Contact us
Start For Free
Yellow pencil drawing tool icon

Privacy Policy

Version dated May 12, 2025.

Preamble

This privacy policy is intended to explain to you, in accordance with the General Data Protection Regulation (GDPR), why the company BOURBON TECH (hereinafter “CAPSTON AI”) processes your personal data, how it is processed, what rights you have over your data, and how to exercise them.
We may amend this policy at any time, and we invite you to consult it regularly.

What type of data do we collect?

CAPSTON AI processes the personal data of:
  • visitors to this website;
  • our customers and prospects;
  • recruitment candidates.
We collect the following data:
  • Civil status, identity: name, first name, professional email address;
  • Data related to the monitoring of the commercial relationship: requests for information or documentation, orders, invoices, purchase history.
  • Navigation data: pages visited on the site.
Data collected during your navigation on the site is optional. Data collected during the implementation or application of the contractual relationship is necessary for the performance of the ordered services.

Why do we need your data?

CAPSTON AI collects your personal data to fulfill the purposes described above. Each of these purposes is based on a legal basis that authorizes CAPSTON AI to perform the processing.
Purposes Legal Basis
Management of contact requests on the website The legitimate interests of CAPSTON AI to respond quickly and efficiently to your questions, requests, and concerns.
Commercial communication by email Your consent for all email and SMS prospecting.
Preparation of commercial proposals, Management of the chosen package, Management of the commercial relationship The performance of contractual relations with CAPSTON AI.
Creation and management of user accounts on the CAPSTON AI platform The performance of contractual relations with CAPSTON AI.
Management of customer account accounting and tax obligations Compliance with a legal obligation to which CAPSTON AI is subject (Articles L123-12 and L123-22 of the French Commercial Code).
Establishment of financial statistics concerning customers The legitimate interests of CAPSTON AI. These financial statistics help us identify consumption trends and adjust our offers according to our customers' needs.
Conduct of satisfaction surveys Your consent regarding satisfaction surveys.
Management of complaints and after-sales service The performance of contractual relations with CAPSTON AI.
Management of people's opinions on products, services or content The legitimate interests of CAPSTON AI. Analyzing feedback allows us to improve our products and services to ensure customer satisfaction.
Management of data breaches (leakage or loss of information involving personal data) Compliance with a legal obligation incumbent upon CAPSTON AI under the GDPR, namely the identification of individuals likely to be affected by a data breach in order to inform them of this breach as required by the GDPR.
Management of the relationship with our suppliers The legitimate interests of CAPSTON AI to manage its supplier base, streamline relations with its suppliers, and ensure the proper functioning of its activities.
Management of GDPR rights Compliance with a legal obligation incumbent upon CAPSTON AI, namely verifying the identity of the person exercising a right recognized by the GDPR (access, rectification, opposition, etc.), exchanging with them to verify the conditions for applying the exercised GDPR right, and responding to their request.
Management of cookies and other trackers The legitimate interests of CAPSTON AI regarding the processing of personal data related to cookies strictly necessary for the proper functioning of the website. Your prior consent, regarding the deposit of other cookies and trackers placed during your navigation on our website (audience measurement, chat...). To learn more, click on the icon to reopen our cookie management solution.

In general, we do not process any of your data for purposes incompatible with those for which they were collected, unless you have given your prior consent.

Where do the data we collect and process come from?

We collect and process:
  • data that you provide directly to us (when you fill out a contact form, when you subscribe to one of our packages, and generally when you communicate with CAPSTON AI in any other way) and;
  • data that we collect automatically (through cookies and other trackers when you interact with our website).

With whom do we share your data?

Within the limits of their respective attributions and based on the need-to-know principle, the following may have access to your personal data:
  • CAPSTON AI personnel in charge of marketing, sales, customer relations, and prospecting, as well as their hierarchical superiors,
  • our administrative, logistics, and IT services, as well as their hierarchical superiors,
  • the accounting firm,
  • Authorized personnel of our subcontractors involved in the execution of our services (e.g., Stripe payment solution provider, host, CRM…). We undertake to sign with each of our subcontractors clauses compliant with Article 28 of the GDPR, specifying their obligations regarding the security and confidentiality of your data.
  • Where applicable, your data may also be recipients of:
    • Organizations, judicial auxiliaries, and ministerial officers, in the context of their debt collection mission,
    • Personnel in charge of managing our commercial prospecting opt-out lists.

What are our commitments if your data is transferred outside the EU?

We use certain subcontractors under conditions that lead to data transfers outside the European Union, particularly to the United States (e.g., Google Analytics audience measurement solution).
If your data were to be transferred outside the EU, particularly through our subcontractors, we would pay particular attention to ensuring that they process your data in strict compliance with current regulations concerning personal data protection. In cases where they are located in a country not subject to an adequacy decision by the European Commission, recognizing a level of protection equivalent to that provided by the European Union,the data transfer will be framed by the signing of standard contractual clauses provided by the European Commission.
We also ensure the implementation of additional measures required by European DPAs (Data Protection Authorities) to frame data transfers to a State that does not ensure a sufficient level of protection.
For your information, three types of cumulative additional measures can be implemented:
  • technical measures, in particular data encryption or pseudonymization measures;
  • organizational measures, for example to ensure that the recipient of the transfer will not store the data received from its subsidiaries if they are located in third countries that have legislation not compliant with European requirements regarding surveillance, for example;
  • legal measures, for example, a clarification in the contractual commitments framing the transfer of the definition of a particular concept if it is not understood in the same way in the laws of the exporter and the importer, or the contractual imposition of technical or organizational measures.

How long is your data kept?

We keep your personal data for the period strictly necessary to achieve the purposes referred to in point 1 herein, plus the statutory limitation periods.
Purpose Retention Period
Contract Management Duration of the contractual relationship.
Customer Account Accounting Ten (10) years.
Establishment of financial statistics concerning customers Duration necessary for achieving the objective of the statistics or until the exercise of the right to object.
Management of complaints and after-sales service Duration of the contractual relationship.
Conduct of commercial prospecting actions Until consent is withdrawn or 3 years from the last active contact of individuals with our organization.
Management of data breaches (leakage or loss of information involving personal data) Data related to a personal data breach notification is kept for ten (10) years from the closing of the file.
Management of GDPR rights Processed data is kept during the examination of your request, then archived for five (5) years in accordance with current limitation periods. Identity documents will be kept for a period of one (1) year in compliance with applicable legal deadlines. In case of objection to commercial prospecting, the data will be kept for a minimum period of three (3) years solely to ensure the effectiveness of your right to object.
Management of contact requests on the website One (1) year from the processing of the contact request on our website.
Management of cookies and other trackers To learn more about the lifespan of cookies placed on this site, consult our dedicated section. Audience measurement data is kept for 25 months.

What are your GDPR rights and how to exercise them?

In application and within the limits of their conditions of application, you have the following rights:
Right Description
Right of access to your data You can obtain from CAPSTON AI confirmation that your data is or is not being processed and, when it is, access to all data and information held by CAPSTON AI.
Right to rectification of your data You can obtain from CAPSTON AI, as soon as possible, the rectification of inaccurate or erroneous data concerning you. You can also request that your data be completed, if necessary.
Right to erasure of your data Except for legal exceptions, you can ask CAPSTON AI to erase your data, for example, if you believe that the processing of your data is no longer necessary for the purposes for which it was collected.
Right to data portability You have the possibility to retrieve part of your data in an open and machine-readable format or to ask CAPSTON AI to transmit it to another organization. Only data that you have actively and consciously provided to CAPSTON AI (e.g., data you entered in an online form) or data generated during the use of a service or device in the context of the conclusion or management of your contract, and which are processed automatically, on the basis of consent or the performance of a contract, are concerned by this right.
Right to object You can object to your data being used for a specific purpose, provided you state the reasons relating to your particular situation. However, in the case of commercial prospecting, you can object without reason and at any time (see below: right to withdraw consent).
Right to restriction of processing of your data In cases where you dispute the accuracy of the data used by the data controller or you object to your data being processed, the data controller may proceed with a verification or examination of your request for a certain period. During this period, you have the possibility to ask them to no longer use your data; however, they will have to keep them. Conversely, if the data controller intends to erase your data, you can ask them, under this right, to keep the data to exercise a legal right, for example.
Right not to be subject to automated decision-making You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw consent When the processing of your personal data is based on your consent (e.g., sending our electronic commercial offers), you have the option to withdraw your consent at any time.
Right to give post-mortem directives You have the possibility to define directives regarding the retention, erasure, and communication of your data after your death. These directives define how you wish your rights over your data to be exercised after your death. You can, at any time, modify or revoke your directives.

For more information on your rights, you can consult the CNIL website:

https://www.cnil.fr/fr/mes-demarches/les-droits-pour-maitriser-vos-donnees-personnelles.

How to exercise your GDPR rights?

To exercise any of your rights, send your request either by email to gdpr@capston.ai, or by mail to BOURBON TECH – Attn: GDPR Referent – RAVINE DES, 55 CHEMIN FERNAND COLLARDEAU, 97432 SAINT-PIERRE.
Indicate the purpose of the request in the subject line (exercise of the right of access, objection, etc.) and attach any element that justifies your identity to your email or letter. Finally, remember to specify the address where the response should be sent (email or mail). Failing that, we will respond to you via the same communication channel you used to contact us.
CAPSTON AI will send you its response within a maximum of one (1) month from the date of receipt of your request. This period may however be extended by two (2) months due to the complexity and number of requests.
If, after contacting CAPSTON AI, you believe that your data protection rights are not respected, you can lodge a complaint with the CNIL, directly on the CNIL website or by post at: CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.