This document explains the principles and our commitments for the protection of your Personal Data and aims to inform you about :
- The Personal Data that Collège de Paris collects and the reasons for such collection,
- How the Personal Data will be used,
- Your rights as a person concerned by our data processing.
This Policy applies to all Collège de Paris organizations and services, regardless of their nature (site, applications, services, etc.). They mention it and give access to it via links on their sites and in their collection notices.
The person responsible for processing your data
The data controller is Nicolas COURTIER Avocat – Data Protection Officer. The contact details are as follows:
- Postal address: 55, rue Paradis – 13006 Marseille/ 5, Avenue Alphand 75116 Paris
- Telephone: +33 (0)126.96.36.199.00
- E-mail: [email protected]
How does Collège de Paris protect Personal Data?
Collège de Paris is committed to protecting your Personal Data and your privacy right from the design stage of the services offered to you (Privacy by design). To ensure security and guarantee that your rights are respected and properly exercised, we implement measures to protect your Personal Data (Privacy by default).
What Personal Data is used by the Collège de Paris?
Collège de Paris undertakes to collect only the data strictly necessary to provide the services offered, which are mainly teaching and training activities, and to contract them.
Should you be asked for optional data, Collège de Paris will clearly inform you of the Personal Data required to provide the service.
Personal Data collected directly from you is used only for the purposes for which you have been informed. If your personal data has not been collected from you, Collège de Paris will inform you as soon as possible of the purposes for which it has been collected.
Personal Data is used to offer you other services, only if you have agreed to benefit from the service or to receive additional communications.
What is the basis for the legitimacy of our treatments?
Collège de Paris relies on the following legitimate bases in order to process Personal Data:
- Contract performance
The legal basis for processing the user’s Personal Data collected is the performance of the contract. In this respect, the user is obliged to provide the data necessary for its execution. If the customer does not provide this information, it will not be possible to provide the service.
- Legal obligations
Obligations by which Collège de Paris complies with a legal or regulatory obligation fall into this category, such as the management and issue of invoices as part of Collège de Paris’ relationship with customers.
With regard to the following purposes, the legal basis for the processing of the user’s Personal Data will be the user’s consent, in the event that the user has given such consent, for example for :
- Manage site and application registration.
- Management of the sending of information on site activities and personalized information adapted to the user’s profile.
- Answers to questions and complaints. Withdrawal of consent to such processing will not affect the performance of contracts entered into by the person concerned with Collège de Paris.
- Legitimate interest
The legal basis for the processing of the user’s Personal Data may be the legitimate interest of Collège de Paris in cases where an assessment of the interest of such processing will make it possible to verify that it does not disproportionately infringe the rights of the person concerned: This may be, for example, the sending of satisfaction surveys on Collège de Paris services in order to ask for their opinion and improve them, the legitimate interest of Collège de Paris then consisting in being able to understand the needs and expectations of its students and customers, with the aim of improving their level of satisfaction.
Personal Data of minors
Some services may be used by minors under the age of 15. In this case, minors must obtain the consent of their parents or legal guardians.
To whom may your Personal Data be communicated?
Your data may be transmitted to :
- Internal departments of the Collège de Paris: departments responsible for the execution of subscribed services, in particular Customer Services, Sales Administration, Schooling, etc.
- Collège de Paris’ external service providers: technical service providers, including subcontractors;
- To commercial partners of the Collège de Paris, after informing you in advance and allowing you to express your choices by ticking a box.
- To the authorities responsible for the Collège de Paris
Can your Personal Data be transferred outside the European Union?
Collège de Paris mainly processes your Personal Data within the European Union (EU). However, for certain specific services, Collège de Paris may use subcontractors established outside the EU. Certain Personal Data may then be communicated to them for the strict needs of their missions. In such cases, in accordance with the regulations in force, Collège de Paris requires its subcontractors or co-contractors to provide the necessary guarantees to ensure the security of such transfers, in particular by signing the European Commission’s standard contractual clauses.
How long does Collège de Paris keep your Personal Data?
The length of time we retain your Personal Data depends on the service you have subscribed to. Collège de Paris undertakes not to retain your Personal Data beyond the period necessary for the provision of the service, and therefore for your use of the service, increased by the retention period imposed by the rules applicable to legal prescription. Retention periods will be specified in the disclosures for each processing operation.
Are your personal data protected?
Collège de Paris undertakes to take all measures to ensure the security and confidentiality of Personal Data and in particular to prevent it from being damaged, deleted or accessed by unauthorized third parties.
Furthermore, in the event of a security incident affecting your Personal Data (destruction, loss, alteration or disclosure), Collège de Paris undertakes to comply with the obligation to notify violations of Personal Data, in particular to the CNIL.
What are your rights regarding your Personal Data?
You may at any time exercise the rights provided for by current regulations applicable to personal data, subject to meeting the conditions (which is linked to the legal basis of the processing):
- Right of access: you may have access to your Personal Data processed on the basis of your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
- Right of rectification: you may update your Personal Data or have your processed Personal Data rectified, based on your consent, the performance of a public service mission, a legal obligation, the performance of your contract or legitimate interest;
- Right to object : you can express your wish that your Personal Data no longer be processed in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. On the other hand, you may not object to processing carried out within the framework of a legal obligation or as part of the performance of a public service mission that presents overriding and legitimate reasons overriding your rights and freedoms;
- Right to erasure : you may request the deletion of your Personal Data, subject to the legal retention period, in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. On the other hand, you may not request the deletion of data processed in the context of a legal obligation or the performance of a public service mission;
- Right to limitation: you may request the suspension of the processing of your Personal Data based on your consent, legal obligation, contractual performance or legitimate interest if you have a pending request for rectification, erasure or objection, or if you consider the processing unlawful;
- Right to portability: you can ask for your Personal Data to be retrieved for use only if processing is based on your consent or the performance of a contract. You cannot benefit from the right to portability if the processing is carried out in the context of a legal obligation, the performance of a public service mission or legitimate interest.
When subscribing to a service or collecting your Personal Data, you will be given the address (postal and/or e-mail) to which you can send your request to exercise your rights. All requests may, where necessary to guarantee that they originate from you, require proof of identity. Collège de Paris undertakes to respond to your requests to exercise your rights as quickly as possible and in any event within the legal time limits.
Who to contact
The appointment of a Data Protection Officer demonstrates Collège de Paris’ commitment to the protection, security and confidentiality of its customers’ Personal Data. You can contact the Data Protection Officer at the following address: [email protected]
You can contact the Collège de Paris data protection officer at the following address: 55, rue Paradis – 13006 Marseille/ 5, Avenue Alphand 75116 Paris /Tél : +33 (0)188.8.131.52.00.
You also have the right to complain to the Commission nationale de l’informatique et des libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 (https://www.cnil.fr/) about the way in which Collège de Paris handles your Personal Data.
Modification of this policy
Each capitalized term has the meaning given below.
- “Privacy and Personal Data Protection Policy” and “Policy”: means this Policy describing the measures taken for the processing, use and management of your Personal Data and your rights as a person affected by the processing.
- “Personal Data”: Refers to any information relating to you and enabling you to be identified directly or indirectly.
- “Processing”: Refers to any operation or set of operations applied to your Personal Data.
- “Data Controller”: Refers to Collège de Paris, which processes your Personal Data.
- “Personal Data Breach”: Refers to a breach of security, resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to your Personal Data.
- “Recipient”: Refers to the department or company that receives communication and may access your Personal Data.