Purposes of processing personal data
The KEDGE BUSINESS SCHOOL GROUP Association (hereinafter “KEDGE BUSINESS SCHOOL”) is required to collect and process personal data where this data is necessary for the performance of contracts that it concludes, in accordance with regulatory obligations or when it is collected in the legitimate interest of the association (in particular the safety of individuals, premises and resources provided by the association as well as the promotion of the school).
When the processing of data subjects’ personal data is based on consent, KEDGE BUSINESS SCHOOL implements a dedicated system to collect this consent where it is considered to have been given freely and in an unambiguous, specific, and informed manner.
The data subjects include the candidates enrolling in a KEDGE BUSINESS SCHOOL training programme, KEDGE BUSINESS SCHOOL students (whether it is initial training or continuing professional development), the persons who stand as a guarantor for the payment of students’ tuition fees, graduates of KEDGE BUSINESS SCHOOL (alumni), the contact points in businesses from which KEDGE BUSINESS SCHOOL collects the apprenticeship tax or within which KEDGE BUSINESS SCHOOL students carry out an internship or a work-study programme.
Data subjects’ personal data is the subject of computer or paper-based processing intended to monitor and manage contractual relations and all obligations arising therefrom and in particular, but not limited to:
- the administrative management of candidates on the courses and training provided by KEDGE BUSINESS SCHOOL
- the administrative management of students (initial training, continuing professional development)
- the administrative management of natural or legal persons from which KEDGE BUSINESS SCHOOL collects the apprenticeship tax
- the administrative management of natural or legal persons with which KEDGE BUSINESS SCHOOL students carry out an internship or a work-study programme
- the administrative management of graduates
- the management of competitive examinations, in particular their organisation and the monitoring of candidates’ assessments, their eligibility and their admission
- the management of students’ course curriculum
- the monitoring of enrolments, attendance and absences for training programmes
- the management of students’ exams and assessments
- the management of students’ internships
- the management of work-study programmes (apprenticeships/vocational training contracts)
- the management of students’ specific needs (particularly at the time of exams and assessments)
- the award, management and monitoring of scholarships granted via the KEDGE BUSINESS SCHOOL Foundation
- the management and monitoring of the WELLNESS system
- the management and monitoring of mentoring
- the management and monitoring of tutoring
- the management of disciplinary action handed down by KEDGE BUSINESS SCHOOL disciplinary bodies
- the organisation and monitoring of training courses followed with foreign education institutions, partners of KEDGE BUSINESS SCHOOL
- the coordination of the graduates network
- connecting graduates and students for the purposes of finding an internship or job
- the management of contracts concluded with the data subjects, including the management and monitoring of billing and payments
- the management and monitoring of guarantee agreements taken out for the benefit of KEDGE BUSINESS SCHOOL
- the monitoring and managing of apprenticeship tax collection
- the fulfilment by KEDGE BUSINESS SCHOOL of its reporting obligations and obligations to provide information to administrative authorities (notably its accounting and tax obligations)
- the school’s promotion (e.g. the distribution of directories)
- carrying out marketing activities with data subjects
- security and logistics, in particular managing KEDGE BUSINESS SCHOOL badges and resources
- the security of the premises and individuals (video surveillance)
- controlling the use of any resources made available by KEDGE BUSINESS SCHOOL
- implementing the system to prevent sexual harassment
- carrying out satisfaction surveys and polls.
Recipients of the data processed
The data is intended for:
Within KEDGE BUSINESS SCHOOL
- the departments responsible for the programmes and academic and pedagogical management
- the departments responsible for student admissions
- the departments responsible for finance and accounts
- the departments responsible for KEDGE BUSINESS SCHOOL information systems
- the persons responsible for the security of the premises and the reception within KEDGE BUSINESS SCHOOL.
The personal data may be passed on by KEDGE BUSINESS SCHOOL to the following entities:
- the Kedge BS Alumni Association, the aim of which is to bring together a structured network of graduates who have studied on one of the KEDGE BUSINESS SCHOOL programmes
- foreign education institutions that are partners of KEDGE BUSINESS SCHOOL and in which the data subjects are following a course
- the Fondation de France for scholarships granted via the KEDGE BUSINESS SCHOOL Foundation
- the partners of KEDGE BUSINESS SCHOOL for the purposes of managing contracts: debt collection agencies, catering franchise on the premises of Kedge Business School, etc.
- KEDGE BUSINESS SCHOOL technical and computer subcontractors
- bodies specialising in surveys and statistics (particularly for ranking education institutions)
Authorised third parties and authorities
When KEDGE BUSINESS SCHOOL is required to meet its legal obligations or at the request of any authorised legal or administrative entity.
Outside of the European Union
If the data subjects’ data is transferred outside of the European Union, KEDGE BUSINESS SCHOOL will ensure that:
- the personal data is transferred to a country recognised by the European Commission as providing an adequate level of protection, or
- the personal data is transferred to entities certified under the Privacy Shield, or
- one of the mechanisms is used that ensures appropriate safeguards as provided for by the applicable regulations, and in particular the adoption of standard contractual clauses by the European Commission.
You may contact the KEDGE BUSINESS SCHOOL Data Protection Officer to obtain further information on these topics as well as a copy of the relevant documents.
Categories of data collected
The data is collected directly by KEDGE BUSINESS SCHOOL from the data subjects or will have been sent to it by partners specialised in recruitment and the organisation of competitive admission examinations.
In general, the data processed by KEDGE BUSINESS SCHOOL includes the following:
- civil status and identification data
- personal contact details - address, phone number and email
- billing and payment details
- the diplomas obtained with KEDGE BUSINESS SCHOOL
- languages spoken
- the personal data related to the courses followed within KEDGE BUSINESS SCHOOL: timetables, courses followed, the diplomas, validations of achievements, marking slips and statements, exam/assessment reports, attendance sheets, etc.
- the social difficulties within the framework of granting scholarships
- the specific needs of students (particularly at the time of exams and assessments)
- identification and connection data for computer resources provided by KEDGE BUSINESS SCHOOL
- the results of non-anonymous surveys and polls, testimonials
- the duties within student associations involved with Kedge Business School
- disciplinary measures
- circumstances reported within the framework of the system to combat sexual harassment
KEDGE BUSINESS SCHOOL implements physical, organisational, technical and software-related measures in terms of computer security, such as access authorisation registers, in order to protect the data against any alteration, destruction or unauthorised access.
These provisions are detailed in:
- the KEDGE BUSINESS SCHOOL General Data Protection Policy
- the information system acceptable use policy.
Data storage period
The data is stored for the duration necessary for KEDGE BUSINESS SCHOOL to meet its legal and contractual obligations. In general, the data is stored in accordance with Circular No. 2005-003 of 22 February 2005 of the Minister for National Education, Higher Education and Research.
These provisions are detailed in the KEDGE BUSINESS SCHOOL General Data Protection Policy.
The data listed below is stored as follows:
- data to access the premises is stored for 3 months after it is recorded
- video surveillance data is stored for 1 month after it is recorded
- the data related to students’ administrative and academic file is stored for 10 years
- timetables are stored for the school year
- copies of exams/assessments are stored for one year after publication of the results, unless disputed
- the marking slips and statements are stored for one year
- contract management data is stored for the entire period of the contract plus 5 years
- the data related to outstanding debts is stored until amicable settlement of the dispute or, otherwise, until legal action is time-barred
- the data related to guarantees is stored for the duration of the contractual relationship plus the limitation period.
Exercise of rights by the data subjects
KEDGE Business School has appointed a Data Protection Officer to liaise with CNIL [French Data Protection Authority] under number DPO-8113.
Upon simple request and without having to give reasons, any data subject may obtain a copy of their data.
- All data subjects have the right to request access to and the rectification of their personal data.
- All data subjects have the right to request the restriction of the processing of their personal data, (i) if they dispute the accuracy of their data during the period enabling us to verify its accuracy, (ii) if they consider that KEDGE BUSINESS SCHOOL is unlawfully processing their data and they require its use to be limited rather than its erasure, (iii) if KEDGE BUSINESS SCHOOL no longer needs their data as regards the purposes referred to above but it is still necessary for the establishment, exercise or defence of legal claims, (iv) in case of exercising their right to object pending verification of whether the legitimate grounds of KEDGE BUSINESS SCHOOL override their own.
- All data subjects have the right to request the erasure of their personal data. In case of a request to erase their data, KEDGE BUSINESS SCHOOL may nonetheless store it in the form of an intermediate archive for the period necessary to meet its legal, accounting and tax obligations.
- All data subjects are entitled, at any time, to exercise their right to object on grounds relating to their particular situation.
- All data subjects have the right to object to marketing at any time and without having to give a reason why.
- All data subjects are entitled to exercise their right to data portability, which gives them the right to obtain a copy of their personal data or to have it transferred to a third party, in a structured, commonly used and machine-readable format.
- All data subjects have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning them or significantly affecting them.
- All data subjects have the right to withdraw their consent at any time.
- All data subjects also have the right to set out specific guidelines regarding the storage, erasure and communication of their personal data after their death.
The aforementioned rights may be exercised:
- By mail: email@example.com ou
- By post: Cabinet DPO-AvocatsFAO: Kedge Business School Association DPO11, rue Théodule Ribot - 75017 Paris
If the claim made is admissible, KEDGE BUSINESS SCHOOL will respond within one month from receipt of the complete claim and will provide the information requested or implement the rights exercised in the aforementioned period.
If, given the complexity of the claim or the number of claims received, the aforementioned period cannot be observed, before its expiry, KEDGE BUSINESS SCHOOL will notify the postponement of its decision by two months maximum.
In any case, all data subjects have the right to lodge a complaint with CNIL if they consider that their rights have been infringed.
For more information, see the “Besoin d’aide” [help] section at www.cnil.fr. You can also call CNIL’s legal help desk on +33 (0)1 53 73 22 22, Mondays, Tuesdays, Thursdays and Fridays from 10am to 12pm and from 2pm to 4pm.