MYINSEAD
---
Personal Data Protection Charter
---
Contents
1 Why is this Charter important?
2 Glossary of the main legal terms used in this charter
3 Who is responsible for use of your data in the framework of your
relationship with our departments?
4 Why do we collect your personal data and on what grounds?
5 What personal data do we collect?
6 Who do we share your personal data with?
6.1 Sharing your personal data with INSEAD affiliates
6.2 Sharing of your personal data with our partners
6.3 Other sharing
7 How long do we keep your personal data?
8 Hyperlinks to external sites
9 What are your rights over your personal data and how can you
exercise them?
9.1 Access right
9.2 Correction right
9.3 Deletion right
9.4 Right to be forgotten
9.5 Right to restrict processing
9.6 Objection right
9.7 Right to digital death
9.8 Portability right
10 Is your personal data sent abroad?
10.1 Data transfer within Europe
10.2 Data transfer outside Europe
11 Data security
12 Do you wish to contact us about this Personal Data Protection
Charter and/or make a complaint to a personal data protection
authority?
2
12.1 Do you have a question or suggestion concerning this Personal
Data Protection Charter?
12.2 Do you feel that we are not adequately protecting your personal
data?
12.3 Submitting a complaint to CNIL, the French data protection
authority
13 How do you know if this Personal Data Protection Charter has
been amended?
1 WHY IS THIS CHARTER IMPORTANT?
Your privacy is a priority for INSEAD. We are committed to protecting the
personal data of our customers, prospects and online users (hereinafter
“you”), to processing it with the utmost care and ensuring it has the best level
of protection in accordance with Regulation 2016/679 of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data
and on the free movement of such data (“the GDPR”) and the Law of 6
January 1978 as amended (hereinafter “French law”).
This charter informs you about:
The personal data we collect about you and the reasons for that
collection,
The conditions for use of your personal data,
Your rights over your personal data and how to exercise them
INSEAD operates this platform, accessible to authorised individuals at the
URL address https://my.insead.edu (hereinafter “the Site”).
During your browsing and interaction with the Site or with INSEAD, INSEAD
may need to collect and process personal data about you, in the capacity of
data controller.
2 GLOSSARY OF THE MAIN LEGAL TERMS USED IN THIS
CHARTER
Terms
frequently
used in this
Charter
Definitions provided
by the GDPR
Explanations of terms in
everyday language
Personal data
(hereinafter
“personal
data”)
Any information relating
to an identified or
identifiable natural
person (hereinafter a
"data subject"); an
"identifiable natural
person" is considered to
All types of information
relating to a natural person,
i.e. an individual, directly or
indirectly identifiable as a
person distinct from other
persons.
3
be a natural person who
can be identified,
directly or indirectly, by
reference to an identifier
such as a name,
identification number,
location data, an online
identifier or one or more
elements specific to
his/her physical,
physiological, genetic,
psychic, economic,
cultural or social
identity.
For example: a name, a
photo, a finger print, an email
address, a telephone
number, a social security
number, an IP address, a
voice recording, your
browsing data on a website,
data linked to an online
purchase, etc.
Data
protection
officer
The notion of data
protection officer is not
defined by the GDPR.
The data protection officer
(DPO) is responsible within
the company for compliance
with the GDPR and
applicable national laws as
well as our policies and
practices for managing your
personal data. He/she is also
responsible for liaising with
the supervisory authorities.
The DPO is your first point of
contact for any request
concerning your personal
data.
Processing
Any operation or group
of operations whether or
not they are carried out
with the aid of
automated processes
and applied to data or
personal data sets, such
as the collection,
recording, organisation,
structuring,
conservation,
adaptation or alteration,
retrieval, consultation,
use, disclosure by
transmission,
dissemination or
otherwise making
available, alignment or
combination, blocking,
erasure or destruction;
Any use of personal data,
regardless of the process
used (recording, organising,
conservation,
modification, reconciliation
with other data, transmission,
etc. of personal data).
For example, use of your data
for the purposes of order
management, delivery,
sending newsletters, etc.
Data
controller
The natural person or
legal entity, the public
authority, the agency or
other body which, alone
or in conjunction with
others, determines the
processing purposes
and methods.
The person, public authority,
company or organisation
which manages your data
and decides how it is used,
including deciding whether to
create or delete a process
and determining why your
data will be processed and to
whom it will be transmitted.
4
The data controller is the
main party responsible for
compliant protection of your
data.
Subcontractor
The natural person or
legal entity, public
authority, agency or
other body which
processes personal
data on behalf of the
controller;
Any natural person or legal
entity that carries out
processing tasks on the
instructions and under the
responsibility of the data
controller.
3 WHO IS RESPONSIBLE FOR USE OF YOUR DATA IN THE
FRAMEWORK OF YOUR RELATIONSHIP WITH OUR
DEPARTMENTS?
The data controller responsible for processing your personal data is INSEAD,
an Association Loi de 1901 (a non-profit association under French law) and
a private higher education institution whose registered office is at Boulevard
de Constance, 77305 Fontainebleau Cedex, France, declared to the
prefecture of Paris, France, under number 59/849 on 28/08/1959, tel:
01.60.72.40.00, email address: legal.depart[email protected] (hereinafter
“INSEAD” or “us”).
INSEAD has appointed a data protection officer in the person of Erika
Gudjonson. She is particularly responsible for independently ensuring
internal application of the rules governing protection and management of your
data and liaison with the supervisory authorities. Here are the contact details
for Erika Gudjonson:
Mrs Erika Gudjonson
INSEAD
Department of Legal Affairs
Boulevard de Constance
77305 Fontainebleau
France
4 WHY DO WE COLLECT YOUR PERSONAL DATA AND ON WHAT
GROUNDS?
We collect personal data about you for various reasons.
In general terms, INSEAD collects and uses your personal data to function
effectively and optimise your experience with its departments. Generally, this
processing is necessary for:
- the management, processing and tracking of your requests for the
attention of INSEAD, with some of these operations being necessary
to perform contractual or pre-contractual measures taken at your
request (as part of a job application or a training programme or
following a request to register for an event);
5
- to pursue INSEAD’s legitimate interests in the framework of
management and supervision of admissions to our training
programmes, the management and organisation of its prospecting,
canvassing and communication operations and marketing generally;
You should also be aware that we can only collect and use your personal
data if that use is based on one of the legal grounds determined by the GDPR
(e.g. your consent or performance of a contract concluded with us).
The table below specifically lists the purposes for use of your personal data
by INSEAD, based on one or more of the following legal grounds:
Your consent
Performance of a contract concluded with you
Compliance with a legal obligation
Safeguarding your vital interests
Performance of a public service mission
Legitimate interests of INSEAD in collecting your personal data.
Purposes of collecting your personal data
Main purposes:
Relationship management with and amongst alumni
Management and organisation of events
Prospecting
Screening and Fundraising
Student management (before arrival on campus / administrative
management)
Pedagogical management and organisation of the courses
Conducting surveys amongst students
Career services
6
Other purposes:
Site management
Management of the Site, including:
- access to and benefit of the Site functionalities;
- understanding and study of users’ use of the Site and their
browsing behaviour in order to improve our online
communications;
- improvement of optimisation of Site content quality and
functionalities;
- Site administration, particularly for the purposes of security, and for
identification and diagnostic of problems which may affect
Site servers;
- completion and preparation of studies, analyses, reports and
statistics, particularly concerning the Site audience or users’
browsing of the Site;
- management and processing of requests from Site users and,
more generally, INSEAD's contacts, in order to exercise their
personal data protection rights
Laws and regulations
Compliance with legal and regulatory obligations, particularly resulting
from INSEAD's activity.
5 WHAT PERSONAL DATA DO WE COLLECT?
Your personal data is particularly collected and processed, entirely or
partially, when you browse the Site and enter information in its data collection
forms (brochure requests, registration for events, applications for our training
programmes, etc.) and, more generally, in the framework of your relations
and exchanges via the Site and subsequent (online or offline) communication
with INSEAD.
Generally, your data is therefore collected directly from you under the
circumstances mentioned below.
In addition to that information, you are informed that the data we collect and
process about you may be enhanced by us via information sources (other
web platforms provided by INSEAD, rental of files, recommendations or
information from third parties, etc.).
Within the Site, you are informed of the compulsory nature of providing your
personal data on each collection form by the presence of an asterisk
7
alongside the relevant field(s). Where no asterisk is present, the requested
information is optional.
If the compulsory information is not entered, the request associated with that
collection of personal data (e.g. brochure request, registration for an event,
application for a training programme, etc.) may not be able to be processed
or its processing may be delayed.
In respect of optional information requested, they are generally designed to
provide us with a better knowledge of Site users and their preferences.
INSEAD encourages users to provide this information in order to help ensure
that the contents of our Site remain relevant to your interests and needs.
6 WHO DO WE SHARE YOUR PERSONAL DATA WITH?
In the course of our activities, we may need to share your personal data.
Obviously, whenever we do so we always ensure optimal protection of your
personal data.
6.1 Sharing your personal data with INSEAD affiliates
We may transmit your personal data to INSEAD affiliates. Since we wish to
be as transparent as possible, below you will find a list of INSEAD affiliates
with whom we share your data and their locations.
Recipients involved
in sharing your
personal data
Representatives and
branches of INSEAD in
France
Representatives and
branches of INSEAD
around the world
8
6.2 Sharing of your personal data with our partners
Any of our service providers and contractual and commercial partners that
may be involved in processing the above-mentioned personal data may have
access to your personal data. We may also share your data with external
institutions for the purpose of participating in university/school rankings.
6.3 Sharing of your personal data with the INSEAD Alumni
Association (IAA)
INSEAD is sharing your personal data with the IAA to facilitate and promote
contacts among alumni and cooperation among national associations and
clubs of INSEAD alumni.
We also transmit your data to the IAA to maintain and tighten relationships
between INSEAD and alumni and with the students of and participants in
INSEAD programmes.
6.4 Other sharing
With public authorities, in response to legal requests, including to respond to
national security requirements or application of the law.
In the context of a transaction, such as a merger, acquisition, consolidation
or sale of assets, we may need to share your personal data with buyers or
sellers.
7 HOW LONG DO WE KEEP YOUR PERSONAL DATA?
INSEAD has determined precise rules concerning how long we retain your
personal data. This length of time varies depending on the different purposes
and must take into account any legal obligations to retain some of your data.
The retention time within INSEAD has been defined to allow us to process
your requests (brochures, contacts, registration for an event, job application
or registration for a training programme, etc.), manage and monitor them
and/or complete our prospecting, canvassing loyalty-building,
communication and marketing operations, while complying with the principle
of proportionality according to which personal data must not be retained for
longer than necessary to fulfil the purpose for which it was collected.
It is nevertheless specified that all of this data may be retained for longer than
the lengths of time mentioned in this article:
either with your consent;
9
or in the form of archives, to respond to any legal or regulatory
obligations applicable to INSEAD or for the legal limitation or
objection periods.
or in the form of data reused for the purposes of logs, statistics or
research.
8 HYPERLINKS TO EXTERNAL SITES
This Site includes links to third-party websites. Those sites are not managed
or updated by INSEAD and are therefore not covered by this charter. INSEAD
does not have any control over the content of those websites, nor over their
confidentiality policies, their use of personal data, use of cookies, or the way
in which they collect, process and store that data. You are therefore advised
to consult the terms and conditions for collecting and using personal data
established by those external sites before sending them any information.
9 WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA AND
HOW CAN YOU EXERCISE THEM?
We wish to inform you as clearly as possible of your rights over your personal
data. We would also like to make it as easy as possible for you to exercise
those rights.
Below you will find a summary of your rights with a description of how to
exercise them.
9.1 Access right
You can ask us to access all of the following information concerning:
The categories of personal data we collect about you,
The reasons we use it,
The categories of persons to whom your personal data has been or
will be communicated, particularly persons located outside Europe,
The length of time we retain your personal data in our systems,
Your right to ask us to correct or delete your personal data or limit the
use we make of your personal data and your right to object to that
use,
Your right to file a complaint with a European data protection
authority,
Information concerning their source, when we have not collected your
personal data directly from you,
The way in which your personal data is protected when it is
transferred to non-European countries.
10
To do this, please simply contact us via email at the address 5555-
itservicedesk@insead.edu, with the subject line “access right: personal data”,
attaching a copy of your identity document showing your signature as well as
a brief description of the information you want to access. Unless you indicate
otherwise, you will receive the information requested free of charge in
electronic format within one month of receipt of the request, two months in
the case of a request requiring more in-depth research
If you are unable to access your information by email, you can send us your
request by post at the following address:
INSEAD
Boulevard de Constance,
77305 Fontainebleau,
France
In the case of a written request, it must be signed and accompanied by a
copy of your identity document bearing your signature. The request must
specify the address to which the response should be sent. A response will
then be sent to you within one month following receipt of the request, two
months in the event of a request requiring more in-depth research or in the
event that INSEAD receives an excessive number of requests.
9.2 Correction right
You can ask INSEAD to correct and/or update your personal data.
You simply need to send an email to 5555-itserviced[email protected] stating
your full name and with the subject line “correction right: personal data”, along
with a copy of your identity document showing your signature
Also do not forget to indicate the reason for contacting us in the body of your
email, i.e. correction of inaccurate information and the information to modify,
with proof of the correct information where relevant and if you have it.
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a copy of your
identity document bearing your signature. The request must specify the
address to which the response should be sent. A response will then be sent
to you within one month following receipt of the request, two months in the
event of a request requiring more in-depth research or in the event that
INSEAD receives an excessive number of requests.
9.3 Deletion right
You can also contact us at any time to ask us to delete your personal data
held by us, in one of the following situations:
Your personal data is no longer necessary in respect of the reasons
for which it was collected or otherwise processed;
You have withdrawn the consent you provided as a basis for
processing your personal data by INSEAD;
For your own reasons, you consider that one of the forms of
processing infringes your privacy and causes you excessive harm;
11
You no longer wish to receive marketing communications from us;
Your personal data is not processed in accordance with the GDPR
and French law
Your personal data must be deleted to comply with a legal obligation
stipulated in European Union law or national law applicable to
INSEAD;
Your personal data has been collected as the result of an offer by a
website aimed at children.
You simply need to send an email to 5555-itserviced[email protected] stating
your full name and with the subject line “deletion right: personal data”,
attaching a copy of your identity document showing your signature. Also do
not forget to indicate the reason for contacting us in the body of your email
(e.g. deletion of your data when you have withdrawn the consent you
provided as a basis for processing your personal data).
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a photocopy of
your identity document bearing your signature. The request must specify the
address to which the response should be sent. A response will then be sent
to you within one month following receipt of the request, two months in the
event of a request requiring more in-depth research or in the event that
INSEAD receives an excessive number of requests.
However, it may be that we are unable to accede to your request to be
forgotten. It should be remembered that this right is not absolute. We need to
weigh it against other important rights and values, such as freedom of
expression, compliance with a legal obligation applicable to us or important
public interest reasons.
9.4 Right to be forgotten
Our Site may contain personal data concerning you. If you no longer wish for
it to be displayed, you can ask us to delete it in one of the following situations:
Your personal data is no longer necessary in respect of the reasons
for which it was collected or otherwise processed;
You have withdrawn the consent you provided as a basis for
processing your personal data by INSEAD;
For your own reasons, you consider that one of the forms of
processing infringes your privacy and causes you excessive harm;
You no longer wish to receive marketing communications from us;
Your personal data is not processed in accordance with the GDPR
and French law
Your personal data must be deleted to comply with a legal obligation
stipulated in European Union law or national law applicable to
INSEAD.
12
We are also obliged to take reasonable measures to inform other companies
(data controllers) that process the personal data for which you have asked
for all links and copies to be deleted.
To have information about you on our website deleted, simply send an email
to 5555-itservicedesk@insead.edu stating your full name and with the subject
line “right to be forgotten: personal data”, attaching a copy of your identity
document showing your signature. Also do not forget to indicate the reason
for contacting us in the body of your email, along with the precise web
address (URL) of the page in question.
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a photocopy of
your identity document bearing your signature. The request must specify the
address to which the response should be sent. A response will then be sent
to you within one month following receipt of the request, two months in the
event of a request requiring more in-depth research or in the event that
INSEAD receives an excessive number of requests.
However, it may be that we are unable to accede to your request to be
forgotten. It should be remembered that this right is not absolute. We need to
weigh it against other important rights and values, such as freedom of
expression, compliance with a legal obligation applicable to us or important
public interest reasons.
9.5 Right to restrict processing
You have the right to ask us to restrict your data, i.e. marking your personal
data held by us (e.g. b y temporarily moving your data to another processing
system or locking your data to make it inaccessible), in order to restrict its
future use.
You can exercise this right when:
the accuracy of the data in question is disputed;
Your personal data is not processed in accordance with the GDPR
and French law;
the data is no longer necessary to fulfil the initial purposes but cannot
yet be deleted for legal reasons (e.g. official recording, the exercise
or defence of your rights in legal proceedings);
a decision concerning your processing objection is pending.
In the case of a restriction on processing, your personal data shall no longer
be subject to any processing without your prior agreement, with the exception
of its retention (storage).
Your personal data may still be processed for the purpose of official
recording, the exercise or defence of your rights in legal proceedings, or to
protect the rights of another natural person or legal entity, or else on important
grounds of public interest in the European Union or Member State.
In the case of a restriction on processing of some of your personal data, we
will keep you informed of the date when the measure will be lifted.
13
You simply need to send an email to 5555-itserviced[email protected] stating
your full name and with the subject line “restriction right: personal data”, along
with a copy of your identity document.
Also do not forget to indicate the reason for contacting us in the body of your
email.
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a copy of your
identity document. The request must specify the address to which the
response should be sent. A response will then be sent to you within one
month following receipt of the request, two months in the event of a request
requiring more in-depth research or in the event that INSEAD receives an
excessive number of requests.
9.6 Objection right
You have the right to object to us processing your personal data if, for your
own reasons, you consider that one of the forms of processing infringes your
privacy and causes you excessive harm. You cannot prevent us from
processing your data:
if its processing is required to conclude or perform your contract. For
example, your data must be processed to validate your registration
with INSEAD;
if its processing is required by law or a regulation. That is particularly
the case when you move to another address;
if its processing is required to officially record, exercise or defend
rights in legal proceedings.
You can object to the use of your personal data for the purposes of marketing
communications and particularly advertising. You can also object to profiling
if it is linked to marketing communications (e.g. when we send you
personalised content).
You simply need to send an email to 5555-itservicedes[email protected] with
the subject line “objection right: personal data”, attaching a copy of your
identity document showing your signature.
It is important to include the reasons for your objection request.
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a photocopy of
your identity document bearing your signature. The request must specify the
address to which the response should be sent.
INSEAD has two months to respond to your objection request. If your request
is imprecise or does not include all the information enabling us to fulfil your
request, we will contact you to ask for further information within that time.
However, it may be that we are able to accede to your request. In that case,
we will of course provide you with as clear a response as possible.
Furthermore, any emails and newsletters which may be sent to you will
contain a link you can click on to stop receiving promotional information from
us.
14
Specifically in relation to your right to object to marketing communications,
we remind you that our marketing partners are responsible for their use of
your personal data and taking into account your rights, including to no longer
receive offers from them.
9.7 Right to digital death
You have the option to send us instructions relating to the retention, deletion
and communication of your personal data after your death. Those instructions
may also be recorded with a “certified digital trusted third party”. Those
instructions, a sort of “digital will”, may appoint a person responsible for their
execution or, failing, that your heirs will be appointed.
In the absence of any instructions, you heirs may contact us to:
Access the processing of personal data in order to “organise and
settle the deceased’s estate”;
Receive communication of the “digital goods” or “personal data
containing family memories, transferable to the heirs”;
Close your personal account on the Site and object to the continued
processing of your personal data.
In any case, you have the option of informing us, at any time, that you do not
want your personal data to be communicated to a third party after your death.
9.8 Portability right
This right gives you the possibility of more easily managing your personal
data yourself, specifically:
retrieving your personal data processed by us, for your personal use, and
storing it on a device or in a private cloud for example.
transferring your personal data from us to another company, either by you,
or directly by us, subject to that direct transfer being “technically possible”.
That right covers both your actively and knowingly declared data, such as
your data supplied to create your online account (e.g. email address,
username, age) and the information collected by INSEAD.
Conversely, personal data derived, calculated or inferred from data you have
supplied, e.g. the results of a medical examination, is excluded from the
portability right since it has been created by INSEAD.
You simply need to send an email to 5555-itserviced[email protected] stating
your full name and with the subject line “portability right: personal data”,
attaching a copy of your identity document showing your signature. Do not
forget to indicate in your email the files concerned and the type of request
(data retrieval and/or transfer to a new service provider).
You can also exercise this right by sending us a letter to the following
address: INSEAD, Boulevard de Constance, 77305 Fontainebleau, France.
Your written request must be signed and accompanied by a photocopy of
your identity document bearing your signature. The request must specify the
address to which the response should be sent. A response will then be sent
to you within one month following receipt of the request, two months in the
15
event of a request requiring more in-depth research or in the event that
INSEAD receives an excessive number of requests.
You should be aware, however, that INSEAD is entitled to refuse your
portability request. In fact, this right only applies to personal data based on
your consent or performance of a contract concluded with us (for more details
of personal data covered by the portability right: click on the Purposes and
Grounds section). Similarly, this right may not infringe on third-party rights
and freedoms, whose data may be contained in the data transmitted following
a portability request.
10 IS YOUR PERSONAL DATA SENT ABROAD?
10.1 Data transfer within Europe
Personal data benefits from the same level of protection within the European
Economic Area.
We process your personal data on IT servers located in the EEA.
10.2 Data transfer outside Europe
INSEAD transfers, processes and stores your information on IT servers
located in a number of countries outside Europe as set out in the table below.
You should be aware that protection of privacy and rules allowing authorities
to access your personal data in those countries are not necessarily
equivalent to those in Europe.
In order to ensure standards are adhered to in terms of data and privacy
protection, we impose technical and legal guarantees on all our partners.
11 DATA SECURITY
INSEAD takes all useful and appropriate physical, logical, technical,
functional, administrative and organisational precautions and measures to
guarantee the security of your personal data, with regard to the state of the
art, implementation costs and the nature, extent, context and purposes of the
processing, as well as the risks, whose degree of likelihood and severity vary,
to the rights and freedoms of natural persons, to preserve data security and
confidentiality and guarantee a level of security appropriate to the risks, and
particularly to prevent the data being distorted, damaged or accessed by
unauthorised third parties.
Due to the difficulties inherent in exercising an activity on the internet and the
risks, of which you are aware, resulting from the electronic transmission of
data, INSEAD may not be bound by a performance obligation.
In the event that difficulties occur, INSEAD shall do its utmost to circumvent
the risks and shall take all adequate measures, in accordance with its legal
and regulatory obligations (corrective actions, informing the national authority
responsible for personal data protection and, where relevant, data subjects,
etc.).
16
In the event that all or part of the personal data processing is subcontracted,
INSEAD contractually imposes security guarantees on its subcontractors,
particularly in terms of confidentiality in respect of the personal data to which
they may have access (appropriate technical and organisational measures to
protect that data).
12 DO YOU WISH TO CONTACT US ABOUT THIS PERSONAL DATA
PROTECTION CHARTER AND/OR MAKE A COMPLAINT TO A
PERSONAL DATA PROTECTION AUTHORITY?
12.1 Do you have a question or suggestion concerning this Personal
Data Protection Charter?
Please let us know by contacting us here (legal.dep[email protected]) or
by post at:
INSEAD
Boulevard de Constance,
77305 Fontainebleau,
France
We would be delighted to hear from you and it will be a pleasure to respond
as soon as possible.
12.2 Do you feel that we are not adequately protecting your personal
data?
If you believe that INSEAD does not process your personal data in
accordance with the GDPR and French law, you are entitled to complain to:
The data protection authority in the European country in which you
habitually reside, or
The data protection authority in the European country in which you
work, or
The data protection authority in the European country in which the
GDPR violation was committed.
12.3 Submitting a complaint to CNIL, the French data protection
authority
You can submit a complaint directly via the CNIL website by clicking here.
Or by writing to the following address:
Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
17
13 HOW DO YOU KNOW IF THIS PERSONAL DATA PROTECTION
CHARTER HAS BEEN AMENDED?
This Personal Data Protection Charter may be amended at any time,
particularly to take account of any changes to the law or regulations or
changes to our services.
Major changes made will be notified via our Site or by email, as soon as
possible and at least 30 days before they come into force.
When we publish changes to this Charter, we will revise the “last updated on”
date at the top of the confidentiality policy.
We encourage you to regularly consult this Charter to find out how INSEAD
is protecting your personal data.
Last updated on: 07.03.2019.