Cybersecurity is a crucial aspect of Capgemini as an organization. We are committed to protecting all of our users and customers everywhere.
Capgemini supports a transparent approach to vulnerability management working with the wider security community.
Capgemini has a dedicated team which monitors closely the cybersecurity of its systems, services and products. In parallel, our Group Cybersecurity Team runs the Group’s external vulnerability management process, that manages the receipt, assessment (investigation) and response coordination activities.
How to notify Capgemini of a security issue
If you discover a vulnerability in our system, services or product, please notify us as quickly as possible by sending an email to: cert.global@capgemini.com
Please include, as a minimum, the following information:
Resolution process
We will investigate any notification issues and will undertake all required actions and measures to mitigate and/or resolve the notification issue.
By submitting a vulnerability notification, you agree to :-
By submitting a vulnerability notification to Capgemini, you agree to grant Capgemini an irrevocable, worldwide right to use it, gratuitously and for a period of fifty years.
Processing of your personal data
When submitting your notification, you understand that Capgemini will process your personal data. Such processing is carried out in compliance with applicable data protection laws, and in any case your personal data will be processed only in order to follow up on your notification. Capgemini undertakes not to process your personal data for any other purpose.
With whom do we share your personal data?
Your personal data will be shared with third parties only to the extent strictly necessary. When relying on such third party, be ensured that Capgemini has entered into contractual agreements to ensure that your personal data are processed safely and strictly according to Capgemini’s instructions.
Furthermore, the Capgemini affiliates or the third party at stake, may be located outside of the European Economic Area (“EEA”) thus implying a data transfer of your personal data.
→ Where such a transfer takes place between entities of Capgemini, it will be covered by Capgemini’s Binding Corporate Rules (“BCR”). For further information on Capgemini’s BCR, please click on the following link: https://www.capgemini.com/wp-content/uploads/2017/06/Capgemini-Binding-Corporate-Rules.pdf.
→ Where such transfer takes place between Capgemini and the external third-party, Capgemini and said third-party have into EU Model Clauses approved by the European Commission, to ensure the security of the personal data.
How long does Capgemini keep your personal data?
Capgemini shall keep your personal data for no longer than is necessary for the purpose(s) for which they were collected.
Capgemini shall keep your personal data for three (3) years from date of collection.
What are your rights and how to exercise them?
You can request to access, rectify or erase your personal data. You may also object to the processing of your personal data, or request that it be restricted. In addition, you can ask for the communication of your personal data in a structured, commonly used and machine-readable format.
Please note that you also have the right to lodge a complaint before a data protection authority or the competent court of law.
