AGICAP Privacy Policy

Last updated on 26 June 2024

The personal data that directly (full name, postal address, email address, telephone number, etc.) or indirectly identifies any person browsing the Website (as defined below) and/or accessing the services offered on the Website and/or Application (hereinafter the “Personal Data”) are considered confidential and must be handled as such.

Furthermore, under current legislation regarding the processing and protection of Personal Data, specifically the amended French Data Protection Act no. 78-17 of 6 January 1978 and the General Data Protection Regulation of 27 April 2016 (hereinafter the “GDPR”), AGICAP and its subsidiaries (hereinafter “AGICAP”, “we” or “us”) will maintain the confidentiality, integrity and security of your Personal Data.

1. What is the purpose of this Privacy Policy?

The purpose of this privacy policy (hereinafter the “Privacy Policy”) is to inform you about:

how we collect and process your Personal Data when you (“you”, “Visitor”, “Customer”, “Prospect” (together referred to as “Users”) enter into a relationship with AGICAP, by whatever means and in particular as a:
- “Visitor” when you are browsing our Website https://agicap.com/en/ (hereinafter the “Website”) or our application app.agicap.com (hereinafter the “Application”) as a simple Internet user, a Prospect or a Customer as defined below.
- “Prospect” when you browse the Site because you are interested in AGICAP’s services and/or you leave us your contact details to be called back as part of a request for a demonstration or free trial of our Application and/or our partnership program.
- ”Customer” when you use the Application on the basis of a subscription contract under which we provide Saas services via the Application (hereinafter the “Services”).
The measures taken to protect the confidentiality and security of your Personal Data.
The rights you have regarding that processing.

We would like to draw your attention to the fact that we may modify this Privacy Policy at any time in order to ensure transparency about the processing of your Personal Data. We encourage you to regularly check the Privacy Policy.

2. Who is the data controller for your Personal Data?

The controller who collects and manages your Personal Data on the Website and Application is AGICAP, an SAS (simplified joint stock company) with equity of €22.463,70, having its registered office at 57-59 Rue de St Cyr, 69009 Lyon, France, and entered in the Lyon company and trade register under number 823 248 703.

This means that AGICAP is your dedicated point of contact for any questions about your Personal Data’s protection within the Website and Application.

3. When do we collect your Personal Data?

You agree that AGICAP can collect and process your Personal Data in the following situations:

When you are browsing the Website or our Application: We have set up some audience measurement tools in order to better understand and interact with Users. Those tools may also collect some Personal Data about you.
When you contact us for any reason (chat, call, etc.): In this situation, some Personal Data may be requested from you so we can respond.
When you subscribe to an AGICAP service: You will also be asked to provide your Personal Data so that service can be properly provided. For instance, your Personal Data will be required so that you can log into your AGICAP account or lodge a technical support request.

4. Which Personal Data do we collect?

When you browse the Site and/or the Application and use the various Services, we may collect and process the Personal Data categories listed below. You undertake to provide up-to-date and valid Personal Identification Data as part of the information requested on the Site and/or the Application, and guarantee that you will not make any false statements or provide any erroneous information:

Identification information, including civil status, surname and first name, gender, date and place of birth, copy of an identity document if necessary for the management of RGPD requests.
Contact data, including e-mail, telephone number and postal/professional address as appropriate.
Data relating to your professional situation, including information on the position held.
Information required to manage payment for subscription to AGICAP Services and comply with related legal obligations, including bank details (BIN/IBAN);
Satisfaction data, including Customer feedback.
Browsing data, including IP address, geolocation, Mac address, logs, time stamps, cookies, tracers.
Personal data you may decide to include in the free text fields you fill in, or within the documents you send us. We only collect and process this data to the extent necessary to process your request. You should not include third parties’ personal data without their prior consent.

When you fill in a form on the Site, the information required is indicated by an asterisk. This information is necessary for us to process your request and identify you. If you choose not to provide it, we will not be able to process your request.

5. What are the purposes and the legal basis?

AGICAP may process your Personal Data for the purposes described below.

Purposes	Data concerned	Legal basis	Duration of retention
Sales prospecting , including prospect acquisition, communication and exchanges with prospects	Identification, professional and contact data of prospects	AGICAP's legitimate interests in developing and managing its portfolio of prospects and in contacting professionals whose activity is related to prospecting. Consent to respond to requests sent via the site's contact forms	3 years from last contact
Receiving and managing customer payments	Information needed for payment management and compliance with related legal obligations	Contractual performance	Until receipt of the last payment and for the time necessary to comply with the related legal obligations
Improving Services and the customer experience, in particular by personalizing the experience and analyzing the use of functionalities and customer feedback	Satisfaction data and browsing data	AGICAP's legitimate interests in improving the functionality of its solution and satisfying customers User consent regarding customer feedback	25 months for data from cookies and trackers The time needed to carry out satisfaction analyses
Improving company performance	Satisfaction data	AGICAP's legitimate interests in growing and improving its performance	The time needed to carry out satisfaction analyses
Security of AGICAP Services, in particular by analyzing logs and blocking abnormal requests	browsing data	AGICAP's legitimate interests in ensuring product security and detecting abnormal usage behaviour Contractual performance to inform the customer of abnormal behavior	6 months
Customer support and assistance (incident management)	Identification data, contact data and data included in free text boxes	Contractual performance	5 years from the resolution of the incident
Contractual and dispute management, in particular by sending out contracts and quotations and managing customer complaints	Identification, contact, satisfaction and data included in free text boxes	Execution of pre-contractual and contractual measures AGICAP's legitimate interest in managing pre-litigation and commercial disputes.	5 years from the end of the contractual relationship
Respond to requests to exercise the rights of customers, prospects and applicants	Identification and contact data	Compliance with a legal obligation (GDPR and Data Protection Act)	5 years from the closing of the request
Corporate financial management	Information needed for payment management and compliance with related legal obligations	AGICAP's legitimate interests in optimizing and managing the company's finances	Time needed to manage

For all other Personal Data that we collect by any other means, the form on which you enter that Personal Data will explain the applicable rules if they differ from the rules presented in this Privacy Policy.

Processing including artificial intelligence tools: Agicap may be required to use features using OpenAI's API in the context of the provision of its services via the Application. In this context, Agicap is committed to ensuring that its customers' data is not used to create, train or improve a machine learning model or a generalized artificial intelligence tool.

6. What are the retention periods for your Personal Data?

Personal data is kept in an active database on a case-by-case basis for as long as is necessary for the purposes for which it was collected and processed, or for as long as required by law or regulations.

In the context of AGICAP's activities and for the purposes identified above, your Personal Data may be transmitted to its internal and external recipients.

Your personal data collected may be shared with authorized persons within AGICAP who need access to it in the course of their duties, but also with external recipients listed below.

a. Internal recipients

Your personal data may be shared with authorized persons within AGICAP who require access in the course of their duties.

b. External recipients: Processors

In the course of its business and for the provision of its Services, AGICAP may share your Personal Data with third-party service providers (hereinafter "Processors" within the meaning of Article 4.8 of the RGPD) that it uses. In such a case, AGICAP undertakes to ensure that:

Each Processor is contractually bound to respect the same obligations as ours with regard to the protection of Personal Data.
Presents sufficient guarantees as to the implementation of appropriate technical and organizational measures, so that processing meets the requirements of legislation on the protection of Personal Data and in particular the RGPD.
In the event of transfer of Personal Data outside the European Union, the Processors contractually ensures their security and confidentiality.

Thus, AGICAP may share your Personal Data with subcontractors who intervene for the realization of the identified purposes. These may include:

Services, accounting and expense management online payment providers.
Suppliers of communication tools, database enrichment, CRM, Customer returns, internal logistics and electronic signatures.
Suppliers of tools for creating and distributing different advertising formats.
Debt collection service providers.
Providers specializing in the development of artificial intelligence tools.
Service providers responsible for administrative management and human resources.
Travel management service providers for companies.

c. External recipients: third-party data controllers

In the course of its business, AGICAP may also share data with third-party partners. These may include law firms, accountants, or tax authorities.

d. Special cases

We may also share your Personal Data in the following situations:

When a law, regulation, current regulatory provision or court order requires or allows it, or if that disclosure is necessary as a part of an investigation or legal proceedings, either in France or abroad.
In the event of an audit performed as part of an investment and/or in the event of an AGICAP entity or assets being transferred to any potential buyer.
When we send non-personal data to third parties, such as aggregated statistics generated from Personal Data.

8. Where do we store your Personal Data?

All of the collected Personal Data are hosted in Belgium by Google Cloud Platform, an international company with a reputation for security and reliability. Google Cloud Platform holds numerous security certifications, and that list can be publicly accessed on their website.

9. Do we transfer your Personal Data outside the European Union?

In the context and for the purposes of the processing described in this Privacy Policy, AGICAP and/or its Subcontractors may transfer Personal Data outside the European Union, in particular to the United States. When doing so, AGICAP shall ensure that failing an adequacy decision, transfer is covered by contractual transfer clauses based on the model established by the European Commission, and/or any other appropriate guarantee in accordance with GDPR requirements. Recipients are required to respect the confidentiality of the Personal Data communicated to them and must only use this data on AGICAP’s instructions.

In any event, AGICAP’s DPO is available to answer any questions that Data Subjects may have and inform them of its obligations in the event of Personal Data transfer, including the countries to which the data is transferred, and the appropriate guarantees implemented.

10. What security measures do we have to protect your Personal Data?

In order to ensure the security of the Personal Data you transmit to us, we have implemented appropriate technical and organizational measures to:

Prevent unauthorized access, use, modification, destruction, loss, damage or disclosure.
To ensure the security and confidentiality of the Personal Data collected by preventing them from being distorted, damaged or communicated to unauthorized third parties.

In particular, the security of your Personal Data is ensured by:

A strict access control policy.
The use of the TLS protocol to ensure the security of Personal Data in transit.
The encryption of the Personal Data present via proven algorithms.
An annual security audit of our services by an independent company.
To reinforce this approach of protection of your Personal Data, it is strongly recommended that you use a password that is long enough and includes several characters, which you are invited to change regularly and keep confidential.

11. What rights do you have regarding the processing of your Personal Data?

In accordance with the GDPR, you have the following rights:

Right of access : In accordance with Article 15 of the GDPR, you have the right to ask AGICAP for: (i) your Personal Data in an accessible format; (ii) confirmation that your Personal Data are or are not being processed; (iii) information about the processing purpose, categories of Personal Data processed and who your Personal Data is communicated to; and (iv) the storage period of your Personal Data or the criteria used to determine that period.
Right to data portability: In accordance with Article 20 of the GDPR, you have the right to request a copy of your Personal Data from us in a format that is structured, commonly used and machine readable so you can provide them to another data controller.
Right to rectification: In accordance with Article 16 of the GDPR, you have the right to ask us to modify, add to and update your Personal Data if they are found to be incorrect, incomplete, ambiguous, or out of date.
Right to erasure (right to be forgotten): In accordance with Article 17 of the GDPR, you have the right to ask us to permanently erase your Personal Data as soon as practicable, including when you consider that they are no longer necessary in terms of the purpose for which they were collected or that we are no longer justified in processing them.
Right to restrict processing: You have the right to ask us to restrict the processing of all or part of your Personal Data only in the situations described in Article 18 of the GDPR, being:
- Checking the accuracy of the Personal Data that you dispute.
- Helping you confirm, exercise or defend your legal rights, even when AGICAP no longer needs your Personal Data.
- Checking if AGICAP’s legitimate interests prevail over yours, in the event that you object to your Personal Data being processed on the basis of AGICAP’s legitimate interest.
- Complying with your request to restrict the use of your Personal Data rather than erasing them, when the processing of that data has proven to be unlawful.
Right to object: In accordance with Article 21 of the GDPR, you have the right at any time to object to processing operations whose legal basis is legitimate interest, for reasons relating to the particular situation of the Data Subject, who shall provide same.
Post-mortem rights: In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, you have the right to set out special directives for the storage, erasure and communication of your Personal Data, should you die. Those special directives will only concern the processing implemented by AGICAP and are limited to that sole scope.

12. What can you do if your Personal Data is breached?

If there is a breach of your Personal Data likely to result in a risk to your rights and freedoms, AGICAP and/or our Processors will notify CNIL (the French National Commission for Information Technology and Civil Liberties) as soon as possible and preferably within seventy-two (72) hours of becoming aware of the breach. You will also be informed as soon as possible of any Personal Data breach likely to result in greater risk to your rights and freedoms, so you can take all necessary measures, in accordance with the provisions of Article 34 of the GDPR.

Without prejudice to any other administrative or legal recourse, if you believe that the processing of your Personal Data constitutes a breach of current legislation, you can lodge a complaint with the relevant supervisory body such as CNIL via its website at cnil.fr or by post to the following address: CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France. You can exercise this right at any time and at no cost to you, except for any costs arising from postage or your choice to engage a third party to assist and represent you in the process.

Do you have questions about your Personal Data processing or want to exercise your rights?

Please contact AGICAP by emailing our Data Protection Officer at [email protected] and/or posting a letter to AGICAP, 57 Rue de St Cyr, 69009 Lyon, France, or by completing the contact form on our Website or Application.

In your email please state:

Your full name and email address
The subject of your request, and if it involves exercising a right:
- The type of right you want to exercise and the reasons justifying it, and
- Where appropriate, your request to exercise that right
- AGICAP may check your identity before actioning your request.

We will provide you with information about the actions taken as soon as possible, and in any case within one (1) month of receiving your request. This timeframe may be extended to two (2) months for more complex requests. If we cannot action your request, we will tell you why and inform you of your ability to lodge a complaint with a supervisory body or pursue legal recourse.

There is no cost to exercise these rights. However, in the event of blatantly unfounded or excessive requests, AGICAP reserves the right to (i) require payment of expenses taking into account administrative costs, and (ii) refuse to process those requests.

COOKIES POLICY

1.What are Cookies ?

When viewing the Website, technical data may be recorded. This includes:

Accessing and using the Website (your Internet Protocol address)
Configuration (terminal and browser type, etc.)
Your browsing (date and time, pages viewed, errors encountered, etc.)

This information may be stored through your browser software in short text files called ‘cookies (hereinafter Cookies), depending on your settings, on disk space reserved for AGICAP and/or our partners processing those technical data in a completely anonymous manner, as they are not attached to any information enabling your identification and are not provided to third parties.

These Cookies may be Personal Data

2. Which Cookies do we collect and why?

Some Cookies are stored for essentially technical reasons, however others can be used for audience measurement purposes for the various Website pages and content, and to help us better understand your preferences and better meet your needs and expectations.

To help you better understand the types of Cookies and their purposes and storage periods, we have created the table below.

Download our Cookie Index

3. How can you choose your Cookies settings ?

In accordance with the specifically applicable regulations, Cookies that are not solely for technical purposes will never be saved without your consent. Your consent is requested via a banner that appears during your first visit to the Website and informs you of those cookies and their purpose.

You can configure, modify and/or deactivate your Cookie choices at any time by using our Cookie management tool available on our Website (bottom left of your screen) and delete Cookies using your browser’s settings as described in Article 3 below.

If you agree to your browser software storing Cookies on your terminal, the Cookies for the pages and content you have viewed may be temporarily stored in a dedicated space on your terminal. They can only be read by their issuer.

Your consent to Cookies remains valid for six (6) months. After that, we need to ask for your consent again.

However, please be aware that configuring your settings and blocking or deleting Cookies may affect some functionalities that are required for browsing certain parts of the Website and will therefore affect how you access our services. This may occur if AGICAP or our service providers cannot, in terms of technical compatibility, recognise the type of browser your terminal is using, its language or display settings, or the country in which the terminal in question is connecting to the internet.

AGICAP accepts no liability if the systematic deactivation of Cookies by your browser prevents you from using certain services and functionalities supplied by AGICAP, and this issue will in no way constitute any damage giving rise to any right to compensation.

4. How can you configure your choices on the browser you are using ?

Each browser has a different method for configuring your Cookies settings. You can block Cookies by configuring your browser as described below:

- Internet Explorer:

Go to Tools > Internet Options.
Click on the privacy tab and, under Settings, select Advanced.
Select ‘authorise’, ‘block’ or ‘prompt’ to configure how internal and third party Cookies are handled.

- Firefox:

At the top of the Firefox window, click on the shield on the left of the address bar. Configure the protection setting.
Select the tracking protection you want.

- For Chrome:

Click on the three dots to the right of the address bar.
Select "Settings".
Click on "Privacy and Security".
Click on "Cookies and other site data".
In the “General Settings” section, you can block third-party cookies and data.

- Safari:

Go to Settings, then Preferences.
Click on the Privacy tab.
In the ‘Block cookies’ section, tick the ‘Always’ box.

- Opera:

Go to Settings, then Preferences.
Click on the advanced tab and select ‘Privacy & Security’. o In the cookies section, tick ‘Never accept cookies’.