Effective date: 12th of September 2023.
ARTICLE 1 – PREAMBLE
- how their personal data is collected ;
- the rights they have concerning this data;
- the person responsible for processing the personal data collected and processed;
- the recipients of this personal data;
This policy supplements the legal notice and the General Terms & Conditions, which can be consulted by Service User on the website and regularly updated.
ARTICLE 2 – DEFINITIONS AND INTERPRETATION
|Additional services||refers to the optional and personalised services offered by Capago.|
|Basic services||refers to all mandatory services provided by Capago to process a visa application.|
|Biometric data||means data concerning the unique identification of an individual, related to fingerprints and identity photos.|
|Capago or “we” or “our” or “us”||refers to Capago S.A. parent company and/or its subsidiaries and/or affiliated agents|
|Capago’s website||refers to any digital service provided by Capago, including but not limited to websites (domains and sub-domains), mobile applications and all other digital platforms of Capago|
|Cookie||refers to a small file stored by the site on the Service User’s hard disk, containing information about the Service User’s browsing habits.|
|Client||refers to any governmental body, diplomatic missions and/or similar organisation that has contracted with Capago for representation and outsourcing services.|
|Data Controller||refers to Capago S.A, a Company Registered at the Chamber of Commerce of Nanterre RCS B515 135 036, VAT number FR 53515 135 036 under the laws of France and having its address at : 9, rue Raoul Dautry – 91190 GIF-SUR-YVETTE (France)|
|Generic data||refers to any data concerning the Service User that does not allow us to identify him or her individually. Including but not limited to web browser type, appointment length, date and duration of the Service User’s visit to Capago’s website, Service User satisfaction, visa type and nationality.|
|Identification data / Identifier||refers to the Service User data that allows us to identify you individually. Including but not limited surname, first name, title, e-mail address, telephone numbers and passport numbers.|
|Personal Data||refers to any information relating to an identified or identifiable natural person.|
|Service User||refers to any individual, group of individuals or mandated third party who purchase a product and/or a service provided by Capago.|
|Third parties||refers to any individual or legal entity outside the relationship between the Data controller and the Service User.|
|Visa Application Center or VAC||refers to designated Capago’s offices that provide handling services relating to acceptance and processing of visa applications.|
|Visa fees||refers to fees charged by Capago to Service users on behalf of the Client.|
The meaning of the defined terms applies to both the singular and the plural of these terms.
The terms “include”, “including”, “in particular” and other terms having the same meaning are not restrictive.
ARTICLE 3 – PRINCIPLES GOVERNING THE COLLECTION AND PROCESSING OF PERSONAL DATA
Capago complies with the European guiding principles and specific local regulations, in particular those set out below:
- Processed lawfully, fairly and transparently in relation to the data subject;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- Accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- Kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed;
- Processed in such a way as to ensure appropriate security of the data collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Processing is lawful only if, and insofar as, at least one of the following conditions is met:
- The data subject has consented to the processing of his/her personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject’s request;
- The processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- The processing is necessary to safeguard the vital interests of the data subject or of another natural person;
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
ARTICLE 4 – PERSONAL DATA COLLECTED AND PROCESSED WHEN BROWSING CAPAGO’S WEBSITE
Article 4.1 – Type of personal data collected
4.1.1 – Personal data processed using cookies and similar technologies
By visiting Capago’s website, Services Users agree for their browsing data to be collected, including but not limited to geographical location, the language and type of browser used, IP address, the date and time of visit, the number and pages viewed, and the page elements (e.g. links) clicked on.
We always try to perform a check of other websites before publishing a link to it but we will not guarantee their policies including but not limited to personal data processing.
We may use technologies such as pixels, “clear gifs”, cookies or similar tools on Capago’s website or in messages sent to Service User during his/her visa application process. Some of the third parties we use are Google Analytics, Facebook and Live Agent.
These services transmit data about visits to the Capago website to third-party servers and do not identify users or associate IP addresses with other data held by these providers. We use the reports provided by these third parties to understand traffic to and use of the Capago website.
If Service Users do not wish such information to be collected, there is a simple procedure in most web browsers that allows it to automatically prevent the communication of browsing data to us. Some web browser add-ons or integrated features may also ask Service User (on a case-by-case basis) whether she/he wishes to share data or not.
4.1.2 – Personal data processed when you contact our contact center
When you contact our contact center – by email, chat or telephone – we store the complete content of the conversation together with your identifier.
Depending on the means of contact chosen by the Service User, we may store, but are not limited to, the following personal data:
- Contact by email : email address, email conversation history ;
- Contact by chat : chat identifier, chat history ;
- Contact by telephone : telephone number, audio recordings.
This data is used for quality purposes, as well as for fraud detection/prevention. This data is available for internal quality control purposes and kept for a period of thirty (30) days.
4.1.3 – Personal data processed when verifying and processing your supporting documents
Service User’s personal data may be collected when using basic service and/or additional services that include the possibility to upload or transfer documents relating to his/her visa application for verification purposes.
The personal data collected may include but not limited to : email address, telephone number, name and surname, date of birth, passport number.
4.1.4 – Personal data processed when you book an appointment and/or join the virtual queuing system
Service User’s personal data may be collected when making an appointment to apply for a visa at Capago and also when joining the virtual queue system. Service User must provide us with the necessary information to enable us to create his or her identifiers, such as but not limited to an email address, telephone number, full name, date of birth and passport number.
The data collected may be used, without limitation, to contact the Service User during the visa application process and to determine the type of visa required as well as the amount of fees to be collected on behalf of the government and/or diplomatic mission.
4.1.5 – Data processed when you come to your appointment
Service User’s personal data may be collected during the appointment. This data may include without limitation, waiting time and processing time at each stage of the process.
Service User’s personal data collected and transferred may differ depending on the Client’s requirement.
Personal data collected during the appointment may include but not limited to biometric identification data, such as your photo and fingerprints.
For security reasons, all our VACs are equipped and monitored by video surveillance systems (CCTV). By using our services, Service User acknowledges that recording of his/her image and sounds may occur. In order to monitor Capago’s service provision, our Client may request access to the video surveillance systems. The video surveillance sequences follow the automatic deletion rules described below.
Article 4.2 – Data collection method
Capago collects information about Service User when requesting our services in connection with his/her visa or when purchasing one of Capago’s products and/or services.
Capago uses differents means of collection of personal data, including but not limited to:
- Online registration forms;
- Online upload of documentation;
- Interview (appointment for visa application submission);
- Communication with our contact center using : Email, telephone, online instant messaging.
When processing your visa application, Capago may be authorized by its Client to provide administrative support and a biometric data collection service.
Depending on the Service user’s country of residence and country of destination , the personal data requested may change. The Client decides the personal data to be collected, used and transferred by Capago.
An exhaustive list of the data required per country of operation and type of visa may be found on Capago’s website.
4.2.1 – Automatic data deletion process
Identification data is used to process your visa application. This data is only kept from the day it is provided to us until it is automatically deleted within thirty (30) calendar days of the return of your passport. If you are unable to keep your appointment, your login details and associated personal data will be deleted within thirty (30) days of the appointment date.
For legal reasons, this automatic deletion rule does not apply to billing data. Invoices in PDF format are anonymised (see below) and stored in a secure, restricted area of our software for an unlimited period.
Furthermore, documents submitted by the Service User using upload services on Capago’s website are automatically deleted once sent, physically or electronically, to our Client.
4.2.2 – Anonymisation process
Identification data may be anonymised to produce generic data that are used for statistical purposes including but not limited to monitor and improve the quality of our services. The anonymisation process consists in granting a random alphanumeric code in place of the identifiers. The anonymized data is kept for an unlimited period of time.
Article 4.3 – Data hosting
Capago’s website is hosted by :
2, rue Kellermann – 59100 ROUBAIX (FRANCE)
Article 4.4 – Transfer of personal data to third parties
4.4.1 – Capago Group companies
Capago may share Service User’s personal data with companies belonging to the Capago group when this is necessary to process his/her request or provide related services.
4.4.2 – Capago’s Client
Capago may be required to digitize documents and/or capture all or a part of the Service User’s personal data into the Client’s own systems. By accepting this policy, the user of the service is deemed to agree to it.
4.4.3 – Third parties for legal reasons
Capago may retain certain personal data beyond the above-mentioned periods and/or be required to share your personal data with third parties in order to comply with legal obligations and/or to respond to requests from public bodies, including but not limited to law enforcement and other public authorities, which may include authorities located outside your country of residence.
By accepting this policy, the service user acknowledges and accepts the transfers mentioned above, where applicable.
4.4.4 – Independent service providers working on our behalf
Capago works with independent service providers in order to provide the Service User with the best user experience. For example, independent service providers may process the Service user’s personal data to enable payment for the services requested and to meet the legal requirements applicable to it. Capago will only disclose the personal data necessary.
Independent service providers involved are as follows:
- technology service providers ;
- logistics, transport and delivery service providers and/or their subcontractors.
Before sharing personal data, Capago ensures that all service providers are bound by a contractual obligation for handling personal data and ensure that disclosed data :
- Are kept secure and confidential;
- Are kept only as long as necessary for the execution of the service;
- Will never be used for purposes other than the execution of the requested service;
- Will never be used for commercial prospecting purposes, unless you give your consent.
Article 4.5 – Transferring your personal information offshore
Due to the nature of Capago’s activity, Service User’s personal data may be transferred abroad. When a Service User applies for a visa and/or any other related service, his/her personal data is transferred to the country of the Client to which his/her application is addressed.
Article 4.6 – Cookies policy
Capago’s website may use so-called “cookie” techniques.
These files are used to process traffic statistics and information, facilitate navigation and improve the convenience of the service.
The Service User’s consent is considered valid for a maximum period of six (6) months. At the end of this period, the site will request again the Service User’s authorization to save “cookies” files.
ARTICLE 5 – DATA CONTROLLER AND DATA PROTECTION OFFICER
Article 5.1- The Data Controller
Personal data is collected by Capago S.A, a Company Registered at the Chamber of Commerce of Nanterre RCS B515 135 036, VAT number FR 53515 135 036 under the laws of France and having its address at : 9, Rue Raoul Dautry – 91190 GIF-SUR-YVETTE (France).
The Data Controller may be contacted as follows :
- By post to : 9, rue Raoul Dautry – 91190 GIF-SUR-YVETTE (France) ;
- By telephone, at +33 971 020 000 ;
- By email : firstname.lastname@example.org
Article 5.2 – The Data Protection Officer
The Data Protection Officer of the company may be contacted using this email address: email@example.com
ARTICLE 6 – THE SERVICE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
Service Users concerned by the processing of their personal data may avail themselves of the following rights :
- Right of access, rectification and right to erasure of data ;
- Right to data portability ;
- Right to limit and object to data processing ;
- Right not to be subject to a decision based exclusively on an automated process;
- Right to determine the fate of data after death ;
- Right to refer the matter to the competent supervisory authority .
To exercise your rights, please send a letter to Capago S.A – 9, rue Raoul Dautry, – 91190 GIF-SUR-YVETTE (FRANCE) or an e-mail to firstname.lastname@example.org.
In order for the Data Controller to process the Service User’s request, the Service User may be required to provide certain information, such as first and last names, e-mail address and account reference or file number.
Any changes do not affect services previously purchased on Capago’s website, which remain subject to the Policy in force at the time of booking and as accepted by the Service User when validating the file.
Service Users are invited to familiarize themselves with this Policy each time they use our services, without having to be formally notified.