• Français
  • English
  • Español

Privacy Policy

Article 1. Parties

Between the undersigned:

 1 ° The company CENTRE DE FORMATION EN INFORMATIQUE, LANGUES ET COMMUNICATION (CFILC), simplified stock company with a capital of 38.000 € whose head office is located 7 rue Duvergier - 75019 Paris, registered with the RCS of Paris under the number 403 506 991.

 Hereinafter referred to as the "Controller", on the one hand,

And

 2 ° The natural person

Navigating on the website of the Controller.

Hereinafter referred to as the "Person concerned", On the other hand,

It was stated and agreed as follows:

Article 2. Presentation

This Privacy Policy applies without restriction or reservation between the Person concerned and the Data Controller.

Its purpose is to provide information about how the Data Controller collects and processes the Data of the Person concerned in connection with its use of the following websites: https://www.campuslangues.com, https:// buy. campuslangues.com, https://crm.campuslangues.com, https://moncampus.campuslangues.com, https://tests.campuslangues.com and http://www.campuslangues.cn of Data Controller (here-after the "Website (s)").

Article 3. Agreement

Article 3.1. Definitions

- Data controller designates the company CENTRE DE FORMATION EN INFORMATIQUE, LANGUES ET COMMUNICATION (CFILC), simplified stock company with the capital of 38.000 € whose registered office is located 7 rue Duvergier - 75019 Paris, registered with the RCS of Paris under the number 403 506 991, who alone or together with others, determines the purposes and means of the Control.

- Person concerned designates any natural person who navigates, acquires knowledge, asks to register or registers to Services on the Website as soon as he/she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to its physical, physiological, genetic, psychological, economic, cultural or social identity.

- Navigation designates the consultation, the acquaintance, the application for registration and the registration on the Website.

- Website refers to the infrastructure developed by the Data Controller according to the computer formats usable on the Internet including data of different types, and in particular texts, sounds, still or moving images, videos, databases, intended to be consulted by the Person concerned in order to know, request to register and register for the Services, in particular the following infrastructures :

       https://www.campuslangues.com

       https://buy.campuslangues.com

       https://moncampus.campuslangues.com

       https://tests.campuslangues.com

       http://www.campuslangues.cn

- Benefit means any service presented on the Website and in particular language courses.

- Data refers to any information relating to the Person concerned.

- File refers to any set of accessible Data Structure according to certain criteria, whether this set is centralized, decentralized or distributed functionally or geographically.

- Processing means any transaction or set of operations performed or not using automated processes and applied to the Data or Datasets, such as collection, recording, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.

- Pseudonymisation means the processing of Data in such a way that it can no longer be attributed to the Person concerned without searching for additional information.

- Subcontractor means any natural or legal person, public authority, service or another institution other than the Data Controller who processes the Data on behalf of the Data Controller.

- Recipient means any natural or legal person, public authority, service or other body that receives the Data, whether or not a Third Party. However, public authorities that are likely to receive data, particularly as part of a fact-finding mission, are not considered to be Recipients within the meaning of this definition.

- Third party means any natural or legal person, public authority, service or other body other than the Controller, the Subcontractor and persons who, under the direct authority of the Controller or the Subcontractor, are authorized to process Data.

- Consent means any free, specific, enlightened and unambiguous manifestation of the will by which the Person concerned agrees, by a declaration or by a clear positive act, that Data is being processed.

- Supervisory Authority means Commission Nationale de l’Informatique et des Libertés (CNIL), an independent French public authority for the regulation of data protection.

            Article 3.2. Collected data

While navigating, the Data Controller may collect and process a certain amount of Data detailed below.

                        Article 3.2.1. Data directly transmitted by the Person concerned

By navigating, the Person concerned has to transmit a certain amount of Data directly to the Controller in order to:

· Send online forms;

· Report malfunctions

· Make a claim;

· Make an appointment;

· Send an application for registration to the Services;

· Register and participate in the Services;

· Create an account;

· Participate in games, contests, promotional offers, studies or surveys;

· Contact the Controller;

· Communicate with the Controller;

· Evaluate the language level

· To be informed.

The following data are concerned:

· Gender;

· Last name and first name;

· Age;

· Nationality;

· Birth date;

· E-mail address;

· Address;

· Telephone number;

· Passport / ID / Visa scan;

· Scan of the last diploma;

· Scan of the employment contract;

· Scan of transcripts;

· Scan of the registration certificate;

· Internal number;

· Language level;

· RIB;

· Proof of absences;

· Personal comment;

· Personal password;

· Copy of the exchanges between the Person concerned and the Controller;

· The responses of the Person concerned to any surveys and questionnaires conducted by the Data Controller;

All these Data are transmitted by the Person concerned to the Controller by a positive, systematic, clear and unambiguous act.

                        Article 3.2.2. Data automatically transmitted by the Person concerned

By navigating, the Person concerned is required to automatically transmit a certain amount of Data to the Data Controller in order to:

· Create statistics;

· Improve the Website and the Services of the Controller;

· Personalize the experience of the Person concerned;

The following data are concerned:

· IP address;

· Connection data;

· Types and versions of internet browsers used;

· Types and versions of plugins;

· Purchase history

· Operating systems and platforms;

· Navigation and behaviour of navigation on the Website (navigation on the different URL pages, content consulted, terms of search used, duration of navigating pages ...).

All these Data are automatically transmitted by the Person concerned to the Controller by a clear and unequivocal positive act of acceptance of the Cookies banner and in particular by the continuation of the navigation after the appearance of the information banner on the Website.

            Article 3.3. Shelf life of the data

As a matter of principle, all data are deleted or anonymized by the Controller no later than 3 years after the last contact of the Person concerned or at the latest 3 years after the end of the contractual relationship between the Person concerned and the Controller unless the Processing of the Data is necessary to fulfill a legal obligation or to the finding, the exercise or the defense of rights of justice of the Controller.

The Data referred to in Article 3.2.2 shall be deleted or anonymised by the Data Controller no later than 13 months after their automatic transmission by the Person concerned to the Data Controller unless the Data Processing is necessary for complying with a legal obligation or for the finding, the exercise or the defense of rights of justice of the Controller.

            Article 3.4. Purposes of Data Processing

Each Data Processing is performed by the Data Controller on the legal basis detailed below.

                        Article 3.4.1. Execution of the service contracts

The Data Processing carried out by the Data Controller in order to execute the Services contracts concluded with the Person concerned is strictly necessary for the execution of the latter.

                        Article 3.4.2. Applications for Services Registration

The Data Processing carried out by the Data Controller so that the Person concerned can ask to register for the Services is:

· Strictly necessary for the performance of the contract to which the Person concerned is a party

OR

· Realized with the Consent of the Person concerned.

                        Article 3.4.3. Assessment of the language level

The Data Processing performed by the Data Controller in order to evaluate online the language level of the person concerned is:

· Strictly necessary for the performance of the contract to which the Person concerned is a party

OR

· Realized with the Consent of the Person concerned.

                        Article 3.4.4. Execution of payments

The Data Processing carried out by the Data Controller in order to collect the payments of the Person concerned in the framework of the Contract of Services concluded with the Person concerned is strictly necessary for the performance of the contract to which the Person concerned is party.

                        Article 3.4.5. Sending information by the Controller

The Data Processing performed by the Data Controller in order to send information, from the Data Controller, to the Person concerned is:

· Strictly necessary for the performance of the contract to which the Person concerned is a party

OR

· Realized with the Consent of the Person concerned.

                        Article 3.4.6. Sending advertising

The Data Processing performed by the Data Controller in order to send marketing, advertising and promotional messages and information relating to the services of the Website to the Person concerned is:

· Strictly necessary for the purposes of the legitimate interest pursued by the Controller

OR

· Realized with the Consent of the Person concerned.

                        Article 3.4.7. Contact and appointments

The Data Processing performed by the Data Controller so that the Person concerned can make contact and / or appointments with the Data Controller is:

· Strictly necessary for the performance of the contract to which the Person concerned is a party

OR

· Realized with the Consent of the Person concerned.

                        Article 3.4.8. Help to secure the Website

The Data Processing performed by the Data Controller in order to secure the Website is:

· Strictly necessary in order to comply with legal obligations

OR

· Strictly necessary for the purposes of the legitimate interest pursued by the Controller

Article 3.4.9. Website Optimization

The Data Processing performed by the Data Controller to optimize the Website is strictly necessary for the purposes of the legitimate interest pursued by the Data Controller.

Article 3.4.10. Participation in games, contests, promotional offers, studies or surveys

The Data Processing carried out by the Data Controller in order to allow the Person concerned to participate in games, contests, promotional offers, studies or surveys organized by the Data Controller is carried out with the Consent of the Person concerned.

Article 3.5. Data Recipients

As a matter of principle, the Data Controller is the sole Recipient of the Data.

The Data Controller reserves the right, however, to transfer the Data that is the subject of a Processing to its partners and Subcontractors, in particular in order to execute the contracts to which the Person concerned is a party.

The Controller commits to contractually require from its partners and subcontractors sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the legal and regulatory requirements and guarantees the protection of rights of the Person concerned.

The Data Controller may disclose to any Recipient or Third Party the Data that is the subject of a Treatment where a legal obligation to do so exists or where the Data Controller considers in good faith that this is necessary for:

· Reply to any claim against him;

· Comply with the requirements of the judicial and / or administrative context;

· Perform any contract of which the Person concerned is a party;

· Safeguard the vital interests of every natural person;

· Execution of a mission of public interest.

In case of purchase of the Data Controller by a Third Party, the Data Controller reserves the right to share the Data with the Third Party Buyer subject to this Third Party's compliance with this Privacy Policy.

            Article 3.6. Transfer of data outside the European Union

The Data Controller keeps all Data on secure servers located in the European Union.

No transfer of Data outside the European Union will be made by the Data Controller without the express prior consent of the Person concerned.

            Article 3.7. Rights of the Person Concerned on the Data 

The Person concerned has a number of rights on the Data.

The Person concerned may assert his rights, except in case of applicable legal or regulatory exception, by making a request to the Controller at the following address:

CAMPUS LANGUES
7 rue Duvergier
75019 PARIS
donnees-personnelles[at]campuslangues.com

                        Article 3.7.1. Permission to access

The Person concerned has the right to obtain from the Data Controller the confirmation that Data is or is not being processed and, where available, access to the Data and the following information:

· The purposes of the treatment;

· Categories of Data;

· The Recipients or categories of Recipients to whom the Data has been or will be communicated, in particular Recipients who are established in third countries or international organizations;

· Where possible, the length of time that the Data will be kept or, where this is not possible, the criteria used to determine this duration;

· The existence of the right to request from the Data Controller the rectification or deletion of Data, or a limitation of the processing of Data, or the right to object to such processing;

· The right to make a complaint to a supervisory authority;

· When the Data is not collected from the Person concerned, any information available as to its source;

· The existence of automated decision making, including profiling, and, at least in such cases, useful information regarding the underlying logic, as well as the importance and expected consequences of this processing for the individual concerned.

The Data Controller provides a copy of the Data which is Processed and reserves the right, in exchange for the provision of such copy, to ask the payment of reasonable fees based on administrative costs for any additional copies requested by the Person concerned.

                        Article 3.7.2. Right of cancellation and rectification

The Person concerned has the right to obtain from the Data Controller the rectification and / or erasure of the inaccurate or obsolete Data as soon as possible unless otherwise prevented from exercising this right, and in particular:

· The exercise of the right to freedom of expression and information;

· The respect of a legal obligation;

· The public interest in the field of public health, archives, scientific or historical or statistical research;

· Finding, exercising or defending legal rights.

                        Article 3.7.3. Right of opposition

The Person concerned has the right to object at any time, for reasons relating to his/her particular situation, to a data processing based on the performance of a public interest mission or the necessity of the legitimate interest of the Data Controller.

The Data Controller agrees in this case to cease the Data processing unless it demonstrates that there are legitimate and compelling reasons for the Treatment that override the interests and rights and freedoms of the Person concerned, or for the finding, the exercise or the defense of rights in court.

In addition, the Person concerned has the right to object at any time to the Data Processing carried out for prospecting purposes by the Data Controller, to the extent that the Person concerned is related to such prospecting.

Finally, when Data is Processed for scientific or historical research purposes or for statistical purposes, the Person concerned has the right to oppose, for reasons related to its particular situation, the processing of the Data, unless Processing is necessary for the performance of a public interest mission.

                        Article 3.7.4. Right to limitation

The Person concerned has the right to obtain from the Data Controller the limitation of Data Processing when:

· The accuracy of the Personal Data is disputed by the Person concerned for a period of time which allows the Data Controller to verify the accuracy of the Data;

· The processing is unlawful and the Person concerned opposes its erasure and instead requires the limitation of its use;

· The Data Controller no longer needs Data for Processing purposes but it is still necessary for the Person concerned to find, exercise or defend legal rights;

· The Person concerned objected to the Processing in accordance with 6.3 -, during the verification as to whether the legitimate reasons pursued by the Data Controller take precedence over those of the Person concerned.

The Person concerned who has obtained the limitation of the Data Processing is informed by the Data Controller before the limitation of the treatment is lifted.

Article 3.7.5. Right to portability of Data

The Person concerned has the right to receive the Data that he/she has provided to the Data Controller, in a structured, commonly used and machine readable format, and has the right to transfer this data to another data controller without the opposal of the Data Controller, when:

· Processing is based on the consent of the Person concerned or the performance of a contract to which the Person concerned is a party;

· Processing is done using automated processes.

The Person concerned, when exercising its right to portability of the Data, has the right to have the Data transferred directly from the Data Controller to another Data Controller, where this might be technically possible.

Article 3.7.6. Right to make a complaint with the Supervisory Authority

The Person concerned has the right to make a complaint with the Supervisory Authority if he/she considers that he/she is the subject of an illegal data processing by the Controller.

Article 3.7.7. Right to set guidelines on the future of Data

The Person Concerned has the right to set guidelines on the future of the Data after its death to the Data Controller who will use all his/her technical means to enforce that will.

Article 3.8. Modification of the Privacy Policy

The Data Controller reserves the right to modify occasionally this Privacy Policy.

In the event of a significant change to this Privacy Policy, the Person concerned will be personally informed of the new Privacy Policy.

The Person concerned is invited by the Data Controller to review regularly this Privacy Policy for any changes to the latter.

The Person concerned may send his/her questions on this Privacy Policy to the following email address: donnees-personnelles[at]campuslangues.com.