AGICAP Privacy Policy

Last updated on 8 August 2022

The personal data that directly (full name, postal address, email address, telephone number, etc.) or indirectly identifies any person browsing the Website (as defined below) and/or accessing the services offered on the Website and/or Application (hereinafter the Personal Data) are considered confidential and must be handled as such.

Furthermore, under current legislation regarding the processing and protection of Personal Data, specifically the amended French Data Protection Act no. 78-17 of 6 January 1978 and the General Data Protection Regulation of 27 April 2016 (hereinafter the GDPR), AGICAP and its subsidiaries (hereinafter AGICAP, we or us) will maintain the confidentiality, integrity and security of your Personal Data.

1. What is the purpose of this Privacy Policy?

The purpose of this privacy policy (hereinafter the Privacy Policy) is to inform you about:

How we collect and process your Personal Data when you (hereinafter you, Visitor, Customer or Prospective Customer)

enter into a relationship with AGICAP in whatsoever way, including as a:

«Visitor: when you are browsing our Website www.agicap.com/fr/ (hereinafter the Website) or our application

app.agicap.com (hereinafter the Application or App) as an internet user, Prospective Customer or Customer as defined below.

Prospective Customer: when you are browsing the Website due to an interest in AGICAP’s services.
Customer: when you are using the Application after signing a subscription agreement for AGICAP’s services.
The measures taken to protect the confidentiality and security of your Personal Data.
Why your Personal Data is being processed.
The rights you have regarding that processing.

We would like to draw your attention to the fact that we may modify this Privacy Policy at any time in order to ensure transparency about the processing of your Personal Data. You will be notified by email of any changes. We also encourage you to regularly check the Privacy Policy.

2. Who is the data controller for your Personal Data ?

The controller who collects and manages your Personal Data on the Website and Application is AGICAP, an SAS (simplified joint stock company) with equity of €22,377.00, having its registered office at 57 Rue de St Cyr, 69009 Lyon, France,, and entered in the Lyon company and trade register under number 823 248 703.

This means that AGICAP is your dedicated point of contact for any questions about your Personal Data’s protection within the Website and Application.

3. When do we collect your Personal Data ?

You agree that AGICAP can collect and process your Personal Data in the following situations:

When you are browsing the Website: We have set up some audience measurement tools in order to better understand and interact with Users. Those tools may also collect some Personal Data about you.
When you contact us for any reason (chat, call, etc.): In this situation, some Personal Data may be requested from you so we can respond.
When you subscribe to an AGICAP service: You will also be asked to provide your Personal Data so that service can be properly provided. For instance, your Personal Data will be required so that you can log into your AGICAP account or lodge a technical support request.

4. Which Personal Data do we collect and for what purposes ?

While you are browsing the Website and/or App, and using our various services, you agree that we can collect your Personal Data under the conditions relating to the nature of that use, which is detailed in the table below. You agree to provide up-to-date and valid identifying Personal Data as part of the information required on the Website and/or App, and vouch that you will not make any false declarations or provide any incorrect information.

Data Subject	Personal Data collected	Purpose of the collection	Legal basis of the collection	Personal Data storage period
Website Visitor	Technical information about your terminal (IP address and terminal type) and browser (browser version), which is automatically detected and collected by the Website host:Google Cloud Platform.	For you to access the Website and for the Website to display correctly on your terminal (computer, smartphone, tablet, etc.).	AGICAP’s legitimate interest to offer a functional website that adapts to the different types of terminals and browsers available on the market (Article 6.1.f of the GDPR). AGICAP legitimate interest to offer a Website customised to your choices, improve the User experience and better understand our Website’s audience (Article 6.1.f of the GDPR).	12 months from the date of each Website access
Website Visitor	Information about your browsing (pages visited, content viewed, duration of browsing, language choice, etc.) collected via Cookies (personalization, performance/analytics and functionality).	To obtain individualized statistics about your browsing of our Website (audience measurement) and improve the User experience	Your consent, for cookies whose purpose is not purely technical, which is requested via a banner that appears during your first visit to the Website and informs you of those cookies and their purpose (Article 6.1.a of the GDPR).	13 months from the date the cookies are saved.
Website Visitor	Your full name, email address and message content when you contact AGICAP with any requests	To receive and process the messages you send by email or the instant chat box on the Website. Canvassing;: Sending newsletters and email campaigns, and managing webinars.	Your consent, expressed by sending your message via your choice of communication means (Article 6.1.a of the GDPR).	Until the request has been fully processed and closed (if it requires a response from AGICAP or additional discussions)
Website Visitor	Your full name, email address and message content, when that message has content that justifies its storage as proof.	To protect and defend AGICAP and its employees’ rights and interests in a court of law, such as in relation to an abusive or defamatory message sent by email	AGICAP and our employees’ legitimate interest to protect and defend our rights, including for legal proceedings (Article 6.1.f of the GDPR).	Applicable criminal and civil prescriptive period (if several lawsuits are planned: the longest period applicable to any of those lawsuits).
Prospective Customer	Your full name, photo and work email address.	To create Prospective Customer files update Prospective Customers’ contact details, define our Prospective customers' needs and issue quotes	AGICAP legitimate interest to expand its Prospective Customer portfolio (Article 6.1 of the GDPR).	3 years from the last contact
Prospective Customer	Your personal telephone number	To manage communication tools, Managing and maintaining mobile and fixed line telephone assets. Targeted advertising Creating advertisements on various media, and audience-sharing with third parties. Targeted advertising : Creating advertisements on various media, and audience-sharing with third parties.	AGICAP’s legitimate interest to manage its Prospective Customer portfolio (Article 6.1 of the GDPR).	3 years from last contact
Prospective Customer	Your full name, photo and personal and/or work email address, and your personal and/or work telephone number.	To manage commercial relationship;: Managing Customer relations, offering new Services, and providing technical support. Managing GDPR-related requests : Managing your requests regarding your rights as set out in Article 8.	AGICAP’s legitimate interest while performing a contract to which the Data Subject is a party and performing steps at that party’s request prior to entering into a contract (Article 6.1.b of the GDPR).	5 years from the date the commercial relationship ends
Customer	Personal bank details, bank slip, invoices and bank transactions	Managing online sales Receiving online payment confirmations, creating online accounts, and managing online subscriptions.	AGICAP’s legitimate interest while performing a contract to which the Data Subject is a party and performing steps at that party’s request prior to entering into a contract (Article 6.1.b of the GDPR).)	- 5 years rom the end of the contractual relationship for subscriptions - 10 years from the end of the financial year for payments.
Customer	Personal bank details, bank slip, invoices and bank transactions	To manage cashflow: Invoicing, payments and cashing.,	AGICAP’s legitimate interest to perform our legal and regulatory obligations (Article 6.1 of the GDPR).	10 years from the end of the financial year.
Customer	Your feedback about our services, provided via any means (telephone, email, chat, etc.) during your commercial relationship.	To design the application development, Customer interactions (Customer feedback), quantitative studies and questionnaires, and processing of Personal Data relating to use of the App via analytics tools. analytics.	AGICAP’s legitimate interest to perform our legal and regulatory obligations (Article 6.1 of the GDPR).	5 years from the end of the contractual relationship for Customers’ Personal Data.

For all other Personal Data that we collect by any other means, the form on which you enter that Personal Data will explain the applicable rules if they differ from the rules presented in this Privacy Policy.

Remember that you can configure, modify and/or deactivate your Cookie choices at any time by using our Cookie management tool available on our Website (bottom left of your screen) and delete Cookies using your browser’s settings.

A. Subcontractors

As part of operating our business and supplying services, AGICAP may share your Personal Data with third party service providers (hereinafter the Subcontractors as defined in Article 4.8 of the GDPR) we may engage. In that situation, AGICAP will ensure that:

The Subcontractor is contractually bound to comply with the same obligations as ours in terms of Personal Data protection.
The Subcontractor has sufficient guarantees regarding the implementation of suitable technical and organisation measures to ensure that the processing meets the requirements of legislation in terms of Personal Data protection, including the GDPR.
In the event of Personal Data being transferred outside the European Union, the Subcontractor will contractually ensure their

security and confidentiality.

The Subcontractor categories with which we work include:

Online payment providers for the Services
Analysis and performance providers
Personal Data storage and hosting providers
Bank account aggregators
Suppliers of communication, CRM, Customer feedback, internal logistics and electronic signature tools
Suppliers of design, improvement and development tools for the App
Suppliers of Personal Data processing tools
Law firms, consultants, accountancy firms, legal representatives and officers of the court or legal system as part of their dispute management and debt recovery roles.

B. Special cases

We may also share your Personal Data in the following situations:

When a law, regulation, current regulatory provision or court order requires or allows it, or if that disclosure is necessary as a part of an investigation or legal proceedings, either in France or abroad.
In the event of an audit performed as part of an investment and/or in the event of an AGICAP entity or assets being transferred to any potential buyer.
When we send non-personal data to third parties, such as aggregated statistics generated from Personal Data.

6. Where do we store your Personal Data ?

All of the collected Personal Data are hosted in Belgium by Google Cloud Platform, an international company with a reputation for security and reliability. Google Cloud Platform holds numerous security certifications and that list can be publicly accessed on their website.

7. Do we transfer your Personal Data outside the European Union ?

If we do need to transfer your Personal Data outside the European Union, for example if one of our Subcontractors is not located in the European Union, AGICAP will ensure the security and confidentiality of that Personal Data is maintained. This may involve the signature, on a case by case basis, of:

Data protection agreements set up between the European Union and the destination country.
Standard contractual clauses published by the European Commission or a supervisory authority in accordance with Article 46 of the GDPR.
Personal Data subcontracting contracts in accordance with Article 28 of the GDPR.

If a data transfer is being considered to a country not recognized by the European Commission as offering an adequate level of protection, AGICAP will notify you of this.

8. What security measures do we have to protect your Personal Data ?

In order to ensure the security of the Personal Data you transmit to us, we have implemented appropriate technical and organizational measures to:

Prevent unauthorized access, use, modification, destruction, loss, damage or disclosure;
To ensure the security and confidentiality of the Personal Data collected by preventing them from being distorted, damaged or communicated to unauthorized third parties;

In particular, the security of your Personal Data is ensured by:

A strict access control policy;
The use of the TLS protocol to ensure the security of Personal Data in transit;
The encryption of the Personal Data present via proven algorithms;
An annual security audit of our services by an independent company.

To reinforce this approach of protection of your Personal Data, it is strongly recommended that you use a password that is long enough and includes several characters, which you are invited to change regularly and keep confidential.

9. What rights do you have regarding the processing of your Personal Data ?

In accordance with the GDPR, you have the following rights:

Right of access: In accordance with Article 15 of the GDPR, you have the right to ask AGICAP for: (i) your Personal Data in an accessible format; (ii) confirmation that your Personal Data are or are not being processed; (iii) information about the processing purpose, categories of Personal Data processed and who your Personal Data is communicated to; and (iv) the storage period of your Personal Data or the criteria used to determine that period.
Right to data portability: In accordance with Article 20 of the GDPR, you have the right to request a copy of your Personal Data from us in a format that is structured, commonly used and machine readable so you can provide them to another data controller.
Right to rectification: In accordance with Article 16 of the GDPR, you have the right to ask us to modify, add to and update your Personal Data if they are found to be incorrect, incomplete, ambiguous or out of date.
Right to erasure (right to be forgotten): In accordance with Article 17 of the GDPR, you have the right to ask us to permanently erase your Personal Data as soon as practicable, including when you consider that they are no longer necessary in terms of the purpose for which they were collected or that we are no longer justified in processing them.
Right to restrict processing: You have the right to ask us to restrict the processing of all or part of your Personal Data only in the situations described in Article 18 of the GDPR, being:
- Checking the accuracy of the Personal Data that you dispute.
- Helping you confirm, exercise or defend your legal rights, even when AGICAP no longer needs your Personal Data.
- Checking if AGICAP’s legitimate interests prevail over yours, in the event that you object to your Personal Data being processed on the basis of AGICAP’s legitimate interest.
- Complying with your request to restrict the use of your Personal Data rather than erasing them, when the processing of that data has proven to be unlawful.
Right to object: In accordance with Article 21 of the GDPR, you have the right to object at any time, for reasons relating to your situation, to the processing of your Personal Data for canvassing purposes or a purpose based on legitimate interests. If we cannot demonstrate a legitimate, pressing interest for that processing, we will only continue to process the Personal Data not covered by your request.
Post-mortem rights: In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, you have the right to set out special directives for the storage, erasure and communication of your Personal Data, should you die. Those special directives will only concern the processing implemented by AGICAP and are limited to that sole scope.

10. What can you do if your Personal Data is breached ?

If there is a breach of your Personal Data likely to result in a risk to your rights and freedoms, AGICAP and/or our Subcontractors will notify CNIL (the French National Commission for Information Technology and Civil Liberties) as soon as possible and preferably within seventy-two (72) hours of becoming aware of the breach. You will also be informed as soon as possible of any Personal Data breach likely to result in greater risk to your rights and freedoms, so you can take all necessary measures, in accordance with the provisions of Article 34 of the GDPR.

Without prejudice to any other administrative or legal recourse, if you believe that the processing of your Personal Data constitutes a breach of current legislation, you can lodge a complaint with the relevant supervisory body such as CNIL via its website at cnil.fr or by post to the following address: CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France. You can exercise this right at any time and at no cost to you, except for any costs arising from postage or your choice to engage a third party to assist and represent you in the process.

Do you have questions about your Personal Data processing or want to exercise your rights ?

Please contact AGICAP by emailing our Data Protection Officer at dpo@agicap.com and/or posting a letter to AGICAP, 57 Rue de St Cyr, 69009 Lyon, France, or by completing the contact form on our Website or Application.

In your email please state:

Your full name and email address
The subject of your request, and if it involves exercising a right:
The type of right you want to exercise and the reasons justifying it, and
Where appropriate, your request to exercise that right
AGICAP may check your identity before actioning your request.

We will provide you with information about the actions taken as soon as possible, and in any case within one (1) month of receiving your request. This timeframe may be extended to two (2) months for more complex requests. If we cannot action your request, we will tell you why and inform you of your ability to lodge a complaint with a supervisory body or pursue legal recourse.

There is no cost to exercise these rights. However, in the event of blatantly unfounded or excessive requests, AGICAP reserves the right to (i) require payment of expenses taking into account administrative costs, and (ii) refuse to process those requests.

11. COOKIES POLICY ?

1.What are Cookies ?

When viewing the Website, technical data may be recorded. This includes:

Accessing and using the Website (your Internet Protocol address)
Configuration (terminal and browser type, etc.)
Your browsing (date and time, pages viewed, errors encountered, etc.)

This information may be stored through your browser software in short text files called ‘cookies (hereinafter Cookies), depending on your settings, on disk space reserved for AGICAP and/or our partners processing those technical data in a completely anonymous manner, as they are not attached to any information enabling your identification and are not provided to third parties.

These Cookies may be Personal Data

2. Which Cookies do we collect and why?

Some Cookies are stored for essentially technical reasons, however others can be used for audience measurement purposes for the various Website pages and content, and to help us better understand your preferences and better meet your needs and expectations.

To help you better understand the types of Cookies and their purposes and storage periods, we have created the table below.

Type of cookie	Purpose	Storage period
Strictly necessary	These Cookies are essential for you to navigate our Website and use its functionalities..The information collected by these Cookies is tied to our Website’s operation, such as its script language and the security tokens used to secure the different parts of our Website.	8h
Performance and analytics	These cookies collect anonymous information about how you use our Website,such as the pages you visit most often, if you receive any error message and how you arrived on our Website. The information collected by these Cookies is used solely forthe purpose of improving your use of our Website, and never to identify you. Sometimes, these Cookies may be installed by third party web traffic analytics providers like Google Analytics.	13 months
Functionality	These cookies remember the choices you make like the country from which you are visiting our Website, your language and any changes you make to text size or other parts of the web pages that you can personalize, in order to improve your experience on our Website and make your visits more personal and pleasant. The information collected by these Cookies can be anonymized and cannot be used to track your activities on other websites.	13 months
Personalization	These Cookies allow you to access the Website using general settings, either predefined on your device or specifically defined by you. For example, this could include your language, the browser you use to visit the Website, your choice of currency and your preferred content display mode.	13 months

3. How can you choose your Cookies settings ?

In accordance with the specifically applicable regulations, Cookies that are not solely for technical purposes will never be saved without your consent. Your consent is requested via a banner that appears during your first visit to the Website and informs you of those cookies and their purpose.

You can configure, modify and/or deactivate your Cookie choices at any time by using our Cookie management tool available on our Website (bottom left of your screen) and delete Cookies using your browser’s settings as described in Article 3 below.

If you agree to your browser software storing Cookies on your terminal, the Cookies for the pages and content you have viewed may be temporarily stored in a dedicated space on your terminal. They can only be read by their issuer.

Your consent to Cookies remains valid for six (6) months. After that, we need to ask for your consent again.

However, please be aware that configuring your settings and blocking or deleting Cookies may affect some functionalities that are required for browsing certain parts of the Website and will therefore affect how you access our services. This may occur if AGICAP or our service providers cannot, in terms of technical compatibility, recognise the type of browser your terminal is using, its language or display settings, or the country in which the terminal in question is connecting to the internet.

AGICAP accepts no liability if the systematic deactivation of Cookies by your browser prevents you from using certain services and functionalities supplied by AGICAP, and this issue will in no way constitute any damage giving rise to any right to compensation.

4. How can you configure your choices on the browser you are using ?

Each browser has a different method for configuring your Cookies settings. You can block Cookies by configuring your browser as described below:

- Internet Explorer:

Go to Tools > Internet Options.
Click on the privacy tab and, under Settings, select Advanced.
Select ‘authorise’, ‘block’ or ‘prompt’ to configure how internal and third party Cookies are handled.

- Firefox:

At the top of the Firefox window, click on the shield on the left of the address bar. Configure the protection setting.
Select the tracking protection you want.

- For Chrome:

Click on the three dots to the right of the address bar.
Select "Settings".
Click on "Privacy and Security".
Click on "Cookies and other site data".
In the “General Settings” section, you can block third-party cookies and data.

- Safari:

Go to Settings, then Preferences.
Click on the Privacy tab.
In the ‘Block cookies’ section, tick the ‘Always’ box.

- Opera:

Go to Settings, then Preferences.
Click on the advanced tab and select ‘Privacy & Security’. o In the cookies section, tick ‘Never accept cookies’.