Skip to main content

Priivacy policy

HEC Foundation Personal Data Protection Policy 

(Privacy Policy) 

The European General Data Protection Regulation (GDPR) came into effect in France on  May 25, 2018. Its purpose is to harmonize European legislation on personal data  protection by granting individuals more rights and ensuring better protection regarding  how organizations use their personal data. 

 

To carry out its activities, the HEC Foundation uses data collected from the HEC Alumni  association, HEC School, its website, or through its interactions. The Foundation has  always ensured strict confidentiality of this data and does everything possible to remain  worthy of the trust you place in it. 

 

Preamble 

 

The purpose of this policy is to inform you of the practices and conditions under which  the HEC Foundation collects and processes personal data. 

 

This policy applies to all data collected on the Foundation’s website as well as within  the context of its interactions, regardless of their nature. 

 

As data controller, the HEC Foundation undertakes to comply with the provisions of  French Law No. 78-17 of January 6, 1978 (as amended) and the General Data Protection  Regulation published in the Official Journal on April 27, 2016 and in effect since May 25,  2018. 

 

To ensure compliance, the HEC Foundation has appointed a Data Protection Officer  (“DPO”), the preferred contact for the French Data Protection Authority (CNIL) and the  internal reference on personal data protection issues. 

 

Personal data (hereafter “Data”) is defined as any information relating to an identified or  identifiable natural person. A natural person is considered “identifiable” when they can  be identified, directly or indirectly, in particular by reference to an identifier such as a  name, an identification number, location data, an online identifier, or to one or more  elements specific to their physical, physiological, genetic, psychological, economic,  cultural, or social identity. 

 

Data Collected

 

The HEC Foundation collects and processes only the data strictly necessary for the  purpose(s) for which it is processed. 

 

This data is required to register donations (civil status, identity, identification details,  payment data) and to contact donors (contact details) to provide any documentation  related to their donations. 

 

The Foundation also takes all necessary steps to ensure that your data is accurate,  complete, and, where applicable, up to date. 

 

Purposes and Legal Bases of Data Collection 

 

The HEC Foundation uses your data solely within the framework of its fundraising  activities and for specific and limited development, management, and monitoring  purposes. 

 

The main purposes are: 

  • Managing your requests 

(information, account creation, newsletters, exercising data rights) Legal basis: Legitimate interest of the Foundation (responding to received requests). 

  • Managing your applications (volunteering, employment and/or internships) 

Legal basis: Pre-contractual measures. 

  • Communication campaigns and fundraising 

Legal basis: Legitimate interest of the Foundation to communicate about its actions  and raise funds. 

  • Donation management and donor relations 

Legal basis: Legal obligations (tax receipts) and legitimate interest in maintaining donor  engagement. 

  • Managing relationships with prospects 

Legal basis: Legitimate interest in maintaining contact with potential donors, legators,  and founders. 

  • Managing relationships with service providers and suppliers

Legal basis: Contract performance and legal accounting obligations. 

  • Managing the creation and lifecycle of hosted foundations Legal basis: Contract performance. 

  • Managing and tracking bequest processing 

Legal basis: Legitimate interest in handling received bequests and ensuring traceability. 

  • Website browsing analysis 

(see Cookies section below) 

Legal basis: Legitimate interest to improve websites, services, and understand user needs. 

 

Data Recipients 

 

The HEC Foundation shares collected data only with: 

  • its internal departments 

  • its volunteers 

  • its partners (HEC School, HEC Alumni Association, or international trusts) 

  • its service providers and their staff, strictly within the scope of services they  perform on behalf of the Foundation 

All individuals accessing your data are specifically identified, authorized, and bound by  confidentiality obligations. 

 

Data Retention 

 

The HEC Foundation retains your data only for the duration necessary to achieve the  purposes for which it was collected, in compliance with applicable legislation. 

 

Transfers of Data Outside the European Union 

 

The Foundation outsources certain processing activities and may, in this context,  transfer data outside the European Union. 

 

In such cases, appropriate protections and security measures are applied:

  • either the European Commission has issued an adequacy decision recognizing  an equivalent level of protection in the recipient country; 

  • or appropriate safeguards such as Standard Contractual Clauses approved by  the European Commission are implemented. 

 

Data Security 

 

The HEC Foundation ensures the protection and security of your personal data. 

In particular, the Foundation takes the necessary technical and organizational  measures, given the nature of the data and the risks posed by its processing, to prevent: 

  • unauthorized access 

  • alteration 

  • damage 

  • disclosure 

  • destruction 

  • or improper use of your data 

The Foundation applies state-of-the-art physical, technical, and organizational security  measures to: 

  • protect personal data against unauthorized access, modification, alteration,  disclosure, or destruction 

  • safeguard its activities 

 

Cookies 

 

For information regarding the cookies used by the website  

www.campusofthefuture.hec.fr, please refer to the “Cookies Statement” available at: https://campusofthefuture.hec.fr/en/cookie-policy 

 

Your Rights 

 

Under French Law No. 78-17 (“Informatique et Libertés”) and the GDPR (EU Regulation  2016/679), you have the following rights: 

  • Right of access (Art. 15): obtain confirmation whether your data is processed  and access that data.

  • Right to rectification (Art. 16): correct inaccurate data and complete  incomplete data. 

  • Right to erasure (Art. 17): delete your data when you withdraw consent, object  to processing, when the data is no longer necessary, has been unlawfully  processed, or must be erased by law. 

  • Right to restriction of processing (Art. 18): limit processing if you contest the  accuracy of the data, if processing is unlawful, or if needed for legal claims. 

  • Right to object (Art. 21): object at any time to data processing, including  processing for profiling or marketing purposes. 

  • Right to data portability (Art. 20): receive your data in a structured, commonly  used, machine-readable format and transmit it to another controller. 

  • Right not to be subject to automated decision-making. 

If processing is based on consent, you may withdraw your consent at any time by  contacting the Foundation (see “Contact” section). 

The Foundation has one month to respond to your request. 

 

Contact 

 

For any questions about the HEC Foundation Privacy Policy, the data we hold about you,  or to exercise your rights, contact our Data Protection Officer: 

Postal mail: 

HEC Foundation – GDPR 

1 rue de la Libération 

78351 Jouy-en-Josas Cedex 

France 

Email: rgpd-fondation@hec.fr 

Contacting the Supervisory Authority 

If you wish to file a complaint or are not satisfied with the Foundation’s response, you  may contact the French Data Protection Authority (CNIL). 

If you believe your rights have not been respected after contacting the Foundation, you  may lodge a complaint with: 

CNIL 

3 Place de Fontenoy – TSA 80715 

75334 PARIS CEDEX 07 – FRANCE

 

Modifications 

 

This policy may evolve if required by legal or regulatory developments or CNIL  guidelines.