Privacy policy
Version 1.2 - 22/01/2024
Introduction: what is the purpose and scope of the policy?
This Privacy Policy may be updated from time to time. The date of the last update appears at the top of this page. Please refer to the French version for any complaints.
1.1: Introduction
SKEMA Business School would like to remind you of its commitment to respect and apply the regulations in force regarding the protection of the personal data of its prospects, candidates (for SKEMA programs or job offers), students and graduates, financial respondents, or any other person who wishes to have information about the school, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Regulation on the Protection of Personal Data) and the amended law n°78-17 of January 6, 1978 known as "Informatique et Liberté".
Personal data is collected and processed by SKEMA in a fair, lawful and transparent manner with regard to the data subjects. In particular, only personal data that is relevant and strictly necessary for a specific, explicit and legitimate pre-determined purpose is processed.
The purpose of this policy is to supplement the information provided in the various notices on the website and in the forms, by informing you of the conditions under which SKEMA, in its capacity as data controller, collects and processes your personal data.
These rules are general and apply to all personal data collected, regardless of the channel through which it is collected.
1.2 Definitions
“Personal data" is information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier or to one or more elements specific to that person (last name, first name, address, date of birth, marital status, salary, etc.).
"Processing" of personal data consists of any operation or set of operations, whether or not automated, concerning such data, including in particular the collection, recording, organization, storage, modification, retrieval, consultation, use, communication, dissemination, alignment, erasure or destruction of such data.
A "purpose" is the main aim of the processing operation, i.e. data is collected for a well-defined and legitimate purpose and is not further processed in a way that is incompatible with this initial aim. This principle of purpose limits the way in which the data controller can use or re-use the data in the future.
The "data controller" is the legal entity (company, municipality, etc.) or natural person who determines the purposes and means of processing, i.e. the objective and the way in which it is to be achieved.
Who is the data controller?
The data controller in charge of personal data processing is:
SKEMA BUSINESS SCHOOL, a non-profit organization under the law of 1901, whose registered office is located at: Avenue Willy Brandt - 59777 Euralille, represented by Ms Alice GUILHON, Managing Director.
Who are the data subjects of the processing?
The present policy essentially concerns data collected from prospects, applicants (for SKEMA programs or job offers), students and graduates, financial sponsors, legal guardians, or any other person wishing to obtain information about the association, whether such data is collected directly on the website or from interested parties in forms, at trade fairs, open days, etc.
- "Prospects" refers to any person potentially interested in the programs or training offered by SKEMA or its partners.
- "Candidates" refers to any person applying for SKEMA programs, training courses or competitions.
- "Candidates for a job offer[1]" means any person who applies for a SKEMA job offer;
- "Students"; refers to any person enrolled in a SKEMA program or training course.
- "Alumni"; refers to any SKEMA graduate.
- "Financial Sponsors"; refers to any person who pays application fees or course tuition fees in place of the Student or any person identified as the Student's guarantor.
- "Legal guardians"; means any person appointed by law to represent and defend the interests of a person, including parents in the case of minor children.
- "Visitors" means any person seeking information about SKEMA.
[1] Job applicants and employees may consult the GDPR information note applicable to them.
What personal data do we collect?
Type of personal data | Examples of data collected (non-exhaustive list) | Origin of data collected |
Identification details | Last name, first name, date of birth, gender, IP address, nationality, etc. | Forms, contracts, open days, social networks |
Contact information | Email address, telephone number, postal address, etc. | Forms, contracts, open days, social networks |
Bank details | Bank account details, checks, etc. | Deposit (contract), refund |
Data from competitive examinations | Grades, jury evaluations | Competitive examination sessions |
Application data | CV, cover letter, academic background, diploma(s), certification(s), quizzes and assessments, etc. | Website |
Data from web browsing | IP address, login, password, cookies, etc. | Website |
Why and on what legal basis do we use your personal data?
1.1: Legal basis
The legal basis for processing is what legally authorizes its implementation, which gives an organization the right to collect or use personal data.
It can also be referred to as the "legal foundation" or "judicial basis" for processing.
With regard to our processing operations:
- Personal data collected as part of the management and monitoring of the student's administrative file is justified by the contractual relationship.
- All personal data collected as part of the management and follow-up of commercial prospecting and invitations to events are justified by consent.
- Certain personal data collected as part of education management are justified by legal obligation.
1.2. Main purposes
To make it easier for you to understand the various processing operations we carry out, we have separated them into different groups, namely:
Applications:
- Management and follow-up of student applications and selection (competitive examinations and programs)
- Management and follow-up of SKEMA job applications
- (Management and tracking of mandatory personal information related to application and registration)
- Management and follow-up of applications submitted via ParcourSup
Competitive examinations:
- Management and follow-up of competitive examinations.
Education:
- Management and follow-up of student education.
- Management and follow-up of student registration.
- Management and follow-up of payments, scholarships and unpaid fees.
- Management and follow-up of data transfer to our subsidiaries, partners or referent institutions.
- Management and follow-up of legal obligations inherent to certification and accreditation bodies.
- Management and follow-up of IT tools and connection identifiers.
Alumni:
- Management and follow-up of SKEMA graduates
- Management and follow-up of sponsorship initiatives
Business development, marketing and communication:
- Management and follow-up of invitations to SKEMA events and satisfaction forms.
- Management and follow-up of IT tools and connection identifiers.
- Management and follow-up of commercial offers related to SKEMA programs.
- Management and follow-up of newsletters.
- (Management and follow-up of tracers and cookies inherent to website management).
- Management and follow-up of SKEMA's social network accounts.
How long do we keep your personal data?
Retention periods for personal data | |
Student application data | 3 years |
Data related to a job application | 2 years |
Data related to marketing | Until withdrawal of consent |
Data related to student education | 3 years from end of training and graduation |
Cookie management and preference tracking data | 13 months |
Data linked to enrolment requests and communicated to institutions (e.g. scholarship applications, etc.) | 5 years |
Competitive examination data | 3 years |
Data linked to diplomas and certifications that may give privileges or rights | 50 years |
Data related to sponsorship activities | Until withdrawal of consent |
Data related to alumni | Until withdrawal of consent |
Who uses your data?
The personal data you provide will only be passed on to SKEMA's internal departments, authorized partners, control, certification and accreditation bodies, which justify the use of and access to the data.
Is your personal data processed in the European Union?
Some personal data may be transferred outside the European Union, to countries which do not necessarily have data protection laws equivalent to those in force in the European Union, such as the USA, Brazil, China, South Africa and Canada.
The transfer of personal data to recipients located outside the European Union is intended to ensure the management and follow-up of the student's education and the selection of candidates for SKEMA job offers.
The transfer of personal data to recipients outside the European Union is exclusively for the purposes defined above.
The recipients of this personal data are:
- Other SKEMA establishments located outside the European Union.
- Partners involved in the management of the student's education or in the selection of candidates for SKEMA job offers.
Guarantees have been taken to ensure the protection of students' personal data transferred outside the European Union, such data transfers being governed by contractual clauses that comply with the model clauses adopted by the European Commission.
Security measures
Security is a top priority for SKEMA BUSINESS SCHOOL, which strives to maintain its efforts in all possible areas, taking every precaution to limit risks:
- Protection of infrastructures by video surveillance systems in compliance with current legislation.
- Protection of workstations by badge and key access.
- Security measures for networks and IT systems.
- Protection of equipment and applications via personal authorizations and passwords.
- Management of authorizations and compartmentalization of internal storage spaces and applications.
- Protected internal servers.
Data processor
ParcourSup special case:
In accordance with the European General Data Protection Regulation (GDPR), we inform you that your personal data is subject to computer processing implemented by the admissions department for the performance of a mission of public interest within the meaning of the provisions of the GDPR.
This data is collected for the purpose of facilitating the analysis of applications conducted by the admissions committee of the program, within the strict framework of the examination methods and criteria for assessing applications that it has determined.
Data relating to the applicant's educational background, data relating to schooling may come from the automated processing known as "ParcourSup" (see the Decree of March 28, 2018 authorizing the implementation of automated processing of personal data known as "ParcourSup").
The information collected is kept for a period of 2 years.
The recipients of this data are Admissions department staff.
You can access your personal data and exercise your rights under the following Articles 38, 39, 40 et 40-1 of the French Data Protection Act no. 78-17 of January 6, 1978 at the following address: rgpd@skema.edu.
If, after contacting us, you feel that your rights have not been respected or that this system does not comply with data protection rules, you may lodge a complaint with the French Data Protection Authority (CNIL).
What are your rights and how can you exercise them?
You may at any time exercise the various rights provided for by the regulations in force:
Right of access to personal data concerning you, right of opposition, right of rectification, right of deletion, right of limitation of processing, right of portability, right to give instructions on your personal data after your death.
and, where applicable, the right to withdraw your consent at any time for processing where your consent has been obtained beforehand.
You can exercise your rights by sending your request by e-mail to the following address: rgpd@skema.edu or by post to the following address: Legal Department - 60, rue Dostoïevski - 06 902 Sophia-Antipolis.
If you feel that your rights have not been respected, you can lodge a complaint with the association's representative or directly with the Commission Nationale Informatique et Libertés (CNIL, 3 place de Fontenoy, 75007 Paris).