Personal Data Protection Policy
The Institut d’Économie Scientifique Et de Gestion, IÉSEG – School of Management, is a non-profit organization pursuant to the French Law of 1901 and one of the leading management schools. Its head office is located at 3 rue de la Digue, 59000 Lille (FRANCE), and its company number is 783 707 052 00032 (hereinafter referred to as “IÉSEG”).
IÉSEG takes personal data protection very seriously.
This Personal Data Protection Policy is one of the methods used to ensure that the services IÉSEG offers its students, employees and partners are of the highest standards. IÉSEG is committed to managing the information it collects in a secure and responsible manner.
To ensure it functions properly and achieves its goals, IÉSEG is required to process personal data relating to its graduates, students, professionals and partners (as well as the employees of its prospects, suppliers and partners).
When you use IÉSEG Insights’ website, you are sending IÉSEG personal data belonging to you and/or authorizing it to collect and process it (monthly newsletter subscription and/or internal statistical analysis).
IÉSEG is committed to processing your data in accordance with the legislation covering personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), as well as Law 78-17 of 6 January 1978 (Loi Informatique et Libertés – Data Protection Act) as amended.
Data Controller
The data controller is IÉSEG at 3, rue de la Digue, 59000 Lille (FRANCE), represented by its Chairman.
IÉSEG has appointed a Data Protection Officer who can be contacted by using the online form available here www.ieseg.fr/en/gdpr-form/ or by sending a letter to IÉSEG.
Definitions
> “Personal data” refers to information relating to an identified or identifiable natural person (data obtained by cross-referencing anonymous information).
> “Processing” refers to any operation involving personal data, regardless of the method used (automated or otherwise).
> “Data Controller” refers to the natural or legal person who determines the purposes and means of processing personal data. Regarding this policy, the data controller is IÉSEG.
> “Data Processor” refers to any natural or legal person who processes personal data on behalf of the controller. In practice, these are service providers that IÉSEG works with and who handle personal data.
> “Data Subject” refers to any individual whose personal data is processed by an organization.
> “Recipients” are natural or legal persons who receive personal data. At IÉSEG, these include a variety of departments, employees and external bodies (partners, social organizations, etc.).
Which types of information are collected?
> Browsing information: you are interacting with our websites when you use them. We collect certain information about your browsing activities.
How is this information collected?
Directly:
> when you log in to IÉSEG – 60 years website (https://60ans.ieseg.fr).
Indirectly from:
> social networks (IÉSEG does not use private data and information without the prior consent of the individual, even when it has already been made public and disseminated by IÉSEG on social networks, or when it is provided by partners).
Why is this information collected?
Depending on the case, IÉSEG processes your personal data for the following purposes:
> to promote IÉSEG’s services.
> to create marketing campaigns.
> to produce statistical reports.
Who receives your data?
Depending on your profile, the following people may access your data:
> event organization staff
> IÉSEG data processors
IÉSEG Information System is centralized and used by both campuses (Lille and Paris-La Défense). The profiles of users with access to the Information System are defined on the basis of our authorization management policy and the principle of need-to-know.
Please note, however, that your personal data may be sent to any authority which is legally empowered to access it. If it is, IÉSEG cannot be held responsible for the ways in which the staff at these authorities access and use your data.
What is the legal basis for our data processing operations?
IÉSEG only collects, uses and shares your personal data in accordance with the regulations.
We may process your data either:
> because you have given your consent. For certain operations including marketing campaigns, we can use your data because you have authorized us to do so.
> when said processing is in our legitimate interests. It is sometimes in IÉSEG’s legitimate interests to process your personal data.
How long is the information kept for?
IÉSEG sets data retention periods according to its legal and contractual constraints and, otherwise, according to its needs.
Retention periods vary depending on a number of factors:
> IÉSEG business requirements
> the processing purposes
> contractual requirements
> legal obligations (insurance policies, tax, compulsory declarations relating to staff management, etc.)
> recommendations made by supervisory bodies.
Your data may be retained beyond the end of our contractual relationship either to protect our rights in the event of legal disputes, or to enable us to fulfill our legal obligations.
Your personal data will be permanently deleted at the end of this period.
IÉSEG keeps copies of all diplomas issued by the school in order to be able to provide official duplicates certifying the graduation and thereby guaranteeing continuity of service to all its graduates.
How do we guarantee that your information is secure?
IÉSEG regularly reviews the technical and organizational measures it uses to guarantee the security of its Information System and to prevent unauthorized disclosure, disappearance or alteration (loss of confidentiality or integrity) of your personal data.
IÉSEG undertakes:
> In the event of a breach of your personal data,
To notify CNIL (Commission nationale de l’informatique et des libertés – French Data Protection Authority) pursuant to the provisions of the GDPR.
If said breach poses a high risk to the data subject, IÉSEG will notify him or her and provide the necessary information and recommendations.
> In the event that your personal data are processed by a data processor,
To ensure that the data processor complies with its obligations under the GDPR. IÉSEG undertakes to sign written contracts with its data processors and to require them to apply the same data protection obligations as it does itself.
> In the event that personal data are transferred to a third country outside the European Union or to an international organization,
To inform the data subject of such and to ensure that his or her rights are respected in accordance with the provisions of the GDPR.
To implement the Standard Contractual Clauses approved by the European Commission and to include a Data Processing Agreement (“DPA”) in contracts signed with service providers operating in countries which are not considered to offer adequate levels of protection by the European Commission.
What are your rights regarding your data?
You have the following rights, as provided for by the legislation on the protection of personal data:
> the right to information and the right of access: you have the right to know which personal data we hold about you, to view it and to obtain a copy.
> the right to rectification: if you discover an error, you can ask us to rectify the incorrect information at any time.
> the right to cancellation: under certain circumstances you can ask us to delete your personal data. Please note that we may retain certain information about you when we are required to do so by the applicable laws and regulations and when we have a legitimate reason to do so (e.g. the performance of an existing contract, to comply with legal and regulatory obligations and to prevent legal action).
> the right to object: in certain cases, you may object to the use of your personal data for certain processing operations (e.g. direct marketing campaigns).
> the right to portability: you have the right to ask us to provide you or another data controller with the personal data you have provided to us, in a structured, commonly-used machine-readable format.
> the right to restrict processing: under certain circumstances you can ask us to restrict the ways in which we use your personal data, e.g. for the time required to examine a request for rectification.
> the right to withdraw your consent (when consent is the legal basis for processing operations).
In order to handle your request we may ask you to provide proof of your identity.
Please note that you may withdraw your consent to the processing of your data for a specific purpose at any time.
How can you exercise your rights?
IÉSEG has appointed a Data Protection Officer to whom you can address any questions you may have concerning this policy and to exercise your rights.
You can contact him/her:
> using the online form available at this address: www.ieseg.fr/en/gdpr-form/
> by sending a letter to the Data Controller’s address: IÉSEG – 3 Rue de la Digue – 59000 Lille (FRANCE)
Furthermore, if you believe that your rights have been breached or that your personal data has been processed in a way that does not comply with the GDPR, you have the right to lodge a complaint with the relevant supervisory body:
CNIL – Commission Nationale de l’Informatique et des Libertés
either at the URL www.cnil.fr/fr/plaintes
or by post: 3 Place de Fontenoy – TSA 80715 – 75334 Paris CEDEX 07 (FRANCE)
Changes to the Data Protection Policy
This data protection policy was updated on November 17th, 2023; it may be modified or amended at any time, especially in order to comply with changes in legislation or case law.
Cookies
Cookies are used to facilitate navigation on the site and to streamline registration or audience measurement procedures. Your computer may be configured to accept cookies. However, you can change this setting to refuse it and we suggest you do so if you are concerned about using cookies. When you visit our website, we collect and retain certain “user information” details, such as the name of the domain, Internet Protocol (IP) address, the date and time of your visit, and the URLs from which you entered our site. We use this information to analyze and measure traffic to our site and to help us make it more user-friendly. The installation of Cookies is done for a maximal period of 13 months.
IÉSEG School of Management obtains your consent in accordance with the policies and technical specifications of the IAB Europe Transparency & Consent Framework. It uses the Consent Management Platform n°92.
You can change your choices at any time by clicking here.
You can configure your Web browser at any time in order to allow or, on the contrary, to reject the installation of Cookies, systematically or according to their issuer.
You can oppose to the registration of Cookies by configuring your Web browser as follows:
> Mozilla Firefox:
1. Choose the menu “Tool”, then “Options”
2. Click on the icon “Privacy and Security”
3. Search for the menu “Cookies and sites data” and select the desired options
> Microsoft Internet Explorer 6 and above:
1. Choose the menu “Tools”, then “Internet Options”. Click on the tab “Confidentiality”)
2. Select the level with the cursor
> Microsoft Edge:
1. Choose the icon […], then “Settings”
2. Click on the icon “View advanced settings”
3. Under Cookies section, select the desired configuration
> Google Chrome:
1. Select the icon of the Chrome menu
2. Select “Settings”
3. At the bottom of the page, select “Advanced”
4. In the section “Privacy and Security”, select “Content settings” then “Cookies”
5. Select Allow sites to save and read cookie data (recommended)
> Safari:
1. Go to the “Preferences” section, then “Confidentiality”
2. Choose to block or not the Cookies
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”) which uses cookies and similar technologies to analyze information about use of the Website and its declinations. Google collects all this information anonymously as much as possible, knowing that only anonymous information provided by Google may be stored on servers in the United States.
Google may disclose to third parties the information collected if it is required by law or for the purpose of analyzing it for its own account. In this respect, IÉSEG has no control. Each user is once again free to disable all Google Analytics services with this link: https://tools.google.com/dlpage/gaoptout.