Pursuant to the personal data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and French Law no. 78-17 of 6 January, amended, HBA undertakes to protect all the personal data it collects and uses in its processing.
This data protection policy applies to any:
- Use of one of the online services of Honoris Business Art (HBA):
- Whether this is a website, intranet (forms, cookies, etc.) or a digital work environment,
- On social media,
- Whatever the type of exchanges (email, text message, paper or electronic form, etc.),
- Or on mobile apps.
- Participation in training or an event;
- Response to a solicitation by HBA, a speaker, partner or supplier.
The HBA websites contain links that may redirect the user to third party sites which have their own confidentiality and cookie management policies. The policies of such third parties should be consulted, and HBA declines any responsibility regarding the confidentiality practices implemented by such third parties.
- DATA CONTROLLER
Honoris Business Art, a company with a capital of €30.000, registered with the Registry of Trade & Companies in Paris under the number 831 603 329 and headquartered at 118/130 AVENUE JEAN JAURES 75169 CEDEX 19 PARIS / FRANCE, is represented as a Data Controller by Onur GUVENC in his capacity as Chief Digital Officer.
- PERSONS CONCERNED BY THE COLLECTION AND PROCESSING OF PERSONAL DATA
To meet its operational needs, HBA has to set up and use means of processing personal data relating to its prospects, applicants, clients, alumni, faculty, partners, companies and organizations:
- “Prospect” means any person who may potentially be interested in a course or event;
- “Applicant” means any person interested in a course who has started to complete an application;
- “Client” means any person who has confirmed their registration or had their registration confirmed by their company, where applicable, following an admission process, whether by making a down payment or signing a financing contract or form;
- “Student” means any person registered on a course
- “Third party payer” means the natural or legal person managing all of part of the funding of a Client’s training;
- “Alumnus” means any person who has taken a course, whether or not it leads to a qualification and whether or not they have completed the course;
- “Speaker” refers to any person providing Training and consulting services whether or not they are a salaried employee of HBA;
- “Providers” refers to companies or organizations with which HBA has a purchase contract as well as the suppliers of HBA;
- “Partners” refers to companies or organizations with which HBA has a contractual partnership relationship, in particular in connection with training and consulting services.
“User” may refer to all populations.
- PERSONAL DATA
- TYPES OF DATA
Non-technical types of data may include:
- Personal status (surname, first name, address, date and place of birth, nationality, title);
- Contact details (telephone number, email address, social media identifiers, mailing address);
- Preferred means of contact;
- Academic history (degrees, specialist qualifications, years obtained, language and management levels, scores in GMAT-type tests, etc.);
- Previous professional experience (titles of positions held, internships, role, responsibilities, companies, pay level);
- Reasons for applying to HBA;
- Where applicable, data relating to means of payment (bank or post office account details, check number and/ or credit card details, and, where applicable, transaction no., details of services subscribed to);
- Contract history and, where applicable, details of third party payer;
- Any information relating to training courses taken (modules or courses taken and, where applicable, scores, internships, assessment, exam panels, etc.);
- Any information relating to cohort tracking during and/ or after the course (employer, position, salary, etc.).
Technical types of data may include:
- IP address;
- Connection data (login/ password);
- Browsing data (pages visited, clickstream, length of visit, etc.);
- Browser-related data (type of browser, plugin, etc.);
- Preferences (languages used, etc.).
- DATA COLLECTED
- As part of its relations with Users, HBA collects technical data relating to their browsing on our websites, mobile apps or other content published by HBA.
- Depending on the category of Users, HBA collects and processes different data:
- For Prospects:
Surname, first name, email address, request for services and/ or documentation.
- For Applicants, Clients and Third party payers:
Personal status, means of contact, preferred means of contact, contract history, where applicable consents, academic history, professional situation and experience and motivation.
- For Companies, Providers, Partners and Subcontractors:
Details relating to the entity (name, type of company, share capital, VAT no., company registration number, address of headquarters, etc.) contract information, means of payment and/or billing of different transactions; also contacts in these entities (title, surname, first name, email address, position, role, telephone number, etc.).
- For training/ consulting members:
Personal status, means of contact, preferred means of contact, academic history, professional situation and experience, areas of expertise, means of payment, contract history.
- For Alumni:
Surname, first name, email address, position/role, telephone number and, if cohort tracking, professional situation.
- ORIGIN OF DATA
The data mainly originates from direct collection via:
- Browsing and data entered among other things in forms and questionnaires on the HBA websites and/ or third party tools;
- Paper forms;
- Creation of an account or a personal page on one of our websites or applications;
- Information provided by Prospects, Applicants or Clients at Forums, Master classes, fairs, in paper or electronic forms, before, during and after a course;
- Orders for products or services;
- Submission of an application or enrolling on one of our programs;
But also indirect collection via our academic, business and technical partners.
- DATA ENRICHMENT
The Client is informed that data are shared between our information sites and our application or admission sites. Following their admission, we will ask Clients to check and, if necessary, correct their data so that we can carry out their administrative registration.
Faculty members and Providers are informed that data are shared between our management applications, in particular order handling, and the tools we use to manage the performance of services by Providers and Speakers.
HBA has introduced a policy of minimizing the re-entry of data in order to facilitate access to its different services. As soon as a Client has finalized his administrative registration or the Provider or Speaker signed their contract, HBA creates all the services that will be linked to their training or necessary to the performance of their service (e.g.: multi-purpose badge, access to premises, accommodation, food services, access to networks and intranet, email box, access to document lending system, access to the services in the online service platforms of HBA, access to Online training with partners where there are educational prerequisites, etc.). HBA will then enrich these data when the Client, Speaker member or Provider uses these services.
- REQUIRED DATA
Only data necessary to the processing will be collected.
When personal data is collected in online or paper forms or questionnaires, the required fields are indicated.
If no data is entered in the mandatory fields, the service reliant on this data collection may not be able to be provided or the application or access to the service may not be able to be fully estimated. The optional fields enable us to process data more effectively.
- WHY DO WE COLLECT THESE DATA AND ON WHAT BASIS?
- LEGAL BASIS
The legal basis depends on the processing involved:
- Connected to HBA’s legal obligations,
- Necessary to the performance of HBA’s public service mission,
- Necessary to the performance of a contract or pre-contractual measures,
- Connected to the consent of the person concerned,
- Necessary to safeguard the vital interests of the person concerned,
- Connected to HBA’s legitimate interests.
HBA will seek the permission of the person concerned to send its marketing messages or accept a subscription to its newsletters. The User is entirely free to refuse such processing simply by clicking on the “unsubscribe” or “désinscription” link which is always present in HBA’s messages.
The purpose of the collection of this information is to enable:
- The setting up of prospecting and advertising operations relating to the programs, activities and events organized by HBA or its community and subscriptions to HBA newsletters;
- Access to the admission platform, and its improvement;
- Management of the student’s application and, after admission, monitoring his/her training regarding administrative, financial and academic aspects;
- Client relations monitoring;
- Purchase management;
- Management of unpaid bills and disputes;
- In some cases, to assist the Client with the procedure for obtaining financial grants and to monitor their file;
- Where applicable, access to HBA network, application resources and digital documentation;
- Where applicable, submission of documents and academic work;
- Setting up filtering by means of a firewall, antivirus, video surveillance and access control for reasons of security of people and property, and operations connected to the Vigipirate/terrorism alert system;
- Handling requests for intervention if a Client encounters any difficulties in their use of IT media or HBA’s premises;
- Organization of surveys, in particular for HBA, the Ministry of Higher Education and Research, accreditation bodies, organizations publishing rankings for which HBA has to produce statistics or answer inquiries in accordance with current legislation;
- Access to professional support offers developed by the Careers & Business Partnership Department of HBA;
- Management of the risk of fraudulent use;
- Management of the awarding of HBA certificates, and in some cases, their electronic equivalents;
- Collection of the apprenticeship tax;
- Management of relations with companies;
- Transmission of data to companies (especially CVs), Partners and/or subsidiaries of HBA;
- PURPOSES OTHER THAN THOSE MENTIONED IN THIS POLICY
If HBA subsequently wishes to carry out processing of personal data for a purpose other than that for which the data were collected, HBA will provide Users with prior information about this other purpose and any other relevant information.
- AUTOMATED INDIVIDUAL DECISION MAKING
In connection with the administrative, financial and educational monitoring of Clients’ training, depending on the course taken, the Student may be called upon to choose classes. This processing will allocate places according to availability in the class chosen and in accordance with the Student’s wishes. In order to satisfy the Student’s training preferences as closely as possible, the latter will still be able to contact the head of their program to modulate their training according to their wishes.
As part of the management of the fraud risk, HBA uses a digital process that enables it to compare, depending on the requirements of the program, some of the work submitted by Clients to internal and external sources in order to detect plagiarism. This processing is a legal obligation for HBA, required under its public service mission, in particular when Clients are submitting work for a diploma or certificate. This processing will systematically be subject to examination by the faculty teams in charge of identifying any possible consequences.
- RETENTION TIME
HBA applies retention times to the data it collects according to any legal and contractual requirements that apply, and where there are none, according to its own needs. The retention time may vary according to the data category or processing concerned or user profile.
HBA will retain these data for a period not exceeding that necessary to the purposes for which they are processed.
- PERSON AND/ OR ENTITIES WHO WILL HAVE ACCESS TO PERSONAL DATA – RECIPIENTS OF PERSONAL DATA
HBA guarantees that this confidentiality policy will be adhered to by all subcontractors processing personal data on its behalf in connection with the use of one of the HBA services.
HBA ensures that personal data are only accessible to authorized internal or external recipients.
- DISCLOSURE OF DATA TO THIRD PARTIES
Internally, only the HBA departments concerned will have access to the User’s data, each within the limits of its respective remit.
- HBA’s partner universities and schools;
- HBA’s parent company or subsidiaries;
- Partners of HBA such as:
- Lifelong training like organizations,
- Professionals taking part in exam boards or consulting/ teaching on HBA courses,
- Providers such as:
- Publishers of educational content or services linked to HBA or accessible via HBA’s digital platforms;
- Where appropriate, a catering, accommodation and/ or travel provider.
HBA may use third party products to provide complementary services to the User. HBA asks these third parties to follow its instructions concerning the User’s personal data and only to use them in connection with the contract signed with the third parties unless the person concerned explicitly consents to such third parties using their data for their own purposes.
- TRANSFER OF DATA ABROAD
The User acknowledges that the third party may be located outside the territory of the European Union and agrees to their data being transferred to such places. In this case, HBA will take all the measures necessary to ensure that the provider or partner guarantees an adequate level of data protection in line with the data protection legislation and regulation. In order to guarantee the privacy of Users and their personal data, the subcontractors concerned are obliged among other things to sign standard contract clauses approved by the European Commission.
- RIGHT OF ACCESS, RECTIFICATION, ERASURE AND CONTROL OF USAGE
Under Regulation (EU) 2016/679 and the amended French Law n°78-17, the User has a right of access, modification, rectification and erasure of their personal data as well as a right of objection on legitimate grounds, which can be exercised by writing to HBA, 118/ 130 AVENUE JEAN JAURES, 75169, CEDEX 19, PARIS/ FRANCE or by sending an email, info@ honorisba.com mentioning in the subject line “Droit des personnes” (personal rights) and attaching a copy of your proof of identity.
These are individual rights that can only be exercised by the person concerned in relation to their own information: for security reasons, the department concerned will therefore need to check the person’s identity in order to avoid sending confidential information concerning someone else.
- USER’S RIGHT OF ACCESS
The User is entitled to ask for a copy of their personal information held by HBA, with the exception of cases where its disclosure would violate the privacy of another person or if an exemption were to apply.
- USER’S RIGHT OF RECTIFICATION
Any requests to rectify data will be passed on to the department concerned and HBA will inform the User when the rectification has been made.
- USER’S RIGHT OF ERASURE
Any request to delete data made by a User will be studied to determine whether the erasure should be carried out or not. The User’s right of erasure will not apply if the processing has been set up to meet a legal obligation. Certain data are necessary to track training and/or its payment.
If our processing required the User’s consent, the latter may withdraw it any time.
- USER’S RIGHT OF CONTROL AND USAGE
Under the same conditions, the User possesses a right to control the usage of their data by writing to the same address.
HBA reserves the right to contact the Prospect or Client by the means of communication of its choice: telephone, text message, email (including at the Client’s personal address if they have entered it), social media, etc. The Client may ask that a certain means of communication not be used by HBA, by sending their request to email@example.com (re.: STOP Means of communication).
The management of usage also means that the User has the possibility of requesting:
- Restrictions on HBA’s processing (for example, that HBA no longer contact a person who has taken a training course to propose similar offers or services);
- Post mortem management of data by drawing up advance directives. The User is informed that they have a right to formulate specific and general directives concerning the retention, erasure and disclosure of their data post mortem. This right can be exercised by an email to this address: firstname.lastname@example.org or by ordinary mail to this address: 118/ 130 AVENUE JEAN JAURES, 75169, CEDEX 19, PARIS/ FRANCE, mentioning “Droit des personnes – post-mortem” (Post mortem personal rights) and enclosing a copy of their proof of identity.
- RIGHT TO DATA PORTABILITY
The User is informed that they have a right to data portability so that they can obtain and reuse their data for their own purposes in another IT environment. They can exercise this right by writing to HBA, 118/ 130 AVENUE JEAN JAURES, 75169, CEDEX 19, PARIS/ FRANCE or by sending an email to email@example.com mentioning in the subject line “Droit des personnes – portabilité” (Personal rights – portability) and enclosing a copy of their proof of identity.
This portability right does not apply to all the processing carried out by HBA, in particular when it is done in connection with HBA’s public service mission or its legal obligations. The User’s request will be studied and implemented for the data able to benefit from this right only.
- RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The User also has a right to lodge a complaint with the national data protection authority, which for France is the CNIL: COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. A list of the different European supervisory authorities can be found on the CNIL website or here.
- COOKIES AND OTHER TRACKERS
A “cookie” is a small file deposited by an internet server on the hard disk of a computer, smartphone, tablet or any other device able to connect to the internet.
Cookies and other trackers do not allow a person to be identified, but on the other hand, they record browsing information. Servers can read and save this information.
Different types of cookies are used on our website.
Technical cookies which enable:
- Your favorite pages to be saved and notifications sent to you;
- You to subscribe to one of our newsletters: in this case, your email address will be used to send you our mailshots and in-house messages;
- You to ask for documentation on one of the training programs offered by HBA or one of its partners: in this case your data will be used to manage your account;
- An action to be linked to the provision of the service requested;
- The security of the service requested to be enhanced;
- The language spoken or other preferences necessary to the provision of the service requested to be saved;
- Operation of the media player (audio or video) corresponding to specific content requested;
- Identification for a restricted space;
- Load balancing;
- The site to be adapted to users’ requests.
We draw your attention to the fact that deleting cookies is liable to deteriorate the access to the sites and the services they offer.
Audience measurement cookies which enable:
- Measurement of the audience of the different content items and pages on the websites, analysis of the clickstreams to reach them and browsing behavior, compilation of statistics. HBA uses the Google Analytics service by Google Inc., for which the User can find the conditions of use here . The data resulting from these cookies linked to the use of the sites will be transferred and stored by Google on its servers, mainly in the United States. Google will use these data to provide other services relating to the activity of the site and the use of the internet. The data are retained for 14 months. It is possible to install a Google Analytics opt-out browser add-on
“Social media” cookies which enable:
- The enablement of the “share” and “like” buttons that feature on LinkedIn and Twitter, lists of tweets (Twitter), videos broadcast on the site (YouTube, Dailymotion, iTunes) and animated presentations. These features operate thanks to third party cookies deposited directly by those third parties which are liable to make identifications thanks to this type of button, whenever a page is consulted and a connection to the social media is active (a session is opened).
CHOICE AND DELETION OF COOKIES ON OUR WEBSITES
The User can disable the use of these cookies by altering the settings on their internet browser.
The browser must be configured to refuse or delete certain cookies. The links below show how to change cookie settings for the different browsers:
This confidentiality policy is liable to be amended or adapted at any time in the event of changes in the law, case law or usages.
- MORE INFORMATION
For more information, please write to firstname.lastname@example.org
For any other information on data protection, the User can visit the CNIL site: www.cnil.fr