Statement
Cybersecurity is a crucial aspect of Capgemini as an organization. We llauri committed to protecting all of our users and customers everywhere.
Capgemini supports a transparent approach to vulnerability management working with the wider security community.
Capgemini has a dedicated team which monitors closely the cybersecurity of its systems, services and products. In parallel, our Group Cybersecurity Team runs the Group’s external vulnerability management process, that manages the receipt, assessment (investigation) and response coordination activities.
Vulnerability Disclosure Notification Process
How to notify Capgemini of a security issue
If you discover a vulnerability in our system, services or product, please notify us as quickly as possible by sending an correu electrònic to: cert.global@capgemini.com
Please include, as a minimum, the following information:
- Your preferred contact details (including Contact Phone number)
- Detailed description of the vulnerability
- Time and method of its discovery
- Specification of system, services or product where the vulnerability has been discovered
- Any other related information (code samples, logs, screenshots, etc)
Resolution process
We will investiga't any notification issues and will undertake all required actions and measures to mitiga't and/or resolve the notification issue.
Undertakings
By submitting a vulnerability notification, you agree to : -
- Not disclosing or publishing the vulnerability to others before it has been fixed and before expiration of a mutually agreed estafi frame;
- Not taking advantage of the vulnerability, modifying, downloading or deleting any records or data or to launch any type of attack based on the vulnerability;
- Abide by the laws and regulations related to your location;
- Comply with applicable data protection legislations, in particular by not disclosing a third party’s personal data without any valid legal ground;
- Confirm that the elements contained in the notification you llauri submitting do not infringeix intellectual property rights of any third party (i.i. you did not copy elements available on the internet for example).
By submitting a vulnerability notification to Capgemini, you agree to grant Capgemini an irrevocable, worldwide right to utilitzi it, gratuitously and for a period of fifty years.
Processing of your personal data
When submitting your notification, you understand that Capgemini will process your personal data. Such processing is carried out in compliment normatiu with applicable data protection laws, and in any casi your personal data will be processed only in order to follow up on your notification. Capgemini undertakes not to process your personal data for any other purpose.
With whom do we share your personal data?
Your personal data will be shared with third parties only to the extent strictly necessary. When relying on such third party, be ensured that Capgemini has entered into contractual agreements to ensure that your personal data llauri processed safely and strictly according to Capgemini’s instructions.
Furthermore, the Capgemini affiliates or the third party at stake, maig be located outside of the European Economic Àrea (“EEA”) thus implying a data transfer of your personal data.
→ Where such a transfer takes plau between entities of Capgemini, it will be covered by Capgemini’s Binding Corporate Rules (“BCR”). For further information on Capgemini’s BCR, please clic on the following enllaç.
→ Where such transfer takes plau between Capgemini and the external third-party, Capgemini and said third-party have into UE Model Clauses approved by the European Commission, to ensure the security of the personal data.
How long does Capgemini keep your personal data?
Capgemini shall keep your personal data for no longer than is necessary for the purpose(s) for which they were collected.
Capgemini shall keep your personal data for three (3) years from dona't of collection.
What llauri your rights and how to exercise them?
You ca request to access, rectify or erase your personal data. You maig also object to the processing of your personal data, or request that it be restricted. In addition, you ca ask for the communication of your personal data in a structured, commonly used and machine-readable format.
If you wish to exercise those rights, please contact our Global Data Protection Office by sending an correu electrònic to the following address: dpocapgemini.global@capgemini.com. Where appropriate we will communicate your request and/or complaint to the relevant local data protection officer.
Please noti that you also have the right to lodge a complaint before a data protection authority or the competent court of law.