// Legal

Privacy Policy

Effective date: 1 January 2025. Last updated: 30 March 2026.

1. Data Controller

Captavex Labs, a company registered in the European Union, is the data controller for personal data collected through this website. For questions regarding data processing, contact privacy@captavex.com.

2. Information We Collect

We collect the following categories of personal data:

  • Contact information submitted through forms (name, email address, message content).
  • Job application data (name, email, CV, cover letter, GitHub profile, and any additional materials you provide).
  • Technical data collected automatically (IP address, browser type, device information, pages visited, timestamps).
  • Cookie data as described in Section 7 below.

3. How We Use Your Information

  • To respond to enquiries submitted through our website.
  • To process and evaluate job applications.
  • To analyse website usage and improve our services.
  • To ensure website security and prevent misuse.
  • To comply with legal obligations under applicable EU law.

We do not sell, rent, or share personal data with third parties for marketing or advertising purposes.

4. Legal Basis for Processing (Article 6 GDPR)

  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as accepting non-essential cookies.
  • Legitimate interest (Article 6(1)(f)): For website analytics, security monitoring, and service improvement, where processing is necessary for our legitimate business interests and does not override your fundamental rights and freedoms.
  • Pre-contractual measures (Article 6(1)(b)): Where processing is necessary to take steps at your request, such as evaluating job applications.
  • Legal obligation (Article 6(1)(c)): Where processing is required to comply with applicable EU or member state laws.

5. Data Retention

  • Contact form submissions are retained for a maximum of 12 months.
  • Job application data is retained for a maximum of 24 months from the date of submission, unless you request earlier deletion.
  • Technical and analytics data is retained for a maximum of 26 months.

Retention periods are reviewed annually. Data that is no longer necessary for its original purpose is securely deleted.

6. Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction of processing (Article 18): Request restriction of processing in certain circumstances.
  • Right to data portability (Article 20): Request transfer of your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent (Article 7(3)): Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact privacy@captavex.com. We will respond within 30 days of receiving your request. If we require an extension, we will inform you within the initial 30-day period. You have the right to lodge a complaint with the relevant supervisory authority in your EU member state of residence, place of work, or place of the alleged infringement.

7. Cookies

This website uses the following categories of cookies:

  • Strictly necessary cookies: Required for the website to function correctly. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with the website. These are set only with your explicit consent.

We do not use advertising cookies, tracking pixels, or retargeting technologies. You can manage cookie preferences through your browser settings or through our cookie consent mechanism where applicable.

8. International Data Transfers

Personal data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions under Article 45 GDPR.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures are reviewed and updated regularly.

10. Third-Party Processors

We may engage third-party service providers who process data on our behalf under Data Processing Agreements (DPAs) compliant with Article 28 GDPR. Categories include: hosting and infrastructure providers, analytics providers, and email service providers. We do not share personal data with third parties for their own independent purposes.

11. Children

This website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the website. The “Last updated” date at the top of this policy reflects the most recent revision. Continued use of the website after changes are posted constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or to exercise your data rights:
Captavex Labs
European Union
privacy@captavex.com