Data privacy policy

The data controller is the Association Groupe ESSEC, 3, Avenue Bernard Hirsch - 95000 Cergy Pontoise Cedex, represented by its Dean and President Vincenzo VINZI ESPOSITO.

ESSEC has appointed a Data Protection Officer whom you may contact by email or by mail at ESSEC's postal address.


  • personal data” means any information relating to an identified or identifiable natural person (surname, first name, photo, email, BID, data obtained by cross-referencing anonymous information);
  • processing” means any operation involving personal data, regardless of the process used (automated or not (paper));
  • controller” means the natural or legal person who determines the purposes and means of processing personal data. Under this policy, the data controller is ESSEC;
  • processor” means any natural or legal person who processes personal data on behalf of the controller. In practice, these are the service providers with whom ESSEC works and who are involved with personal data;
  • data subject means any natural person whose personal data are processed by an organization. At ESSEC, these are prospects, candidates, students, participants, graduates, professors, employees, partners, etc;
  • recipients” of data means the natural or legal persons who receive the personal data. For ESSEC, this includes ESSEC departments and employees as well as external organizations (partners, social organizations, etc.);
  • graduate” means any person who has completed an ESSEC course and has obtained a validation of the end of their training;
  • prospect” means any person interested in an ESSEC course or event;
  • candidate” means any person who has started an application to an ESSEC program;
  • partner” means any person or company that is a stakeholder, customer, supplier or subcontractor.


  • identity data (surname, first name);
  • contact information (email, addresses, telephone numbers);
  • identification data (IP address);
  • connection and navigation data (login/ password, login information, pages viewed, browser type, etc.);
  • for prospects: service or documentation requests;
  • for applicants: data from the application file (marital status, telephone number, addresses, bank details, parents' details, personal email, photo, degrees, curriculum vitae, level of French language (foreign students), motivational project letter, information on previous schooling, etc.);
  • for partners: partner identity data (last name, first name, job title, company name, means of contact, partner reference number, history of the partnership, company name, SIREN number, etc.), contract or partnership agreement data (accounting identification code, means of payment, invoicing method, etc.), academic data (curriculum, professional experience, areas of expertise, etc.);
  • for graduates: ESSEC email, position/ function, cohort, academic history, etc.



Direct collection from you:

  • when you log in to the ESSEC website;
  • when you download a brochure or request information;
  • when applying to a program;
  • during your academic career;
  • during meetings at events (fairs, forums, etc.);
  • during site visits;
  • within the scope of contractual or partnership relations.


Indirect collection through:

  • our partners (organizers of physical or virtual events for example);
  • social networks (ESSEC will not use private data and information without the prior consent of individuals, even if they are made public and disseminated by ESSEC on social networks or when they are provided by partners).



Depending on the circumstances, ESSEC processes your personal data for the following purposes:

  • transmit a requested service or a document (brochure) or answer a question;
  • promote ESSEC programs and services;
  • allow the applicant to create a user account in order to access the online application platform;
  • help and guide the candidate to the right program and assist them during the application period;
  • update your personal data;
  • Produce the official documents relative to the contractual or partnership relationship and allow its execution and follow-up;
  • manage your participation in an ESSEC event;
  • transmit your data to our institutional and commercial partners;
  • ensure the security of its information system and personal data;
  • carry out statistical reports or surveys;
  • manage cookies and other trackers;
  • meet its legal obligations.


The purposes of the processing are based on the condition of lawfulness generally relating to your consent to the processing of your personal data by ESSEC. ESSEC may also, as the case may be, process your personal data when it is necessary for the performance of a public interest mission, the fulfillment of a legal obligation, the contract or pre-contractual measures for the execution of the relationship between you and ESSEC, the safeguarding of your vital interests, its legitimate interest.



Depending on your profile, your data may be sent to:

  • ESSEC departments in charge of dealing with prospects or candidates;
  • the departments in charge of dealing with partner relationships;
  • the departments in charge of the organization of events;
  • pedagogical, academic and research services;
  • administrative and accounting services;
  • logistic and computer services;
  • security and reception services;
  • the departments in charge of control (Purchasing, Management Control, etc.);
  • the department in charge of personal data protection;
  • the alumni network;
  • ESSEC Foundation;
  • official partners (Ministries, Conférence des Grandes Ecoles, etc.);
  • ESSEC's subcontractors.


ESSEC may transmit, when necessary, your data to its entities ESSEC Asia Pacific (Singapore) and ESSEC Africa Atlantic (Rabat).

Furthermore, your personal data may be communicated to any authority legally entitled to know them. In this case, ESSEC is not responsible for the conditions under which the personnel of these authorities have access to and use the data.



The duration of data retention is defined by ESSEC with regard to the legal and contractual constraints that it is subject to and, if not, according to its needs.


In the event of a breach of your personal data

Notify the CNIL in accordance with the conditions as set out by GDPR.

In the event that the breach poses a high risk to prospects, applicants, graduates or partners, ESSEC will notify the affected prospects, applicants, graduates or partners and provide them with the necessary information and recommendations.


If your personal data is outsourced

Ensure the subcontractor's compliance with its obligations under GDPR. ESSEC undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on subcontractors as it does on itself.


In case of the transfer of personal data to a third country outside the European Union or an international organization

Inform the prospect, candidate, graduate or partner and ensure that their rights are respected in accordance with the requirements of the regulations on the protection of personal data.



You have the following rights:

  • right to information
  • right of access
  • right to rectification
  • right to delete (unless you have a current contract with ESSEC or ESSEC is required to meet legal or regulatory obligations)
  • right of objection
  • right to portability
  • right to limitation of processing
  • the right to withdraw your consent (where consent is the legal basis for the processing)


If you consider that the processing of your personal data does not comply with the regulations on the protection of personal data, you have the right to file a complaint with the supervisory authority at the following address:

CNIL - Service des plaintes
3 Place de Fontenoy
TSA 80715
Tel: +33 1 53 73 22 22



ESSEC has appointed a data protection officer to whom you can exercise your rights.
You can contact them by email or by mail to the address of the person in charge of processing:

Association Groupe ESSEC
ESSEC Business School
3 avenue Bernard Hirsch
CS 50105 CERGY


This data protection policy may be modified or amended at any time in the event of changes in law, jurisprudence or usage.