Data privacy policy

The data controller is the Association Groupe ESSEC, 3, Avenue Bernard Hirsch - 95000 Cergy Pontoise Cedex, represented by its Dean and President Vincenzo VINZI ESPOSITO.

ESSEC has appointed a Data Protection Officer whom you may contact by email or by mail at ESSEC's postal address.

• “personal data” means any information relating to an identified or identifiable natural person (surname, first name, photo, email, BID, data obtained by cross-referencing anonymous information);

• “processing” means any operation involving personal data, regardless of the process used (automated or not (paper));

• “controller” means the natural or legal person who determines the purposes and means of processing personal data. Under this policy, the data controller is ESSEC;

• “processor” means any natural or legal person who processes personal data on behalf of the controller. In practice, these are the service providers with whom ESSEC works and who are involved with personal data;

• “data subject” means any natural person whose personal data are processed by an organization. At ESSEC, these are prospects, candidates, students, participants, graduates, professors, employees, partners, etc;

• “recipients” of data means the natural or legal persons who receive the personal data. For ESSEC, this includes ESSEC departments and employees as well as external organizations (partners, social organizations, etc.);

• “graduate” means any person who has completed an ESSEC course and has obtained a validation of the end of their training;

• “prospect” means any person interested in an ESSEC course or event;

• “candidate” means any person who has started an application to an ESSEC program;

• “partner” means any person or company that is a stakeholder, customer, supplier or subcontractor.

In general, we collect the following data:

• identity data (surname, first name);
• contact information (email, addresses, telephone numbers);
• identification data (IP address);
• connection and navigation data (login/ password, login information, pages viewed, browser type, etc.);
• for prospects: service or documentation requests, country of residence, level of education and establishment of origin;
• for applicants: data from the application file (marital status, telephone number, addresses, bank details, parents' details, personal email, photo, degrees, curriculum vitae, level of French language (foreign students), motivational project letter, information on previous schooling, etc.);
• for partners: partner identity data (last name, first name, job title, company name, means of contact, partner reference number, history of the partnership, company name, SIREN number, etc.), contract or partnership agreement data (accounting identification code, means of payment, invoicing method, etc.), academic data (curriculum, professional experience, areas of expertise, etc.);
• for graduates: ESSEC email, position/ function, cohort, academic history, etc.
  
  

Direct collection from you:

• when you connect to the ESSEC website;

• when you download a brochure or request information;

• when you apply for a programme;

• during your academic studies;

• during meetings at events (fairs, forums, etc.);

• during visits to schools;

• as part of a contractual or partnership relationship;

• when exercising your rights to your personal data, etc.

Indirect collection through:

• our partners (organisers of physical or virtual events, for example);

• social networks (ESSEC will not use data and information of a private nature without the prior consent of individuals, even if they are made public and disseminated by ESSEC on social networks or when they are provided by partners);

• an employee who has recommended you for a vacancy;

• an agent or legal representative who exercises a right over your personal data, etc.

Depending on the circumstances, ESSEC processes your personal data for the following purposes:

• to send you a requested service or document (brochure) or to answer a question ;

• put you in touch with ESSEC staff and other ESSEC student ambassadors ;

• to promote ESSEC programmes and services;

• to enable applicants to create a user account in order to access the online application platform;

• help and direct applicants to the right course and assist them during the application period;

• update your personal data;

• assure ESSEC that it will be able to contact you, the student, with certainty as part of your relationship with the institution;

• produce the official documents relating to the contractual or partnership relationship and enable its execution and monitoring;

• manage your participation in an ESSEC event;

• transmit your data to our authorised institutional and commercial partners;

• ensure the security of its information system and personal data

• carry out statistical reports or surveys

• manage cookies and other tracers;

• respond to your requests for access to your personal data;

• meet its legal obligations.

The purposes of the processing are based on the condition of lawfulness relating generally to your consent to the processing of your personal data by ESSEC. ESSEC may also, depending on the case, process your personal data when it is necessary for the performance of a task in the public interest, the fulfilment of a legal obligation, the contract or pre-contractual measures for the performance of the relationship between you and ESSEC, the safeguarding of your vital interests, or its legitimate interests.

Depending on your profile, the following may receive your data:

• ESSEC departments responsible for handling relations with prospective customers or candidates;

• departments responsible for handling relations with partners

• departments responsible for organising events;

• teaching, academic and research departments;

• administrative and accounting services

• logistics and IT services

• security and reception services

• control departments (purchasing, management control, etc.);

• the department in charge of personal data protection;

• the ESSEC Alumni Association;

• the ESSEC Foundation;

• authorised partners (Ministries, Conférence des Grandes Ecoles, external companies or their subsidiaries, Direction départementale des archives du Val d'Oise, etc.);

• ESSEC's subcontractors, etc.

ESSEC may, when necessary, transmit your data to its entities ESSEC Asia pacific (Singapore) and ESSEC Afrique (Morocco).

In addition, your personal data may be communicated to any authority legally authorised to have access thereto. In this case, ESSEC is not responsible for the conditions under which the staff of these authorities have access to and use the data.

In the event of a breach of your personal data

Notify the CNIL in accordance with the conditions as set out by GDPR.

In the event that the breach poses a high risk to prospects, applicants, graduates or partners, ESSEC will notify the affected prospects, applicants, graduates or partners and provide them with the necessary information and recommendations to protect their privacy.

If your personal data is outsourced

To ensure that the processor complies with its obligations under the RGPD. ESSEC undertakes to sign a written contract with all of its subcontractors and imposes the same data protection obligations on subcontractors as it does itself. 

In addition, ESSEC reserves the right to audit its subcontractors in order to ensure compliance with the provisions of the RGPD. 

ESSEC reserves the right to cancel a contract if the obligations to comply with data protection regulations are not met.

In case of the transfer of personal data to a third country outside the European Union or an international organization

Inform the persons concerned and ensure that their rights are respected in accordance with the requirements of the regulations on the protection of personal data.

Where necessary, ESSEC signs one or more contracts to provide a framework for cross-border data flows.

You have the following rights and may exercise them. ESSEC undertakes, after carrying out the necessary checks, to respond to you in accordance with the provisions of the regulations on the protection of personal data. 

You have the following rights:

• right of access

You may ask ESSEC for personal data concerning you and/or request a copy thereof. ESSEC undertakes to respond to you within the time limits and under the conditions set by the regulations, for example, if the transmission of the data does not infringe the rights and freedoms of another person or if it is not prohibited by law.

• right to rectification

You can ask for your personal data to be corrected if it is incorrect

• right to delete (unless you have a current contract with ESSEC or ESSEC is required to meet legal or regulatory obligations)

You may request the deletion of personal data held by ESSEC. ESSEC undertakes to delete data unless it is necessary for the fulfilment of a mission in the public interest, to meet a legal obligation or the performance of a current contract, etc). 

• right to portability (unless the legal basis for the processing is ESSEC's legitimate interest)

You may ask ESSEC to send you your personal data in machine-readable form. Data will be provided to you if it has been collected with your consent or in the performance of a contract.

• right to limit processing / right to object to processing / right to decide what happens to your data after your death (post mortem)

You have the right to control the use that is made of your data either by requesting that their use be limited, by objecting to their processing or by indicating to ESSEC your wishes as to the fate of your personal data that it holds following your death. ESSEC will always verify the feasibility of the request and will provide you with the appropriate response.

• right to make a complaint to the supervisory authority

If you consider that the processing of your personal data does not comply with the regulations on the protection of personal data, you have the right to file a complaint with the supervisory authority at the following address:

CNIL - Service des plaintes
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07 FRANCE
Tel: +33 1 53 73 22 22