Personal Data Protection Charter

This Personal Data Protection Charter defines the use we make of information about you, which we collect directly or indirectly (hereinafter “personal data”), and the measures we implement to protect it. It also defines your rights with regard to your personal data and the point of contact to obtain more information on the processing we carry out or to exercise your rights.

This Personal Data Protection Charter was last updated on September 19, 2024. We may modify it. Please consult it regularly to stay informed of any updates.

Introduction

This Personal Data Protection Charter explains in detail our policy and practices regarding how we collect, use, store and protect your personal information.

We recognise that providing information online involves a high degree of trust on your part. We take this trust very seriously, and make it a top priority to ensure the security and privacy of the personal data you provide to us when you visit our website or use our services.

1. Collection of your personal data

“Personal Data” means any information about an individual that allows that individual to be identified, for example, e-mail addresses, date of birth, password and payment information. This information does not include data in which identity has been removed (anonymous data).

As part of our activities, we collect and process personal data in a number of ways. We may collect personal data that you provide to us directly, but we also collect data by recording your interaction with our services, for example by using cookies on this website. We may also receive information from third parties.

The personal data we collect about you may include, but is not limited to: your name, email address, postal address, telephone number, billing information, survey responses, education records (grades, internships, etc.) and other information you may provide about yourself through our site, as well as your IP address and web browser.

2. Use of your personal data

We use the personal data we collect about you only for specific purposes, including, but not limited to, the provision of our services to you, managing your registration and account, notifying you of changes to our terms and conditions or Personal Data Protection Charter, requesting your feedback or participation in a survey, protecting against and investigating and deterring fraudulent, illicit, unauthorized, and illegal activity, managing and protecting our business, and resolving disputes or problems.

We only use your personal data where we are permitted to do so by law. In general, we use your personal data in the following circumstances:

  • Where we need it to fulfil the contract we have with you.
  • Where it is necessary for the protection of our (or a third party’s) legitimate interests, and your interests and fundamental rights do not override those interests.
  • With your consent.
  • Where we need to comply with a legal or regulatory obligation.

Marketing

You receive marketing messages from us if you have given us permission to send them to you. In this case, your personal data that you communicate to us are processed by our Marketing team as data controller for strictly internal use.

Each time you receive an e-mail of this type, you have the opportunity to tell us if you no longer wish to receive such messages. You also have the option to unsubscribe from each of these marketing messages at any time by clicking on the unsubscribe link found at the bottom of each message we send you.

3. Third parties with whom we share your personal data

If we are required by law to do so, we will share personal data to protect our customers, the site, our business, and our rights and property.

We may also share your information if we believe, at our sole discretion, that it is necessary:

  • To comply with lawful and enforceable witness summons, court orders or other legal processes; to defend ourselves against legal action; or as otherwise required by law. In such cases, we reserve the right to assert or waive any legal right or objection we may have.
  • To investigate or take action regarding any illegal or suspected illegal activity or to prevent such activity; and in accordance with our terms of use and other agreements.
  • In connection with mandatory surveys (ministerial, Federation of French Grandes Ecoles [CGE] …).

In all other cases, we will inform you when your personal data is shared with third parties, and you will have the opportunity to object to your data being shared in such a way.

4. How long we keep your personal data

We retain your personal data in our systems for the longest of the following periods:

  1. the duration necessary to achieve the objective or objectives pursued during their collection;
  2. the retention, archiving and limitation periods expressed by law or regulations;
  3. the end of the applicable limitation period following a dispute or investigation in connection with one of our offers or proposals, or one of our services.

5. Cookies and other Web technologies

In order to provide you with a more personalized and responsive service, it is necessary to store information about how you use this site. This is done using small text files called cookies. Cookies contain small amounts of information and are downloaded to your computer or other device using a website server. Your browser then sends these cookies to the site each time you visit so that it can recognize you as a unique visitor and remember some information such as your user preferences. You can find more information about cookies and how they work at: www.aboutcookies.org.

Each time you browse this site, information may be collected through cookies subject to your consent if needed.

Only cookies that are strictly necessary and essential for the operation of the service will be placed on your device.

Other cookies can only be placed on your browser if you consent to them by clicking “accept optional cookies” at the top of this page. You can also withdraw your consent, control and manage your cookies at any time by following the “Cookie management” link on the site.

Please keep in mind that deleting or blocking certain cookies may impact your user experience and some parts of the site may no longer be fully accessible to you.

6. Your rights

Under the relevant law, you have a right of access, a right of rectification, a right to be forgotten, a right to restrict processing, the right to data portability and a right to object. Below you will find further details and information on how you can exercise your rights. We will respond to your request within one month, but have the right to extend this period by two months.

Under the relevant law, you have the following rights with respect to your personal data:

  • The right to request access to your personal data. This allows you to receive a copy of the personal data we hold about you, and to check that we are processing it according to the law.
  • The right to request the correction of your personal data when incorrect, out of date or incomplete.
  • The right to request that we delete your personal data if:
    • your personal data is no longer necessary in relation to the purposes for which it was collected / processed; or
    • you withdraw your consent where the processing of your personal data is based on consent and is not otherwise legally justified; or
    • you object to the processing of your personal data and there is no overriding legitimate interest to continue processing; or
    • your personal data was processed unlawfully; or
    • the erasure of your personal data is necessary to fulfil a legal obligation.
  • The right to object to the processing of your personal data. We will comply with your request unless there is an overriding legitimate interest in the processing or unless we need to continue processing your personal data in order to initiate, exercise or defend legal claims.
  • The right to request the restriction of the processing of your personal data if:
    • you contest the accuracy of your personal data, for the period during which we are required to verify the accuracy of the personal data; or
    • processing is unlawful and you object to the deletion and instead request a restriction of the processing; or
    • we no longer need your personal data for the purposes of processing, but you need it to establish, exercise or defend a legal claim; or
    • you object to the processing, for the period during which we are required to verify the overriding legitimate interest.
  • The right to data portability. You have the right to ask us to supply you with your personal data. You can also ask us to send this personal data to a third party, where possible. The right to data portability only applies to personal data that you have personally provided to us, or if the processing is based on consent or is necessary for the performance of a contract between you and us and if it is carried out by automated means.

You can exercise many of your rights through the personal information section of your account. To exercise your other rights, please send an email request to dpo@essca.fr.

You will not be charged a fee to access your personal data (or to exercise any of the other rights described in this Personal Data Protection Charter). However, we may charge you a reasonable fee if your request is manifestly unjustified, repeated or excessive.

We may ask you to provide us with specific information to help us confirm your identity and to ensure that you have a right to access your personal data (or to exercise any of your other rights). This is a security measure to prevent disclosure of your personal data to unauthorised persons. In order to reduce our response time, we may also contact you to obtain further information about your request.

7. Protection of your personal data

We want you to have a relationship of trust us, which is why we are committed to protecting the personal data we collect. While no website can fully guarantee security, we have put in place and maintain appropriate physical, administrative, technical and organisational measures to protect the personal data you provide to us from unauthorised or unlawful access, use or disclosure, as well as accidental damage, loss, alteration or destruction.

For example, only authorised staff are able to access personal data, and they can only do so for legitimate business purposes. In addition, we use encryption when transmitting your personal data between your system and ours and between our system and the systems of trusted parties with whom we share confidential information. We also use firewalls and intrusion detection systems to prevent unauthorised persons from accessing your personal data.

8. External website links

Our website may contain links to third party websites, plug-ins and applications. If you access other websites from links provided on our website, the operators of those websites may collect or share information about you. This information will be used by those operators in accordance with their Personal Data Protection Charter, which may differ from ours. We have no control over these third-party websites and recommend that you read the privacy statements posted on these sites to understand their procedures for collecting, using and disclosing personal data.

9. International data transfer

Your personal data may be transferred to and stored in countries outside the European Economic Area for the purposes set out in this Personal Data Protection Charter. When we store or transfer your personal data outside the European Economic Area, we take the following precautions to ensure that it is properly protected.

Where we store or transfer your personal data outside the European Economic Area, we do so in compliance with existing law and ensure that it receives a similar level of protection by putting in place appropriate safeguards. Transfers of personal data are made:

  • to a country recognised by the European Commission as providing an adequate level of protection; or
  • to a country that does not provide adequate protection, with the transfer being governed by the European Commission’s standard contractual clauses, or by implementing other appropriate international transfer solutions to ensure adequate protection.

By using our services, you understand that your personal data may be transferred to our facilities and to third parties with whom we share it, as set out in this Personal Data Protection Charter.

10. Changes to this Personal Data Protection Charter

ESSCA may modify, update and/or replace this Personal Data Protection Charter from time to time. We indicate the date on which we last made changes to this Policy on the first page, with any changes effective upon publication. We notify our users of material changes to this Personal Data Protection Charter by sending a notice to the email address they have provided to us or by posting a notice on our website. We recommend that you check this Personal Data Protection Charter regularly to review the most current version.

11. How to contact us

If you have any questions or complaints about the way we process your personal data, please contact us by sending an e-mail to dpo@essca.fr.. You also have the right to lodge a complaint with the supervisory authority about the way we process your personal data. However, we would be grateful if you would give us the opportunity to address your concerns before you approach the supervisory authority and therefore ask you to contact us in the first instance.

Contact details:

ESSCA
1 rue Lakanal
BP 40 348
49003 ANGERS CEDEX 01
FRANCE

Attn: Privacy Officer/Legal Department
E-mail: dpo@essca.fr.