Personal Data Protection Policy
Within the context of its activities, and in accordance with regulations applicable in France and Europe, and especially the EU General Data Protection Regulation, CFI undertakes to ensure the protection, confidentiality and security of the personal data of its users, clients, prospective clients and suppliers and also to respect their privacy.
The Personal Data Protection Policy applies to the gathering and processing of data via the CFI websites (the “Sites”) and also the use of our online services or content.
Our Sites do not target minors without the permission of their legal representatives.
The Personal Data Protection Policy may be subject to amendment. CFI would like to point out that it may update its Personal Data Protection Policy at any time, in particular so as to adapt to the legislation in force. Users are made aware of any such amendments simply by their publication online. We recommend that you regularly review the version currently available.
The Personal Data Protection Policy sets out the principles and methods of data processing.
Principles for the protection of data and privacy
1. Fair collection of the personal data of its clients, prospective clients and Site browsers
Data are collected fairly and transparently. CFI undertakes not to collect personal data without first informing the parties concerned, including informing them of how their data will be used.
CFI collects such data for the following purposes:
- To provide the services requested by those browsing its Sites and by its applicants;
- To respond to the management requirements of those browsing its Sites and its applicants;
- To process applications submitted when calls for applications are published.
CFI advises those browsing its Sites of the use of cookies and other trackers on the Sites that it publishes, the purposes thereof, their legal basis and the right to oppose.
2. Use of the personal data of its applicants, prospective clients and those browsing its Sites
CFI uses the data of individuals and corporations for authentication purposes, for processing applications and for proposing projects adapted to the needs of applicants for its training, prospective contacts and those browsing its Sites. To this end, CFI may perform statistical studies based on such information.
CFI complies with the current legal framework relating to personal data protection and conditions of security and confidentiality. CFI does not pass on personal data other than to its authorised service providers and ensures that the latter meet stringent conditions of confidentiality, use and protection in respect of such data.
CFI undertakes not to supply personal data to commercial partners without informing applicants for its training, prospective contacts and those browsing its Sites, or without having offered such parties the opportunity to exercise their right to oppose such use.
3. The measures necessary for ensuring the security of the personal data of its clients, prospective contacts and those browsing its Sites.
CFI ensures the protection of the personal data entrusted to it, and does so continuously, from the design stage and throughout the life cycle of the services and Sites.
It implements security measures adapted to the level of sensitivity of the data in order to protect personal data against any malicious intrusion and against any loss, alteration or disclosure to unauthorised third parties.
- The information system, the servers and the networks CFI uses to process and store personal data are equipped with security and protection systems (data encryption, firewall, redundancy, back-up, etc.).
- CFI guarantees the security of information exchanged.
- It provides permission to access its information system only to such parties as require such access in order to carry out their function.
- It ensures that its collaborators are aware of their need to protect the personal data made available to them within the context of their functions and ensures that those collaborators comply with the rules in force and with the company’s code of conduct.
- It requires its service providers to comply with these same protection principles.
Data protection at CFI
1. What data are collected and how?
When browsing our Sites or participating in calls for applications, CFI or its partners may collect data subject to your prior consent.
Certain data are communicated by you directly, such as your surname(s), forename(s), email address, password, telephone number, and the claims or opinions you might share with us.
Such information is communicated when:
- You create an account on our call for applications platform (FR, EN, AR);
- You participate in a call for applications;
- You contact us and complete a form;
- You subscribe to any of our newsletters.
Subject to your prior consent, certain data may be collected automatically, as a result of your actions on the Sites and applications, by means of cookies or similar technologies, such as IP address, connection and browsing data, your preferences and areas of interest, and general geographic location.
Such information is communicated every time you browse our Sites.
2. For what purposes are the data collected about you used?
We use the data collected in order to:
- Provide content and services, including:
- Recognising you when you next browse our Sites;
- Managing your User accounts and informing you of updates regarding your accounts and the services you use;
- Responding to your requests made on our Sites, in particular via forms;
- Offering you personalised content based on your general geographic location (country);
- Personalising content and Service display;
- Sending you newsletters, push notifications and news alerts.
- Select the beneficiaries of our training and support programmes;
- Advertise our content and services and those of our partners, including:
- Offering content adapted to your areas of interest and offering targeted advertising;
- Sending communications and analysing their effectiveness.
- Conduct studies and analyses relating to our content and services in order to:
- Better understand Users of our Sites;
- Analyse data and carry out statistical studies in order to develop and improve our Sites.
- To ensure the security of your data.
3. Who receives the data collected?
The data collected on the Sites is received by CFI.
The data may be forwarded to or made accessible to CFI service providers within the context of providing data-processing, data-analysis and IT services.
CFI demands that its service providers that use your personal data do so solely to manage the services entrusted to them, in accordance with the applicable legislation in the area of personal data protection and the confidentiality of such data.
CFI informs you that it has concluded agreements with partners who may collect data about you. CFI has no visibility in relation to those data. We invite you to view the list of our main partners in the cookie policy: Cookie management.
4. Where are your personal data stored?
Your personal data are stored within the European Union, either in our databases or in those of our service providers.
5. Transfer of data outside the EU
Owing, in particular, to CFI’s international dimension, some of our partners are located outside the European Union. The data thus collected may be transferred to countries that are not European Union Member States and where personal data protection legislation differs from that of the European Union.
In such cases, CFI implements measures to ensure the security and confidentiality of such data and ensures that any such transfer complies with the legal framework: transfer to a country that provides a sufficient level of protection, signature of contractual clauses issued by the European Commission, or any other regulatory or contractual means whereby it is possible to guarantee a sufficient level of protection.
CFI is stringent in its requirements for its partners who use your personal data to do so solely to manage or to provide the requested services, and also requires its partners to act, at all times, in accordance with the laws applicable to personal data protection and to afford particular attention to the confidential nature of such information.
6. How and for how long are your data retained?
CFI uses all administrative, technical and physical resources to ensure personal data protection.
Personal data are retained for such a period as is required for the purposes of the processing for which they were collected, except where retention for a longer period is required by law, regulations or processing purposes.
Examples:
Purpose(s) | Data | Retention period |
Contacts | Surname(s), forename(s), email address, message | 36 months from the most recent contact |
Highlighting a problem, making an observation or suggestion on our Sites | Surname(s), forename(s), email address, name and version of browser used, message | 12 months from the most recent contact |
Participation in a call for applications | Surname(s), forename(s), civil status, date of birth, profession, nationality, email address, city/town of residence, country of residence, telephone number, Skype name, social media accounts, initial training, professional experience, presentation of a project linked to the theme of the call for applications, miscellaneous information requested as part of the call for applications. | 24 months from the most recent contact |
Submission of an application following an offer of employment or an internship | Surname(s), forename(s), email address, area of expertise, media of expertise, experience, languages spoken, specialisms, CV. | 24 months from the most recent contact |
7. What are your rights?
CFI undertakes to respect the entitlement of applicants for its training, its prospective clients and those browsing its Sites to exercise their rights in relation to access, correction, additional information and opposition. From 25 May 2018, the persons concerned also have rights relating to restriction, portability and deletion (right to be forgotten).
CFI has appointed a Data Protection Officer, who is the preferred contact for matters concerning personal data protection, both within CFI and in its relationships with, on the one hand, the CNIL (French National IT and Freedoms Commission) and, on the other, the persons concerned.
Interested parties may exercise their rights by sending a request accompanied by proof of identity:
- By mail, to the following address: CFI – Service Communication et outils numériques – 62 rue Camille Desmoulins – 92130 Issy les Moulineaux – France
- Or by email to: contact-dpd@cfi.fr
When your request to exercise your right of access, correction or opposition relates to data collected by one of CFI’s partners, we invite you to approach that partner in the latter’s capacity as processing party.
For all information relating to personal data protection, you may consult the IT and Freedoms Commission: CNIL.