Personal Data Protection Policy
CESI is involved in an ongoing process of compliance with the General Data Protection Regulation of 27. April 2016. With this new regulation, CESI enhances its personal data protection policy to ensure that our users’ data is collected and used in a transparent, confidential and secure manner. Our Personal Data Protection Policy describes how CESI deals with the personal data of visitors and users (hereinafter the “Users”) during their navigation on our sites (hereinafter the “Site”):
The Personal Data Protection Policy is part of the Site’s Legal Notice.
Personal data and objectives
By personal data we mean any information relating to an identified or identifiable person, in particular by reference to IDs such as a name, an identification number, location data, an online identifier, one or more specific elements relating to physical, physiological, genetic, mental, economic, cultural or social identity, as well as any other information that our clients decide to communicate to us. When you use our Site and you wish to receive information on our offers, via a contact form, or an application form, we collect and process personal data about you, such as: your Civility, Surname, First Name, Date of Birth, Telephone, Mail, Address, Postal Code, City. We will also ask you to provide us with your email address so that we can use this data to send you informative emails and notifications, as well as for the newsletter.
At the end of your degree course, for statistical purposes and for the renewal of our titles, we will ask you to complete a graduate follow-up survey. In the context of satisfaction surveys, we may use a customer satisfaction measurement tool. You will be asked via this tool to write an opinion on the training followed with CESI.
Types of cookies used.
The following types of cookies are used on this Site:
- Temporary” cookies: this type of cookie is active in your browser until you leave our platform and expires if you do not access the Site for a certain period of time.
- Permanent” or “tracker” cookies: this type of cookie remains in the cookie file of your browser for a longer period of time, which depends on the settings of your web browser. Permanent cookies are also known as tracking cookies.
With respect to promotional emails: You may withdraw your consent at any time by (i) un-checking the relevant box in your account, (ii) clicking on the unsubscribe link provided in each of our communications, or (iii) contacting us.
We collect the information that you provide to us when :
- you create, modify and access your personal account
- you fill in a contact details form
- you fill in an application form for our training offers
- you contact our Customer Service
Sharing with third parties
We provide a legal framework for transfers through contractual commitments with our sub-contractors in order to provide you with a high level of security.
The personal data relating to you collected on our Site are intended for CESI’s own use and may be transmitted to the subcontracting companies that CESI may call upon in the performance of its services.
CESI does not sell or rent your personal data to third parties for marketing purposes under any circumstances.
We also work closely with third party companies that may have access to your personal data, in particular:
- When we use search engine and analytics providers to improve and optimise our platform;
- In addition, CESI does not disclose your personal data to third parties unless (1) you request or authorize disclosure; (2) disclosure is required to process transactions or provide services requested by you; (3) CESI is compelled to do so by a government authority or regulatory body, in the event of a judicial summons, subpoena or other similar governmental or judicial requirement, or to establish or defend a legal claim; or (4) the third party acts as an agent or sub-contractor of CESI in the execution of services.
If CESI or all or part of its assets are purchased by a third party, the data in our possession will, where applicable, be transferred to the new owner.
We may aggregate data about you that we receive or send to our business partners, including all or part of your personal data and information collected via cookies. This aggregated information will only be used for the purposes described above.
Personal data protection
We take all necessary steps to ensure that your data is protected. We also advise you to keep your data confidential. CESI applies generally recognized technological and organizational security measures to ensure that the personal data collected is not lost, misappropriated, consulted, modified or disclosed by unauthorized third parties unless the disclosure of such data is required by the regulations in force, in particular at the request of a judicial authority, police, the gendarmerie or any other authority empowered by law. The security of personal data also depends on the Users. Users who are members of CESI undertake to keep their login and password confidential. Members also undertake not to share their account and to declare to CESI any unauthorized use of their account as soon as they become aware of it.
Your data is kept for a limited period of time to ensure optimum security.
This data will be kept for the duration of your registration to the training course and for one (1) year after the end of the training course. If a title or a diploma is awarded, the data relating to it will be kept for a period of 99 years from the date of issue of the diploma or certificate. They are then stored until the expiry of the applicable statutory limitation period. With regard to the training courses offered, we keep your personal data for the longest of the applicable legal and regulatory periods or for another period taking into account operational constraints such as proper maintenance of the student file, effective management of student relations and replies to requests from the Répertoire National des Certifications Professionnelles (RNCP – National Directory of Professional Certifications). The data collected for commercial prospecting purposes is kept for a maximum period of three (3) years from the end of the commercial relationship.
Minors, in the context of their information search, can access our site. They can also request additional information on some of our training courses. Our aim is to make education accessible to all. Nevertheless, any final registration of a minor will only be made with the consent of the holder(s) of parental authority. As a minor, you will be able to exercise your right to be forgotten if you no longer wish your data to be in our databases. Relationship between CESI services and social networks. We are not responsible for the use of data made by social networks.
You can set them up on their sites. When you use social networks and CESI’s services or applications in connection with social networks, this may result in the collection and exchange of certain data between the social networks and CESI. We are not responsible for the use of your data by social networks for their own account. You have the option to set up and control access and confidentiality of your data directly on the social networks.
In application of the European regulations in force, we have introduced procedures and mechanisms to help you exercise your rights. In accordance with the regulations in force, Users of our Site have the following rights:
- right of access and rectification ;
- right to update and complete User data;
- right to block or delete Users’ personal data when it is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited;
- right to withdraw consent at any time;
- right to restrict the processing of Users’ data;
- right to refuse the processing of personal data;
- right to data portability of the data provided by Users, when such data is subject to automated processing based on their consent or a contract.
If you wish to know how CESI uses these personal data, or request a correction or object to their processing you can send an email to firstname.lastname@example.org or send a letter to the following address: CESI – Data Protection Officer – la Défense FR, 1 Avenue du Général de Gaulle, 92074 Paris – FRANCE. In addition, CESI Users may file a complaint with the supervisory authorities, in particular with the CNIL (French Data Protection Authority). Your requests will be processed within 30 days. In addition to your request, we will need you to attach a photocopy of a proof of identity so that CESI can verify your identity.
If you have any questions or complaints or if you wish to send CESI suggestions or comments to improve our Personal Data Protection Policy you can send an email to email@example.com or write to the following address: CESI – Data Protection Officer – la Défense FR, 1 Avenue du Général de Gaulle, 92074 Paris – FRANCE