Privacy policy.
1. Personal data responsibility and basis for processing
1.1 This privacy policy applies when Capacio AB (“Capacio” “we”, “our”, “us”), organization number 556897-7283, Hälsingegatan 49, TR, 113 31 Stockholm, perform any processing of personal data concerning persons using Capacio services (“you”, “Your”). Capacio processing of personal data complies with the General Data Protection Regulation (EU) 2016/679, (“Data Protection Ordinance”).
1.2 Processing of personal data when using Capacio services takes place on the basis of an agreement with you, the registered user or customer. Processing also takes place to comply with legal obligations under law and government decision and, for special proceedings, with your consent.
2. Purposes of the treatment
2.1 Capacio processes your personal data when this is necessary to perform in accordance with any agreement with you. Capacio must process personal data in order to deliver the services and products provided Capacio offers and you can therefore not be a customer of Capacio without us processing your personal data.
2.2 Your personal information is used, among other things, for invoicing, information and delivery of products, performance of services and contact with you as a customer. The personal data is used also to be able to make your test data available to you.
2.3 Capacio processes your personal data in the ways required to comply with obligations such as rests with Capacio in accordance with government decisions and laws, such as Publicity and the Secrecy Act (2009: 400).
2.4 If you have chosen to agree to receive newsletters from GI, we will also process your personal data to send you any information about our business.
3. Personal data processed
3.1 A personal data is all information that can be linked to a living person. Capacio collects and processes different types of personal data within the framework of its activities,depending on what type of service you are using. Some information about you will also be created through the tests that you can order, such as the test results generated by themcognitive tests carried out by the psychologists and partners who assist us.
3.2 Capacio will collect the following personal information from you when you use Capacio services:
a) Information about your identity – first name, last name, social security number and gender.
b) Your contact details – address for invoice and delivery, e-mail address, telephone number.
c) Payment information – information for making payments to GI, or exhibitinginvoice.
d) Information about service – information about what kind of test, coaching or other service you have ordered or accepted.
e) IT data – in order for you to be able to communicate with Capacio systems, we have to process from time to time information about the device you are using (i.e. your computer, smart phone or similar), for example, the device’s IP address.
3.3 If you contact Capacio for assistance with a case or for a refund, the case will require Capacio to process your personal data. Personal data that is processed can, for example be:
a) Information about identity – such as first name, last name and social security number. If you in writing also provides information about the identity of others, Capacio will notstore that information about it not required for the case or to investigate fraud or similarpurpose.
b) Case description – at your contact and description of the support case, Capacio cannot control what information you provide. Your case description may therefore include personal data such as Capacio have no reason to treat. Capacio will not save such personal information.
c) Refund management – if the customer service case applies or leads to a refund Capacio will need to process information about the bank account for the payment, as well as the priceand others information about the purchase to which the repayment relates.
3.4 On our website, www.capacio.com, there is the opportunity for visitors to email us. Mail correspondence is saved and processed for the development of the function and management of client matters. What you write becomes personal information about you if you write who you are or state your errand.
4. Recipient of personal data
4.1 Capacio services presuppose that we collaborate with and interact with other actors within cognitive testing and that we take the help of developers and other suppliers. Capacio can thereforecome to transfer parts of your personal data and enlist the help of other actors to process your personal data when necessary to
(i) fulfill the agreement with you,
(ii) comply with law, constitution or decision.
The following types of recipients may be relevant:
a) Psychologists, testers, coaches, researchers, cognitive experts and behavioral scientists – Capacio collaborates with various psychologists, testers and coaches to carry out, analyze, provide feedback and coaching on the tests and test results included in ordered services. Capacio has also collaborations with cognitive researchers, experts and behavioralscientists who analyze different parts of the tests to provide results to analyze and advice on development.
b) Hired testers – Sometimes our own testers are not enough. Capacio thereforecollaborates with selected testers and psychologists who help analyze and comment on the results who comes in.
c) Authorities – Capacio may need to disclose information to authorities if we are required to do it by law or if you request that we do so. In some cases, Capacio may be prevented by law totell you that your personal information has been requested by the authority.
d) Notification services – Capacio uses services to communicate automatically to you, e.g.with confirmations or reminders. These companies only get access to your contactinformation and has undertaken not to share your personal information beyond what is necessary to implement the service.
e) Developers and consultants – Capacio enlists the help of developers and consultantsfrom other companies for to build Capacio IT infrastructure and further develop the service. Such developers may need to get access to simpler personal information about you when needed fordevelopment or troubleshooting.
4.2 Sensitive information about you, including your health information, is processed in accordance with current law. Such information will therefore only be available to such staff who are to have access to them by law. The information will not be disclosed or transferred to anyone recipient other than when this is permitted by law.
4.3 Capacio processes as much of its data as possible within the EU / EEA. If data is transferred to
processed by a supplier or subcontractor outside the EU / EEA, the recipient has always been included contract terms with Capacio that ensure that the recipient maintains a comparable level of protection with EU / EEA.
4.4 No health information that Capacio processes is carried out outside the EU / EEA by Capacio or Capacio suppliers.
5. Retention of personal data
5.1 Personal data is retained for as long as is necessary to fulfill the purposes set out in described above. This means that most personal information about you will be deleted automatically after a statutory filing period has expired or your customer relationship with Capacio ceased.
5.2 Capacio is obliged according to the Accounting Act (1999: 1078) to retain certain personal data, ex. the which appear in invoices and similar accounting documents, for sevenyears. Personal information such as retained for accounting purposes will only be used for that purpose.
5.3 Information about you who are linked to a possible user account atwww.capacio.com (and other domains) will be retained as long as your account is open. You can choose to close your account and Capacio will then delete your data when they do not need to be retained for other purposes, such as described above.
6. Thinning of personal data
6.1 Personal data is thinned or depersonalized when the data no longer needs to be retained. Depersonalized means that the information can no longer be used to identify one person.
6.2 Before the data is used as a basis for statistics and product development they are depersonalized and aggregated, which means they can no longer be linked to you, either by Capacio or by someone else. The information then no longer contains personal data.
6.3 When Capacio performs a thinning of personal data, this cannot be recalled / recreated and when the thinning has been performed, no person can be associated with the information that remains.
7. Information security
7.1 As a data controller, Capacio takes appropriate technical and organizational measures for to protect the personal data processed in accordance with section 2 of Data Protection Regulation. Capacio has special internal guidelines and processes for handling information security issues and to prevent and detect leaks.
7.2 If your personal data is covered by a security incident that has occurred (so-called “Personal data incident”), Capacio will contact you in accordance with Data Protection Regulation.
8. Cookies
8.1 Cookies may be used on the Capacio website. Cookies are small text files that are stored on the visitor’s computer and which makes it possible to follow what the visitor does on the website.
8.2 There are two types of cookies:
1) A permanent cookie that remains on the visitor’s computer for a certain period of time.
2) A session cookie that is temporarily stored in the computer’s memory while a visitor is on a website. Session cookies disappear when you close your browser.
8.3 Capacio may use cookies for GI.com to function, for statistics and for the purpose of enable advertising.
8.4 GI.com may also contain cookies from third parties who note your visit to the website to enable advertising on other websites.
8.5 No identification information, such as e-mail or name, is stored about visitors through cookies.
8.6 The visitor can choose not to accept cookies by turning off cookies in their own browser security settings.
8.7 The visitor can also set the browser so that he or she gets a question every time the website tries to place a cookie on the visitor’s computer. Through the browser can also
previously stored cookies are deleted. See the browser’s help pages for more information on this.
8.8 The Swedish Post and Telecom Agency, which is the supervisory authority in the area, is leaving further information about cookies on its website (http://www.pts.se/ ) .
9. Google Cookies, Analytics, Wix & Hotjar
The Capacio website uses Google Cookies & Analytics. These are cookies managed by Google Inc. (“Google”) for the purpose of analyzing internet and website usage, and often also for advertising. Personal data processed in this context is your IP address (which will entail your location data) and further information produced by your movements on the internet in connection with that IP address.
This data is fully pseudonymized. The IP address sent by your browser as part of Google Analytics is not combined with other data held by Google. In some cases, the truncating of your IP address occurs so swiftly that no personal data is stored by Google for these purposes. This means in those circumstances, the information collected by Google is entirely anonymized. Some processing by Google will only occur in the European Union. For some cookies, the processing will occur on servers located in the United States. Safeguards for your personal data where this occurs are that Google Inc. is Privacy Shield certified, meaning your personal data is processed to a standard acceptable under EU expectations.
Below you will find information about the sort of Google cookies used by this website. You are able to manage the way Google uses your information and/or the way Google cookies track you on this site. All Google cookies preferences can be managed at the following link: policies.google.com/technologies/managing;
Cookies used in this context on this site are:
a) Google Analytics & Google Ads: Google Analytics and Google Ads is a web analysis service provided by Google. Google uses this information on behalf of the website operator to evaluate the way you use the website, to collate reports on website activities and to provide the website operator other services related to website and Internet use.
b) Wix: Wix is our website operating system and collects anonymized data based on website usage, click behavior and anonymized location services (e.g. IP address from Sweden).
c) Hotjar: Hotjar is a website performance monitoring tool that allows to track and store – anonymously – the interaction of Capacio website users. With this tool the way you engage with our website (e.g. where you click, how long you spend time on the Capacio website, and how you scroll) is monitored and anonymously, non-traceable, stored on Hotjar servers. More information can be found on hotjar.com.
By using our webpages, you agree to the processing of the data collected about you by Google, Wix & Hotjar in the manner described above. You can prevent the storage of such cookies by ensuring your settings are set accordingly in your internet browser, including by using the link provided above. Please note, your use of our website may be affected where you block or ban tracking cookies. If you would like further information about Google’s Privacy Policy, that information can be found here: policies.google.com/privacy;
To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into GI, you may still receive advertisements even if you opt-out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
These processing operations are based on Article 6(1)(f) of the GDPR. Our interest is the ongoing optimization and usability of our website.
10. External links and Plugins
This page may offer external links and/or plugins, generally for social media. When you click on this, your personal data will be shared with the relevant external site. Once you leave this website, the processing of your personal data is no longer regulated by us nor governed by this Notice. Where you click on a social media plugin (indicated by the relevant symbol), personal data is gathered by that entity. It is generally your IP address, perhaps information about the directing site, and, where you remain automatically logged-in on your device to the social media site, they will collect information about your profile. Clicking on external links and plugins is entirely voluntary; therefore, if you do not wish for your personal data to be processed in this way, you do not have to click on these links.
11. Newsletter
Where you register and sign up for contact and more information you sign up for our newsletter, and consent to this pursuant to Article 6(1)(a) of the GDPR, we will use your email address to regularly send you our newsletter and similar promotional materials. For the receipt of our newsletter, providing us with an email address is sufficient.
You can unsubscribe from receiving our newsletter at any time by clicking on the provided link sent with every newsletter communication.
12. Additional Information
12.1 Links to Third Party Web Sites
Our website includes links to other sites that may collect personal data, and whose privacy practices may differ from those of Lumos Labs. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to review their privacy policies.
12.2 Blog
Our website offers publicly accessible blogs including our on blog. Some blog posts allow comments and shares via 3rd party providers. You may need to login to those 3rd party web sites both to post comments and to delete personal data that previously was posted in the comments. You can review the respective privacy policies on the respective web sites (e.g. when using LinkedIn).
13. Your rights
13.1 Capacio is responsible for contact and handling of matters vis-à-vis the customer. Capacio may have
a registered Data Protection Officer, which in that case is stated in the updated privacy policy. The Data Protection Officer then becomes the contact person for the exercise of rights vis-à-vis Capacio contact details listed below.
13.2 You have the right to withdraw consent to a certain treatment free of charge without this affects the legality of the processing before the recall. For example, you may have chosen toagree that Capacio will contact you with newsletters and other mailings. You can then choose to unsubscribe by following a link in these mailings.
13.3 You have the right to request that the processing be limited to storage and to object treatment.
13.4 You also have the right to request a register extract, in electronic format or on paper. GI will compile information about how your personal data is processed and send this to you, usually within a month.
13.5 You have the right to request that Capacio correct personal data that you consider to be incorrect and that provide additional personal information (in special cases) if you consider it personal data Capacio has processed has given an incorrect picture of you.
13.6 You have the right to request that Capacio deletes your personal data. Capacio will then delete personal data that Capacio does not have to retain in order to fulfill legal obligations. Capacio will continue to process personal data in certain other cases, including when personal data must be processed to fulfill an agreement with you. Capacio will always meet you and explain their views on which personal data Capacio has the right to continue processing.
13.7 You always have the right to lodge a complaint with the supervisory authority, the Swedish Data Inspectorate (under name change to the Privacy Protection Authority).
13.8 If you want to request an extract from the register, revoke a consent or correct / delete a statement email: support@capacio.com