Privacy Policy

The purpose of this policy is to inform users of the websites and services of the measures and commitments taken by EKLYA to ensure the protection of their personal data.

Regulation (EU) 2016/679 of 27 April 2016, known as the General Data Protection Regulation (GDPR), is the European reference text on the protection of personal data.

EKLYA undertakes to implement the necessary measures to ensure that the collection and processing of your personal data complies with the GDPR and the French Data Protection Act.

Data collected

Personal data may be collected when users:

  • Browse our website;
  • Send a question via the contact form;
  • Contact reception;
  • Apply for and/or register for training;
  • Subscribe to a newsletter;
  • Register for events;
  • Request a quote;
  • Make an online purchase;
  • Respond to surveys.

Data may also be collected from our partners.

Purposes of collection and legal bases

The purposes for which the data is collected are defined, legitimate and respected throughout the processing period.

It is mainly collected and processed in order to:

  • Provide training;
  • Respond to questions and requests;
  • Communicate information about events and commercial offers, surveys;
  • Ensure the functioning and security of our websites, improve their content and functioning, and adapt them to requests (cookies);
  • Perform anonymised statistical calculations, except to respond to authorities or institutional bodies.

The data collected is limited to that authorised by law and necessary to achieve the stated purposes. The legal basis for this processing is:

  • The educational missions delivered by EKLYA;
  • The fulfilment of its pre-contractual and contractual commitments;
  • Its legitimate interest in developing its relationships with its customers, prospects and partners.

Recipient

The personal data collected by EKLYA is intended solely for use by its departments and is directly related to their activities. It may be disclosed externally in order to comply with legal and regulatory obligations: institutional bodies, technical service providers or funders of our programmes, exclusively within the scope of their respective responsibilities.

Retention of personal data

EKLYA retains personal data only for the period necessary for the processing operations carried out.

Personal data used for communication purposes is retained for 3 years from the moment the individual interacts with EKLYA. In accordance with its legal or contractual retention obligations, EKLYA may be required to retain personal data for a longer period.

In the event of unsubscribing from newsletters or various communications, personal data used to contact the individual is retained in our unsubscribe list to ensure that they no longer receive such communications.

Personal data security

EKLYA has implemented measures to ensure the protection of the confidentiality and security of personal data collected in the course of its activities. EKLYA also ensures that its technical service providers who may have access to personal data respect the same confidentiality.

In order to guarantee the protection of information processed via the Regional Information System, in particular to ensure that this information is not damaged, distorted or communicated to third parties or persons not authorised to access it, the Regional Information Systems Department implements the following security measures:

  • Management of personalised and restricted access rights to resources,
  • Securing the network, servers and workstations (firewall, anti-virus, anti-spam, VPN interconnection, use of SSL/TLS or HTTPS protocols),
  • Securing physical access to premises (personalised badge, traceability of access to the server room, key-protected distribution rooms),
  • Implementation of a server and database backup policy,
    Raising employee awareness of IT usage and risks (awareness meetings, IT charter).

In order to ensure an adequate level of security, the Regional Information Systems Department has implemented an IT risk analysis process based on the EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) method, an IT security risk management method that complies with the RGS and the latest ISO 27001, 27005 and 31000 standards.

Exercising rights

All individuals have:

  • the right to access and rectify their personal data, enabling them to have it corrected, completed, updated or deleted;
  • the right to request the restriction of the processing of their personal data;
  • the right to object to the processing of their personal data.

These rights may be exercised by contacting EKLYA’s Data Protection Officer (DPO) (enclosing a copy of proof of identity):

Postal address: EKLYA, 11 Chemin du Petit Bois, 69130 Ecully, France

Email address: eklya@lyon-metropole.cci.fr

In addition, a complaint may be lodged with the CNIL at any time (www.cnil.fr – 3 place de Fontenoy, 75007 Paris).

To learn more about EKLYA School of Business's personal data protection policy

For further information on EKLYA’s personal data protection policy, please contact the DPO.

In the event of any changes or updates, the revised policy will be posted on the website with the date of the last update. You should therefore check this website regularly to stay informed of any changes or updates to EKLYA’s personal data protection policy.

Date of last update: 18 November 2024