This document explains the principles and our commitments for the protection of your Personal Data and aims to inform you about :
- The Personal Data that the Collège de Paris collects and the reasons for this
- How the Personal Data will be used,
- Your rights as a data subject of our data processing.
This Policy applies to all Collège de Paris organisations and services, regardless of their nature (site, applications, services, etc.). They mention it and give access to it via links on their sites and in their collection notices.
The person responsible for processing your data
The person responsible for processing the data is the Collège de Paris (SAS registered with the RCS of Paris under number 815 229 901). The contact details are as follows:
How Collège de Paris implements the protection of Personal Data
Collège de Paris is committed to taking into account the protection of your Personal Data and your private life from the design of the services offered to you (Privacy by design). To ensure security and guarantee the respect and proper exercise of your rights, measures to ensure the protection of your Personal Data are implemented (Privacy by default).
What Personal Data is used by the Collège de Paris?
The Collège de Paris undertakes to collect only the data strictly necessary to carry out the services offered, which are mainly teaching and training activities and to contract them.
In the event that you are asked for optional data, the Collège de Paris will clearly inform you about the Personal Data required to provide the service.
Personal Data that is collected directly from you is used only for the purposes for which you have been notified.
When they have not been collected from you, the Collège de Paris will inform you as soon as possible of the processing for which they have been collected and of its purposes.
Personal Data is used to offer you other services, only if you have agreed to receive additional services or communications.
What is the basis for the legitimacy of our treatments
The Collège de Paris relies on the following legitimate bases for processing Personal Data:
- Performance of the contract
The legal basis for the processing of the user’s Personal Data that is collected is the execution of the contract. In this respect, the user is obliged to provide the data necessary for its execution. If he does not provide these data, it will not be possible to carry out the service.
- Legal obligations
Obligations by which the Collège de Paris complies with a legal or regulatory obligation fall into this category, such as the management and issue of invoices in the context of the Collège de Paris’ relationship with clients.
With regard to the following purposes, the legal basis for the processing of the user’s Personal Data will be the user’s consent, in the event that the user has given it, such as for example
- Management of registration on the website and applications.
- Management of the sending of information on site activities and personalised information adapted to the user’s profile.
- Response to the exercise of rights, as well as to questions and complaints.
Withdrawal of consent for such processing shall not affect the performance of contracts concluded by the data subject with the Collège de Paris.
- Legitimate interest
The legal basis for the processing of the user’s Personal Data may be the legitimate interest of the Collège de Paris in cases where an assessment of the interest of such processing will make it possible to verify that it does not disproportionately affect the rights of the data subject:
This may be, for example, the sending of satisfaction surveys on the Collège de Paris services in order to ask for their opinion and to improve them, the legitimate interest of the Collège de Paris being to be able to understand the needs and expectations of its students and customers, with the aim of improving their level of satisfaction.
Personal Data of minors
Some services may be used by minors under the age of 15. In this case, minors must obtain the consent of their parents or legal representatives.
To whom may your Personal Data be communicated?
Your data may be transmitted to :
- Internal departments of the Collège de Paris: departments responsible for the execution of the services subscribed to, in particular Customer Services, Sales Administration, schooling, etc.
- To external service providers of the Collège de Paris: technical service providers, including subcontractors;
- To commercial partners of the Collège de Paris, after having informed you in advance and having allowed you to express your choices by means of a checkbox.
- To the administrations to which the Collège de Paris reports
Can your Personal Data be transferred outside the European Union?
Collège de Paris mainly processes your Personal Data within the European Union (EU).
However, for certain specific services, Collège de Paris may use subcontractors established outside the EU. Certain Personal Data may then be communicated to them for the strict needs of their missions. In this case, in accordance with the regulations in force, Collège de Paris requires its subcontractors or co-contractors to provide the necessary guarantees for the supervision and security of these transfers, in particular by signing standard contractual clauses of the European Commission.
How long does Collège de Paris keep your Personal Information?
The length of time we keep your Personal Data depends on the service you subscribe to. Collège de Paris undertakes not to retain your Personal Data beyond the period necessary for the provision of the service, and therefore for your use of the service, plus the period of retention imposed by the applicable rules on legal prescription. The retention periods will be specified in the information notices for each processing operation.
Is your Personal Data protected?
Collège de Paris undertakes to take all measures to ensure the security and confidentiality of Personal Data and in particular to prevent them from being damaged, deleted or accessed by unauthorised parties.
Furthermore, in the event of a security incident affecting your Personal Data (destruction, loss, alteration or disclosure), Collège de Paris undertakes to comply with the obligation to notify violations of Personal Data, particularly to the CNIL.
What are your rights regarding your Personal Data?
You may at any time exercise the rights provided for by current regulations applicable to personal data with Collège de Paris, provided that you meet the conditions (which is linked to the legal basis of the processing):
- Right of access: you may have access to your Personal Data that is being processed on the basis of your consent, the performance of a public service task, a legal obligation, the performance of your contract or legitimate interest;
- Right of rectification: you may update your Personal Data or have your processed Personal Data rectified, based on your consent, the performance of a public service task, a legal obligation, the performance of your contract or legitimate interest;
- Droit d’opposition You can express your wish that your Personal Data no longer be processed in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. En revanche vous ne pouvez pas vous opposer à un traitement réalisé dans le cadre d’une obligation légale ou dans le cadre de l’exécution d’une mission de service public qui présente des motifs impérieux et légitimes prévalant sur vos droits et libertés ;
- Right to erasure You may request the deletion of your Personal Data, subject to the legal retention period, in the event that the processing is based on your consent (you withdraw your consent) or on contractual performance (contractual waiver clause) as well as in the case of processing carried out in the legitimate interest. However, you cannot request the deletion of data from a processing operation carried out in the context of a legal obligation or the performance of a public service task;
- Right to limitation: you may request the suspension of the processing of your Personal Data based on your consent, legal obligation, contractual performance or legitimate interest if you have a pending request for rectification, erasure or objection or if you consider the processing unlawful;
- Right to portability: you may request to retrieve your Personal Data in order to dispose of it only if the processing is based on your consent or the performance of a contract. You cannot benefit from the right to portability if the processing is carried out in the context of a legal obligation, the performance of a public service mission or the legitimate interest.
When subscribing to a service or collecting your Personal Data, you will be given the address (postal and/or e-mail) to which you can send your request to exercise your rights.
Any request may, where necessary to ensure that it comes from you, require proof of identity. Collège de Paris undertakes to respond to your requests to exercise your rights as soon as possible and in any event within the legal time limits.
Who to contact?
The appointment of a Data Protection Officer demonstrates Collège de Paris’ commitment to the protection, security and confidentiality of its customers’ Personal Data.
You can contact the Data Protection Officer at the following address: email@example.com
You can contact the Collège de Paris data protection officer at: Collège de Paris – La grande Arche – 1 Parvis de la défense 92004 Paris France
You also have the right to complain to the Commission nationale de l’informatique et des libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 (https://www.cnil.fr/) about the way in which the Collège de Paris processes your Personal Data.
Changes to this policy
Each term beginning with a capital letter has the meaning given below.
- “Privacy and Data Protection Policy” and “Policy” means this Policy describing the measures taken for the processing, use and management of your Personal Data and your rights as a data subject.
- “Personal Data” means any information relating to you and enabling you to be identified directly or indirectly.
- “Processing” means any operation or set of operations applied to your Personal Data.
- “Data Controller”: Refers to the Collège de Paris which processes your Personal Data.
- “Personal Data Breach” means a breach of security, resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to your Personal Data.
- “Recipient” means the department or company that receives communication and may access your Personal Data.