Search

WEBSITE PUBLISHER

Isep, 28 rue Notre Dame des Champs, 75006 PARIS – SIRET 784 280 745 00026 – APE

WEBSITE CREATION

This site was created by: acti, digital agency based in Lyon
This site is maintained and hosted in a green data center by: acti

DEFINITIONS

For the purposes of this Policy, the following terms shall be used:

DPIA” – Data Protection Impact Assessment.

CNIL” – Commission Nationale Informatique et Libertés (French Data Protection Authority).

Recipient” – The natural or legal person, public authority, department or any other organization that receives personal data, whether or not it is a third party.

Personal data” means any information relating to an identified or identifiable natural person; an ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

DPO” – Data Protection Officer.

Internet user” – Any person connecting to the site.

Data Subject” – The natural person to whom the personal data being processed relates.

RGPD” – European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data.

Data Controller” – The natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing.

Site” – The https://www.isep.fr website.

Processor” – The natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.

Third party” – A natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processing” – Any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

PREAMBLE

Isep places the protection of personal data at the heart of its commitments.

Isep therefore undertakes, through this Data Protection Policy, to comply with regulations on the protection of personal data for its employees, customers, prospects, suppliers and service providers in accordance with European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data (RGPD) and Law No. 78-17 of January 6, 1978 on data processing, files and freedoms.

OBJECTIVES

Through this Data Protection Policy, Isep expressly undertakes to:

  • Comply with the recommendations and, more broadly, the CNIL’s doctrine on the protection of personal data, or justify any difference;
  • Comply with the recommendations of the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI);
  • Anticipate any project involving personal data in compliance with the Privacy by Design and Privacy by Default principles defined in Article 25 of the RGPD ;
  • Implement internal procedures to monitor compliance with legal obligations and commitments made by Isep ;
  • Facilitate the exercise of the rights recognized to data subjects ;
  • Ensure the greatest possible transparency on the processing of personal data implemented.

DATA PROTECTION OFFICER (DPO)

The DPO is the “conductor” of compliance within an organization. His or her role is to train, inform, advise, monitor and raise awareness on all issues relating to the protection of personal data. Their mission is to ensure the protection, security and confidentiality of personal data.

In order to guarantee the greatest compliance with regulations and to ensure the greatest transparency towards its employees, customers, prospects, suppliers and service providers, Isep, in its capacity as data controller, has appointed a DPO who can be contacted at the following address: dpo [at] isep [dot] fr

DATA COLLECTION AND USE

Isep undertakes, in its capacity as data controller, to collect only the personal data strictly necessary with regard to the purposes for which they are processed, and to do so directly from the persons concerned (employees, customers, prospects, suppliers, service providers).

Where the consent of the data subject is required for the collection and processing of certain data, Isep undertakes to obtain such consent in accordance with the requirements of the RGPD.

In the event that data is collected indirectly, Isep formally undertakes to inform its employees, customers, prospects, suppliers and service providers thereof.

Isep also undertakes not to process data in a manner incompatible with the purposes for which it was originally collected.

DATA RETENTION

Isep undertakes to keep the personal data of its employees, customers, prospects, applicants, students, trainees, suppliers and service providers for no longer than is necessary for the purposes for which they are processed.

In any event, the right to information enjoyed by data subjects implies that they are expressly informed of the length of time their personal data will be kept.

DATA DISCLOSURE

Isep wishes to be transparent about the use made of the personal data of its employees, customers, candidates, students, prospects, learners, suppliers and service providers.

To this end, they are informed that their personal data may be communicated:

  • Isep’s internal departments which have a real and justified need to access this data;
  • Internal departments of the group to which Isep belongs, where applicable, and which have a real and justified need to access this data;
  • Any subcontractor or service provider with a real and justified need to access this data;
  • To any organization (third party) to which Isep is required by law to disclose such personal data;

RESPECT FOR INDIVIDUAL RIGHTS

Within the framework permitted by the European Regulation, Isep is committed to respecting and ensuring respect for the rights enjoyed by its employees, customers, prospects, candidates, students, learners, suppliers and service providers; namely:

  • Right to information ;
  • Right to rectification;
  • Right to erasure;
  • Right to limitation of processing;
  • Right to portability;
  • Right to object;
  • Right not to be subject to a decision based exclusively on automated processing;
  • Right to decide what happens to personal data after death.

Isep has set up a rights management procedure to guarantee an effective response within the regulatory timeframe.

You can exercise your rights by contacting Isep:

By post: Service DPO – 28, rue Notre-Dame-Des-Champs – 75006 PARIS.
By e-mail: dpo[at]isep[point]fr

DATA BREACH MANAGEMENT

Isep formally undertakes to take all measures to minimize the impact of any personal data breach on the persons concerned.

To this end, Isep, in its capacity as data controller, undertakes to notify the CNIL of any personal data breach within a maximum of 72 hours of becoming aware of it, unless the breach in question is unlikely to pose a risk to the rights and freedoms of individuals.

Isep also undertakes to communicate any breach of personal data to the data subject as soon as possible when the breach in question is likely to give rise to a high risk to his or her rights and freedoms.

To ensure efficient management of personal data breaches, Isep has set up a dedicated procedure.

SECURITY AND CONFIDENTIALITY

In compliance with regulations and insofar as the security and confidentiality of Isep’s personal data concerning employees, customers, prospects, applicants, students, trainees, suppliers and service providers is a major concern, Isep undertakes to :

  • Securing data communications to various recipients through encryption and pseudonymization measures;
  • Secure access to data by enforcing the entity’s authorization policy;
  • Ensure the confidentiality of processing systems and services by implementing and enforcing an efficient password policy, as well as pseudonymization measures;
  • Ensure the constant integrity and resilience of processing systems and services, in particular by setting up multiple back-up systems distributed over at least two geographically spaced sites;
  • Where applicable, provide the data subject with a reference to the appropriate safeguards when a transfer of personal data is envisaged to a third country or to an international organization;
  • More generally, to put in place all appropriate technical and organizational measures to guarantee a level of security appropriate to the risk;

To this end, Isep formally undertakes to ensure that all of its subcontractors and partners present appropriate guarantees regarding the implementation of technical and organizational measures, in compliance with the RGPD and the rights of data subjects.

Isep also undertakes to ensure that a contract is concluded between it and its subcontractors to this effect.

PRIVACY BY DESIGN

In compliance with regulations, Isep undertakes, before implementing any processing of personal data, to:

  • Inform the DPO of any new personal data processing project;
  • Follow the advice of the DPO on questions relating to this project concerning the protection of personal data;
  • Carry out or commission a DPIA when deemed necessary;
  • Raise staff awareness of personal data protection through training and/or awareness-raising sessions, and the implementation of educational tools;
  • More generally, put in place all appropriate technical and organizational measures in an effective manner and to match processing with the necessary guarantees in order to meet the requirements of this Regulation and to protect the rights of the individual.

PROCESSING OF PERSONAL DATA VIA THE WEBSITE

Below, Isep mentions the generic processing of personal data available on its website. Information concerning student-specific data processing is available on Moodle.

The Isep is likely to implement several personal data processing operations depending on your activity on this website and/or our (you as data subject and we as data controller) reciprocal interactions.

You will find below detailed information on the management of your personal data.

Canvassing

Isep processes personal data for canvassing purposes following the organization of seminars and various events (JPO, trade fairs, etc.).

This processing is based on Isep’s legitimate interest in developing and promoting its business.

The data processed concerns the identity of the person and information concerning his/her career and/or professional activity.

It will be kept until opposition is expressed by the prospect’s contact or, failing that, for a maximum of 3 years after the last contact.

The data is intended for use by Isep’s internal departments.

Parcoursup

Within the framework of the pre-selection of candidates via Parcoursup, Isep implements the processing of personal data concerning the wishes of candidates for the management of the national procedure for pre-registration in a training course of the first cycle of social education including by apprenticeship. This processing is based on the performance of a mission of public interest.

The data collected (identity, admission file, course wishes) is transmitted to Isep through Puissance Alpha via the Parcoursup platform and is only processed by the internal departments in charge of admissions.

All data collected via Parcoursup is deleted at the end of the pre-selection campaign, with the exception of registration data once the candidate has been selected.

Suppliers

Isep uses data processing to manage its suppliers, which represents a legitimate interest for Isep.

The data collected is intended for internal use, and is communicated to organizations and service providers in the context of financial controls or to meet legal accounting obligations.

It will be kept for 5 years after the last service.

Apprenticeship tax

Isep uses data processing to manage the taxe d’apprentissage (apprenticeship tax), which represents a legitimate interest for Isep to be able to benefit from it for its financing.

The data concerned is the identity of the donor company’s contact, the company’s contact details, and data relating to the financial payment.

The data collected is intended for internal use only, and will be kept for 5 years, or for the duration of the statute of limitations.

Contact form

Access to this website published by Isep does not require identification. Personal data is therefore only collected if you complete the contact forms in order to contact Isep, and for the sole purpose of responding to your request.

This represents a legitimate interest for Isep, which is to provide answers to the questions asked.

The data processed in the context of this request are: identity (title, surname and first name), e-mail address, level of study and training requested. They are kept for the time it takes to process your request, and then according to the purpose of the request (general request, application, etc.).

The data is used solely by our internal departments and is accessible to our IT service providers as part of their respective services.

Traffic control and monitoring

Isep uses personal data to control and monitor traffic on its website. This is in Isep’s legitimate interest to analyze the audience of its site in order to adapt its communication methods.

Your rights and how to exercise them

In accordance with the French Data Protection Act of January 6, 1978, as amended, and with European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data, you have the right to access and rectify information concerning you, as well as the right to object, the right to limit processing and the right to erasure within the framework permitted by the European Regulation.

You can exercise these rights by contacting Isep by e-mail (dpo[at]isep[point]fr) or post (Service DPO – 28, rue Notre-Dame-Des-Champs – 75006 PARIS).

If, after contacting us, you feel that your rights with regard to Data Processing, Data Files and Individual Liberties have not been respected, you may lodge a complaint with the CNIL.

For your complete information, Isep has appointed a Data Protection Officer, who can be contacted at dpo[at]isep[point]fr.

COOKIES

If you are a visitor to our website, you can consult our site without having to identify yourself. We respect the anonymity of our visitors. We do not profile our visitors.
Site connection data (log files) are used solely for site security (detection of possible intrusions) and to estimate general site traffic (e.g. most frequently visited sections).
We use persistent cookies (a cookie is a small block of data sent by a web server and stored on your computer’s hard disk).
The cookies we use (if necessary) do not identify you. They simply enable us to memorize a user’s characteristics during one of his or her visits, so that he or she doesn’t have to enter his or her contact details several times.
As soon as you leave our website, the cookie we have generated will disappear from your computer’s hard drive. Our aim is not to recognize your machine on subsequent visits.
You can refuse cookies by configuring your browser, and our site will remain accessible to you. By modifying your browser options, you can ask to be warned when a cookie is activated, or refuse all cookies. If you choose the latter option, our website will remain accessible to you, but your browsing may be less comfortable.

SCOPE OF APPLICATION

This Privacy Policy only applies to data collected on this Website. The latter contains links to other sites. Please note that Isep has no control or influence over the privacy policies of other sites. We encourage our users to be aware when they leave the Website and to read the privacy policies of each and every site they visit.

ACCEPTANCE

By using this website, you implicitly accept the terms of our personal data processing policy and authorize us to process this data in accordance with the purposes set out above.

UPDATING

We reserve the right to modify this page from time to time. Please read this page regularly. Last update: 18/07/2023.