Privacy Policy

The site https://ifaparis.com is operated by GROUPE EDH SAS, a simplified joint stock company with a share capital of €285,000, registered in the Paris Trade and Companies Register under number 381 224 054, having its registered office at SIS 61 rue Pierre Charron, 75008 Paris, itself represented by its Chairman, VENDOME EDUCATION, a simplified joint stock company with a share capital of €8,676,231.80, registered with the Paris Trade and Companies Register under number 880 507 686, itself represented by its Chairman, ARC EDUCATION, a simplified joint stock company with a share capital of €31,889,294.80, registered in the Paris Trade and Companies Register under number 914 479 100, having its registered office at the aforementioned address, represented by its Chairman, Mr Amin KHIARI (hereinafter “GEDH ”).

Users of the site are encouraged to read this privacy policy carefully.

For any questions related to the privacy policy, the User can send an email to the following address: dpo@groupe-edh.com.

1. Definitions

The terms defined hereinafter, the first letter of which is capitalised, will be defined as follows:

Site: the internet Site that is accessible at the following [a]site[/a] address https://ifaparis.comoperated by GEDH.

Cookies: automatic tracking text files set on a device (computer, tablet or smartphone) that record information when a User visits a website or views an advertisement.

Data/Personal Data: any information relating to a natural person who is identified or can be identified, directly or indirectly, through reference to an identification number or to one or more factors specific to that person. This may include the User's surname or first name, telephone number, email address, postcode or gender.

Processing: any action or set of actions relating to Data, such as collecting, recording, storing, consulting, communicating or even deleting and destroying Data.

Data Processor: the natural or legal person who determines the purposes and means of a Processing action, for example, the objective and way in which it is carried out. The Data Processor is identified in Article 2 of this privacy policy.

Sub-Processor: the natural or legal person who processes Data on behalf of the Data Processor, whether it be part of a service or contract.

Recipient: the natural or legal person who receives any such communication of the Data.

Data Protection Officer: the natural person responsible for ensuring that GEDH complies with Data protection regulations.

User: any natural person acting in a non-professional capacity whose Personal Data is processed by GEDH, namely Users visiting the Site, whether they are students, former students or potential students of a GEDH establishment.

2. The identity of the Data Processor and Data Protection Officer

The Data Processor is:

GROUPE EDH SAS
SAS with a share capital of €285,000
Registered in the Paris Trade and Companies Register under number 381 224 054,
61 rue Pierre Charron, 75008 Paris
Phone number: [a]+33 1 53 76 88 00[/a]

The User may exercise these rights by contacting Laura Delair by email at the following address dpo@groupe-edh.com, or by post at the following address: 61 rue Pierre Charron, 75008 Paris

3. General information

This privacy policy may be modified at any time by GEDH for the purpose of complying with changes in laws and regulations, case law, technical changes or the requirements set forth by the authorities. Should the privacy policy be amended, GEDH will inform the User and/or seek the User's consent where necessary.

The most up-to-date version of the privacy policy is the one available on the Site.

Users are invited to read the privacy policy before browsing the Site and to read it regularly to remain informed of any changes and/or updates made by GEDH.

Processed Data

When using the Site, Personal Data may be collected from the User and processed for GEDH.

GEDH seeks to only collect and process Data that is strictly necessary for its intended processing purposes.

If the User does not wish to provide the information marked with an asterisk (*), the User understands and accepts that GEDH will most definitely be unable to respond to the User's request. In such a case, the User is invited to contact the admissions department at the number provided at the bottom of the Site page.

GEDH does not collect any sensitive Data as defined by the applicable regulations.

GEDH may collect Data from minors who wish to obtain information and/or apply for courses offered by GEDH. In accordance with the applicable regulations, the Data Processing of information collected from minors over the age of 15 is not subject to the receipt of consent from the minor or persons with parental authority but requires full disclosure. In this context, the information provided by Users who are minors is adequately described in this privacy policy.

4.1. The Data required for the communication of documentation to the User

To receive documentation relevant to their course, the User must provide the following details:

First name(s);
Email address;
Mobile telephone number;
Level of study.

Additional Data may be required as part of this request (choice of document, choice of campus, etc.) but cannot be considered Data as defined by the applicable laws and regulations.

4.1. The Data required for the communication of documentation to the User

To receive documentation relevant to their course, the User must provide the following details:

First name(s);
Email address;
Mobile telephone number;
Country of residence
Nationality
Program type
Message.

In this context, the User may disclose any information that they wish to bring to GEDH's attention. If the User sends Data in this way, GEDH will process it in accordance with the conditions set out herein and in compliance with the applicable regulations.

Additional Data may be required as part of this request (choice of document, choice of campus, etc.) but cannot be considered Data as defined by the applicable laws and regulations.

4.3. The Data required for the application of the User

To apply for a training course offered by GEDH, the User must first provide the following information:

First name(s);
Email address;
Mobile telephone number;
Date and place of birth ;
Nationality;
Postal address;
Level of study;
Recognition of RQTH status.

Additional Data may be required as part of this request (choice of document, choice of campus, etc.) but cannot be considered Data as defined by the applicable laws and regulations.

Candidates who have chosen an English-language program complete their registration via a dedicated form, and their Data is processed in accordance with the applicable Privacy Policy.

4.4. Data required to register the User for events

To sign up for an event organised by GEDH, the User must provide the following information:

First name(s);
Email address;
Mobile telephone number.

Additional Data may be required as part of this request (choice of field of study, choice of campus, etc.) but cannot be considered Data as defined by the applicable laws and regulations.

4.6. Additional Data provided

The User may also contact a GEDH establishment directly, by email or telephone, using the contact details provided on the Site.

5. Legal basis and processing purposes

The Data is used by GEDH in accordance with the applicable laws and regulations.

The Data Processing is therefore lawful as long as it complies with:

GEDH's legitimate interests relating to:

The commercial and financial purposes for which the Data must be processed ;
The organisation of prospecting activities among Users ;
Requests for information and documentation submitted by Users.

Where applicable, the consent given by Users for the collection and processing of their Data.
Where applicable, the fulfilment of a contract entered into with the User.
Where applicable, compliance with a legal obligation.

6. Purposes of Data Processing

GEDH only uses Data for the purposes described in the privacy policy, either for consistency purposes or for the purposes it explained to the User at the time of collection.

More specifically, Data is collected for the purposes of:

Responding to and following up on a User’s request for information, documentation, applications and/or enrolments ;
Sending the User commercial offers about GEDH, more specifically, its latest news, courses and events ;
Responding to requests from the authorities concerning compliance with requirements relating to national security, the prevention of fraud or the application of laws and regulations ;
Managing Users' requests relating to the exercising of their rights ;
Preparing sales statistics ;
Organising promotional campaigns and events.

7. Data retention period

The Data collected on the Site are stored by GEDH for 2 (two) years following the last date of contact with the User.

At the end of this period, GEDH may contact the User in question to find out whether they wish to continue receiving commercial communications. Should GEDH fail to receive a positive response, it will delete the Data in accordance with the regulations in force, in particular those set out in the French Commercial Code, the French Civil Code and the French Consumer Code.

In the event of a rejected application, the Data collected as part of the User's application will be kept for 2 (two) years following the last date of contact.

Data collected to manage requests relating to the exercising of rights is kept for between 1 (one) and 6 (six) years according to the right exercised.

Data used to demonstrate proof of a right or contract, or kept to comply with a legal obligation, may be securely archived for a period of time no longer than is necessary for the purposes for which they are kept (in particular, but not exclusively, as required by the French Commercial Code, the French Civil Code and the French Consumer Code, but also by the accounting and tax requirements applicable to GEDH).

8. Cookies

8.1 Each time the User visits the Site, GEDH collects information relating to the User’s connection and browsing.

Cookies have several functions:

To facilitate the User’s navigation on the Site;
Improve and/or adapt the services, information and content offered on the Site;
Prepare statistics and measure visits to the Site;
Adapt the Site’s presentation.

8.2. The Cookies stored on the User's device when visiting the Site and the length of time they are stored for are indicated in Appendix 1 (Appendix 1: Cookies).

8.3. Cookies are set and stored on the User's device in accordance with applicable laws and regulations and are subject to the preferences selected by the User, who may modify them at any time.

GEDH obtains the User’s express consent to the use of Cookies upon entering the Site, with the exception of so-called session Cookies, which are necessary for the proper functioning of the Site and which do not require the User’s consent to be stored on his or her terminal. The User does not have the option of objecting to the deposit of these session Cookies on his or her terminal, due to their limited lifespan and the fact that they are necessary for the Site to function.

The User may choose to modify the Cookie settings at any time, via the Cookie settings link. They may also set their browser to refuse all Cookies, accept all Cookies or only accept Cookies that they wish to be stored on their device.

To this end, each browser is set up differently. To change their browser's settings, Users are invited to follow the links below:

Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-deletemanage-cookies ;
Safari : https://www.apple.com/legal/privacy/fr-ww/cookies/ ;
Chrome: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en
Firefox: https://support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur
Opera : https://help.opera.com/en/latest/web-preferences/#cookies.

The User is thus free to refuse Cookies.

For more information about Cookies, the User is invited to read the CNIL (The French National Commission for Information Technology and Civil Liberties) website: www.cnil.fr.

8.4. Cookies may also be set on the User's device by third-party companies, in particular when the User clicks on the icons of third-party websites that are accessible on the Site, and in particular social networks such as Facebook, Instagram, LinkedIn or YouTube.

By clicking on the icon of one of these third-party sites, the User can share content from the Site, follow the GEDH social media accounts and share their opinions with others.

When the User's account on the third-party website is already activated on their device, third-party Cookies enable the User to be identified and their browsing on the Site to be tracked.

GEDH does not manage how third-party websites collect Data regarding the User's browsing activity on the Site.

Therefore, GEDH recommends that Users read the Cookie policies on said third-party sites to learn more about how they use Cookies.

Accessing Data

9.1. Data Recipients are GEDH's authorised employees and staff members, its establishments and all the group's entities, in particular, members of the finance, marketing, sales and administrative departments and the departments responsible for handling customer relations. The logistics and IT departments may also have access to the Data.

9.2. In addition, GEDH's sub-processors may have access to the Data, especially for the purposes of:

Hosting the Site and Data ;
Site maintenance and development ;
Videoconference services.

As well as:

AGILITATION (Axeptio), a SAS with capital of €57,500, registered in the Montpellier Trade and Companies Register under number 821 947 009, with its registered office at Rue Benjamin Franklin, 34000 Montpellier;
Privacy policy: https://www.axept.io/fr/cgu
Contact: https://www.axept.io/fr/contactez-nous

HUBSPOT France, a SASU with capital of €475,000.00, registered in the Paris Trade and Companies Register under number 844 620 971, with its registered office at 24 rue Cambaceres, 75008 Paris;
Privacy policy: https://legal.hubspot.com/fr/privacy-policy
Contact: https://preferences.hubspot.com/privacy

OVH, a SASU with capital of €10,174,560, registered in the Lille Trade and Companies Register under number 424 761 419, with its registered office at 2 rue Kellermann, 59100 Roubaix;
Privacy policy: https://www.ovhcloud.com/fr/personal-data-protection/
Contact: abuse@ovh.net

LIVESTORM, a SAS with capital of €21,265.85, registered in the Paris Trade and Companies Register under number 820 434 439, with its registered office at 6 Boulevard Saint-Denis, 75010 Paris;
Privacy policy: https://livestorm.co/fr/rgpd
Contact: help@livestorm.co

METHODEWEB, a limited liability company with capital of €2,550, registered in the Paris Trade and Companies Register under number 503 077 315, with its registered office at 14 cours Albert 1er, 75008 Paris;
Contact: contact@methodeweb.com

ZettaByte Private Limited, a company registered in Singapore under number 201629385H, having its registered office at 111 North Bridge Road #08-19 Peninsula Plaza 179098, Singapore ;

The Processing carried out by GEDH's service providers is governed by agreements in which the Sub-processors agree to comply with the applicable laws and regulations and, more generally, with all the obligations incumbent on them, particularly with regard to protecting the security and confidentiality of Data.

9.3. The Data may also be sent to judicial and regulatory authorities but also to justice officials and ministerial officers as part of debt recovery missions and to protect GEDH’s interests.

10. Transfer of Data

The User is informed that some Data may be shared with partners located in countries outside the European Union for the purposes defined above. GEDH does everything in its power to ensure the security of Personal Data.

Prior to the transfer of Data outside the European Union, and in accordance with the regulations in force, GEDH makes every effort to implement the guarantees necessary to ensure the security of such transfers and to assure Users that the transfers are carried out in accordance with the privacy policy and the applicable regulations.

More specifically, GEDH uses the services provided by HUBSPOT, which may transfer and store Data in hosting centres located in the United States and in other countries outside the European Union exclusively for the aforementioned purposes.

This service provider has implemented measures to ensure compliance with regulations governing Personal Data. To comply with regulatory requirements, HUBSPOT had previously adopted the provisions set out in the Privacy Shield as the legal framework for the transfer of its customers' Data. As the Privacy Shield no longer constitutes a valid transfer system, this service provider applies standard contractual clauses (SCC) for Data protection that have been approved by the European Commission for Data transfers outside the European Union.

For more information, please see Hubspot's Data Protection Agreement, which is available here: https://legal.hubspot.com/fr/dpa.

In any event, the User may withdraw his consent to the transfer of his Data outside the European Union at any time by contacting GEDH at the following address: Data Protection Officer, 61 rue Pierre Charron, 75008 Paris or by email at the following address: dpo@groupe-edh.com.

11. Data security

Given the knowledge available, the costs of implementation and the nature of the Data in question, GEDH is committed to implementing appropriate measures to safeguard the security and confidentiality of the Data. GEDH therefore seeks to prevent the Data from being distorted, damaged or accessed by unauthorised third parties.

In particular, GEDH will ensure that:

Employees who have access to the Data are aware of the need for confidentiality ;
Access to its facilities and IT platforms is secure ;
A high level of Data protection standards is maintained when selecting its Sub-processing partners.

In the event of a breach of Data likely to result in a risk to the rights and freedoms of natural persons, GEDH will report the breach in question to CNIL (The French National Commission for Information Technology and Civil Liberties) as soon as possible, and at the latest within the time limits stipulated by the applicable laws and regulations. If a Data breach is likely to result in a high risk to Users' rights and freedoms, GEDH will inform Users of the breach as soon as possible, except in exceptional cases as stipulated by the applicable laws and regulations.

12. Users’ rights

In accordance with the applicable regulations, the User has the following rights:

The right to access their Data ;

The right to rectify, add to or update their Data ;

The right to oppose the Processing of their Data for legitimate reasons ;

The right to request the portability of their Data, in other words, the right to receive the Data provided in a structured format, and the right to transmit their Data to a third party ;

The right to request that GEDH limit the Processing of their Data ;

The right to request that their Data be deleted ;

The right to issue instructions concerning the retention, deletion and communication of their Data after their death, whereby these instructions may also be registered with a “certified digital trusted third party ”. These instructions, or a “digital will ” of sorts, may appoint a representative responsible for ensuring their implementation; failing this, the User's heirs will be appointed.

Notwithstanding the prior information, GEDH can keep certain Data when it is required to do so by the laws and regulations applicable to its operations or when it has a legitimate reason to do so.

The User may exercise these rights by contacting the Data Protection Officer by email at the following address dpo@groupe-edh.com, or by post at the following address: 61 rue Pierre Charron, 75008 Paris.

GEDH will strive to respond to the request as quickly as possible and, in any event, within the time limits stipulated by the applicable laws and regulations.

The User may submit a complaint to CNIL (The French National Commission for Information Technology and Civil Liberties).

13. Third-party internet sites

If the User uses the links on the Site to visit third-party sites, GEDH strongly recommends that the User consult the provisions contained in the privacy policies of the sites visited.

GEDH shall not be held liable for Data Processing carried out by third-party websites.

14. Annexes

Cookies deposited by https://www.ifaparis.com/fr/
Cookies		Purposes	Retention period
_fbp		Storage of usage history	3 months
_ga		Used to store and count page views.	2 years
_gat		Used to limit the rate of demand	1 minute
_gcl_au		Advertising	3 months
_gid		Used to distinguish users	1 day
_schn		Traffic targeting	Undefined
_scid		Identification	1 year
https://www.ifaparis.com		Session cookie required	Session
Cookies set by third parties
Setting	Cookies	Purposes	Retention period
Doubleclick.net	DSID	Save user preferences	15 days
	IDE	Ensure ad delivery or retargeting	3 weeks
	URL	Personalised ad	2 months
Facebook	C_user	User identification	2 years
	datr	Targeted advertising	2 years
	dpr	Performance	15 days
		Targeted advertising	2 years
	sb	Browser identification	2 years
	xs	Register a unique identifier	12 months
Google.com	1P_JAR	Personalised ad	1 months
	AID		1 months
	ANID		9 months
	CONSENT		28 years
	NID		6 months
	_Secure-3PAPISID		3 years
	_Secure-3PSID		1 year
	_Secure-3PSIDCC		1 year
Linkedin.com	AnalyticsSynHistory	Data storage	1 months
	UserMatchHistory	Cookie used by LinkedIn to synchronise LinkedIn Ads identifiers	1 months
	_guid	Personalised ad	3 months
	bcookie	Cookie used by LinkedIn to identify devices connecting to LinkedIn	2 years
	lang	Used by LinkedIn to remember the language settings	Session
	Li_gc	Cookie used by LinkedIn to store the User's consent	2 years
	Li_mc	Cookie used by LinkedIn to obtain opt-in Data	2 years
	liap	Cookie used by LinkedIn to show the connection status	2 years
	lidc	Cookie used by LinkedIn to facilitate the choice of data centres	1 day
	lissc	Cookie used by LinkedIn to track the use of its services	1 year
	Lms_ads	Identification	1 months
	Lms_analytics	Identification	1 months
Ads.linkedin.com	lang	Used by LinkedIn to remember the language settings	Session
Sc-static.net	X-AB	Cookie used by Snapchat linked to the integration of content from Snapchat	1 day
Snapchat.com	Sc_at	Personalised ad	1 months
t.co	muc	Facilitating functionality	2 years
Twitter.com	Guest_id	Identification	2 years
Twitter.com	Perzonalization_id	Identification	2 years
YouTube.com Privacy policy: https://www.youtube.com/intl/ALL_fr/howyoutubeworks/user-settings/privacy/	APISID	Statistical cookie. Used by YouTube to gather information on the use of videos hosted on YouTube	3 years
	CONSENT	Personalised ad	18 years
	HSID	Fraud prevention	3 years
	LOGIN_INFO	Statistical cookie. Used by YouTube to gather information on the use of videos hosted on YouTube	2 years
	PREF		2 years
	SAPISID		3 years
	SID		2 years
	SIDCC		1 ans
	SSID		3 ans
	VISITOR_INFO1_LIVE	Essential cookie. Used by YouTube to provide bandwidth estimates	2 years
	YSC	Store and track interactions	Session
	_Secure-1PAPISID	Personalised ad	2 years
	_Secure-1PSID
	_Secure-3PAPISID
	_Secure-3PSID
	_Secure-3PSIDCC		1 year
	_ga		2 years
	_gac_UA-158850311-1		2 months
Pinterest.com	_pinterest_cm	Personalised ad	12 years
Pinterest.com	_pinterest_sess	Personalised ad	12 years
TikTok.com	tt_webid	Personalised ad	12 years
	tt_webid_v2
	ttwid