The use of information collected through our service and connected applications are limited to the purpose of providing the service for which the customer has engaged Caplist.
Caplist collects and processes information under the direction of our customers. Caplist has no direct legal relationship with each individual user of our service. Each of our customer acts as data controller whereas Caplist is the data processor. A Data Processor Agreement is entered into between our customers and Caplist, included as part of the Terms of Service (TOS). This agreement includes the necessary data processing provisions to ensure that the processing of our customers data is in accordance with EU GDPR.
Caplist act as a data controller for information we collect when you access our site, newsletter subscriptions and “Landing Pages”.
Data is processed in line with the requirements of GDPR, for some of the processing Caplist uses subcontractors. These subcontractors are typically vendors of cloud services or other IT hosting services.
When using subcontractors, Caplist will enter into a Data Processing Agreement (DPA) with subcontractors in order to safeguard your privacy rights and to fulfil our obligations towards our customers. When subcontractors are located outside the EU/EEA, Caplist ensures legal grounds for such international transfers on behalf of you or our customers, by using the EU Model Clauses.
For our services all customer and personal data are processed under the control of Caplist in data centres within the EU/EEA area.
Our contact details are as follows:
Caplist AS, firstname.lastname@example.org
Information we collect
Use of information
The information collected is maintained for the purpose of fulfilling our contractual obligations with our client and is used as such or in order to contact you for the purpose of demonstrating our services.
The information we collect is not shared with any organisations, except to provide products or services requested, when we have your permission, or under the following circumstances:
Cookies and Tracking Technologies
Caplist and our analytics provider use technologies such as cookies, beacons, tags and scripts, to analyse trends, administer our site, tracking users movements and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
As is true of most web sites, we gather certain information automatically and store it in log files.
This information includes internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp and clickstream data and may be stored in system logs such as network, intrusion prevention logs, firewall logs, web server logs in order to maintain our high level of security of our service.
Caplist is the data controller for these logs and they are maintained for a period of 12 months. Our legal basis for this processing is our legitimate interest to maintain sufficient network and information security.
3rd Party disclosure
For analytics purposes and user profiling some personal data is transmitted to external services. This is to help us improve our site and the Caplist service and to be able to provide relevant content based on your interest.
We use Google Analytics as an Analytics Provider. For this only aggregated and anonymized data is transferred.
We use Webflow as a tool for creating landing pages on our site. By clicking the consent form on these landing pages, you accept that your personal contact data may be shared with third parties outside of the EU/EEA. For more information, please visit the Webflow GDPR page.
We are using Stripe, a global payments infrastructure company as our payment partner. Users will be transferred to a secure payment processing service powered by Stripe.
Access to your information
The Norwegian Data Protection Act and EU General Data Protection Regulation (GDPR) give you the right to access the information we hold about you.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to Caplist. Caplist will make reasonable commercial efforts to promptly fulfil our customers’ requests.
Caplist has security and the protection of our customer’s data as a top priority. The following are our primary information security goals:
Caplist complies with the following Norwegian laws and regulations concerning IT security, including Norwegian and European (EU/EEA) regulations for protection of personal data:
Caplist will retain personal data we process on behalf of our customers as long as needed to provide services to our customers. Caplist will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Information we collect in order to demonstrate our services is maintained until the purpose of the collection has been fulfilled.
Cancellation or termination of account
Caplist can completely remove all the client’s documents, files and meta-data upon request. If your account is terminated for any reason, please contact us with any request to access your data.
Changes to this Statement
We may amend this Statement from time to time. The latest version will at all times be available on our site. You are advised to consult this Statement regularly for any changes.
If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our site prior to the changes taking effect.
The last update of this Privacy Statement was 11th January 2021.
For further data processing details, compliance or security, you may contact Caplist on: email@example.com