Essec logo

Data privacy policy

At ESSEC Business School, respect for personal data is a fundamental aspect of the relationship of trust that we have with our community. In keeping with our values of humanism, responsibility and innovation, we have made our personal data protection policy a tool for the excellence that ESSEC offers to all its students, participants, employees and partners.

In order to ensure that ESSEC operates effectively, it is required to implement and use personal data relative to its prospects, candidates, graduates and partners. By visiting the ESSEC Momentum Studio website and the ESSEC website, downloading a brochure, applying for a program or in the context of your relationship with ESSEC, you authorize ESSEC to collect and process personal data about you.

ESSEC is committed to ensuring that your data is processed in accordance with personal data protection legislation, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD) and Law 78-17 of 6 January 1978 (Loi Informatique et Libertés) as amended.

1. Data controller 

The data controller is the Association Groupe ESSEC, 3, Avenue Bernard Hirsch - 95000 Cergy Pontoise Cedex, represented by its Dean and President Vincenzo VINZI ESPOSITO.

ESSEC has appointed a Data Protection Officer whom you may contact by email or by mail at ESSEC's postal address.

2. Definitions 

  • ​​“Personal data” means any information relating to an identified or identifiable natural person (surname, first name, photo, email, BID, data obtained by cross-referencing anonymous information);
  • “Processing” means any operation involving personal data, regardless of the process used (automated or not (paper));
  • “Controller” means the natural or legal person who determines the purposes and means of processing personal data. Under this policy, the data controller is ESSEC;
  • “Processor” means any natural or legal person who processes personal data on behalf of the controller. In practice, these are the service providers with whom ESSEC works and who are involved with personal data;
  • “Data subject” means any natural person whose personal data are processed by an organization. At ESSEC, these are prospects, candidates, students, participants, graduates, professors, employees, partners, etc;
  • “Recipients” of data means the natural or legal persons who receive the personal data. For ESSEC, this includes ESSEC departments and employees as well as external organizations (partners, social organizations, etc.);
  • “Graduate” means any person who has completed an ESSEC course and has obtained a validation of the end of their training;
  • “Prospect” means any person interested in an ESSEC course or event;
  • “Applicant” means any person who has started an application to an ESSEC program;
  • “Partner” means any person or company that is a stakeholder, customer, supplier or subcontractor.

3. What data is collected 

  • Identity data (surname, first name);
  • Contact information (email, addresses, telephone numbers);
  • Identification data (IP address);
  • Navigation data (pages viewed, browser type, etc.);
  • For prospects: service or documentation requests;
  • For applicants: data from the application file (telephone number, last name, first name, personal email, level and areas of professional experience, description of motivation, geographic mobility, professional availability, investment capacity, financial autonomy etc.);
  • For partners: partner identity data (last name, first name, professional email, job title, company name, reason for contacting, etc.). 

4. How are they collected 

Direct collection from you:

  • When applying to a program;
  • During meetings at events; 
  • Within the scope of contractual or partnership relations.

 

Indirect collection through:

  • Our partners (organizers of physical or virtual events for example);
  • Social networks (ESSEC will not use private data and information without the prior consent of individuals, even if they are made public and disseminated by ESSEC on social networks or when they are provided by partners).

5. Why are they collected 

Depending on the circumstances, ESSEC processes your personal data for the following purposes:

  • Transmit a requested service or a document (brochure) or answer a question;
  • Promote ESSEC programs and services;
  • Allow the applicant to create a user account in order to access the online application platform;
  • Help and guide the applicant to the right program and assist them during the application period;
  • Update your personal data;
  • Produce the official documents relative to the contractual or partnership relationship and allow its execution and follow-up;
  • Manage your participation in an ESSEC event;
  • Transmit your data to our institutional and commercial partners;
  • Ensure the security of its information system and personal data;
  • Carry out statistical reports or surveys;
  • Manage cookies and other trackers;
  • Meet its legal obligations.

 

The purposes of the processing are based on the condition of lawfulness generally relating to your consent to the processing of your personal data by ESSEC. ESSEC may also, as the case may be, process your personal data when it is necessary for the performance of a public interest mission, the fulfillment of a legal obligation, the contract or pre-contractual measures for the execution of the relationship between you and ESSEC, the safeguarding of your vital interests, its legitimate interest.

6. Who are the recipients of the data ? 

Depending on your profile, your data may be sent to:

  • ESSEC departments in charge of dealing with prospects or candidates;
  • The departments in charge of dealing with partner relationships;
  • The departments in charge of the organization of events;
  • Pedagogical, academic and research services;
  • Administrative and accounting services;
  • Logistic and computer services;
  • Security and reception services;
  • The departments in charge of control (Purchasing, Management Control, etc.);
  • The department in charge of personal data protection;
  • The alumni network;
  • ESSEC Foundation;
  • Official partners (Ministries, Conférence des Grandes Ecoles, etc.);
  • ESSEC's subcontractors.

 

ESSEC may transmit, when necessary, your data to its entities ESSEC Asia Pacific (Singapore) and ESSEC Africa Atlantic (Rabat).

Furthermore, your personal data may be communicated to any authority legally entitled to know them. In this case, ESSEC is not responsible for the conditions under which the personnel of these authorities have access to and use the data.

7. How long are the data kept? 

The duration of data retention is defined by ESSEC with regard to the legal and contractual constraints that it is subject to and, if not, according to its needs.

8. ESSEC’s commitments 

In the event of a breach of your personal data

Notify the CNIL in accordance with the conditions as set out by GDPR.

In the event that the breach poses a high risk to prospects, applicants, graduates or partners, ESSEC will notify the affected prospects, applicants, graduates or partners and provide them with the necessary information and recommendations.

 

If your personal data is outsourced

Ensure the subcontractor's compliance with its obligations under GDPR. ESSEC undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on subcontractors as it does on itself.

 

In case of the transfer of personal data to a third country outside the European Union or an international organization

Inform the prospect, candidate, graduate or partner and ensure that their rights are respected in accordance with the requirements of the regulations on the protection of personal data.

9. What rights do you have over your data?

You have the following rights:

  • Right to information;
  • Right of access;
  • Right to rectification;
  • Right to delete (unless you have a current contract with ESSEC or ESSEC is required to meet legal or regulatory obligations);
  • Right of objection;
  • Right to portability;
  • Right to limitation of processing;
  • Right to withdraw your consent (where consent is the legal basis for the processing).

 

If you consider that the processing of your personal data does not comply with the regulations on the protection of personal data, you have the right to file a complaint with the supervisory authority at the following address:

CNIL - Service des plaintes
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07 FRANCE
Tel: +33 1 53 73 22 22

10. How to exercise your right? 

ESSEC has appointed a data protection officer to whom you can exercise your rights.


You can contact them by email or by mail to the address of the person in charge of processing:

Association Groupe ESSEC
ESSEC Business School
3 avenue Bernard Hirsch
CS 50105 CERGY
91021 CERGY PONTOISE CEDEX FRANCE

11. Modification of the data protection policy 

This data protection policy may be modified or amended at any time in the event of changes in law, jurisprudence or usage.