.
Capco may be required to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our Terms of Use or any other conditions you have accepted; or to protect the rights, safety or property of Capco, its clients or employees.
List of the main service providers:
|
Service Provider |
Service |
You can consult the privacy policy by clicking on the following link: |
|
KIT UNITED
44 rue la fayette 75009 Paris France |
HIVEBRITE solution
|
https://hivebrite.com/privacypolicy
|
|
Google Cloud Platform Gordon House, 4 Barrow St, Dublin, Ireland |
Hosting of all data and content produced / provided by the User, as well as images, profile pictures and backups |
https://cloud.google.com/secu rity/privacy/
|
|
Amazon AWS 38 avenue John F. Kennedy, L-1855, Luxembourg |
||
|
Sentry 132 Hawthorne Street San Francisco, CA 94107 USA
|
Production and storage of error logs enabling our developers to correct the code |
https://sentry.io/privacy/ |
|
Sendgrid 375 Beale Street, Suite 300, San Francisco, CA 94105 USA |
Sending of emails from the Platform |
https://api.sendgrid.com/priva cy.html |
|
Hivebrite, Inc. 16 Nassau St, New York, NY 10038, USA |
Customer support for the Platform |
https://hivebrite.com/privacypolicy
|