Personal Data Protection Policy

The Institut d’Économie Scientifique Et de Gestion, IÉSEG – School of Management, is a non-profit organization pursuant to the French Law of 1901 and one of the leading management schools. Its head office is located at 3 rue de la Digue, 59000 Lille (FRANCE), and its company number is 783 707 052 00032 (hereinafter referred to as “IÉSEG”).

IÉSEG takes personal data protection very seriously.

This Personal Data Protection Policy is one of the methods used to ensure that the services IÉSEG offers its students, employees and partners are of the highest standards. IÉSEG is committed to managing the information it collects in a secure and responsible manner.

To ensure it functions properly and achieves its goals, IÉSEG is required to process personal data relating to its prospects, candidates, graduates, students, employees, suppliers and partners (as well as the employees of its prospects, suppliers and partners).

When you use IÉSEG’s website, download a brochure, apply for a program, or if you have a contractual relationship with IÉSEG, you are sending IÉSEG personal data belonging to you and/or authorizing it to collect and process it.

IÉSEG is committed to processing your data in accordance with the legislation covering personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), as well as Law 78-17 of 6 January 1978 (Loi Informatique et Libertés – Data Protection Act) as amended.

Data Controller

The data controller is IÉSEG at 3, rue de la Digue, 59000 Lille (FRANCE), represented by its Chairman.

IÉSEG has appointed a Data Protection Officer who can be contacted by using the online form available here or by sending a letter to IÉSEG.


>Personal data” refers to information relating to an identified or identifiable natural person (surname, forename, photo, email address, data obtained by cross-referencing anonymous information).

>Processing” refers to any operation involving personal data, regardless of the method used (automated or otherwise).

>Data Controller” refers to the natural or legal person who determines the purposes and means of processing personal data. Regarding this policy, the data controller is IÉSEG.

>Data Processor” refers to any natural or legal person who processes personal data on behalf of the controller. In practice, these are service providers that IÉSEG works with and who handle personal data.

>Data Subject” refers to any individual whose personal data is processed by an organization. At IÉSEG, these include prospects, candidates, students, participants, graduates, professors, collaborators and partners, etc.

>Recipients” are natural or legal persons who receive personal data. At IÉSEG, these include a variety of departments, employees and external bodies (partners, social organizations, etc.).

>Graduate” refers to any person who has completed an IÉSEG course and validated the end of his/her training.

>Prospect” refers to any person interested in a course or event offered by IÉSEG.

>Candidate” refers to any person who has applied for an IÉSEG program.

>Student” refers to any person taking an IÉSEG course.

>Employee” refers to any person who has an employment contract with IÉSEG.

>Partner” refers to any person or company acting as a participant, customer, supplier, subcontractor or co-contractor.

Which types of information are collected?

The types and quantity of data collected vary depending on your relationship with IÉSEG (prospect, candidate, student, employee, partner, graduate, other):

> Your name and contact details: including any information enabling us to contact you: your surname, forename, home address, email address and phone number.

> Demographic information: your date of birth, gender, nationality and marital status.

> Information required for enrollment: this includes a copy of your identity card or passport, your student number, your scholarship level, a photograph, etc.

> The name and contact details of an emergency contact person (legal representative for minors).

> Information relating to your education: your academic background at the time of your application/admission to IÉSEG, as well as transcripts and other information gathered during your time at IÉSEG.

> Information relating to your education and career path: your professional contact details, CV, job title, skills and expertise, your career history.

> Login credentials: information you need to authenticate yourself and access your personal accounts/pages.

> Browsing information: you are interacting with our websites when you use them. We collect certain information about your browsing activities.

> Financial and accounting information: This includes information such as bank details, account holder number and name, guarantor, etc., which may be processed as when paying enrollment fees.

How is this information collected?

> when you log in to IÉSEG website (
> when you download a brochure or request information
> when you apply for and/or enroll for a program
> during your academic career
> during meetings at events (trade fairs, forums, etc.)
> during site visits
> from your recruitment at IÉSEG and throughout your career at IÉSEG
> for the purposes of contractual and partner relation.

Indirectly from:
> our partners (organizers of physical and virtual events, for example)
> social networks (IÉSEG does not use private data and information without the prior consent of the individual, even when it has already been made public and disseminated by IÉSEG on social networks, or when it is provided by partners).

Why is this information collected?

Depending on the case, IÉSEG processes your personal data for the following purposes:

> to provide services and requested documents (brochures), and to answer questions.

> to promote IÉSEG’s programs and services.

> to select and manage candidates using Parcoursup* and other application methods.
*Web platform designed to collect and manage the higher education requests and applications of future French students.

> to negotiate and execute contracts: administration and accounting management of your records and management of your relationship with IÉSEG.

> to manage your studies at IÉSEG; to constitute your application process, organize courses and exams and track your results, internships and international exchanges.

> to provide internal services such as access to libraries and the sports department.

> to produce official documents relating to contractual and partner relationships enabling them to be executed and monitored.

> to create marketing campaigns.

> to manage attendance of IÉSEG events.

> to produce statistical reports and surveys.

> to enable IÉSEG to comply with its obligations regarding to supervisory bodies (accreditation procedures, ministerial inquiries, etc.).

> in studies and research carried out by IÉSEG professors (whether salaried or not).

> in proposals for services provided by the Alumni association IÉSEG Network.

> in dispute resolution; IÉSEG may need to process personal data in order to respond to claims or to defend its rights in court cases.

> in the implementation of security measures for people and property (video surveillance, access badge management, login logs).

Who receives your data?

Depending on your profile, the following people may access your data:
> IÉSEG staff dealing with prospects and candidates
> staff handling partner relations
> event organization staff
> teaching, academic and research staff
> administrative, accounts, legal and HR staff
> logistics and IT staff
> security and reception staff
> controllers (purchasing, management control, etc.)
> professors, mentors and investors who advise and finance projects supported by our incubator
> the alumni association (Alumni IÉSEG Network)
> student associations and the federation
> the IÉSEG Foundation
> authorized partners (Ministries, Conférence des Grandes Écoles*, etc.)
*French association of higher education and research institutions.
> national and international certification and accreditation bodies
> IÉSEG data processors

IÉSEG Information System is centralized and used by both campuses (Lille and Paris-La Défense). The profiles of users with access to the Information System are defined on the basis of our authorization management policy and the principle of need-to-know.

Please note, however, that your personal data may be sent to any authority which is legally empowered to access it. If it is, IÉSEG cannot be held responsible for the ways in which the staff at these authorities access and use your data.

What is the legal basis for our data processing operations?

IÉSEG only collects, uses and shares your personal data in accordance with the regulations.

We may process your data either:

> because you have given your consent. For certain operations including marketing campaigns, we can use your data because you have authorized us to do so.

> to meet pre-contractual needs or to execute the contract binding you to IÉSEG (or the company that employs you at IÉSEG). IÉSEG processes your data in order to execute the contract it has concluded with you and to fulfill its obligations.

> to meet legal obligations. In some cases, we need to collect or retain certain information about you in order to meet our own legal obligations, for example in relation to taxes or security, or for Parcoursup (Decree of December 31st, 2020).

> when said processing is necessary for the performance of a task which is in the public interest.

> when said processing is in our legitimate interests. It is sometimes in IÉSEG’s legitimate interests to process your personal data, particularly regarding the administrative management of its employees and contributors.

> when processing is necessary to safeguard a person’s vital interests.

How long is the information kept for?

IÉSEG sets data retention periods according to its legal and contractual constraints and, otherwise, according to its needs.

Retention periods vary depending on a number of factors:
> IÉSEG business requirements
> the processing purposes
> contractual requirements
> legal obligations (insurance policies, tax, compulsory declarations relating to staff management, etc.)
> recommendations made by supervisory bodies.

Your data may be retained beyond the end of our contractual relationship either to protect our rights in the event of legal disputes, or to enable us to fulfill our legal obligations.
Your personal data will be permanently deleted at the end of this period.

IÉSEG keeps copies of all diplomas issued by the school in order to be able to provide official duplicates certifying the graduation and thereby guaranteeing continuity of service to all its graduates.

How do we guarantee that your information is secure?

IÉSEG regularly reviews the technical and organizational measures it uses to guarantee the security of its Information System and to prevent unauthorized disclosure, disappearance or alteration (loss of confidentiality or integrity) of your personal data.

IÉSEG undertakes:

> In the event of a breach of your personal data,
To notify CNIL (Commission nationale de l’informatique et des libertés – French Data Protection Authority) pursuant to the provisions of the GDPR.
If said breach poses a high risk to the data subject, IÉSEG will notify him or her and provide the necessary information and recommendations.

> In the event that your personal data are processed by a data processor,
To ensure that the data processor complies with its obligations under the GDPR. IÉSEG undertakes to sign written contracts with its data processors and to require them to apply the same data protection obligations as it does itself.

> In the event that personal data are transferred to a third country outside the European Union or to an international organization,
To inform the data subject of such and to ensure that his or her rights are respected in accordance with the provisions of the GDPR.
To implement the Standard Contractual Clauses approved by the European Commission and to include a Data Processing Agreement (“DPA”) in contracts signed with service providers operating in countries which are not considered to offer adequate levels of protection by the European Commission.

What are your rights regarding your data?

You have the following rights, as provided for by the legislation on the protection of personal data:

> the right to information and the right of access: you have the right to know which personal data we hold about you, to view it and to obtain a copy.

> the right to rectification: if you discover an error, you can ask us to rectify the incorrect information at any time.

> the right to cancellation: under certain circumstances you can ask us to delete your personal data. Please note that we may retain certain information about you when we are required to do so by the applicable laws and regulations and when we have a legitimate reason to do so (e.g. the performance of an existing contract, to comply with legal and regulatory obligations and to prevent legal action).

> the right to object: in certain cases, you may object to the use of your personal data for certain processing operations (e.g. direct marketing campaigns).

> the right to portability: you have the right to ask us to provide you or another data controller with the personal data you have provided to us, in a structured, commonly-used machine-readable format.

> the right to restrict processing: under certain circumstances you can ask us to restrict the ways in which we use your personal data, e.g. for the time required to examine a request for rectification.

> the right to withdraw your consent (when consent is the legal basis for processing operations).

In order to handle your request we may ask you to provide proof of your identity.

Please note that you may withdraw your consent to the processing of your data for a specific purpose at any time.

How can you exercise your rights?

IÉSEG has appointed a Data Protection Officer to whom you can address any questions you may have concerning this policy and to exercise your rights.

You can contact him/her:
> using the online form available at this address:
> by sending a letter to the Data Controller’s address: IÉSEG – 3 Rue de la Digue – 59000 Lille (FRANCE)

Furthermore, if you believe that your rights have been breached or that your personal data has been processed in a way that does not comply with the GDPR, you have the right to lodge a complaint with the relevant supervisory body:

CNIL – Commission Nationale de l’Informatique et des Libertés
either at the URL
or by post: 3 Place de Fontenoy – TSA 80715 – 75334 Paris CEDEX 07 (FRANCE)

Changes to the Data Protection Policy

This data protection policy was updated on November 17th, 2023; it may be modified or amended at any time, especially in order to comply with changes in legislation or case law.


Cookies are used to facilitate navigation on the site and to streamline registration or audience measurement procedures. Your computer may be configured to accept cookies. However, you can change this setting to refuse it and we suggest you do so if you are concerned about using cookies. When you visit our website, we collect and retain certain “user information” details, such as the name of the domain, Internet Protocol (IP) address, the date and time of your visit, and the URLs from which you entered our site. We use this information to analyze and measure traffic to our site and to help us make it more user-friendly. The installation of Cookies is done for a maximal period of 13 months.

IÉSEG School of Management obtains your consent in accordance with the policies and technical specifications of the IAB Europe Transparency & Consent Framework. It uses the Consent Management Platform n°92.

You can change your choices at any time by clicking here.

You can configure your Web browser at any time in order to allow or, on the contrary, to reject the installation of Cookies, systematically or according to their issuer.

You can oppose to the registration of Cookies by configuring your Web browser as follows:

> Mozilla Firefox:
1. Choose the menu “Tool”, then “Options”
2. Click on the icon “Privacy and Security”
3. Search for the menu “Cookies and sites data” and select the desired options

> Microsoft Internet Explorer 6 and above:
1. Choose the menu “Tools”, then “Internet Options”. Click on the tab “Confidentiality”)
2. Select the level with the cursor

> Microsoft Edge:
1. Choose the icon […], then “Settings”
2. Click on the icon “View advanced settings”
3. Under Cookies section, select the desired configuration

> Google Chrome:
1. Select the icon of the Chrome menu
2. Select “Settings”
3. At the bottom of the page, select “Advanced”
4. In the section “Privacy and Security”, select “Content settings” then “Cookies”
5. Select Allow sites to save and read cookie data (recommended)

> Safari:
1. Go to the “Preferences” section, then “Confidentiality”
2. Choose to block or not the Cookies

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”) which uses cookies and similar technologies to analyze information about use of the Website and its declinations. Google collects all this information anonymously as much as possible, knowing that only anonymous information provided by Google may be stored on servers in the United States.

Google may disclose to third parties the information collected if it is required by law or for the purpose of analyzing it for its own account. In this respect, IÉSEG has no control. Each user is once again free to disable all Google Analytics services with this link: