Cookie &

Data Policies

Introduction

This is the Cookie Policy for Camptocamp and all its subsidiaries, accessible from https://camptocamp.com.

This policy outlines how we use cookies on our website. Please read this cookie policy carefully. By continuing to use our site, you agree to our use of cookies.

What Are Cookies

As is common practice with almost all professional websites, this site uses cookies, which are tiny files downloaded to your computer, to enhance your user experience.

This page describes the information they gather, how we use it, and why we sometimes need to store these cookies. We will also detail how you can prevent these cookies from being stored, though doing so may downgrade or 'break' some elements of the site's functionality.

How We Use Cookies

Camptocamp's website uses “first-party cookies.” These cookies are set and controlled by Camptocamp, not any external organization.

However, to view some of our pages, you might have to accept cookies from external organizations.

The two types of first-party cookies we use aim to:

• Store visitor preferences
• Make our websites operational

And we also use third-party cookies:

• Google Analytics: to gather analytics data. These services might transfer data outside of the EU.
• LinkedIn: to collect marketing data. These services can transfer data outside of the EU.
• YouTube: to display video content. These services might transfer data outside of the EU.

How to chose cookies you want to use

The first time you access our site, a popup will show you details about our cookies. You can then decide which cookies you want to accept.

If you wish to modify your choices later, refer to your browser documentation on how to remove cookies for a specific website.

After doing so, the cookie preference panel will appear again.

Introduction

This Policy defines Camptocamp's approach to managing personal data breaches. Camptocamp holds personal data about our users, employees, clients, suppliers, and other individuals internally or as a data processor through Camptocamp systems.

Camptocamp is dedicated not only to adhering to relevant legislation but also to upholding the highest standards.

Camptocamp defines personal and sensitive data broadly, in line with the definitions in the GDPR. Aggregated data is not seen as personal or sensitive.

A data breach means unauthorized access and retrieval of data that could encompass corporate, personal, and sensitive data. Data breaches might severely impact Camptocamp, our customers, those affected by the data breach, or our SaaS users.

Both the EU regulations and our internal ethics mandate us to establish all reasonable measures to safeguard all the personal data we handle or oversee and to prevent data breaches.

Scope

This policy is relevant to all our staff and potential subcontractors across all Camptocamp entities.

Training

All our personnel receive training on IT security topics, data breach policy, and appropriate actions during a data breach.

Cause and nature of data breaches

Data breaches might arise from employees, external/internal malicious activities, system errors, system misconfiguration, or human mistakes.

Camptocamp has established and continuously maintains tools, measures, and processes, both active and passive, to prevent data breaches.

Reporting Breaches

Every staff member must report real or potential data protection compliance failures and any confirmed or suspected data breaches.

External parties can report breaches via email or potential vulnerabilities in line with our responsible disclosure policy.

Breach management

If a data breach is detected or reported, Camptocamp will:

1. Confirm the breach.
2. Determine the scope of the breach and nature of the data.
3. Inform affected customers and personnel promptly.
4. Implement countermeasures to halt an ongoing breach.
5. Take measures to address the root cause and prevent future breaches.
6. Notify the appropriate authorities in all affected countries within the legal 72-hour timeframe.
7. Assist our customers with legal actions.

Responsible Disclosure Policy

At Camptocamp, system security is paramount. However, vulnerabilities can still be present despite our efforts.

If you identify a vulnerability, we kindly request your assistance in fortifying our clients' and systems' protection.

When reporting, please:

• Email your findings to incident@camptocamp.com. Encrypt your findings with our GPG key "incident@camptocamp.com" to safeguard this sensitive information.
• Do not exploit the vulnerability beyond what's needed to prove its existence.
• Keep the issue confidential until it is resolved.
• Refrain from physical security attacks, social engineering, DDoS, spam, or involving third-party apps.
• Provide sufficient details to replicate the problem, facilitating a rapid resolution.

What we promise:

• We will reply to your report within 10 business days with an assessment and a predicted resolution date.
• If you adhere to the guidelines above, we won't pursue legal actions concerning the report.
• We pledge strict confidentiality regarding your report, and your personal details won't be shared without your approval.
• You'll be updated on our progress in fixing the issue.
• Public disclosures about the reported problem will credit you as the discoverer unless you request anonymity.
• As gratitude, we offer a reward for each unique, previously unknown security issue reported. The reward's value is based on the vulnerability's severity and the report's quality, starting at a €50 gift certificate.

We aim to fix all issues promptly and hope to collaborate in publicizing the matter once addressed.

Purpose

This policy outlines how Camptocamp processes the personal data of users as they navigate the Website.

The policy may undergo modifications, additions, or updates to align with legal, regulatory, jurisprudential, or technical changes. However, personal data will always be processed according to the policy in place at the time of collection, unless a binding legal requirement dictates otherwise and applies retroactively.

For inquiries about privacy protection, please reach out to our data protection officer at data-protection@camptocamp.com.

For more information on personal data protection, you may consult the websites of the Commission Nationale de l’Informatique et des Libertés (CNIL) at www.cnil.fr, the Conseil Fédéral Suisse at www.edoeb.admin.ch, and Der Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg at www.baden-wuerttemberg.datenschutz.de.

Camptocamp, as the Data Controller, prioritizes the respect of its tenants, prospects, and visitors and is dedicated to protecting their personal data. Camptocamp is also committed to maintaining relationships that honor our customers' interests.

Thus, Camptocamp ensures that personal data processing is in accordance with the GDPR.

Processings

Camptocamp processes data strictly necessary in line with data protection regulations and a valid legal basis.

The various purposes of these processings are detailed below:

• Career/Hire Management: Identification data (name, surname, email, phone, etc.), professional data (resume, motivation letter, etc.) based on your consent.

• Contact Management: Identification data (name, surname, email, phone number, etc.) originating from information requests, CRM, etc.

• Business Management: Identification data (name, surname, email, phone number, etc.) and various documents (invoices, work documents, SO PO, letters, etc.).

Retention period and hosting

The retention period for personal data will not exceed the duration necessary for the purposes it was collected for. Following the retention periods mandated by applicable laws:

Career/hire related management: 

Contact management

Business management

Data recipients

To achieve the aforementioned purposes and to the extent necessary for their realization, the data collected by Camptocamp may be shared with certain recipients, always ensuring compliance with applicable laws for your personal data's security.

Generally, Camptocamp ensures its subcontractors only use your personal data for the specified purposes and only to the extent required to complete their assigned tasks. They are also bound to uphold security and confidentiality measures for your data.

As the data controller, Camptocamp shares data only with authorized recipients:

• Internal Recipients: Project team members, administrative department.

• External Recipients: Determined on a case-by-case basis, with an ad hoc contract tailored to the project with our customer.

Security 

Camptocamp implements necessary physical, technical, organizational, and operational measures to protect your personal data against unauthorized access, copying, disclosure, alteration, destruction, or loss. The same measures are expected of our partners and subcontractors.

Camptocamp employs various precautions, considering the data's nature. This includes physical protection of premises, authentication processes with secure access through confidential IDs and passwords, connection logging, encryption of specific data, and more.

The collected data might be processed outside the European Union due to collaborations with subcontractors. Because of varying data protection legislations, these transfers are governed by specific protocols to ensure secure processing.

Your rights

You can access, rectify, or request the deletion of your data. You also have the right to limit the processing of your data, object to its processing, and request data portability.

You can withdraw your consent to data processing at any time.

To exercise any of your rights, please write to us at data-protection@camptocamp.com.

We will respond within one month after receiving your complete request. We reserve the right to deny responses to requests that are obviously unfounded or excessive.

If you believe that your "Data Protection" rights haven't been upheld after contacting us, you can file a complaint with the respective authorities in your country.