CAPXEL Privacy Policy

 Updated July 25, 2024

TABLE OF CONTENTS

1. General Privacy Policy
2. Privacy Policy for EU (GDPR)
3. California Consumer Privacy Act (CCPA) Disclosures
4. Nevada Consumer Privacy Act (NRS 603A) Disclosures

CAPXEL General Privacy Policy


CAPXEL LLC provides a range of data marketing and consumer analytics products (the

“Services”) designed to help both for-profit and not-profit organizations, including marketing companies and platforms and their own clients, to market their goods and services in a relevant and efficient way. Our solutions, many of which are described in this document, are used to help marketing that occurs through direct mail, email, online, connected-TV and other marketing channels.


We take seriously the privacy interests of the individuals whose information we receive and share. We provide this Privacy Policy (“Privacy Policy”) to describe how we use and manage that information, and what rights consumers have to control how their information is used in marketing.


In compliance with the California Consumer Privacy Act, we provide a “CCPA PRIVACY NOTICE” Which describes additional rights you have if you are a California resident.


We also operate one or more corporate websites, which are principally designed for our own customers and prospective customers. We address the information we collect and use for those business purposes (such as information we use to communicate with our corporate customers, and potential customers) in Section 6 of this Privacy Policy.


1. Information That We Collect and Use in Our Services


When we provide our Services, we receive data, including personal information, from a variety of sources, including websites and mobile apps, public sources, and other data compilers. We refer to the information that we collect and process throughout this Privacy Policy as “Information” or “the Information.”


The Information often includes various identifying and demographic information about individuals. It often includes personal attributes such as name, address and other contact information. It may also include information (on the individual, household, or geographic level level), such as:


    • Particular interests, such as (for instance) home improvement, music, online shopping, health and beauty sport, or travel, or political leanings

    • Organizations to which you belong or have belonged, such as a cycling club, or to which you have contributed

    • Publicly available information, such as that available from government information and files

    • Demographic information, such as age, gender, level of education or likely income range


This type of information may be inferred – for instance, if a household is in a particularly wealthy area, we might infer a particular income range; if a person’s name is “Catherine” we might infer gender as likely female.


CAPXEL also receives information through this website (and any other website we operate). We describe this information in Section 6.


2. How We Use the Information


CAPXEL uses the Information for various purposes, including the following.


As Part of Our Services:


Data Marketing Services: Our Services include providing marketing information to our customers, generally regarding which customers or prospective customers are most likely to be interested (or disinterested) in certain offers, or how to best contact or identify those customers. Similarly, we help our customers identify and understand their customers better, by providing insights about them. Our customers include (but are not limited to) brands and agencies and various marketing data platforms that help them to market and advertise to their own customers (and prospective customers); our customers also include other data compilers, who work with their own customers.


Online Targeting: We sometimes create defined audience segments (“Audience Segments”) based on common demographics and/or shared (actual or inferred) interests or preferences (e.g., households with health care professionals, or with an interest in international travel). When we do this, we may work with a data partner that “matches” our Information through de-identification techniques (such as through coded data “hashing”) with online cookies and other identifiers, in order to target and measure ad campaigns online across various display, mobile and other media channels. You may learn more about how to opt out of this and other online ad targeting in Section 4.


Identity Products: We sometimes use the Information we collect to create (or to help our customers create) “identity” graphs, to help locate users across various channels, such as based on common personal, device-based, or network-based identifiers (e.g., IP address, email address).


Additional Marketing Services: Other Services we may sometimes provide to our customers (or that they may provide to their own customers), which may overlap with or supplement the above, may involve (a) help with targeting and optimizing direct mail, email campaigns, display, social and mobile marketing; (b) measuring how effective marketing campaigns have been, by determining which messages are most likely to be seen or opened by which types of consumers, or which types of ads are most likely to lead to purchases; (c) analyzing and optimizing our customers’ (or their service providers’) proprietary databases, or helping customers to detect and prevent crime and fraud; or (d) providing “validation” or data hygiene services, which is how companies update and/or correct their databases by verifying or removing or correcting old, incorrect or outdated information.


To Operate Our Services


We also use the Information for our own internal purposes – such as to improve, test, update and verify our own database; to develop new products; and to operate, analyze, improve and secure our Services and our databases and servers.


Legal Basis for Processing

CAPXEL processes personal data based on the following legal grounds:


Contractual Necessity: Processing is required to fulfill our agreements with clients.

Consent: We may process personal data based on the individual’s consent, particularly when legally required (e.g., GDPR or CCPA).

Legitimate Interests: Processing is necessary for CAPXEL’s legitimate interests, including improving services, provided these interests do not override data protection rights.

Compliance with Legal Obligations: We process data to comply with legal obligations, such as regulatory requirements.

3. How We Share Information with Customers, Third Parties, including Service Providers


CAPXEL may share the Information with customers, marketing services and platforms, as well as service providers that help us to provide the Services we’ve described above (or other services we may add in the future). This includes sharing in the following ways:


With Our Customers: As described above, we license the Information in various ways to our customers (and something to partners and resellers, who license the Information to their customer), when we provide our Services. We may sometimes share the Information with those Customers’ service providers (for instance, a provider that prints or sends mailings for a Customer), or ad agencies that they work with.


With Our Partners: We also may share the Information, including personally identifiable information and Audience Segments, with business and data partners to help provide more tailored targeted marketing, advertising and communications. Likewise, we may do so for analytical purposes, including to help these other parties measure campaign performance, inform future campaigns, or to handle, analyze, or segregate this Information on our or our customers’ behalf.


With Our Service Providers: We share the Information with a variety of service providers in order to operate, protect and advertise our Services and maintain our website(s). For instance, we may share the Information with tech and customer support providers, marketing and advertising providers, other data providers (such as to enhance or verify our Information), security vendors, payment vendors (as to our business to business information), and other companies help us deliver or develop Services.


Corporate transfers: If CAPXEL, its stock or its significant assets are acquired by or merged into another entity, our information will be transferred to that entity, and may be shared during due diligence in anticipation of any such transaction.


Affiliates, parent companies and subsidiaries: CAPXEL may share some or all of the Information in our possession with any affiliated or subsidiary companies (if we ever have any).


For Legal Reasons

We may disclose personal data if required by law, such as in response to subpoenas, warrants, or other legal processes, or if we believe such disclosure is necessary to protect the rights, property, or safety of CAPXEL, its clients, or any other party.

4. Your Marketing and Opt-Out Choices


There are multiple ways that you can opt-out of having the Information used to market to you:


First, if you would like to opt out, you may follow the link at the bottom of our website or click here: “Do Not Sell My Personal Information” to have your personal information removed from our database. When you do this, you’ll be asked to provide your name, current address, and, optionally, your email address. We may in certain cases require that you verify any of the information that you submit, such as through a verified email response or another verified response.


If you would like to opt-out of direct mail advertising in general, we recommend that you visit the DMA Choice website, at dmachoice.thedma.org. The DMA Choice service is run by the Direct Marketing Association and allows you to follow a few easy steps to ensure that your marketing preferences are honored.


If you wish to opt out of online targeted ads (sometimes referred to as “interest-based” or “personalized” advertising), you can visit the opt-out portals operated by the industry groups the National Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA), and you can learn more about how those opt-outs work on those linked web pages. Please note that these online opt-outs are cookie-based.


Thus, if you browse the web from multiple browsers or devices, you will need to opt out from each browser and/or device, and for the same reason, if you change browsers or clear your browser cookie cache, you will need to perform this opt-out function again. Opting-out in this manner will not prevent you from seeing all types of online ads; it generally will prevent targeted ads customized to what advertisers think may be most likely to be relevant and of interest to you. (If your browser is set to reject cookies, or to reject third party cookies, these opt-out solutions may not work, or may have limited duration.)


If we market to you by email, in our corporate capacity – for instance, if you are a customer or prospective customer of ours and we send information about our Services — you may “unsubscribe” from our marketing emails through a link placed in your emails.


5. Cookies and Similar Technologies


Cookies and How We Use Them


CAPXEL and its business partners use certain industry-standard technologies, including cookies and similarly functioning technologies, which we describe below. (We and/or our service providers use these technologies on our website, for instance, and our partners may use these technologies in their own marketing services.)


We may work with third parties or service providers to provide or enhance our services (e.g. for purposes of tailoring ads, or placing browser cookies), or to offer marketers ways to access or use our Information, often in de-identified form. These partners may set and access their own cookies, pixel tags and similar technologies on your device, which may have cookies with varying expiration periods. Those partners may, likewise, collect various types of information about your browser, device, or browsing activities through use of these cookies.


Cookies, in turn, are small data files that contain a string of characters, such as a unique browser identifier. Cookies are stored on your computer or other device and act as tags that identify your device. Our (or other companies’) servers send your device a cookie when you visit a website. A “spy tag” (also commonly known as a pixel tag or web beacon or clear GIF) is an invisible 1 x 1 pixel that is placed on certain web pages. When you access web pages (such as the website of a marketer), pixel tags may generate a generic notice of the visit and permit our partners (or sometimes, us) to read the cookies that a respective company or server has deployed. Pixel tags are used in combination with cookies to track the activity on a site by a particular device. When you turn off cookies, pixel tags simply detect a given website visit.


We or our service providers, and other online marketing platforms that we or they work with, may use cookies to, among other things, “remember” you, determine visitor patterns and trends, collect information about your activities on our clients’ sites, or interact with the advertising you see.


Cookies are used in this way to provide relevant content to you and replace non-relevant communications with ads that better match your interests.


Disabling Cookies


Most web browsers are set up to accept cookies (particularly “first party” cookies). You may be able to set your browser to warn you before accepting certain cookies or to refuse certain cookies.


However, if you disable the use of cookies in your web browser, some features of our website and other services may be difficult to use or become inoperable.


6. Data Collected Through Our Corporate Website


Information Collected


CAPXEL collects information from users of our website(s) (including any page on which this Privacy Policy is posted), including:

    • Information about what content and pages users access, utilize or visit on our website, or how they interact with our content – for instance, if they spent a certain amount of time reviewing a particular blog post or description of particular services.

    • Information, including personally identifiable and contact information that you provide, which could include (for instance) survey information, sign-up information (e.g., if you sign up for events or newsletters), requests for information, mailing addresses and email addresses.


How CAPXEL Uses the Information We Collect Through Our Website


We use the Information we collect through our website(s) to do the following:


    • Create and manage your unique user account.

    • Provide Services to you.

    • Respond to and communicate with you (including regarding news and updates about our services).

    • Send you offers and ads for our products and services, when you browse the website(s) or other companies’ websites on the Internet (such as to “retarget” you with information about our services).

    • Send you offers and ads for products and services of partner brands, or other offers we believe may be of interest to you, such as invitations to events and webinars.

    • Perform data analysis (including market research).

    • We may combine the Information with other information we obtain from third parties, publicly available sources, and any other product or service we provide to further improve the relevance and effectiveness of products, and advertisements offered, including (but not limited to), those provided on or through our services.

    • We may use IP addresses to help diagnose problems with our servers and to administer our website(s). We also may use IP addresses to help identify visitors to our website(s) for the duration of a session and to gather demographic information about our visitors. We may use clickstream data to determine how much time visitors spend on each web page of our website(s), how visitors navigate through the website(s), and how we may tailor our website(s) to better meet the needs of our visitors. We also use this Information for compliance with our legal obligations, policies and procedures, including the enforcement of our Terms and Conditions.

    • If we collect Information from “offline” sources – for instance, if you provide us your business card at a business conference – we will maintain that information and use it for marketing and business purposes, as well. We may market to potential customers through online or offline methods, using any information we have collected for our own corporate purposes.

Your Data Rights

Depending on your location, such as in the European Economic Area (EEA) or California, you may have certain rights concerning your personal data, including:


Right to Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You have the right to correct any inaccuracies or incomplete data.

Right to Erasure (Right to be Forgotten): You may request deletion of your personal data, subject to certain legal obligations.

Right to Restrict Processing: You may request restrictions on how we process your data.

Right to Data Portability: You can request a copy of your data in a structured, machine-readable format.

Right to Object: You can object to certain data processing based on legitimate interests.

Right to Withdraw Consent: Where data processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at legal@capxel.com.

7. Links


This website may provide links to other websites that CAPXEL thinks users will find interesting or useful (e.g., information about a business conference or event we are sponsoring). CAPXEL is not responsible for the privacy practices of these other sites or companies.


8. Security and Data Integrity CAPXEL takes steps to help ensure that the data we possess is housed and transmitted securely. This may include various types of physical and electronic security, including firewall protections, encryption, hashing or truncation of data, and access controls to personal information. While neither we nor any platform can guarantee 100 percent safety from hacks or illegal intrusion, we employ efforts we believe are designed to ensure that this does not occur.

9. Children's Privacy

CAPXEL’s services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately.

10. Changes to this Privacy Policy


We may update this Privacy Policy from time to time. Any changes to it will become effective when it is posted to our website. Please check back to learn of any changes to this Privacy Policy if you are interested in our privacy practices.


11. Storage of Information in the United States


If you are accessing our website from outside of the United States, your connection likely will be through and to servers located in the United States and all Information you provide will likely be processed and securely maintained in our web servers and internal systems located within the United States. (We generally store the Information used in our Services in the United States.) Thus, you should be aware that in accessing this website or otherwise communicating with us, the information we collect or receive from you may be subject to laws with lesser or different privacy standards than those in your own country (such as if you are in a country located in the European Union).

International Data Transfers

If you are located outside the United States, the personal data we collect may be transferred to and processed in the U.S. or other countries. CAPXEL ensures that any such international transfers comply with applicable laws, including the use of Standard Contractual Clauses (SCCs) for transfers from the European Economic Area (EEA) in accordance with GDPR. These legal mechanisms ensure that your data is adequately protected when transferred across borders.

12. Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected or as required by law. Once your data is no longer needed, we will securely delete or anonymize it in compliance with applicable regulations.

13. Your California Privacy Rights


If you are a resident of California, the California Consumer Protection Act (CCPA) provides certain rights of disclosure, access and deletion of your Information as described in the “Disclosures for California Residents” on the “Disclosures” page.


14. You Nevada Privacy Rights


If you are a resident of Nevada, the Nevada Privacy Act (NPA) provides certain rights of disclosure, access and deletion of your Information as described in the “Disclosures for Nevada Residents” on the “Disclosures” page.

CAPXEL EU Privacy Policy (GDPR)


Data Protection and Privacy Standard for Compliance with the General Data Protection Regulation (GDPR)


INTRODUCTION


CAPXEL, LLC (“CAPXEL”) is a data provider and AI development company that supplies information to some of the largest companies in multiple industries around the world. To provide the highest quality service to its clients, CAPXEL needs to gather and use certain information about individuals.


This Data Protection and Privacy Standard (the “Standard”) for Compliance with the General Data Protection Regulation (“GDPR”) sets out how CAPXEL (which shall include “we”, “our”, “us”, or the “Company) handle the Personal Data of our customers, suppliers, employees, contacts, workers and other third-parties.


This Standard applies to all Personal Data CAPXEL Processes regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients, supplier contacts, shareholders, website users or any other Data Subject.


This Standard applies to all Company Personnel in conducting the Company’s business. All Company Personnel are required to read, understand and comply with this Standard when necessary to the Processing of Personal Data on CAPXEL’s behalf, and to attend any trainings established by CAPXEL on its requirements. Compliance with this Standard is mandatory for all Company Personnel.


WHY DOES CAPXEL NEED THIS STANDARD


CAPXEL understands that its business activities could present potential risks to individuals, its clients and to the company as a whole. This policy describes how this Personal Data must be collected, handled and stored to meet CAPXEL’s data protection standards — and to comply with the GDPR. This Standard is intended to help protect the rights of CAPXEL’s employees, clients, and global partners, and to protect itself from the risks of a data breach.


This Standard (together with any Related Policies and Privacy Guidelines) is confidential and proprietary to CAPXEL and cannot be shared with third-parties, clients or regulators without prior authorization from the DPO, Chief Executive Officer (“CEO”), or Chief Operating Officer (“COO”) and only when done so in accordance with CAPXEL’s confidentiality policies.


1. DEFINITIONS:


Automated Decision-Making (ADM) is when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.


Automated Processing is any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyze or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. Profiling is an example of Automated Processing.


Company Name refers to CAPXEL Data & Analytics, LLC, a Florida limited liability company, including any subsidiaries or affiliated entities.


Company Personnel are all employees, contractors, agents, consultants, directors, officers, members and others identified as such.


Consent is an agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.


Data Controller is the person or organization that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. CAPXEL is the Data Controller of all Personal Data relating to the Company Personnel and Personal Data used in CAPXEL’s business for commercial purposes.


Data Subject is a living, identified or identifiable individual about whom CAPXEL holds Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.


Data Privacy Impact Assessment (DPIA) is a tool and assessment used to identify and reduce the risk of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the Processing of Personal Data.


Data Protection Officer (DPO) is the person required to be appointed in specific circumstances under the GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance.


EEA are the 28 countries in the European Union (“EU”), Iceland, Liechtenstein and Norway.


Explicit Consent is consent which requires a very clear and specific statement (that is, not just action).


General Data Protection Regulation (“GDPR”) refers to the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.


Personal Data is any information identifying a Data Subject or information relating to a Data Subject that CAPXEL can identify (directly or indirectly) from that data alone or in combination with other identifiers it possesses or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymized Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed or scrubbed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behavior.


Personal Data Breach is any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organizational safeguards that CAPXEL or its third-party service providers put in place to protect it. The loss, or unauthorized access, disclosure or acquisition of Personal Data is a Personal Data Breach.


Privacy by Design refers to the implementing of appropriate technical and organizational measures in an effective manner to ensure compliance with the GDPR.


Privacy Guidelines refer to the Company’s privacy/GDPR related guidelines provided to assist in interpreting and implementing this Standard and Related Policies.


Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies are separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose.


Processing or Process refers to any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third-parties.


Pseudonymization or Pseudonymized refers to replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.


Related Policies are the Company’s policies, operating procedures or processes (to the extent deemed necessary and applicable by the Company) related to this Standard and designed to protect Personal Data.


Sensitive Personal Data is information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offenses and convictions.


2. SCOPE


CAPXEL recognizes that the correct and lawful treatment of Personal Data will maintain confidence in the organization and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that CAPXEL takes seriously at all times. The Company recognizes that it can be exposed to substantial fines depending on the breach, for its failure to comply with the provisions of the GDPR.


All directors, officers and managers are responsible for ensuring all Company Personnel comply with this Standard and need to implement appropriate practices, processes, controls and training to ensure such compliance. The DPO is responsible for overseeing this Standard and, as applicable, developing Related Policies and Privacy Guidelines.


Company Personnel should contact the DPO with any questions about the operation of this Standard, and in particular, in the following circumstances:


(a) if they are unsure of the lawful basis which they are relying on to process Personal Data (including the legitimate interests used by the Company);

(b) if they need to rely on Consent and/or need to capture Explicit Consent;

(c) if they need to draft Privacy Notices or Fair Processing Notices;

(d) if they are unsure about the retention period for the Personal Data being Processed;

(e) if they are unsure about what security or other measures you need to implement to protect Personal Data;

(f) if there has been a Personal Data Breach;

(g) if they are unsure on what basis to transfer Personal Data outside the EEA;

(h) if they need any assistance dealing with any rights invoked by a Data Subject;

(i) whenever they are engaging in a significant new, or change in, Processing activity which is likely to require a DPIA or plan to use Personal Data for purposes others than what it was collected for;

(j) if they plan to undertake any activities involving Automated Processing including profiling or Automated Decision-Making;

(k) if they need help complying with applicable law when carrying out direct marketing activities; or

(l) if they need help with any contracts or other areas in relation to sharing Personal Data with third-parties (including vendors).


3. PERSONAL DATA PROTECTION PRINCIPLES


Where necessary, CAPXEL adheres to the principles relating to Processing of Personal Data set out in the GDPR which requires Personal Data to be:


(a) Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).

(b) collected only for specified, explicit and legitimate purposes (Purpose Limitation).

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimization).

(d) accurate and where necessary kept up to date (Accuracy).

(e) kept in a form which does not permit identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).

(f) Processed in a manner that ensures its security using appropriate technical and organizational measures to protect against unauthorized or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).

(g) transferred to another country with appropriate safeguards being in place (Transfer Limitation).

(h) made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).


CAPXEL is responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).


4. LAWFULNESS, FAIRNESS, TRANSPARENCY


(a) Lawfulness and Fairness:


Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject. Personal Data may only be collected, Processed and shared fairly and lawfully and for specified purposes. The GDPR restricts actions regarding Personal Data to certain specified lawful purposes which includes, but is not limited to:


i. the Data Subject has given his or her Consent;
ii. the Processing is necessary for the performance of a contract with the Data Subject;
iii. to meet the Company’s legal compliance obligations.;
iv. to protect the Data Subject’s vital interests;
v. to pursue legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which the Company processes Personal Data for legitimate interests need to be set out in applicable Privacy Notices or Fair Processing Notices; or
vi. any other purpose permissible under the GDPR which the Company deems necessary.


These are not intended to prevent Processing, but to ensure that Personal Data is Processed fairly and without adversely affecting the Data Subject. In the Processing of Personal Data, the Company must identify and document the legal ground being relied on for each Processing activity in accordance with any applicable Company guidelines that may exist from time to time.


(b) Consent:


A Data Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the GDPR, which includes Consent.


A Data Subject consents to the Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-marked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters.


Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honored. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented.


Unless the Company can rely on another legal basis of Processing, Explicit Consent is typically required for Processing Sensitive Personal Data, for Automated Decision-Making and for cross border data transfers. Usually CAPXEL will be relying on another legal basis (and not require Explicit Consent) to Process most types of Sensitive Data. Where Explicit Consent is required, the Company may be required to issue a Fair Processing Notice to the Data Subject to capture Explicit Consent.


CAPXEL will use it best efforts to evidence Consent captured and keep records of all Consents so that the Company can demonstrate compliance with Consent requirements.


(c) Transparency:


The GDPR requires Data Controllers to provide detailed, specific information to Data Subjects depending on whether the information was collected directly from Data Subjects or from elsewhere. Such information must be provided through appropriate Privacy Notices or Fair Processing Notices which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them.


Whenever CAPXEL collects Personal Data directly from Data Subjects, including for human resources or employment purposes, it must provide the Data Subject with all the information required by the GDPR including the identity of the Data Controller and DPO, as well as how and why it will use, Process, disclose, protect and retain that Personal Data through a Fair Processing Notice which must be presented when the Data Subject first provides the Personal Data directly to CAPXEL.


When Personal Data is collected indirectly (for example, from a third-party or publicly available source), CAPXEL should provide the Data Subject with all the information required by the GDPR as soon as possible after collecting/receiving the data. CAPXEL should also check that the Personal Data was collected by the third-party in accordance with the GDPR and on a basis which contemplates CAPXEL’s proposed Processing of that Personal Data.


5. PURPOSE LIMITATION


Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes.


Personal Data should not be used for new, different or incompatible purposes from that disclosed when it was first obtained unless the Data Subject has been informed of the new purposes and they have Consented where necessary.


6. DATA MINIMIZATION


Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed. Personal Data should only be Processed when performance of job duties requires it and should not be Processed for any reason unrelated to such job duties.


Personal Data should only be collected if it is required to perform one’s job duties. This means that CAPXEL should not collect excessive data and that CAPXEL ensures that any Personal Data collected is adequate and relevant for the intended purposes. When Personal Data is no longer needed for specified purposes, it should be deleted or anonymized in accordance with the Company’s data retention guidelines.


7. ACCURACY


Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate. CAPXEL will attempt to ensure that the Personal Data it uses and holds is accurate, complete, kept up to date, and is relevant to the purpose for which it is collected. CAPXEL should check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards if possible. CAPXEL should also take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data.


8. STORAGE LIMITATION


Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed. Personal Data should not be kept in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which CAPXEL originally collected it, including for the purpose of satisfying any legal, accounting or reporting requirements.


The Company will maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires such data to be kept for a minimum time. All reasonable steps will be taken when necessary to destroy or erase from CAPXEL’s systems all Personal Data that is no longer required in accordance with all the Company’s applicable records retention schedules and policies. This includes requiring third-parties to delete such data where applicable.


Data Subjects should be informed of the period for which data is stored and how that period is determined in any applicable Privacy Notice or Fair Processing Notice.


9. SECURITY INTEGRITY AND CONFIDENTIALITY


(a) Protecting Personal Data:


Personal Data must be secured by appropriate technical and organizational measures against unauthorized or unlawful Processing, and against accidental loss, destruction or damage.


CAPXEL plans to continually develop, implement and maintain safeguards which are appropriate for: (i) a company of this size, scope and business, (ii) the available resources, (iii) the amount of Personal Data that CAPXEL owns or maintains for itself or on behalf of others, and (iv) identified risks (including use of encryption and Pseudonymization where applicable). CAPXEL will regularly evaluate and test the effectiveness of those safeguards to ensure the security of its Processing of Personal Data. Company Personnel are responsible for protecting the Personal Data held by CAPXEL. CAPXEL expects all Company Personnel to implement reasonable and appropriate security measures in accordance or conjunction with the safeguards described above, against unlawful or unauthorized Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. Company Personnel must exercise particular care in protecting Sensitive Personal Data from loss and unauthorized access, use or disclosure.

Company Personnel must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested.


CAPXEL’s data security safeguards are intended to protect the confidentiality, integrity and availability of the Personal Data. When interpreting and using this Standard:


i. Confidentiality means that only people who have a need to know and are authorized to use the Personal Data can access it.
ii. Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed.
iii. Availability means that authorized users are able to access the Personal Data when they need it for authorized purposes.

Company Personnel must comply with and not attempt to circumvent the administrative, physical and technical safeguards CAPXEL implements and maintains in accordance with the GDPR and relevant standards to protect Personal Data.


(b) Reporting A Personal Data Breach:


The GDPR requires Data Controllers make certain notifications in the event of any Personal Data Breach. CAPXEL has implemented (or will implement) procedures to deal with any suspected Personal Data Breach and will notify those entities who are required to received notifications pursuant to applicable law.


If any Company Personnel knows or suspects that a Personal Data Breach has occurred, they are advised not to attempt to investigate the matter personally. Rather, Company Personnel should immediately contact the person or team designated as the key point of contact for Personal Data Breaches (for example, and in certain instances said contact could be the DPO, the information technology or security department, the legal department, or any other department identified by the Company). Company Personnel are also advised to preserve all evidence relating to the potential Personal Data Breach to the best of their ability.


10. TRANSFER LIMITATION


The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. It is important to note that this transfer restriction does not necessarily apply to data transfers originating outside the EEA, whether to EEA or non-EEA countries. 


Transferring of Personal Data originating in one country across borders occurs when data is transmitted, sent, viewed or accessed in or to a different country. Personal Data should only be transferred outside the EEA if one of the following conditions applies:


(a) the European Commission has issued a decision confirming that the country to which CAPXEL transfers the Personal Data ensures an adequate level of protection for the rights and freedoms of the Data Subjects;

(b) appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;

(c) the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or

(d) the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between CAPXEL and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for CAPXEL’s legitimate interest.


All Company Personnel must comply with the Company’s guidelines on cross border data transfers.


11. DATA SUBJECT’S RIGHTS AND REQUESTS


Data Subjects have rights when it comes to how CAPXEL handles their Personal Data. These include rights to:


(a) withdraw Consent to Processing at any time;

(b) receive certain information about the Data Controller’s Processing activities;

(c) request access to their Personal Data that is being held;

(d) prevent the use of their Personal Data for direct marketing purposes;

(e) ask CAPXEL to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;

(f) restrict Processing in specific circumstances;

(g) challenge Processing which has been justified on the basis of CAPXEL’s legitimate interests or in the public interest;

(h) request a copy of an agreement under which Personal Data is transferred outside of the EEA (unless otherwise contractually prohibited from doing so;

(i) object to decisions based solely on Automated Processing, including profiling (ADM);

(j) prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;

(k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;

(l) make a complaint to the supervisory authority; and

(m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third-party in a structured, commonly used and machine-readable format.


CAPXEL will attempt to verify the identity of an individual requesting data under any of the rights listed above and will not willingly disclose Personal Data to a third-party without proper authorization. If any Company Personnel receives such a request from a Data Subject, they must immediately forward it to their supervisor or the DPO for appropriate response.


It is important to note that given the nature of CAPXEL’s business, the likelihood of a Data Subject seeking to enforce any or all of their rights under the GDPR is not high, however, all Company Personnel are expected to understand and comply as necessary.


12. ACCOUNTABILITY


(a) The Data Controller must implement appropriate technical and organizational measures in an effective manner, to ensure compliance with data protection principles. The Data Controller is responsible for, and must be able to demonstrate, compliance with the applicable data protection principles.


(b) The Company must have adequate resources and controls in place to ensure and to document GDPR compliance, such as for example:


i. appointing a suitably qualified DPO (where necessary) and an executive accountable for data privacy;
ii. implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects;
iii. integrating data protection into internal documents including this Standard, Related Policies, Privacy Guidelines, Privacy Notices or Fair Processing Notices;
iv. regularly training Company Personnel (as deemed necessary) on the GDPR, this Standard, Related Policies and Privacy Guidelines and data protection matters including, for example, Data Subject’s rights, Consent, legal basis, DPIA and Personal Data Breaches. The Company must maintain a record of training attendance by Company Personnel; and
v. regularly testing the privacy measures implemented and conducting periodic reviews and/or audits to assess compliance, including using results of testing to demonstrate compliance improvement effort.


(c) Sharing Personal Data:


Generally, under the GDPR, CAPXEL would not be allowed to share Personal Data with third-parties unless certain safeguards and contractual arrangements have been put in place.


Typically, CAPXEL only shares the Personal Data it holds with another employee, agent or representative of the Company (which includes its subsidiaries and affiliates) if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions. Furthermore, except in those certain instances where CAPXEL is providing Personal Data as part of the services it offers to vendors and clients, CAPXEL will only share the Personal Data it holds with third-parties if:


i. they have a need to know the information for the purposes of providing the contracted services;
ii. sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained;
iii. the third-party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place;
iv. the transfer complies with any applicable cross border transfer restrictions; and/or
v. a fully executed written contract that contains GDPR approved third-party clauses has been obtained.


(d) Record Keeping:


The GDPR requires CAPXEL to keep full and accurate records of all of its data Processing activities. CAPXEL will attempt to keep and maintain accurate corporate records reflecting its Processing, including records of Data Subjects’ Consents and procedures for obtaining Consents in accordance with any of the Company’s applicable record keeping guidelines.


These records should include, at a minimum, the name and contact details of the Data Controller and the DPO (if one such exists), clear descriptions of the Personal Data types, Data Subject types, Processing activities, Processing purposes, third-party recipients of the Personal Data, Personal Data storage locations, Personal Data transfers, the Personal Data’s retention period and a description of the security measures in place. In order to create such records, data maps should be created which should include the detail set out above together with appropriate data flows.


(e) Training and Audit:


To the extent necessary, CAPXEL will ensure that all Company Personnel have undergone adequate training to enable them to comply with data privacy laws. CAPXEL shall also regularly test its systems and processes to assess compliance.

Company managers and supervisors should regularly review all the systems and processes under your control to ensure they comply with this Privacy Standard and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data.


(f) Privacy by Design and Data Protection Impact Assessments (DPIA):


If necessary, CAPXEL will implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organizational measures (like Pseudonymization) in an effective manner, to ensure compliance with data privacy principles.


Certain Company Personnel should assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by taking into account:


i. the state of the art;
ii. the cost of implementation;
iii. the nature, scope, context and purposes of Processing; and
iv. the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.
Data controllers should also conduct DPIAs with respect to high risk Processing. For example, a DPIA should be conducted when implementing major system or business change programs involving the Processing of Personal Data including:

i. the use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes);
ii. Automated Processing including profiling and ADM;
iii. large scale Processing of Sensitive Data; and
iv. large scale, systematic monitoring of a publicly accessible area.

A DPIA should include:

i. a description of the Processing, its purposes and the Data Controller’s legitimate interests if appropriate;
ii. an assessment of the necessity and proportionality of the Processing in relation to its purpose;
iii. an assessment of the risk to individuals; and
iv. the risk mitigation measures in place and demonstration of compliance.


(f) Automated Processing (Including Profiling) And Automated Decision-Making:

Generally, ADM may be unadvisable and potentially prohibited when a decision has a legal or similar significant effect on an individual, unless:


i. a Data Subject has Explicitly Consented;
ii. the Processing is authorized by law; or
iii. the Processing is necessary for the performance of, or entering into, a contract.

CAPXEL can Process Sensitive Data under certain circumstances, such as where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention. If CAPXEL is going to make a decision based solely on Automated Processing (including profiling), then Data Subjects should be informed. This right must be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard the Data Subject’s rights and freedoms and legitimate interests. CAPXEL may conduct a DPIA before any Automated Processing (including profiling) or ADM activities are undertaken.


(g) Direct Marketing:


CAPXEL is subject to certain rules and privacy laws when marketing to our customers. For example, a Data Subject’s prior consent may be required for electronic direct marketing (for example, by email, text or automated calls). The exception for existing customers known as “soft opt in” allows organizations to send marketing texts or emails if they have obtained contact details in the course of a sale to that person, they are marketing similar products or services, and they gave the person an opportunity to opt out of marketing when first collecting the details and in every subsequent message. These requirements, like many other requirements under the GDPR apply when CAPXEL is having direct interaction with a person and not necessarily when only providing services to a third-party who subsequently directly interacts with individuals.

If applicable, the right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information. A Data Subject’s objection to direct marketing must be promptly honored. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future.


13. APPLICABILITY OF AND CHANGES TO THIS PRIVACY STANDARD


CAPXEL reserves the right to change this Standard at any time for any purpose it deems appropriate or necessary. This Standard does not override any applicable national data privacy laws and regulations in countries where the Company operates. CAPXEL recognizes and acknowledges that the GDPR does not apply to all of its activities or services provided, however, it is CAPXEL’s intention to comply with this Standard when deemed necessary to ensure compliance with the GDPR.

California Consumer Privacy Act (CCPA) Disclosures


Your California Privacy Rights


Under the California Consumer Privacy Act (CCPA), California residents are granted specific rights regarding their personal information. This section outlines your rights, the types of personal information we collect, the purposes for which we collect and use it, how we share it, and how you can exercise your rights.


1. Categories of Personal Information Collected


In the past 12 months, CAPXEL has collected the following categories of personal information:


  • Personal Identifiers: Name, alias, postal address, IP address, email address, and account name.
  • Commercial Information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or Other Electronic Network Activity Information: Browsing history, search history, and information regarding your interaction with our website, services, or advertisements.
  • Geolocation Data: Physical location or movements.
  • Professional or Employment-Related Information: Job title, employment history, and business contact information.
  • Education Information: Educational background and qualifications.
  • Inferences: Inferences drawn from any of the information listed above to create a profile reflecting consumer preferences, characteristics, behavior, or attitudes.


2. Sources of Personal Information


CAPXEL collects personal information from the following sources:


Directly from You: Information you provide directly to us when you interact with our services, such as through account creation, forms, or customer support inquiries.


Indirectly from You: Information collected automatically as you interact with our website, such as browsing activity or interactions with advertisements.


Third-Party Data Providers: Information from third-party data sources, such as marketing platforms, data brokers, and business partners.


Publicly Available Sources: Information from public records and other publicly available sources.


Social Media Platforms: Data obtained from social media interactions, public profiles, and engagement with our services on platforms like LinkedIn, Facebook, or Twitter.


3. Business or Commercial Purposes for Collecting Personal Information


We collect and use personal information for the following business and commercial purposes:


Service Provision: To provide, maintain, and improve our services, including marketing insights, consumer analytics, and data intelligence products.


Advertising and Marketing: To deliver personalized advertisements and marketing communications based on your preferences and interactions with our services.


Business Communications: To communicate with you about CAPXEL’s services, products, and updates.


Customer Support: To respond to your inquiries and provide customer support services.


Data Analytics and Research: To analyze and understand trends, track the effectiveness of advertising campaigns, and improve our products and services.


Fraud Detection and Security: To detect, prevent, and protect against security incidents, fraud, and other malicious activity.


Compliance with Legal Obligations: To comply with legal obligations, including responding to subpoenas or other lawful requests, and to meet regulatory requirements.


Auditing: To perform internal audits related to our business processes and ensure compliance with relevant laws and regulations.


Employment Purposes: To manage employment-related processes such as payroll, benefits, and employee performance evaluations.


4. Categories of Third Parties with Whom We Share Personal Information


CAPXEL may share your personal information with the following categories of third parties for business purposes:


Service Providers: Third-party service providers who assist us in providing, maintaining, and improving our services, such as cloud storage providers, data analytics platforms, and marketing platforms.


Business Clients: Clients who use CAPXEL’s data products and services for marketing, analytics, or consumer insights purposes.


Advertising Networks: Advertising and marketing networks that help deliver targeted advertisements and measure the effectiveness of campaigns.


Social Media Platforms: When you interact with CAPXEL on social media platforms, data may be shared with those platforms (e.g., LinkedIn, Facebook).


Government Agencies: In cases where we are required to do so by law, we may share personal information with regulatory authorities or government agencies.


Third-Party Data Providers: Data brokers and marketing partners with whom we share aggregated, anonymized information for analysis and reporting.


5. Sale of Personal Information


In the past 12 months, CAPXEL may have "sold" personal information as defined under the CCPA, meaning we may have shared personal information with third parties in exchange for valuable consideration, even if no money changed hands. The categories of personal information sold include:


  • Personal Identifiers (e.g., name, email address, postal address).
  • Commercial Information (e.g., purchasing history).
  • Internet or Other Electronic Network Activity Information (e.g., browsing history, interaction with websites).
  • Geolocation Data.
  • Business or Employer Data.
  • Inferences Drawn from Personal Information.


We do not knowingly sell the personal information of minors under 18 years of age without legally required affirmative authorization.


6. Right to Opt-Out of the Sale of Personal Information


California residents have the right to opt-out of the sale of their personal information. To exercise this right, you may submit a request via our Do Not Sell My Personal Information page at: CAPXEL Opt-Out.


Alternatively, you can contact us via:


Email: legal@capxel.com


7. Right to Know About the Collection, Use, Disclosure, and Sale of Personal Information


California consumers have the right to request that CAPXEL disclose specific information about how we have collected, used, and shared their personal information over the past 12 months. Specifically, you have the right to request:


  • The categories of personal information we collected.
  • The categories of sources from which the information was collected.
  • The business or commercial purposes for collecting or selling the information.
  • The categories of third parties with whom we shared or sold the information.
  • The specific pieces of personal information we have collected about you.


To submit a right to know request, please contact us via:


Email: legal@capxel.com


CAPXEL Privacy Center: CAPXEL Privacy Center


8. Right to Request Deletion of Personal Information


You have the right to request that CAPXEL delete the personal information we have collected from you, subject to certain exceptions. We may retain your personal information if necessary to:


  • Complete a transaction for which the personal information was collected.
  • Detect security incidents or prevent fraudulent activities.
  • Comply with legal obligations.
  • Maintain the functionality and security of our services.


To exercise your right to deletion, please submit a request using the same contact details listed above.


9. Right to Non-Discrimination


CAPXEL will not discriminate against you for exercising your rights under the CCPA. You will not be denied goods or services, charged different prices, or receive a different level or quality of service for exercising your rights.


10. Authorized Agents


California residents may designate an authorized agent to submit a request on their behalf. CAPXEL requires the authorized agent to provide proof of their authority and may also require you to verify your identity directly.


11. Verification of Consumer Requests


To ensure the security of your personal information, CAPXEL will take steps to verify your identity before fulfilling your request. This may involve asking you to provide personal information that matches our records or completing a verification process. If we cannot verify your identity, we may decline your request.


12. How to Contact Us


If you have any questions about this privacy policy or your rights under the CCPA, you can contact us at:


Email: legal@capxel.com


Nevada Consumer Privacy Act (NRS 603A) Disclosures


Your Nevada Privacy Rights


Under the Nevada Privacy Law (NRS 603A), Nevada residents have the right to opt out of the sale of their personal information. This section outlines the types of personal information we collect, how it is used, and how you can exercise your rights under Nevada law.


1. Categories of Personal Information Collected


In the past 12 months, CAPXEL has collected the following categories of personal information from Nevada consumers:


  • Personal Identifiers: Name, alias, postal address, IP address, email address, and account name.
  • Commercial Information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or Other Electronic Network Activity Information: Browsing history, search history, and information regarding your interaction with our website, services, or advertisements.
  • Geolocation Data: Physical location or movements.
  • Professional or Employment-Related Information: Job title, employment history, and business contact information.
  • Education Information: Educational background and qualifications.
  • Inferences: Inferences drawn from any of the information listed above to create a profile reflecting consumer preferences, characteristics, behavior, or attitudes.


2. Categories of Sources from Which Personal Information is Collected


We collect personal information from the following sources:


  • Directly from You: Information you provide directly to us when you interact with our services, such as through account creation, forms, or customer support inquiries.
  • Indirectly from You: Information collected automatically as you interact with our website, such as browsing activity or interactions with advertisements.
  • Third-Party Data Providers: Information from third-party data sources, such as marketing platforms, data brokers, and business partners.
  • Publicly Available Sources: Information from public records and other publicly available sources.
  • Social Media Platforms: Data obtained from social media interactions, public profiles, and engagement with our services on platforms like LinkedIn, Facebook, or Twitter.


3. Business or Commercial Purposes for Collecting Personal Information


We collect and use personal information for the following business and commercial purposes:


  • Service Provision: To provide, maintain, and improve our services, including marketing insights, consumer analytics, and data intelligence products.
  • Advertising and Marketing: To deliver personalized advertisements and marketing communications based on your preferences and interactions with our services.
  • Business Communications: To communicate with you about CAPXEL’s services, products, and updates.
  • Customer Support: To respond to your inquiries and provide customer support services.
  • Data Analytics and Research: To analyze and understand trends, track the effectiveness of advertising campaigns, and improve our products and services.
  • Fraud Detection and Security: To detect, prevent, and protect against security incidents, fraud, and other malicious activity.
  • Compliance with Legal Obligations: To comply with legal obligations, including responding to subpoenas or other lawful requests, and to meet regulatory requirements.
  • Auditing: To perform internal audits related to our business processes and ensure compliance with relevant laws and regulations.
  • Employment Purposes: To manage employment-related processes such as payroll, benefits, and employee performance evaluations.


4. Categories of Third Parties with Whom We Share Personal Information


We may share personal information with the following categories of third parties for business purposes:


  • Service Providers: Third-party service providers who assist us in providing, maintaining, and improving our services, such as cloud storage providers, data analytics platforms, and marketing platforms.
  • Business Clients: Clients who use CAPXEL’s data products and services for marketing, analytics, or consumer insights purposes.
  • Advertising Networks: Advertising and marketing networks that help deliver targeted advertisements and measure the effectiveness of campaigns.
  • Social Media Platforms: When you interact with CAPXEL on social media platforms, data may be shared with those platforms (e.g., LinkedIn, Facebook).
  • Government Agencies: In cases where we are required to do so by law, we may share personal information with regulatory authorities or government agencies.
  • Third-Party Data Providers: Data brokers and marketing partners with whom we share aggregated, anonymized information for analysis and reporting.


5. Sale of Personal Information


Under Nevada law, the "sale" of personal information refers to the exchange of personal information for monetary consideration by an operator to a third party. While CAPXEL does not currently sell personal information for monetary gain, if our practices change in the future, Nevada residents have the right to opt out of the sale of their personal information.


6. Right to Opt-Out of the Sale of Personal Information


Nevada residents have the right to request that CAPXEL not sell their personal information. If you would like to exercise your right to opt out, you can submit a request using the following methods:


Online: Visit our Opt-Out page: CAPXEL Opt-Out
Email: legal@capxel.com

Once we receive your request, we will respond within 60 days as required by Nevada law. In certain circumstances, we may request additional information to verify your identity before processing your request.


7. Right to Review and Modify Personal Information


Nevada residents have the right to request access to or changes to any of their covered personal information collected by CAPXEL. If you would like to review or request changes to your personal information, you can submit a request using the contact methods listed above. We will respond to your request within 60 days.


8. Changes to This Policy


We may update this Nevada privacy notice from time to time. If any material changes are made to this notice, we will post the updates on this webpage and provide appropriate notifications as required by law.


9. How to Contact Us


If you have any questions about this Nevada privacy policy or your rights under the Nevada Privacy Law, you can contact us at:


Email: legal@capxel.com


Use of the Site by Children


CAPXEL’s services and websites are not intended for children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information from our records.