What is your personal data processed for?

Users of the website emlyon business school, as well as the users of website and social networks through which emlyon communicates are hereby informed that emlyon business school collects and carries out, on its websites and, where applicable, social networks and other communication websites that it does not own, personal data processing for the following purposes:

  • The creation and management of user accounts;
  • Handling of requests submitted via contact forms, as well as requests for information, quotes or the sharing of documents;
  • Management of applications for the programs offered by the various emlyon business school entities;
  • Management of the emlyon business school online learning platform emlyonX;
  • Management of unsolicited job applications and hiring, including the processing of resumes;
  • Management of chatbots, enabling live or email exchanges with dedicated staff;
  • The management, authentication, recording and storage of certified diplomas and certificates using the Ethereum public blockchain;
  • The generation of statistics on the basis of anonymous or non-anonymous personal data;
  • Communications containing information relating to emlyon business school news or sales communications;
  • Managing the proper functioning and security of emlyon business school's websites

What data is needed for these processing operations?

emlyon business school may collect the following kinds of data as part of the management of program applications or registrations: last name, first names, title, date of birth, email address, phone number, current degree or position, nationality, country of residence.

Information or contact requests and electronic communications only involve the collection of email addresses and full names.

The management of applications and job offers may involve the collection of sensitive data when disclosed by the applicant; for example, resumes submitted may contain information relating to marital status, trade union membership, political activities or medical history.

On what basis are these data processing operations carried out?

emlyon business school performs data processing with the user's consent to provide personal data, as well as the School's legitimate interest in ensuring the proper functioning of its websites and ensuring the quality of the services offered to users.

Depending on the options selected when creating the user account or in the relevant data collection forms, users may receive information or commercial correspondence relating to emlyon business school. If users do not wish to receive such communications, they can opt out at any time by writing to dataprivacy@em-lyon.com or by clicking on the link provided.

Who can access your data?

Every emlyon business school campus is responsible for the processing of its own user data. However, when emlyon business school processes data on social networks or other websites that it does not own, emlyon business school shall not be responsible for the use of the data by said social networks or websites. For more information, users are encouraged to refer to the website or social network's privacy policy when this is made available to them.

The recipients of user data include:

  • authorized departments and staff at the various emlyon business school entities, in order to complete the purposes listed above;
  • service providers acting on behalf of emlyon business school.

The data of users interested in a course at one of our emlyon business school campuses located outside the European Economic Area (EEA) (e.g. in Morocco or China) may be transferred to said campuses, acting as data controllers, for the same purposes as those set out above. The data of all users of emlyon business school websites may also be transferred to service providers acting on behalf of emlyon business school, and which may be located in or outside the EEA, including countries that do not provide the same level of personal data protection as the EEA, such as the United States for hosting purposes. Any transfers outside the EEA to countries that do not offer the same level of data protection are regulated in accordance with applicable legislation, through the use of safeguards such as standard contractual clauses based on those adopted by the European Commission.

How long will your data be stored?

User data is stored for three years as from the end of the relationship with the user or the last interaction initiated by the user, before being deleted.

Information and rights

The data controller is Early Makers Group, represented by Ms. Isabelle HUAULT, in her capacity as Chair of the Management Board and Chief Executive Officer.

Any user whose personal data has been processed has the right to access, correct, modify and delete such data. As such, they may request that any information concerning them that is inaccurate, incomplete, ambiguous or out of date be corrected, completed, clarified, updated or deleted. Users may also object to the processing of their personal data, on legitimate grounds.

To exercise their rights, users whose personal data has been processed may send their request to emlyon business school by post: 23 avenue Guy de Collongue, 69130 Ecully, France Or by email: dataprivacy@em-lyon.com.

Any user whose personal data has been processed may also lodge a complaint with the French Data Protection Authority (CNIL).