The purpose of this privacy policy is to inform, while browsing the Site, any person using the Site (hereinafter the “Users” or “User“) of ESSCA’s practices regarding the conditions of collection, use and sharing of information that Users are required to provide as well as their rights.

The Site comply with French and European legal standards regarding the protection of privacy and personal data, and in particular with the French law n°78-17 of January 6, 1978, named “Informatique et Libertés“, amended by law 2004-801 of August 6, 2004, and the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, named the “GDRP“, regarding the protection of individuals with regard to the processing of personal data and the free circulation of such data.

1. Person responsible for processing the personal data collected

The person responsible for processing personal data is ESSCA.

2. Nature of the data collected

The data collected on the Site in the context of the use of the services are those enabling ESSCA to identify Users directly or indirectly and to provide the services.

This may include the following categories of data concerning its Users:

·        civil status, identity, identification data such as surname or corporate name, first name, pseudonym, email address, postal address, country of residence, date of birth, phone, and/or mobile numbers.

·        connection data such as IP address and navigation data such as cookies.

Users who communicate personal data of a third party must confirm that they have the consent of the third party to the exploitation by ESSCA, to the publication and/or distribution on the Site of the latter’s personal data.

3. Purpose of the personal data collected

3.1. The personal data collected on the Site are used only for and during the execution of services for the following purposes:

·        User registration and authentication; and

·        sending notifications to the User for:

o   keep the User informed, by email, of the latest news and/or offers from ESSCA;

o   communicating various information relating to ESSCA’s services; and/or

o   transmit to the User information about offers from ESSCA’s partners.

In addition, ESSCA may use and/or keep the data to meet, where appropriate, its legal and/or regulatory obligations.

3.2. Aggregation with non-personal data

ESSCA reserves the right to publish, disclose and use aggregated information (information about Users or specific groups or categories of Users combined so that an individual User can no longer be identified or mentioned) and non-personal information for industry and market analysis, demographic profiling, promotional, academic search and advertising purposes, and other commercial purposes.

4. Timing of data Collection

The data collected by ESSCA is freely communicated by Users while browsing the Site.

They can also be collected automatically while using the Site, in particular when the User:

·        navigates on the pages of the Site without having created an account;

·        creates an account on the Site; and/or

·        sends a request to ESSCA via the contact form or by email.

In any case, the personal data collected :

·        will be obtained and processed fairly and lawfully;

·        will be recorded for determined and legitimate purposes;

·        will be used in accordance with these purposes;

·        are adequate, relevant, and not excessive in relation to these purposes; and

·        will take precautions to ensure the security and confidentiality of the data in order to prevent it from being damaged, modified, destroyed, or communicated to unauthorized third parties.

5. Consent

This privacy policy is systematically brought to the attention of Users when they register on the Platform. Indeed, the creation of an account implies the User’s express, full, and complete acceptance of this confidentiality policy.

By ticking the box: “I acknowledge having read and understood the privacy policy and legal mentions and I accept it.“, User consents to his personal data being stored and processed by ESSCA and/or its possible partners.

IMPORTANT: NOTE TO USERS

ANY NAVIGATION ON THE SITE AFTER THE PUBLICATION OF THIS PRIVACY POLICY CONSTITUTES ACCEPTANCE OF THIS POLICY WITHOUT RESERVE.

If the User wishes to withdraw his consent to the processing of his data, he simply needs to go to his account and request it using the forms offered on the Platform or to request it directly by e-mail at the following address: contact.onlinecampus@essca.eu.

Furthermore, assuming that it is required by law and/or in certain circumstances, the User’s consent will be collected, or a possibility of refusal will be provided before any data is transmitted.

6. Recipients of personal data

6.1. The recipient of personal data collected on the Site is first and foremost ESSCA.

Personal data is not communicated to third parties. However, other recipients may have access to personal data. These are, where appropriate, the service providers in charge of the Site (administration, sales, marketing, legal etc.) of ESSCA and its external service providers (technical service providers, access providers, communication agencies etc.).

6.2. In the event of a change of control of ESSCA, a merger, acquisition, collective proceedings or any other form of asset disposals, the data collected by ESSCA may be transferred to third parties. Nevertheless, ESSCA is committed to guaranteeing the confidentiality of the personal data collected and to informing Users before such data is transferred or subjected to new confidentiality rules.

If this is required by law, the User’s consent will be obtained, or a possibility of refusal will be arranged before any data is transferred.

7. Rights of Users

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the “GDRP” relating to the protection of individuals with regard to the processing of personal data and to the free circulation of such data and with Law no.78-17 known as the “Informatique et Libertés” law of 6 January 1978, amended by Law 2004-801 of 6 August 2004 relating to information technology, files and liberties, the User has the right to access, modify, correct and delete any personal data:

·        a right of access to his personal data;

·        the right to modify his personal data;

·        the right to rectify his personal data;

·        the right to delete and erase their personal data;

·        the right to object to the use of their personal data;

·        the right to limit their data; and

·        a right of portability of its data.

Users wishing to exercise one of their rights may send their request by e-mail or post to the following addresses:

·        Postal mail : ESSCA Online Campus, 55 quai Alphonse le Gallo 92513 BOULOGNE-BILLANCOURT CEDEX, France

·        Email: contact.onlinecampus@essca.eu

In the event of exercising one of these rights, the User must send ESSCA the elements necessary for identification: surname, first name, email and possibly his/her postal address.

Moreover, in accordance with the regulations in force, their application must be signed, accompanied by a photocopy of an identity document bearing their signature, be clear and specify in detail the right they wish to implement and the address in which they wish to receive the reply in the event of implementation of one of the rights listed above.

ESSCA then undertakes to reply within a maximum period of one (1) month following receipt of the User’s complete request.

Due to the complexity of the request and/or the number of requests, this deadline may be extended to two (2) months on condition that ESSCA informs the User within one (1) month of receipt of the request of the reasons for the postponement.

ESSCA informs Users of their right to lodge a complaint with the National Commission for Information Technology and Civil Liberties (hereafter the “CNIL”) in one of the ways indicated below:

·        By phone: +33 (0)1 53 73 22 22

·        By fax: +33 (0)1 53 73 22 00

·        Via the CNIL website: www.cnil.fr/fr/plaintes or www.cnil.fr

·        By postal mail : National Commission for Information Technology and Civil Liberties – CNIL 3 Place de Fontenoy TSA 80715 – 75334 PARIS CEDEX 07.

8. Data retention period

8.1. Retention of data for the duration of use of services

The personal data of the Users collected is not kept beyond the predefined duration for the use of services, except for data that ESSCA may need to keep as evidence, for legal or administrative purposes or in accordance with the legislation in force.

8.2. Retention of anonymized data after deletion of the account

ESSCA keeps the personal data of Users collected for the duration strictly necessary to achieve the purposes described in this privacy policy.

In case of termination of the contract or closure of the User’s account, ESSCA will keep for five (5) years from the date of termination of the contract or closure of the account the information provided at account opening., i.e. :

·        the identifier used to create the User’s account;

·        the first and last name;

·        the associated postal addresses;

·        the pseudonyms used;

·        the associated e-mail or account addresses;

·        telephone numbers;

·        the password as well as the data enabling it to be checked or modified, in their latest updated version.

Navigation data will be kept for a maximum of six (6) months in accordance with the recommendations of the CNIL.

Beyond this period, they will be anonymized and kept exclusively for statistical purposes and will not be used for any other purpose of any kind.

8.3. Deletion of data after deletion of the User’s account

Means of wiping collected Users’ personal data are put in place in order to provide for its effective deletion as soon as the conservation or archiving period necessary to achieve the determined or imposed purposes is reached.

8.4. Deletion of data after a period of inactivity

For security reasons, if the User has not authenticated on the Platform for a period of three (3) years, the User will receive an email inviting him/her to log on as soon as possible, otherwise the User’s personal data will be deleted from ESSCA’s databases.

9. Links

When using the Site, ESSCA reserves the right to make recommendations for services provided by third parties or potential partners. Users may have access to different links directing them to third party sites and/or the sites of potential partners.

ESSCA will not be responsible for the information that is sent to these third parties or collected by them.

This privacy policy does not govern third party sites or third-party content accessed by the User.
ESSCA has no control over hypertext links and/or other promotional formats.
Consequently, ESSCA gives no guarantee concerning the personal data protection practices of the indexed websites and cannot be held liable in the event of a dispute arising between a website indexed on the Site and/or on the Platform and one of the Users, in particular due to losses or damage suffered, the operators of the indexed websites being solely responsible for their personal data protection practices.

10. Cookies

A cookie is a text file that may be stored in a dedicated space on the hard disk of the User’s computer when consulting an online service using his/her browser software.

In practice, cookies are small text files that are placed on the User’s computer by the websites that the User visits. They are used to make the websites work and improve the ease of use of the websites.

The cookie is transmitted by a website’s server to the User’s browser. Each cookie is assigned an anonymous identifier. A cookie cannot be traced back to a natural person.

When consulting the Site, Users are informed that cookies or other means of recording browsing data are used by the Site, in particular Google Analytics, AddThis, Google Adsense or by third parties, service providers for the Site and/or the Platform and placed on the User’s terminal (computer, mobile or tablet).

ESSCA or its partners such as Google Analytics AddThis, Google Adsense may install, subject to the User’s acceptance, various cookies and in particular :

·        session cookies, which disappear as soon as the User leaves the Site;
·        permanent cookies, which remain on the User’s terminal until the end of their lifetime or until the User deletes them using the functions of his browser; and
·        statistics cookies (enabling the Site’s audience to be measured).

Only the issuer of a cookie can read or modify the information contained therein.

In accordance with the recommendations of the CNIL, the first time the User connects to the Site, he/she will be expressly asked to accept the Site’s cookies.

10.1. Purpose of cookies

The cookies used by ESSCA or its partners make it possible to identify Users, to recognize their browser when they connect to the Site and/or the Platform, to record their preferences for displaying the Users’ terminal, to adapt and/or personalize the presentation of the Site to improve the Users’ experience and to optimize the Site for the sole purpose of providing the services requested by the User, to analyze web traffic with Google Analytics, to share information on social media via AddThis, and to create targeted advertising with Google Adsense

In addition, the cookies used on the Site are based on the International Chamber of Commerce’s category guide:

·        strictly necessary;

·        functionality.

10.1.1. Strictly necessary cookies

Cookies, which are strictly necessary, enable the User to navigate on the Site.

These cookies do not collect any information concerning the User that could be used for marketing purposes.

ESSCA uses these cookies to:

·        ensure the functioning of the Site and/or the services;

·        secure the Site and protect him against malicious scripts.

ESSCA does not use these cookies for:

·        collect information that could be used to promote products or services to Users; or

·        keep a record of your preferences or username after your visit.

10.1.2. Functionality cookies

These cookies are used to provide services or to store the User’s parameters in order to improve their visit to the Site, their experience on the Platform and/or the use of the Services.

ESSCA does not use cookies to collect personal information that could be used to promote products or services for the User on other sites.

10.2. Storage duration of cookies

In accordance with the recommendations of the CNIL, the storage period for cookies is set at a maximum of thirteen (13) months after their first deposit in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies. The lifetime of the cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.

10.3. User’s right to refuse cookies

While the first time browsing the Site, a banner explaining the use of cookies appears. It allows the User to activate or deactivate certain cookies. It will only disappear once the User has accepted the use of cookies to continue browsing.

The registration of a cookie remains subject to the will of the Users. In accordance with legal and regulatory provisions, ESSCA obtains prior consent to the deposit of cookies.

Users therefore have the possibility of configuring their browser software to oppose the registration of cookies totally or partially (depending on the issuer). The configuration also offers the possibility of accepting or refusing cookies on an ad hoc basis before they are saved in the Users’ terminal.

Therefore, Users who wish to prevent cookies from being saved can follow the procedure specific to each browser and described in the browser’s help menu.

●       Chrome

●       Internet Explorer

●       Edge

●       Safari

●       Firefox

●       Opera

However, in case of opposition to the registration of cookies or the uninstallation of a cookie, Users are informed that certain services may no longer function correctly.

11. Transfer of personal data abroad

ESSCA processes User data only within the European Union and does not transfer this data outside this area.

Nevertheless, in the case of international transfers outside the European Union, a distinction must be made:

·        countries that have been the subject of an adequacy decision by the European Commission: in this case, the Data is transferred to a country ensuring a level of protection deemed sufficient and adequate to the provisions of European data protection regulations; and

·        countries whose level of data protection has not been recognized as adequate: in this case, to guarantee a transfer in compliance with European regulations, and in particular to ensure data security, ESSCA will base its transfer on protection mechanisms adapted to each service provider and sub-contractor, such as the conclusion of standard contractual clauses approved by the European Commission, the application of binding company rules or under an approved certification mechanism.

12. Security

ESSCA undertakes to implement the appropriate technical and organizational measures that are reasonably necessary regarding the regulations applicable to the protection of personal data, including protection against unauthorized or illicit processing and against accidental loss, destruction, or damage, in order to guarantee a level of security adapted to the risks incurred for the rights and freedoms of natural persons in the context of the processing referred to in this privacy policy.

When personal data is transferred to third parties for processing, ESSCA ensures that these third parties implement all appropriate technical and organizational measures to ensure the protection of personal data in accordance with applicable laws.

These measures are defined considering the state of knowledge, the costs of implementation and the nature, scope, context, and purposes of the processing as well as the identified risks.

Depending on the needs, risks, costs and purpose of processing, these measures may include pseudonymization and encryption of data.

This protection can be ensured by the indication “https” in the URL address of the browser as well as by the representation of a closed padlock at the bottom of the screen.

Finally, in the event of a violation of the rights concerning personal data that may create a high risk for the rights and freedoms of the User, ESSCA undertakes to inform the User of this violation within a maximum period of seventy-two (72) hours.

13. Privacy policy changes

ESSCA reserves the right to modify and update, at any time, this privacy policy, in particular to consider any legal and/or jurisprudential developments and to meet the requirements of the regulations applicable to the protection of personal data.

ESSCA will inform Users of important modifications or updates to this policy by email.

The version that prevails is that which is accessible online on the day the Site is consulted.

Any consultation of the Site after the publication of the modified privacy policy implies the User’s unreserved acceptance of the new privacy policy.

14. Contacts

14.1 For any request for information or to find out more about the processing of his/her personal data, including the exercise of his/her rights indicated above, the User may contact ESSCA from his/her account by email or post at the following address:

Email: contact.onlinecampus@essca.eu

Postal mail: ESSCA Online Campus, 55 quai Alphonse le Gallo 92513 BOULOGNE-            BILLANCOURT CEDEX, France

14.2. For any complaint or dissatisfaction in connection with the use of their personal data by ESSCA, the User may contact ESSCA by e-mail or post at the following address:

Email: contact.onlinecampus@essca.eu

Postal mail: ESSCA Online Campus, 55 quai Alphonse le Gallo 92513 BOULOGNE-            BILLANCOURT CEDEX, France

14.3. When the User contacts ESSCA, they will be asked to identify themselves.