PRIVACY POLICY

Last modified: 04/10/2023

ARTICLE 1 - PREAMBLE

The purpose of this privacy policy is to inform Service Users of :

  • how their personal data is collected ;
  • the rights they have concerning this data;
  • the person responsible for processing the personal data collected and processed;
  • the recipients of this personal data;
  • the site’s cookie policy.

This policy supplements the legal notice and the General Terms & Conditions, which can be consulted by Service User on the website and regularly updated.

ARTICLE 2 - DEFINITIONS AND INTERPRETATION

In this Privacy Policy, the following terms and expressions shall have the meanings ascribed to them below :

Additional services

refers to the optional and personalised services offered by Capago.

Article

refers to any article of this Privacy Policy.

Basic services

refers to all mandatory services provided by Capago to process a visa application.

Biometric data

means data concerning the unique identification of an individual, related to fingerprints and identity photos.

Capago or “we” or “our” or “us”

refers to Capago S.A. parent company and/or its subsidiaries and/or affiliated agents

Capago’s website

refers to any digital service provided by Capago, including but not limited to websites (domains and sub-domains), mobile applications and all other digital platforms of Capago

Cookie

refers to a small file stored by the site on the Service User’s hard disk, containing information about the Service User’s browsing habits.

Client

refers to any governmental body, diplomatic missions and/or similar organisation that has contracted with Capago for representation and outsourcing services.

Data Controller

refers to Capago S.A, a Company Registered at the Chamber of Commerce of Nanterre RCS B515 135 036, VAT number FR 53515 135 036 under the laws of France and having its address at : 9, rue Raoul Dautry - 91190 GIF-SUR-YVETTE (France)

Generic data

refers to any data concerning the Service User that does not allow us to identify him or her individually. Including but not limited to web browser type, appointment length, date and duration of the Service User’s visit to Capago’s website, Service User satisfaction, visa type and nationality.

Identification data / Identifier

refers to the Service User data that allows us to identify you individually. Including but not limited surname, first name, title, e-mail address, telephone numbers and passport numbers.

Personal Data

refers to any information relating to an identified or identifiable natural person.

Privacy Policy

refers to the present document which describes Capago’s commitments with regard to the processing of the personal data of Service Users of our services and website.

Service User

refers to any individual, group of individuals or mandated third party who purchase a product and/or a service provided by Capago.

Third parties

refers to any individual or legal entity outside the relationship between the Data controller and the Service User.

Visa Application Center or VAC

refers to designated Capago’s offices that provide handling services relating to acceptance and processing of visa applications.

Visa fees

refers to fees charged by Capago to Service users on behalf of the Client.

These definitions are not exhaustive and other definitions may be added in the Privacy Policy.

The meaning of the defined terms applies to both the singular and the plural of these terms.

The headings used in the Privacy Policy have been inserted for ease of reference only and do not affect its meaning or interpretation.

The terms “include”, “including”, “in particular” and other terms having the same meaning are not restrictive.

ARTICLE 3 - PRINCIPLES GOVERNING THE COLLECTION AND PROCESSING OF PERSONAL DATA

Capago complies with the European guiding principles and specific local regulations, in particular those set out below:

  • Processed lawfully, fairly and transparently in relation to the data subject;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
  • Kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed;
  • Processed in such a way as to ensure appropriate security of the data collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Processing is lawful only if, and insofar as, at least one of the following conditions is met:

  • The data subject has consented to the processing of his/her personal data for one or more specific purposes;
  • The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request;
  • The processing is necessary to comply with a legal obligation to which the Data Controller is subject;
  • The processing is necessary to safeguard the vital interests of the data subject or of another natural person;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.

ARTICLE 4 - PERSONAL DATA COLLECTED AND PROCESSED WHEN BROWSING CAPAGO’S WEBSITE

Article 4.1 - Type of personal data collected
4.1.1 - Personal data processed using cookies and similar technologies

By visiting Capago’s website, Services Users agree for their browsing data to be collected, including but not limited to geographical location, the language and type of browser used, IP address, the date and time of visit, the number and pages viewed, and the page elements (e.g. links) clicked on.

Capago’s website may contain links to websites operated by other organizations. This privacy policy applies only to Capago’s website. Capago encourages Services Users to read privacy statements of other websites visited.

Please, note that, if service user link from Capago’s website to another website, or if service user follows a link to arrive at Capago’s website, Capago will not be responsible for the practices of those third-party websites and we recommend Service User to check the Privacy Policy of that third-party website.

We always try to perform a check of other websites before publishing a link to it but we will not guarantee their policies including but not limited to personal data processing.

We may use technologies such as pixels, “clear gifs”, cookies or similar tools on Capago’s website or in messages sent to Service User during his/her visa application process. Some of the third parties we use are Google Analytics, Facebook and Live Agent.

These services transmit data about visits to the Capago website to third-party servers and do not identify users or associate IP addresses with other data held by these providers. We use the reports provided by these third parties to understand traffic to and use of the Capago website.

If Service Users do not wish such information to be collected, there is a simple procedure in most web browsers that allows it to automatically prevent the communication of browsing data to us. Some web browser add-ons or integrated features may also ask Service User (on a case-by-case basis) whether she/he wishes to share data or not.

4.1.2 - Personal data processed when you contact our contact center

When you contact our contact center - by email, chat or telephone - we store the complete content of the conversation together with your identifier.

Depending on the means of contact chosen by the Service User, we may store, but are not limited to, the following personal data:

  • Contact by email : email address, email conversation history;
  • Contact by chat : chat identifier, chat history ;
  • Contact by telephone : telephone number, audio recordings.

This data is used for quality purposes, as well as for fraud detection/prevention. This data is available for internal quality control purposes and kept for a period of thirty (30) days.

4.1.3 - Personal data processed when verifying and processing your supporting documents

Service User’s personal data may be collected when using basic service and/or additional services that include the possibility to upload or transfer documents relating to his/her visa application for verification purposes.

The personal data collected may include but not limited to : email address, telephone number, name and surname, date of birth, passport number.

4.1.4 - Personal data processed when you book an appointment and/or join the virtual queuing system

Service User’s personal data may be collected when making an appointment to apply for a visa at Capago and also when joining the virtual queue system. Service User must provide us with the necessary information to enable us to create his or her identifiers, such as but not limited to an email address, telephone number, full name, date of birth and passport number.

The data collected may be used, without limitation, to contact the Service User during the visa application process and to determine the type of visa required as well as the amount of fees to be collected on behalf of the government and/or diplomatic mission.

4.1.5 - Data processed when you come to your appointment

Service User’s personal data may be collected during the appointment. This data may include without limitation, waiting time and processing time at each stage of the process.

Service User’s personal data collected and transferred may differ depending on the Client’s requirement.

Personal data collected during the appointment may include but not limited to biometric identification data, such as your photo and fingerprints.

For security reasons, all our VACs are equipped and monitored by video surveillance systems (CCTV). By using our services, Service User acknowledges that recording of his/her image and sounds may occur. In order to monitor Capago’s service provision, our Client may request access to the video surveillance systems. The video surveillance sequences follow the automatic deletion rules described below.

Article 4.2 - Data collection method

Capago collects information about Service User when requesting our services in connection with his/her visa or when purchasing one of Capago’s products and/or services.

Capago uses differents means of collection of personal data, including but not limited to:

  • Online registration forms;
  • Online upload of documentation;
  • Interview (appointment for visa application submission);
  • Communication with our contact center using : Email, telephone, online instant messaging.

When processing your visa application, Capago may be authorized by its Client to provide administrative support and a biometric data collection service.

Depending on the Service user’s country of residence and country of destination , the personal data requested may change. The Client decides the personal data to be collected, used and transferred by Capago.

An exhaustive list of the data required per country of operation and type of visa may be found on Capago’s website.

4.2.1 - Automatic data deletion process

Identification data is used to process your visa application. This data is only kept from the day it is provided to us until it is automatically deleted within thirty (30) calendar days of the return of your passport. If you are unable to keep your appointment, your login details and associated personal data will be deleted within thirty (30) days of the appointment date.

For legal reasons, this automatic deletion rule does not apply to billing data. Invoices in PDF format are anonymised (see below) and stored in a secure, restricted area of our software for an unlimited period.

Furthermore, documents submitted by the Service User using upload services on Capago’s website are automatically deleted once sent, physically or electronically, to our Client.

4.2.2 - Anonymisation process

Identification data may be anonymised to produce generic data that are used for statistical purposes including but not limited to monitor and improve the quality of our services. The anonymisation process consists in granting a random alphanumeric code in place of the identifiers. The anonymized data is kept for an unlimited period of time.

Article 4.3 - Data hosting

Capago’s website is hosted by :

OVH
2, rue Kellermann - 59100 ROUBAIX (FRANCE)

Article 4.4 - Transfer of personal data to third parties
4.4.1 - Capago Group companies

Capago may share Service User’s personal data with companies belonging to the Capago group when this is necessary to process his/her request or provide related services.

4.4.2 - Capago’s Client

In the context of the services provided, Service User’s personal data will be transmitted to our Client. This Client may share your personal data with, including but not limited to, public bodies, supervisory authorities or the forces of law and order for the prevention of criminal or terrorist acts. Capago has no control over how your personal data is processed after it has been transferred to our Client. Capago therefore strongly recommends reading their privacy policy as well as the information provided in the visa application forms.

Capago may be required to digitize documents and/or capture all or a part of the Service User’s personal data into the Client’s own systems. By accepting this policy, the user of the service is deemed to agree to it.

4.4.3 - Third parties for legal reasons

Capago may retain certain personal data beyond the above-mentioned periods and/or be required to share your personal data with third parties in order to comply with legal obligations and/or to respond to requests from public bodies, including but not limited to law enforcement and other public authorities, which may include authorities located outside your country of residence.

By accepting this policy, the service user acknowledges and accepts the transfers mentioned above, where applicable.

4.4.4 - Independent service providers working on our behalf

Capago works with independent service providers in order to provide the Service User with the best user experience. For example, independent service providers may process the Service user’s personal data to enable payment for the services requested and to meet the legal requirements applicable to it. Capago will only disclose the personal data necessary.

Independent service providers involved are as follows:

  • technology service providers ;
  • logistics, transport and delivery service providers and/or their subcontractors.

Before sharing personal data, Capago ensures that all service providers are bound by a contractual obligation for handling personal data and ensure that disclosed data :

  • Are kept secure and confidential;
  • Are kept only as long as necessary for the execution of the service;
  • Will never be used for purposes other than the execution of the requested service;
  • Will never be used for commercial prospecting purposes, unless you give your consent.

By accepting this policy, the user of the service acknowledges and accepts the transfers mentioned above, where applicable. Capago therefore strongly recommends reading their privacy policy as well as the information provided in the visa application forms.

Article 4.5 - Transferring your personal information offshore

Due to the nature of Capago’s activity, Service User’s personal data may be transferred abroad. When a Service User applies for a visa and/or any other related service, his/her personal data is transferred to the country of the Client to which his/her application is addressed.

Article 4.6 - Cookies policy

Capago’s website may use so-called “cookie” techniques.

These files are used to process traffic statistics and information, facilitate navigation and improve the convenience of the service.

Service User’s consent must be obtained for the use of cookies involving the storage and analysis of its personal data.

Capago provides the choice for Service User to accept or refuse the use of cookies when he/she visits Capago website, and he/she may change the cookie settings at any time.

Please note that disabling cookies may result in a loss of functionality when using Capago’s website. For more detailed information about how Capago uses cookies, please refer to Capago’s Cookies Policy.

The Service User’s consent is considered valid for a maximum period of six (6) months. At the end of this period, the site will request again the Service User’s authorization to save “cookies” files.

ARTICLE 5 - DATA CONTROLLER AND DATA PROTECTION OFFICER

Article 5.1- The Data Controller

Personal data is collected by Capago S.A, a Company Registered at the Chamber of Commerce of Nanterre RCS B515 135 036, VAT number FR 53515 135 036 under the laws of France and having its address at : 9, Rue Raoul Dautry - 91190 GIF-SUR-YVETTE (France).

The Data Controller may be contacted as follows :

  • By post to : 9, rue Raoul Dautry - 91190 GIF-SUR-YVETTE (France) ;
  • By telephone, at +33 971 020 000 ;
  • By email : privacy@capago.eu
Article 5.2 - The Data Protection Officer

The Data Protection Officer of the company may be contacted using this email address: privacy@capago.eu

ARTICLE 6 - THE SERVICE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING

Service Users concerned by the processing of their personal data may avail themselves of the following rights :

  • Right of access, rectification and right to erasure of data ;
  • Right to data portability ;
  • Right to limit and object to data processing ;
  • Right to determine the fate of data after death ;
  • Right to refer the matter to the competent supervisory authority .

To exercise your rights, please send a letter to Capago S.A - 9, rue Raoul Dautry, - 91190 GIF-SUR-YVETTE (FRANCE) or an e-mail to privacy@capago.eu.

In order for the Data Controller to process the Service User’s request, the Service User may be required to provide certain information, such as first and last names, e-mail address and account reference or file number.

ARTICLE 7 - CONDITIONS FOR MODIFYING THE PRIVACY POLICY

Capago reserves the right to modify the present Privacy Policy at any time.

Any changes do not affect services previously purchased on Capago’s website, which remain subject to the Policy in force at the time of booking and as accepted by the Service User when validating the file.

Service Users are invited to familiarize themselves with this Policy each time they use our services, without having to be formally notified.