Privacy policy
1. Introduction
This policy describes how and why we collect, and use, your personal information when you visit the CEMS website (www.cems.org - the “website”) and use the CEMS online services, in accordance with applicable laws and regulations, and notably the European General Data Protection Regulation 2016/679 (“GDPR”, the official text is accessible via this link). ‘Personal data’ means any information relating to an identifiable living individual who can be identified from that data or from that data and other data. ‘Processing’ means anything that is done with personal data, including collection, storage, use, disclosure and deletion.
This data protection policy applies to any:
- Use of one of the online services of CEMS:
- Whether this is a website, intranet (forms, cookies, etc.) or a digital work environment,
- On social media,
- Whatever the type of exchanges (email, text message, paper or electronic form, etc.),
- Or on mobile apps.
- Participation in training or an event;
- Response to a solicitation by CEMS by an alumnus, speaker, partner or supplier.
The website contains links that may redirect the user to third party sites which have their own confidentiality and cookie management policies. The policies of such third parties should be consulted, and CEMS declines any responsibility regarding the confidentiality practices implemented by such third parties.
2. Data Controller
CEMS, an association governed by the French law of July 1, 1901, having its registered office at 1 rue de la Liberation, 78350 Jouy-en-Josas and registered with the INSEE, DR de Haute-Normandie under the number SIREN 387 573 835 (hereafter, “CEMS”, “we”, “us”, “our(s)”), is the data controller as this term is defined in the GDPR.
3. Persons Concerned
To meet its operational needs, CEMS has to set up and use means of processing personal data relating to its prospects, applicants, clients, alumni, faculty, partners, companies and organizations, as defined below:
- "Prospect" means any person who may potentially be interested in the CEMS-MIM program or the Corporate Partnership relation;
- "Applicant" means any person interested in a course who has started to complete an application;
- "Client" means any person who has confirmed their registration or had their registration confirmed by their Home School, where applicable, following an admission process, whether by making a down payment or signing a financing contract or form;
- "Student" means any person registered with the CEMS-MIM program;
- "Third-party payer" means the natural or legal person managing all or part of the funding of a Client's training;
- "Alumnus" means any person who has taken, and has successfully completed the CEMS-MIM program;
- "Academic Member" refers to any person working within one of the Academic institutions, member of the CEMS alliance, and providing teaching services whether or not they are a salaried employee of CEMS;
- "Providers" refers to companies or organizations with which CEMS has a purchase contract as well as the suppliers of CEMS;
- "Partners" refers to companies or organizations with which CEMS has a contractual partnership relationship, in particular in connection with training services.
- "User" may refer to all populations.
4. Personal Data Collected
Non-technical types of data may include:
- Personal status (last name, first name, address, date and place of birth, nationality, title);
- Contact details (telephone number, email address, social media identifiers, mailing address);
- Preferred means of contact;
- Academic history (degrees, specialist qualifications, years obtained, language and management levels, scores in GMAT-type tests, etc.);
- Previous professional experience (titles of positions held, internships, role, responsibilities, companies, pay level);
- Reasons for applying to CEMS;
- Where applicable, data relating to means of payment (bank or post office account details, check number and/or credit card details, and, where applicable, transaction no., details of services subscribed to);
- Contract history and, where applicable, details of third-party payer;
- Any information relating to training courses taken (CEMS student no., modules or courses taken and, where applicable, scores, internships, assessment, exam panels, etc.);
- Information regarding university education mainly within the CEMS-MIM structure (Home School, Host Schools, Class-Year, Graduation Year, Terms, CEMS Mail);
- Any information relating to cohort tracking during and/or after the course (employer, position, salary, etc.).
Technical types of data may include:
- IP address;
- Connection data (login/password);
- Browsing data (pages visited, clickstream, length of visit, etc.);
- Browser-related data (type of browser, plugin, etc.);
- Preferences (languages used, etc.).
5. Legal Basis for Personal Data Collection
Depending on your situation with respect to us, we collect and process your personal data either because:
- You have given consent to the processing of your personal data for a specific purpose;
- It is necessary for the performance of a contract to which you are a party;
- Such processing is necessary for the purposes of our legitimate interests.
6. Purposes of the Collection of Personal Data
The purpose of the collection of this information is to enable:
- The setting up of prospecting and advertising operations relating to the programs, activities and events organized by CEMS or its community and subscriptions to CEMS newsletters;
- Access to the admission platform, and its improvement;
- Management of the student's application and, after admission, monitoring his/her training regarding administrative, financial and academic aspects;
- Client relations monitoring;
- Purchase management;
- Billing;
- Management of unpaid bills and disputes;
- Where applicable, access to CEMS network, application resources and digital documentation;
- Where applicable, submission of documents and academic work;
- Organization of surveys, in particular for CEMS, accreditation bodies, organizations publishing rankings for which CEMS has to produce statistics or answer inquiries in accordance with current legislation;
- Access to professional support offers developed by the Corporate Partnership Department of CEMS;
- Management of the risk of fraudulent use;
- Management of the awarding of CEMS diplomas and certificates, and in some cases, their electronic equivalents;
- Management of relations with companies;
- Transmission of data to companies (especially CVs), Partners and/or subsidiaries of CEMS;
- Statistics.
7. Sharing of Personal Data
By providing us with your personal data through the website, you are consenting to their sharing with other CEMS-related students and alumni associations for the purpose of creating efficient alumni networks on a worldwide level.
CEMS may use third party products to provide complementary services to the User. CEMS asks these third parties to follow its instructions concerning the User's personal data and only to use them in connection with the contract signed with the third parties unless the person concerned explicitly consents to such third parties using their data for their own purposes.
The User acknowledges that the third party may be located outside the territory of the European Union and agrees to their data being transferred to such places. In this case, CEMS will take all the measures necessary to ensure that the provider or partner guarantees an adequate level of data protection in line with the GDPR.
8. Your Rights
Under the GDPR, you have a right of access, modification, rectification and erasure of your personal data as well as a right of objection on legitimate grounds, which can be exercised by sending an email to dpo@cems.org mentioning in the subject line "Personal rights" and attaching a copy of your proof of identity. Alternatively, you may also write to CEMS, Correspondant à la protection des données, 1 rue de la Libération, 78350 Jouy-en-Josas.
You have the right to lodge a complaint with your local supervisory authority, which for France is the CNIL: COMMISSION NATIONALE DE L'INFORMATIQUE ET DES LIBERTÉS, 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. A list of the different European supervisory authorities can be found here.
9. Security
In order to ensure the security of personal data collected and processed, CEMS implements a level of security appropriate and proportional to the risks involved by taking all useful precautions, whether they be physical, logical, administrative or organizational, in view of the nature of the data it collects, processes or transfers.
These measures include, mainly:
- Protection of the accesses to the premises and server rooms by our ISP;
- Backup data center in different location;
- Filtered, secure internet access;
- Use of a SSL-type encryption protocol for the transmission of data between the terminals and servers of CEMS or its service providers;
- Regular backups;
- Management of accreditations for accessing data, and only allowing necessary resources to access data;
- Separation of development/acceptance, pre-production and production environments;
10. Data Protection Officer
CEMS has appointed a Data Protection Officer: Adaliance SAS, 73, rue du Château 92100 Boulogne Billancourt, RCS 752 457 804; anyone encountering any problems with the processing of personal data may contact the Data Protection Officer at this address dpo@cems.org or by sending a letter to "CEMS, Délégué à la protection des données, 1 rue de la Libération, 78350 Jouy-en-Josas".
11. Cookies
A "cookie" is a small file deposited by an internet server on the hard disk of a computer, smartphone, tablet or any other device able to connect to the internet. Cookies and other trackers do not allow a person to be identified, but on the other hand, they record browsing information. Servers can read and save this information.
As per the CNIL’s recommendations and in accordance with applicable laws and regulations, we will always inform you in a clear and complete manner on:
- The purpose of any action aimed at accessing, by electronic transmission, information already stored in your electronic communications terminal equipment, or at entering information in this equipment;
- The means at your disposal to oppose this.
We will only perform such access or registration if you have expressed your consent which may result from appropriate parameters of your connection device or any other device placed under your control.
The only cases where we may perform such actions without your consent is if the access to information stored in your terminal equipment or the registration of information in your terminal equipment has the sole purpose of enabling or facilitating communication by electronic means, or if it is strictly necessary for the provision of an online communication service at your express request.
Different types of cookies are used on our website.
Technical cookies which enable:
- You to subscribe to one of our newsletters: in this case, your email address will be used to send you our mailshots and in-house messages;
- An action to be linked to the provision of the service requested;
- The security of the service requested to be enhanced;
- The language spoken or other preferences necessary to the provision of the service requested to be saved;
- Operation of the media player (audio or video) corresponding to specific content requested;
- Identification for a restricted space;
- Load balancing;
- The site to be adapted to users' requests.
Audience measurement cookies which enable:
- Measurement of the audience of the different content items and pages on the websites, analysis of the clickstreams to reach them and browsing behavior, compilation of statistics. CEMS uses the Google Analytics service by Google Inc., for which the User can find the conditions of use here.
The data resulting from these cookies linked to the use of the sites will be transferred and stored by Google on its servers, mainly in the United States. Google will use these data to provide other services relating to the activity of the site and the use of the internet. It is possible to install a Google Analytics opt-out browser add-on
"Social media" cookies which enable:
- The enablement of the "share" and "like" buttons that feature on LinkedIn, Facebook and Twitter, lists of tweets (Twitter), videos broadcast on the site (YouTube, Vimeo) and animated presentations (Issuu). These features operate thanks to third party cookies deposited directly by those third parties which are liable to make identifications thanks to this type of button, whenever a page is consulted and a connection to the social media is active (a session is opened).
You can disable the use of these cookies either by refusing the “Audience measurement” when landing on cems.org or by altering the settings on your internet browser, where you will find settings to block third party cookies from being deposited on the websites you navigate on.
Last updated in January 2021