<img height="1" width="1" src="https://www.facebook.com/tr?id=133206463822786&amp;ev=PageView &amp;noscript=1">

Privacy Policy

1. Introduction

Captio Tech S.L. (hereinafter "Captio" or the "Organisation") is an Organisation that has an easy-to-use platform, in the Cloud, for companies with employees that travel for business. It aims to offer companies better control over their expenses so as to discover new savings opportunities.

Captio establishes privacy as a fundamental pillar and recognises personal data protection as a strategic asset, for which reason it declares its determination to document, implement, maintain, inform, review and continuously improve the use and processing of personal data, as well as to achieve the necessary security levels that guarantee their protection throughout the Organisation.

1.1 Objective

The purpose of the Personal Data Protection Policy (hereinafter the "Policy") is to establish the guidelines applicable to the processing of personal data by Captio in the pursuit of its corporate object and in compliance with current legal regulations on personal data protection.

1.2 Scope

This Policy has as its scope of application all the Captio processes that involve the processing of personal data, which in turn mean the exercise of the right to habeas data (right to the protection of personal data) by their owners.

In this context, the Policy is mandatory for Captio, its personnel, contractors, as well as potential customers with whom Captio maintains communication, regardless of the contractual relationship or the type of contractual arrangement, provided they have access to personal data for which Captio has some responsibility.

In this regard, the various actors with access to information are obliged to make themselves familiar with this Policy (insofar as it may affect them) and to undertake to safeguard the security of the information and, in particular, its confidentiality, integrity, availability and privacy.

Relations with these collaborating entities must always be covered by the corresponding service provision contracts, including privacy and personal data protection clauses.

This Personal Data Protection Policy will be applicable in all phases of the life cycle of personal data: generation, processing, distribution, storage, transport, consultation and destruction; and of the systems that process it: analysis, design, development, implementation, exploitation and maintenance.

Captio will at all times take actions aimed at preserving the basic principles relating to the processing of personal data by means of which the data are:

  • Processed in a lawful, loyal and transparent manner ("legality, loyalty and transparency"), so that whenever the Owner of the personal data so requests, Captio will provide information on his/her data stored in the Captio databases;
  • Collected for specific, explicit and legitimate purposes, and not further processed in a manner incompatible with such purposes ("limitation of purpose"), i.e., Captio collects the data for a specific and legitimate purpose, and always with the prior consent of the owner of said data;
  • Appropriate, relevant and limited to the purposes for which it is processed ("data minimisation"), collecting only such data as are necessary for the purpose of the processing;
  • The data processed by Captio will be accurate and up-to-date at all times, measures being taken to ensure that inaccurate data ("accuracy") are deleted or rectified without delay;
  • Kept for no longer than necessary ("limitation of retention period"), so as to allow the identification of the interested parties for no longer than necessary for the purposes of processing the personal data;
  • Secure, guaranteeing security, including protection against unauthorised or unlawful processing, loss, destruction or accidental damage ("integrity and confidentiality");
  • Processed by the Data Controller, who is responsible for compliance and able to prove it ("proactive responsibility").

2. Legal framework

Captio is committed to ensuring compliance with current legislation on the protection of personal data and systems applicable to all business processes in those countries in which it operates, and in particular, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the "Regulation" or the "GDPR") and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD in the Spanish abbreviation).

3. Responsabilities

Ultimate responsibility for the protection of personal data in Captio lies with the Data Protection Officer who oversees compliance with the legal regulations and policies of Captio on personal data protection, advises and informs the Data Controller, Data Processor and Captio personnel on the processing of personal data, and serves as a point of contact for interested parties and the Control Authority.

Captio may hire one or more Data Processors provided they offer sufficient guarantees and apply the technical and organisational measures, so that the processing is in accordance with the Regulation and the LOPD-GDD and ensures the protection of the rights and freedoms of the interested party.

All users and personnel of Captio are responsible for the appropriateness of the use that they make of the personal data and for complying with the policy, rules and controls established by Captio.

Captio, in compliance with the basic principles of the GDPR, has structured the management of data protection as a distinct function within the organisation, with its own organisational model.

The various positions are appointed by the General Management at the request of the Data Security Committee.

We now go on to identify the data security committee and the roles within it:

  • The Data Security Committee consists of the Head of Security, the DPO, the CSO and the CEO.

4. Application of the policy

In order to apply the lines of action set forth in this policy, rules and procedures are defined, implemented and maintained in the field of personal data processing, which include:

  • The set of regulations, standards, guidelines and operating procedures that determine the appropriate way to act in the field of personal data protection.
  • The methods of control, review and adjustment to verify the correct processing of personal data.

The preparation of the rules and procedures is accompanied by formal processes of risk analysis and management, and impact evaluations on the various forms of processing of personal data.

5. Training and awareness

Captio believes that the most effective method of improving the security and protection of personal data is through the development of an effective and universal training culture for all its employees through continuous training and development, and incorporating this into the work activity.

Captio is committed to developing and executing training plans for its personnel on an ongoing basis, which will include specific courses on personal data protection and information security depending on the target audience: Management, technicians, directors, system users, etc.

Likewise, awareness and information campaigns on personal data protection aimed at all Captio personnel, suppliers and third parties will be carried out through the means considered most effective.

6. Consultations, compilants and requests

Captio makes available to its personnel, third parties or any other interested party owning personal data held in the databases and/or information systems owned by Captio, various communication channels to receive and respond to requests, complaints, queries and claims from its owners so that they can exercise their rights of access, rectification, deletion, limitation, decision on automated processing, portability, information, claim and objection to the processing of their personal data contained in databases and revoke the authorisation they have granted for their processing.

Captio undertakes to respond to all requests, complaints, queries and claims as quickly as possible and always within the deadlines set by the Regulation and the LOPD-GDD.

7. Audit

Captio, in its commitment to continuous improvement, will periodically submit its personal data processing to internal and/or external audits in order to verify the correct compliance with the Regulation and the LOPD-GDD, as well as its policy, rules and regulations, procedures, determining degrees of compliance and recommending corrective measures.

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Data processing

This data processing policy is applicable to the use of the services offered by the Captio platform solution, whether it is accessed through the web (captio.com, captio.net, captio.it, captio.fr) or through mobile devices.

Likewise, this data processing policy also describes how we process the information provided by you when you access our website, and when you provide us with personal information through the forms we make available to you.

In order to be as clear and transparent as possible, we have created different sections depending on which data we are dealing with:

  • Captio Software Platform
  • Sales-marketing information request
  • Human Resources-Candidates for vacancies
  • Registration for events.

In these sections you will find detailed information about the purposes for which we process your data, the time during which we have access to your data, whom we can share your data with, what your rights are with respect to such data, as well as additional information in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (the “European Regulation” or “GDPR”) and with the Organic Law on Data Protection in force.

Captio Tech S.L., reserves the right to modify this privacy policy and this data processing Policy at any time, and when required by law, we will notify you theses changes. In the event that we make any substantial changes we will notify you via email or via the website and the Captio software platform, before the change becomes effective.

It is recommended, in any case, that you proceed to read the privacy policy and this data processing policy procedure, each time you access our website.

1. Data controller


 Identity: Captio Tech S.L- CIF [Tax Identification Number]: B-65077414

Registered office: Edificio Torre Inbisa, Plaza Europa, nº 9-11, planta 7, 08908, L’Hospitalet de Llobregat (Barcelona).

Telephone: (+34) 900 10 19 86

Email address: dataprivacy@captio.com

 Our customers and users can send queries about personal data protection, privacy and security issues to our postal address or the email address provided above.

By accepting this privacy policy and this data processing procedure, the customer accepts and expressly consents to the collection, use and, where appropriate, the transfer of their data, in the terms indicated below.

2. Rights of the data subject

We inform you that you have the right to obtain confirmation about whether or not Captio Tech, S.L. is processing personal data concerning you. You have the right to access your personal data, as well as to request the rectification of inaccurate data, or when appropriate to request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In addition, you may request the portability of your personal data, and the restriction of their processing, in which case we will only keep them for the exercise or defence of claims. In certain circumstances and for reasons related to your particular situation, you may object to the processing of your personal data, in which case Captio Tech, S.L. will stop processing your data, except for compelling legitimate reasons, or the exercise or defence of possible claims. The above rights may be exercised by sending an email to dataprivacy@captio.com. In order to reliably prove the identity of the applicant, it may be necessary to provide an identification document (National Identity Document, passport or equivalent).

With regard to Third Party Data, the Customer, as the data controller thereof, has the responsibility of managing requests from the data subjects regarding said data, including, and especially in the case that they include the same special categories of personal data, with full indemnity for Captio Tech, S.L.

3. Data retention

Captio Software Platform

Captio Tech S.L. will keep the data for the duration of the provision of the Services. Once this service is completed, Captio will keep the data for a period of thirty (30) days. After this period, Captio will block the necessary data to retain them at the disposal of the Public Administrations, Judges and Courts, to attend to any liabilities arising from the processing, during the limitation period of these. Once this period has expired, the information will be destroyed.

Sales-Marketing Data

Regarding the contact data provided to Captio by the customer for Sales and Marketing purposes, as well as those data that have been provided to receive sales information and newsletters, Captio will retain your data upon receipt of your request until the data subject requests the cessation of the processing. This means that during this period we can use your data for the previously detailed purposes.

Human Resources-Candidates for vacancies

Captio Tech S.L., can keep your personal data for a maximum period of 1 year after receipt of your request. This means that during this period we can use your data to contact you in case we have a suitable position available for you in the future.

Events

Captio Tech S.L. will keep your personal data after receiving your registration to the event for as long as you do not request the cessation of processing. This means that during this period we can use your data for the previously detailed purposes.

 

4. Elimination of data

Captio will proceed to the safe disposal and destruction of all data stored in Captio systems or systems of third-party subcontractors, unless otherwise provided by law or unless it must retain the blocked data after the end of the Contract, only during the limitation period of the actions that motivate said data storage.

5. Links to third parties

Occasionally, and based on our criteria, we may include or offer third-party products or services on our website. These third-party sites have independent privacy policies. Therefore, we assume no responsibility for the content and activities of these linked websites. However, we seek to protect the integrity of our website and appreciate any comments regarding these sites.

6. Complaints

You may make a complaint at any time with a supervisory body regarding the collection and processing by Captio Tech S.L. of your personal data. In Spain, you can make a complaint to the Spanish Data Protection Agency.

 

7. Data that we process

7.1 Captio software platform
Categories of data we process:
  • Contact and billing data of the customer, including postal and/or email addresses, company, position in the company, telephone (customer data).
  • User’s contact information (name, surnames, corporate email address).
  • Financial information for examples of procurement of specific modules in this regard.
  • Content of digitised invoices sent to the platform.
  • Operating system.
  • Data and information from third parties, of which the customer or user is the controller, which they can upload to the software platform for the use thereof.
Purpose of the Processing

We inform you that the data indicated above will be processed by Captio and will be used for the following purposes:

  • Establish a primary communication channel with our customers and users.
  • Manage the provision of services contracted by our customers and users, including the management, administration, provision, expansion and improvement of content, experience, information and services offered.
  • Enable your secure login to the Service Platform.
  • The design of new services and/or contents
  • The sending of updates on the services we provide.

Additionally, in the event that you have requested information for these purposes, and have accepted the privacy policy, your data will be processed in order to a) send the Captio Newsletter with news on the sector, and b) periodically send you marketing communications related to Captio products and services.

Legal basis

The legal basis for the processing of the data you provided is the need to provide the Services in accordance with the General Conditions of Use and Contracting (Article 6.1 b) GDPR). Without the data provided, Captio could not provide you with the contracted software service.

 The processing of customer and user data in order to send sales communications to them is performed on the basis of their express consent. Customers and users can withdraw their consent to the processing of their data at any time by contacting dataprivacy@captio.com. Likewise, you can stop receiving newsletters and sales communications by sending an email following the instructions that we will provide to you in each communication.

Recipients

Our service providers can process all the data mentioned above at any time, as data processors for personal data, under our instructions and in accordance with the corresponding data processor contract, and for the purpose of ensuring that Captio is able to provide the Services under the agreed terms and conditions. These suppliers provide us with the ancillary services necessary for the normal operation of the services.

In this sense, the list of providers of Captio which cold lead to a transfers of personal data to third countries: (i) the “cloud computing” service through Microsoft Azure, which has data centres in Dublin, Ireland, under the Privacy Shield Framework agreement. You can check the protection and processing measures at https://privacy.microsoft.com/en-us/privacystatement; and (ii) the service of the company “Zendesk, Inc”, located in California, USA, for the provision of the user support service (help-desk). You can check the protection and processing measures at  https://www.privacyshield.gov/ or their binding corporate rules.

Captio will ensure that subcontractors and subprocessors uphold these standards and will oversee audits to ensure that data protection requirements are met, including the European Regulation.

If it is necessary to subcontract any processing which implies a transfers of personal data to third countries, Captio Tech S.L. shall communicate it previously to our customers, indicating the processing services that it intends to subcontract and clearly and unambiguously identifying the subcontractor company, the processing of personal data, and its contact information.

Online identifiers and information collected automatically

Captio Tech S.L. can automatically collect certain information from the user when the latter uses Captio Software. This information does not necessarily reveal the user’s identity directly, although it may include information that can be collected and stored in their logs, user’s browser information, browsing language, geographic location in a broad sense (i.e. country or city), and other technical information collected through cookies, pixel tags and other similar technologies that identify your web browser. For more information, you can access our cookies policy at  https://www.captio.com/cookies-policy

All these data are collected and processed by Captio Tech, S.L. for the following purposes:

  • Ensuring an adequate quality control in the provision of our services, in order to avoid errors and unwanted interruptions.
  • Research and development, since by gathering this information, we can better understand how the user uses and interacts with our services.
  • Improving the User experience.

The information detailed here can be collected directly or through third-party providers under our instructions and in accordance with the corresponding data processor contract. These third-party suppliers are located in the EU or outside the EU, in countries with adequate guarantees.

The legal basis for Captio Tech, S.L. to process the data detailed in this section is your express consent for the purposes specified above (Article 6.1 a) of the GDPR).

Captio Tech, S.L. will keep this data as long as it is necessary to comply with the previously detailed purposes and until the customer or the user requests the cessation of the processing as indicated in the section on the Rights of the Data Subject.

7.2 Sales-Marketing information

Categories of data that are processed are:

  • Identification data (name, company, company position).
  • Number of employees in the company.
  • Postal and/or email addresses
  • Specially protected data are not processed
Purpose of the Processing

We inform you that the personal data that you provide us will be processed by Captio Tech, S.L. and will be used for the purpose of processing your request for information, to provide you with the technical, operational or commercial information you require about the products and services of Captio Tech S.L., of the companies in its group, and where applicable, to inform you of any promotions that we may launch, as well as sending you information about new products or services from Captio Tech S.L., or any companies in its group. In the event that you have requested and accepted it, we will also process your information to send you the Captio Newsletter with news about the sector, as well as periodically sending you marketing communications related to the products and services of Captio Tech S.L.

Legal basis

You are responsible for the legality and veracity of the data entered on the form. The processing of your data is based on your express consent. We inform you that you can withdraw the consent you have given to the processing of your data, at any time, by contacting dataprivacy@captio.com. Likewise, you can stop receiving sales communications by email following the instructions that we will provide in each communication.

Recipients

Your data may be transferred and communicated to Certify, Inc., a company domiciled in Portland, Maine at 20 York St, ME 04101, USA, belonging to the same Group of companies of Captio Tech S.L., to the extent necessary for the purposes described above. This is a company that has adhered to the framework principles of the EU-US privacy shields (https://www.privacyshield.gov/welcome).

Data for commercial purposes may be communicated to our partners for commercial management, enhancing the products and services we offer and allowing us better to understand your business interests.

 

Captio Tech S.L., in any case, takes the appropriate measures to maintain security, both during transit and at the place of reception, and as a group complies with the applicable regulations on data protection, including the European Regulation.

Finally, our service providers may also process your data at some point, as personal data processors, under our instructions and in accordance with the corresponding data processor contract, and for the purpose of executing the purposes detailed above.

7.3 Human rsources-Candidates for vacancies
Categories of data that are processed are:
  • Identification data (name, surnames, National Identity Document).
  • Postal and/or email addresses
  • Academic and employment history
  • Specially protected data are not processed
Purpose of the Processing

We inform you that the personal data that you provide us will be processed by Captio Tech, S.L., and will be used for the purpose of processing your application for employment, for the provision of services of Captio Tech S.L. to you as a candidate, and probably to determine whether you would be a suitable candidate for other positions available at Captio Tech S.L.,.

Legal basis and origin of the data

The processing of your data is based on your express consent. We inform you that you can review or deactivate your candidate profile, as well as withdraw the consent given to the processing of your data, at any time, by contacting dataprivacy@captio.com.

As a general rule, personal data is always collected directly from the data subject, however, in certain exceptions, the data can be collected through third parties, entities or services different from the data subject. If this occurs, the data subject will be informed within a reasonable time once the data have been obtained, and at the latest within a month.

7.4 Events
Categories of data that are processed are:
  • Identification data (name, last name, company).
  • Postal and/or email addresses.
  • Photographs and images taken during your participation in the event.
  • Specially protected data are not processed
Purpose of the Processing

We inform you that the personal data that you provide us through the registration form will be processed by Captio Tech, S.L., and will be used for the purpose of (i) managing and organising the event you are registering for (ii) register the participants, (iii) publish photographs and images of the participants at the event, taken at the event itself, in the media, on our Website and/or Social Networks, (iv) where applicable, bill the participation at the event, and in general, (v) those purposes related to the management and organisation of a corporate event.

In the event that you have requested and accepted it, we will also process your information to send you the Newsletter of Captio Tech S.L., with news about the sector, as well as to send you periodic marketing communications regarding Captio products and services.

Legal basis

You are responsible for the legality and veracity of the data entered on the form. The processing of your data is based on your express consent. We inform you that you can withdraw the consent given to the processing of your data, at any time, by contacting dataprivacy@captio.com. Likewise, you can stop receiving sales communications by email following the instructions that we will provide in each communication.

Recipients

You authorise that your data, including photographs and images of you taken during your participation in the event, may be transferred to the media and/or social networks, as well as being able to be disseminated on our websites.

You also authorise that your data may be transferred to the sponsors of the event or partners that have organised the event to which you have registered to carry out the processing of your personal data for the same purposes described above.

This authorisation to use the recorded content and my image is made under the provisions of Organic Law 1/1982, of 5 May, on Civil Protection of the Right to Honour, Personal and Family Privacy and One’s Image.

Captio Tech, S.L. takes, in any case, the appropriate measures to maintain security, both during transit and at the place of reception and informs that it complies with the applicable regulations on data protection, including the European Regulation.

Finally, our service providers may also process your data at some point, as personal data processors, under our instructions and in accordance with the corresponding data processor contract, and for the purposes of Captio Tech S.L. being able to execute the purposes detailed above.

Last modification: 30/05/2019