Capsulecom Group
Privacy
policy.
How we collect, use and protect your personal data under GDPR.
Capsulecom Group is committed to protecting personal data in accordance with the GDPR (EU 2016/679) and applicable French data protection law.
Last updated: July 2026
Data controller
Capsulecom Group, 250 rue Maryam Mirzakhani, Immeuble Terra, 34000 Montpellier, France
Email: contact@capsulecomgroup.com
Phone: +33 6 87 02 79 49
Data protection contact: contact@capsulecomgroup.com
Data collected
- Contact forms: identity, company, email, phone, enquiry type (BPO, training, Nova XR), message.
- Applications: identity, contact details, role applied for, CV and attachments.
- Training complaints / accessibility: identity, contact details, request content (Nova Academy).
- Browsing: technical logs (IP address, timestamp, URL, user-agent), cookies and trackers listed below.
Purposes and legal bases
- Commercial enquiries and routing to the right team (legitimate interest / pre-contractual measures)
- Recruitment and application management (pre-contractual measures)
- Site audience measurement (consent via cookie banner)
- Language preference storage (legitimate interest (user experience))
- Security, anti-spam and technical logging (legitimate interest)
- Training complaints and disability accessibility requests (legal obligation / contract performance)
Retention period
- Contact enquiries: 3 years after the last exchange
- Applications: 2 years after last contact
- Training complaints: file duration + 3 years
- Technical and security logs: 12 months maximum
- GA4 data: per Google settings (14 months max. for analytics cookies)
Recipients and processors
Data is accessible to authorised Capsulecom Group teams and, where applicable, our processors:
- OVH SAS (France): web hosting and business email
- Google Ireland Ltd / Google LLC: GA4 audience measurement (after consent only)
- Cloudflare Inc.: Turnstile bot protection on forms
Transfers outside the European Union
Site data is hosted in France (European Union) with OVH.
Some processors may process data outside the EU, including:
- Google LLC (GA4), United States. Enabled only after your consent. Transfer covered by EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.
- Cloudflare Inc. (Turnstile), global network including the US. Anti-bot checks when submitting forms. Transfer covered by SCCs.
No other transfers outside the EU are carried out without appropriate safeguards.
Cookies and trackers
| Name | Type | Purpose | Duration | Legal basis |
|---|---|---|---|---|
cc_lang | First-party cookie | Remember language preference (French / English) | 12 months | Legitimate interest |
capsulecom_cookie_consent | Local storage (localStorage) | Store your analytics cookie choice (accept / decline) | Until changed or cleared in the browser | Consent / legitimate interest |
_ga, _ga_* | Third-party cookies (Google) | Anonymised audience measurement (GA4) | 14 months max. | Consent (cookie banner) |
| Turnstile / Cloudflare | Scripts and technical cookies | Bot protection on forms | Variable (session to 12 months per Cloudflare) | Legitimate interest (security) |
GA4 is disabled by default and loaded only if you click “Accept” in the cookie banner. You may withdraw consent by clearing site cookies in your browser.
Data security
Capsulecom Group implements technical and organisational measures: HTTPS/TLS, restricted administration access, anti-spam, incident logging, hosting backups and access controls.
Your rights
Under the GDPR you have rights of access, rectification, erasure, restriction, objection and portability. Contact contact@capsulecomgroup.com (response within one month).
You may also lodge a complaint with your supervisory authority (in France: CNIL).
Processing register
The detailed processing register is published on the Data processing register page.