Data Protection Policy
Foreword
Data protection is a constant concern for EEMI (European School of Internet Professions).
The main objective of this document is to reflect this concern and provide concise, transparent, understandable, and easily accessible information about the data processing activities in order to help you understand the conditions under which your data is processed.
You will find important information regarding:
- Situations in which your personal data may be collected
- Types of personal data we may process
- How we use your data
- Your rights and how to exercise them
Through this policy, EEMI commits to comply with the European Union Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), applicable since 25 May 2018, and the French Data Protection Act No. 78-17 of 6 January 1978, as amended, relating to information technology, files, and freedoms.
General Principles
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data comply with the following principles:
- Lawfulness, fairness, and transparency: The collection and processing of personal data can only be based on a predefined legal basis (contractual performance, legal obligation, consent, legitimate interest, protection of vital interests).
- Purpose limitation: The collection and processing of personal data are carried out for specific and legitimate purposes.
- Data minimization: Only the strictly necessary data for the intended purposes are collected.
- Limited data retention: Personal data is stored for a defined period according to the processing activities and legal obligations.
- Security of collected and processed data: EEMI commits to ensure the integrity and confidentiality of collected data.
Who are we?
The European School of Internet Professions (EEMI) is a private technical higher education institution. In accordance with the applicable regulations on the protection of personal data, EEMI acts as the data controller for the activities described below.
Processed Personal Data
Categories:
- Civil status: identity, identification data (name, first name, civil status…)
- Personal life: address, email, telephone
- Professional life: occupation, employer, workplace, email, work phone number Economic information
- Bank account information, payment data
- Connection data: IP address, event logs Cookies, trackers
- Audience measurement: social networks
Data Subjects
This policy applies to all individuals who are in contact with EEMI, and each processing activity specifies the individuals concerned by it.
Data Processing – Objectives
The processing activities carried out by EEMI have the following purposes:
Forms
Objectives:
- Manage registrations for EEMI open days
- Manage contacts with various EEMI services
- Manage requests for documentation about EEMI programs
- Manage registrations for EEMI entrance exams
- Manage subscriptions to the EEMI newsletter
- Manage requests to exercise rights
Data Category:
- Personal data related to the information provided by the website visitor (name, first name, email, phone, address, educational information, etc.).
Data Subjects:
- Any user of the website (applicant, parents, candidate, student, learner, etc.)
- EEMI Communication Department
- EEMI Admissions Department
- EEMI Business Relations Department
- EEMI Accounting Department
- EEMI Disability Referral
- EEMI Data Protection Officer
Legal Basis:
- Your consent (you have the right to withdraw your consent at any time)
- Legal obligation
- Legitimate interest
- Contractual obligation
Chatbot
Objectives:
- Answer questions from website users about EEMI and its programs
Data Category:
- Data related to website visitors (unique visitor identifier, IP address, technical data, browsing data, etc.)
- Data related to appointment scheduling: name, first name, email, phone, appointment subject, appointment-related questions
Data Subjects:
- Any user of the website
- EEMI Communication Department
- EEMI Admissions Department
Legal Basis:
- Your consent (you have the right to withdraw your consent at any time)
- Contractual obligation
- Legal obligation
- Legitimate interest
Appointment Scheduling Tool
Objectives:
- Schedule appointments with the Admissions Department to learn more about the school and its programs
Data Category:
- Data related to website visitors (unique visitor identifier, IP address, technical data, browsing data, etc.)
Data Subjects:
- Any user of the website
- EEMI Admissions Department
Legal Basis:
- Your consent (you have the right to withdraw your consent at any time)
CRM
Objectives:
- Collect and store data related to applications or requests for documentation in a unified space
- Manage the progress of applications for EEMI programs in a unified space
Data Category:
- Personal data related to the information provided by the website visitor (name, first name, email, phone, address, educational information, etc.)
Data Subjects:
- EEMI entrance exam candidate
- Website visitor who responded to an EEMI documentation download form
- Website visitor who scheduled an online appointment with EEMI
- EEMI Communication Department
- EEMI Admissions Department
Legal Basis:
- Your consent (you have the right to withdraw your consent at any time)
- Contractual obligation
- Legitimate interest
Cookies
Objectives:
- Data related to website visitors (unique visitor identifier, IP address, technical data, browsing data, etc.)
Data Category:
- Personalized data that allows the website to identify its visitors
Data Subjects:
- Any user of the website
- EEMI Communication Department
- EEMI Data Protection Officer
Legal Basis:
- Your consent (you have the right to withdraw your consent at any time)
- Contractual obligation
Data Analysis
Objectives:
To obtain statistical reports on the activity of site users in order to improve our business proposal.
Data Category:
Data related to site visitors (unique visitor identifier, IP address, technical data, browsing data, etc.).
Persons Concerned:
- All site users
- Communication Service of EEMI
Legal Basis:
Your consent (you have the right to withdraw your consent at any time).
Sharing and Retention of Your Data
Recipients
EEMI
Data Retention
We retain your personal data only for the time necessary to achieve the purpose for which we hold this data, to meet your needs, or to fulfill our legal obligations.
To determine the retention period of your data, we apply the following criteria:
- If you register with our establishment, we retain your personal data for the entire duration of our contractual relationship.
- If you contact us for an inquiry, we retain your personal data for the duration necessary to process your request.
- If you have consented to receive commercial communication messages, we retain your personal data until you unsubscribe or request their deletion.
- If cookies are placed on your computer, we retain your data only for the time necessary to achieve their purpose (e.g., during a session for session identification cookies) and for any period defined in accordance with local regulations and instructions.
We may retain certain personal data to fulfill our legal or regulatory obligations, and to exercise our rights (e.g., file an appeal before any court) or for statistical or historical purposes. When we no longer need to use your personal data, we erase them from our systems and files or anonymize them so that they no longer identify you.
EEMI does not sell collected personal data to third parties. This data is shared only for the needs related to its activities. It is shared:
- Internally, with authorized services to carry out these tasks.
- With suppliers and subcontractors. EEMI requires them to sign contracts containing clauses ensuring a level of data protection, confidentiality, and security in compliance with regulatory standards and state-of-the-art practices.
Your data may be communicated to competent public authorities at their requests, in compliance with regulations, especially for the purpose of investigating offenses.
Data Transfer outside the EU
EEMI uses subcontractors and suppliers under conditions that involve data transfers, including to the United States.
Security of Personal Data
EEMI attaches particular importance to the security of personal data.
We have implemented appropriate technical and organizational measures, considering the sensitivity of personal data, to ensure the integrity and confidentiality of the data and protect them against any malicious intrusion, loss, alteration, or unauthorized disclosure to third parties.
However, the security and confidentiality of personal data rely on everyone’s good practices. Therefore, the data subject is encouraged to remain vigilant on this matter. In this regard, you can consult the website cybermalveillance.gouv.fr, particularly the Good Practices section.
Your Rights
EEMI is particularly concerned about respecting the rights granted to you in the context of the data processing it carries out, to ensure fair and transparent processing given the specific circumstances and context in which your personal data are processed.
Right of Access
In this regard, you have confirmation whether your personal data are or are not processed, and when they are, you have the right to request a copy of your data and the following information:
- The purposes of the processing.
- The categories of personal data concerned.
- The recipients or categories of recipients, and if such communication were to be made, the international organizations to which the personal data have been or will be disclosed, particularly recipients established in third countries.
- If possible, the envisaged retention period of the personal data or, if not possible, the criteria used to determine this period.
- The existence of the right to request the rectification or erasure of your personal data, the right to request the restriction of the processing of your personal data, the right to object to such processing.
- The right to lodge a complaint with a supervisory authority.
- Information about the source of the data when they are not collected directly from the data subjects.
- The existence of automated decision-making, including profiling, and in this case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects.
Right to Rectification
You can request the rectification, completion, or clarification of your personal data if they are inaccurate, incomplete, ambiguous, or outdated.
Right to Erasure
You can request the erasure of your personal data in cases provided by legislation and regulations. Please note that the right to erasure of data is not an absolute right and can only be exercised if one of the grounds provided in the applicable regulations is present.
Right to Restriction of Processing
You can request the restriction of the processing of your personal data in cases provided by legislation and regulations.
Right to Object to Processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data based on the legitimate interest pursued by the data controller.
In case of exercising such a right to object, we will no longer process your personal data within the scope of the concerned processing, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to Data Portability
You have the right to data portability for your personal data. This right is not a general right and only applies to automated processing, excluding manual or paper-based processing.
This right is limited to processing based on your consent or the performance of pre-contractual measures or a contract.
This right only applies to data provided by you and does not include derived or inferred data.
Right to Withdraw Consent
When the processing of data is based on your consent, you can withdraw it at any time. We will then cease to process your personal data, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the CNIL (3 Place de Fontenoy, 75007 Paris) in France, without prejudice to any other administrative or judicial remedy.
Right to Define Post-Mortem Directives
You can decide the fate of your digital personal data after your death.
Exercise of Your Rights
For any information or exercise of your rights regarding the processing of personal data managed by EEMI, you can contact the Data Protection Officer (DPO):
- Through the contact form
- Or by mail (with a copy of your identification document in case of exercising your rights, unless the information provided in your request allows us to identify you with certainty) to the following address:
EEMI
Data Protection Officer
28 Place de la Bourse – Palais Brongniart
75002, Paris
If you are dissatisfied with how your personal data or your requests under the GDPR or the Data Protection Act are processed, you can file a complaint with the supervisory authority (CNIL).
Glossary
Personal Data (or Personal Information)
Any information relating to an identified or identifiable person, that is, allowing direct identification (e.g., name and surname) or indirect identification (e.g., cookies).
Processing of Personal Data
Any operation or set of operations (automated or not) applied to personal data, such as collection, recording, organization, retention, and transmission of data.
Data Controller
Entity that determines the purposes (objectives) and means of processing.
Data Processor
Entity that processes personal data on behalf of the data controller and under their instructions.
Modification of this Policy
We invite you to regularly consult this policy on our website. It may be subject to updates.
Last updated: 05/07/2023.