Privacy and Personal Data Protection Policy of Collège de Paris and Group Organizations
This document explains the principles and commitments for the protection of your personal data and aims to inform you about:
- The personal data that Collège de Paris collects and the reasons for this collection.
- How this personal data will be used.
- Your rights as a data subject in our data processing activities.
This policy applies to all organizations and services of Collège de Paris regardless of their nature (website, applications, services, etc.). They mention it and provide access to it via links on their websites and in their collection notices.
The data controller is Collège de Paris (SAS registered with the RCS of Paris under the number 815 229 901). The contact details are as follows:
- Postal address: 15, rue Montmartre – 75001 Paris – France
- Email: firstname.lastname@example.org
How Collège de Paris implements the protection of Personal Data ?
Collège de Paris is committed to taking into account the protection of your personal data and privacy from the design of the services offered to you (Privacy by design). To ensure security and guarantee respect and the proper exercise of your rights, measures to protect your personal data are implemented (Privacy by default).
What Personal Data is used by Collège de Paris ?
Collège de Paris is committed to collecting only data strictly necessary for the realization of the services offered, which are mainly teaching and training activities and their contractualization.
In case optional data is requested from you, Collège de Paris will clearly inform you about the personal data necessary for the provision of the service.
Personal data collected directly from you is only used for the purposes that have been brought to your attention.
When they have not been collected from you, Collège de Paris will inform you as soon as possible of the processing for which they were collected and its purposes.
Personal data is used to offer you other services only if you have agreed to benefit from the service or receive additional communications.
What is the legitimacy basis for our data processing ?
Collège de Paris relies on the following legitimate bases in order to process personal data:
The legal basis for the processing of the user’s personal data that is collected is the performance of the contract. In this regard, the user is obliged to provide the data necessary for its performance. If the user does not provide this data, it will not be possible to carry out the service.
Obligations by which Collège de Paris complies with a legal or regulatory obligation fall into this category, such as the management and issuance of invoices in the context of Collège de Paris’ relationship with its clients.
For the following purposes, the legal basis for the processing of the user’s personal data will be the user’s consent, if given, such as for :
- Management of registration on the website and applications.
- Management of sending information on website activities and personalized information adapted to the user’s profile.
- Response to the exercise of rights, as well as to questions and complaints.
Withdrawal of consent for these processing activities will not affect the performance of contracts concluded by the data subject with Collège de Paris.
The legal basis for the processing of the user’s personal data may be Collège de Paris’ legitimate interest in cases where an evaluation of the interest of such processing allows verifying that it does not disproportionately affect the rights of the data subject.
This can be, for example, the sending of satisfaction surveys on the services provided by the Collège de Paris in order to ask for their opinion and improve them. The legitimate interest of the Collège de Paris is to be able to understand the needs and expectations of its students and clients, with the aim of improving their level of satisfaction.
Personal data of minors
Some services may be used by minors under the age of fifteen. In this case, minors must obtain the consent of their parents or legal representatives.
Who can your personal data be disclosed to ?
Your data may be transmitted to :
Can your personal data be transferred outside the European Union ?
- Internal services of the Collège de Paris: the departments responsible for the execution of the subscribed services, including the Customer Service, Sales Administration, and Schooling departments…
- External service providers of the Collège de Paris: technical service providers, including subcontractors
- Commercial partners of the Collège de Paris, after informing you beforehand and allowing you to express your choices through a checkbox.
- Administrations to which the Collège de Paris belongs.
The Collège de Paris mainly processes your personal data on the territory of the European Union (EU).
However, for certain specific services, the Collège de Paris may use subcontractors established outside the EU. In this case, in accordance with current regulations, the Collège de Paris requires its subcontractors or co-contractors to provide the necessary guarantees for the supervision and securing of these transfers, notably by signing standard contractual clauses of the European Commission.
How long does the Collège de Paris keep your personal data ?
The retention period of your personal data depends on the subscribed service. The Collège de Paris undertakes not to keep your personal data beyond the necessary period for providing the service, and therefore for your use of the service, increased by the retention period imposed by applicable rules on legal prescription. The retention periods will be specified in the information notices for each processing.
Is your Personal Data protected ?
Collège de Paris is committed to taking all necessary measures to ensure the security and confidentiality of Personal Data, in particular to prevent damage, deletion or unauthorized access by third parties.
Furthermore, in the event of a security incident affecting your Personal Data (destruction, loss, alteration or disclosure), Collège de Paris undertakes to comply with the obligation to notify Personal Data breaches, in particular to the CNIL (French data protection authority).
What are your rights with regard to your Personal Data ?
You have the right to exercise at any time with Collège de Paris the rights provided for by the applicable regulations on personal data, subject to fulfilling the conditions (related to the legal basis of the processing):
- Right of access : you may have access to your Personal Data processed on the basis of your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
- Right to rectification : you may update or rectify your Personal Data processed on the basis of your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
- Right of opposition : you may express your wish that your Personal Data no longer be subject to processing if the processing is based on your consent (you withdraw your consent) or on contractual performance (waiver of the contract clause) as well as in the case of processing carried out in the legitimate interest. However, you cannot object to processing carried out in the context of a legal obligation or in the context of the performance of a public service mission that presents imperative and legitimate reasons prevailing over your rights and freedoms;
- Right to erasure : you may request the deletion of your Personal Data, subject to the legal retention period, if the processing is based on your consent (you withdraw your consent) or on contractual performance (waiver of the contract clause) as well as in the case of processing carried out in the legitimate interest. However, you cannot request the erasure of data from processing carried out in the context of a legal obligation or the performance of a public service mission;
- Right to restriction : you may request the suspension of the processing of your Personal Data based on your consent, legal obligation, contractual performance or legitimate interest if you have a request for rectification, erasure or opposition in progress or if you believe the processing is unlawful;
- Right to portability : you may request to retrieve your Personal Data in order to use it exclusively if the processing is based on your consent or the performance of a contract. You cannot benefit from the right to portability if the processing is carried out in the context of a legal obligation, the performance of a public service mission or legitimate interest.
When subscribing to a service or collecting your Personal Data, you are informed of the address (postal and/or electronic) to which to send your request to exercise your rights.
Any request may, where necessary to ensure that it comes from you, require the production of proof of identity. Collège de Paris undertakes to respond to your requests to exercise your rights as soon as possible and in any event within the legal deadlines.
Who to contact ?
The appointment of a Data Protection Officer (DPO) demonstrates Collège de Paris’ commitment to protecting the security and confidentiality of its customers’ Personal Data.
You can contact the Data Protection Officer at the following address: email@example.com
You can contact the data protection referent of Collège de Paris at the following address: Collège de Paris – La grande Arche – 1 Parvis de la défense 92004 Paris France
You also have the right to contact the French data protection authority (CNIL) at 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 (https://www.cnil.fr/
) with any complaint relating to how Collège de Paris processes your Personal Data.
Changes to this policy
Updates to this Privacy and Personal Data Protection Policy will be published on the Collège de Paris website.
Each term beginning with a capital letter has the meaning given to it below.
- “Privacy and Personal Data Protection Policy” and “Policy” : Means this policy describing the measures taken for the processing, exploitation, and management of your Personal Data and your rights as a data subject.
- “Personal Data” : Means any information relating to you that allows you to be identified directly or indirectly.
- “Processing” : Means any operation or set of operations applied to your Personal Data.
- “Data Controller” : Means Collège de Paris, which carries out the processing of your Personal Data.
- “Personal Data Breach” : Means a breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure, or access to your Personal Data.
- “Recipient” : Means the department or company that receives communication and may access your Personal Data.