Data Protection Policy/ Privacy Notice 

Capital is committed to protecting the privacy and security of your personaldata. Capital complies with the applicable laws governing data protection, which include EU Regulation 2016/679 (the General Data Protection Regulation, “GDPR”) and any implementing national legislation, as well as the Swissand UK Data Protection Laws. 

This data protection policy / privacy notice applies to personal data relating to you. 

In the context of data protection, Capital is a data controller and as such is responsible for deciding how we collect, how we use and how we process your personal data.  

For any specificlocal requirements in relation to this section, please refer to the relevant Annexes. 

1.       What personal data do we collect? 

Capital considers the privacy of your personal data to be important. Personal data is information which permits an individual to be identified directly or indirectly by reference to the information or data. 

Per applicable local laws, where relevant only, Capital collects, stores and uses the following types of personal data, including but not limited to: 

    • Personal details, such as: 

name, maiden name, title, job title, mailing addresses, email addresses, telephone numbers, nationality, date of birth, gender, marital status and dependents names and date of birth, copy of an identity document (such as the passport, including the photo), next of kin and emergency contact information. 

2.       What are the legal bases for using your personaldata? 

Capital processes your personal data pursuant to one of the following legal bases, i.e., when it is required for: 

    • entering into, or performing, a contract. We process your personal data to manage our relationship with you, to take steps to enter into a contract with you and to perform obligations that we undertake in any contract, including our contract of employment. 

    • compliance with a legal obligation. We may process your personal data when we consider it necessary for complying with laws and regulations, including collecting and disclosing personal data as requiredby law to a regulatory body or law enforcement agency,under judicial authorization, or to exercise or defend our legal rights. 

    • protecting the vital interests of a data subject or of another natural person. 

    • substantial public interest for the purposesof identifying or keeping under review the existence or absence of equality opportunity or treatment between groups of people.

    • the purposes of legitimate interests. We, or a third-party, will process your personal data for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third-party, optimizing our processes and business, uncovering illegal or unsafepractices, providing a safe system of work for employees and other associates and to take reasonable care of your health and safety and of other associates. 

3.       What are the purposes of our processing of your personal data? 

The purposes for which we may processyour personal data, include but are not limited to: 

-       To comply with laws and regulations. 

-       To ensure security of the premises and offices, i.e., recording surveillance footage on video cameras and badge usage for security purposes at building entrance as well as offices entrances. 

-       To ensure security of secured rooms within the offices (e.g.,payroll, IT), i.e., recording surveillance footage on video cameras and/or badge usage for security purposes at rooms entrance. 

-       To perform surveys and statistics. 

Some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data. 

4.       Change of purpose 

We will only use your personal data for the purposes for which we collected it, or for another reason that we reasonably consider compatible with the original purpose. 

If we need to use your personal data for an unrelated purpose, we will notify you when required, and we will explain the legal basis which allows us to do so. 

We may process your personal data without your knowledge or consent where this is required or permitted by law. 

5.       With whom do we share your personal data? 

Capital may share your personal data with the following parties, including but not limited to: 

  • Other Capital employees, management, and directors. 

  • Professional advisors: such as legal firms, and tax advisors. 

  • Prospects, clients, and business partners. 

  • Group companies: Capital is a global family of companies and data may be sharedinternally within the group (this means our ultimate holding company and all of its subsidiaries). 

  • Third-party service providers: including but not limited to software service providers, benefit providers (such as insurers, pension providers), payrollproviders, training providers, tax advisors, security companies and business travel providers. 

  • Government authorities, in particular to comply with legal and regulatory requirements. 

6.       Why do we share your personal data? 

Capital shares your personal data for the following reasons, including but not limited to: 

  • To carry out the purposes described above. 

  • To enable third parties to provide services to us. 

  • To carry out Capital’s business. 

  • To comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative or judicial process. 

  • To respond to lawful requests by governmental authorities (such as national security or law enforcement). 

  • To seek advice from professional advisors such as lawyers and accountants. 

  • To establish, exercise or defend against potential, threatened or actual litigation. 

  • To protect us, your vital interest, or those of another person. 

 

7.       Automated decision making 

Automated decision makingtakes place when an electronic system uses personal data to make a decision without human intervention. 

Capital may use automated decision making to select job applicants for further evaluation based on the specific requirements of the job. 

Capital with regard to its associates does not carry out solely automated decision making or automated profiling that would produce a legal effect concerning you or have a similarly significant effect on you. 

8.       Where do we store your data? 

Capital stores your personal data on Capitalpremises and with our serviceproviders. We store your data in the country where it was originally collected, in the European Economic Area (EEA), and outside the EEA. 

To enable Capital to act as an integrated global business, your personal data may be transferred to countries where your privacy rights may not be protected as extensively as in your home country. We have EU Approved Model Clauses (Standard Clauses) in place within Capital for the collection, use, and retention of personal data transferred from the EU, Switzerland, or United Kingdom to other countries. Information collected is routinely transferred to the US for processing. When we transfer your personal data to a different country, we will endeavour to ensure that adequate security measures are taken and that the transfer complies with applicable laws. 

 

9.       How do we keep your data secure? 

Capital is committed to protecting the security of your personal data. Capital uses a variety of technologies and procedures to help protect your data from unauthorized access, use or disclosure. Our measures provide a level of security appropriate to the risk presented by a particular situation. 

Third parties with whom we share your personal data commit to protecting your personal data and to treat it in accordance with applicable laws. Our third-party providers are required to take appropriate security measures to protect your personal data, and to only process your personal data for specified purposes and in accordance with our instructions and applicable contracts. We do not allow third-party service providers to use your personal data for their own purposes. 

10.   How long do we store your data? 

Where we collect your personal data, the length of time for which we retain depends on the type of data, the purpose for which we use that data and our accounting, regulatory and legal data retention obligations. We do not retain personal data in an identifiable format for longer than is necessary. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whetherwe can achieve those purposes through other means, and the applicable legal requirements. 

In any events, the retention period will not exceed 10 years as of end of employment, unless legal requirements and obligations do apply. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you. 

11.   Your rights to your personaldata 

 You have the following rights,which you can exercise under certain circumstance in relation to your personal data: 

  • To access your personal data which we are keeping.Y our right to access may, however, be restricted by applicable laws and regulations, the protection of other individual’s privacy and considerations 

  • For our business practices. Capital processes a large quantity of information, and can thus request, in accordance with GDPR, that before the information is delivered, you specify the precise information, processing activities and period to which your request relates. 

  • To request a copy of your personal data and to verify that we are lawfully processing it. 

  • To object and/or requesta restriction of processing of your personal data where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on that ground. You also have a right to object where we are processing your personal data for direct marketing purposes. 

  • To request your personal data be ported (transferred) to another company, where reasonably feasible. 

  • To ask use to rectify, amend, delete or have us completely remove your personal data from our systems. We may not always be able to comply with your deletion request for specific legal reasons that will be notified to you, if applicable, when we respond. 

  • In case you provided consent to the collection, processing and/or transfer of your personal data, you have the right to fully or partially withdraw your consent. 

To exercise any of these rights, please contact us using the contact information below. Please note that we may request specific information from you to confirm your identity and right to access, as well as to search for and provide you with the personal data that we hold about you. We will not charge any administrative fee for such requests, unless the request is deemed unnecessary or excessive in nature. 

12.   Cookies  

We recognize the importance of data privacy. In order to fulfil our transparency obligation, please find below information about how we use cookies on our websites. You have the option to disable or opt-out of them. Should you choose not to do so, we assume that you agree to accept cookies we use on our websites.  

What are Cookies?  

Cookies are small text files that are stored on your device when you visit certain web pages. They can enhance a visitor’s experience when navigating a website and provide valuable feedback such as information regarding a visitor’s page views, downloads and technology preferences. They are commonly downloaded to your computer or mobile device by websites that you visit in order to enable the website to tag your computer/ device and recognize it as you move around the site (and potentially when you return later).  

How and what cookies do we use?  

We use cookies to see how our visitors move through our website in order to provide customised information and advertising for visitors to improve their experience when navigating the sites. We use this information to make decisions about ways to improve the services we offer to you. These cookies are not able to track your browsing activity on other websites. Sometimes cookies are used to track visitor activity within the website. We use this information to help guide decisions on ways to improve the service we offer online.  

For more information on how we collect and use information that is identifiable to you, please refer above.  

We use the following categories of cookies on our website:  

ESSENTIAL COOKIES  

These cookies are essential for parts of our website to operate. They enable you to move around our website and allow us to recognize you within our website so that we can provide you with the service that you have asked for.  

FUNCTIONALITY COOKIES  

These cookies help us customize our site content based on your preferences. They remember choices you make such as identifying yourself as a particular investor type (Retail, Professional or Institutional), your language, the country you visit our website from and any changes you make. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites. 

PERFORMANCE COOKIES  

These cookies collect anonymous information on how you use our website in order to help us improve areas such as navigation. For example, we use these cookies to help us understand how you arrive at our website, browse or use our website and highlight areas where we can improve. The information stored by these cookies never show personal details from which your identity can be established.  

ADVERTISING COOKIES 

We may use data collected to customise advertisements to you in other sites you browse on the web. 

Managing cookies  

The instructions for amending cookies will depend on the operating system and web browser you are using. For instructions on how to accept or reject cookies, consult your most recent browsers provide the flexibility to reject all cookies, accept all cookies, or accept cookies only from websites you trust. You'll also find instructions on how to delete any cookies that already exist on your computer. If your current browser does not provide the flexibility you want in setting preferences for cookies, consider downloading a more recent version.  

To learn more about what cookies are set up on your computer or mobile device as you browse the web, visit www.allaboutcookies.org. 

13.   Contact Us 

If you have any questions on the processing of your personaldata, would like to exerciseany of your rights, or have any concerns about your data, please contact us at HR_Europe@capgroup.com or the Data Protection Officer: dataprotectionofficer_europe@capgroup.com.

If you are not satisfied with our response, you can make a complaint to the supervisory authority or data protection regulator in your country.