EFAP brochures Brochures Contact EFAP Get in touch Join EFAP Join EFAP

Privacy Policy

The website https://www.efap.com/ is operated by GROUPE EDH SAS, a simplified joint-stock company with share capital of €285,000, registered with the Paris Trade and Companies Register under number 381 224 054, whose registered office is located at 63 rue Pierre Charron, 75008 Paris, hereinafter referred to as “GEDH”, represented by its legal representative, Mr. Amin KHIARI.

Users of the Site are invited to carefully read this Privacy Policy.

For any questions relating to this Privacy Policy, the User may send an email to the following address: dpo@groupe-edh.com.

1. Definitions

The terms defined below, whose first letter is capitalized, shall have the following meaning:

Site: refers to the website accessible at the following address https://www.efap.com/, operated by GEDH.

Cookies: refer to automatic tracking processes in the form of text files placed on a device (computer, tablet, smartphone) that record information during a visit to a website or when viewing an advertisement.

Personal Data/Data: means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to that person. This may include, in particular, the User’s first name and last name, telephone number, email and postal address, or gender.

Third-party platform: means any service, website or application operated by an entity distinct from GEDH, which may receive Personal Data as part of the use of the Site, in particular for the purposes of content distribution, analytics, performance measurement or advertising targeting (for example search engines, social networks or advertising platforms).

Processing: means any operation or set of operations relating to Data, such as collection, recording, storage, consultation, disclosure, or the erasure and destruction of Data.

Data Controller: means the natural or legal person who determines the purposes and means of the Processing, that is to say the objective and the manner in which it is carried out. The Data Controller is identified in Article 2 hereof.

Data Processor: means the natural or legal person who processes Data on behalf of the Data Controller, as part of a service or provision of services.

Recipient: means the natural or legal person to whom the Data is disclosed.

Data Protection Officer: means the natural person responsible for ensuring GEDH’s compliance with data protection regulations.

User: means any natural person acting in a non-professional capacity whose Personal Data is processed by GEDH, namely Users visiting the Site, whether they are students, former students or prospective students of GEDH.

2. Identity of the Data Controller and the Data Protection Officer

The Data Controller is:

GROUPE EDH SAS
Simplified joint-stock company (SAS) with share capital of €285 000
Registered in Paris under number 381 224 054
61 rue Pierre Charron, 75008 Paris
Telephone: 01.53.76.88.00

The Data Protection Officer within GEDH can be contacted at:

Data Protection Officer
61 rue Pierre Charron, 75008 Paris
Email: dpo@groupe-edh.com

3. General provisions

This Privacy Policy may be modified at any time by GEDH, in particular in order to comply with changes in laws and regulations, case law, technology, or the requirements of authorities. In the event of a modification to the Privacy Policy, GEDH will inform the User and/or seek their consent where necessary.

The latest version of the Privacy Policy is the one available on the Website.

Users are invited to consult the Privacy Policy before browsing the Site and to review it regularly in order to stay informed of any modifications and/or updates made by GEDH.

4. Data processed

When using the Site, the following Personal Data may be collected from the User and processed on behalf of GEDH.

GEDH ensures that only Data that is strictly necessary for the purposes for which it is processed is collected and processed.

The processing of Data is necessary to provide the services requested by Users through the Site. Therefore, if the User does not wish to provide the requested information, the User understands and accepts that GEDH may not be able to respond to their request.

GEDH does not collect any sensitive Data within the meaning of the applicable regulations.

GEDH may collect Data relating to minor Users who wish to obtain information and/or apply for training programs provided by GEDH. In accordance with applicable regulations, the processing of Data relating to minors aged over 15 does not require the consent of the minor or of the holders of parental authority, but does require that they be fully informed. In this context, the information provided to minor Users is adequately set out in this Privacy Policy.

4.1. Data required to send documentation to the User

In order to receive documentation tailored to their program, the User must provide the following Data:

  • Last name, first name(s);
  • Email;
  • Mobile phone number;
  • Level of education;
  • If the User selects the paper delivery option: address, postal code, city.

Other information may be requested as part of this request (choice of document, choice of campus, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.2. Data required for the User’s request for information

To request information from GEDH, the User must provide the following Data:

  • Status: GEDH internal or external student, GEDH alumni, professional;
  • Last name, first name(s);
  • Email;
  • Mobile phone number;
  • Message.

Within the message, the User may provide any information they wish to bring to the attention of GEDH. If the User provides Data in this context, GEDH will process it in accordance with the terms set out herein and in compliance with applicable regulations.

Other information may be requested as part of this request (topic of the questions, choice of campus, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.3. Data required for the User’s application

To begin the application process at a GEDH institution, the User must provide the following Data:

  • Level of education or status (student/professional);
  • Email.

Other information may be requested as part of this application (choice of program, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.4. Data required for the User’s registration for Open Days

To register for an Open Day at a GEDH institution, the User must provide the following Data:

  • Last name, first name(s);
  • Email;
  • Mobile phone number;
  • Level of education.

Other information may be requested as part of this request (choice of the Open Day, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.5. Data required for the User’s registration for an online entrance exam preparation (webinar)

To register for an online entrance exam preparation session at GEDH, the User must provide the following Data:

  • Email;
  • Last name, first name(s);
  • Phone number;
  • Level of education.

Other information may be requested as part of this request (preferred campus, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.6. Data required for the use of the chatbot

The chatbot used on the Site is a computer program designed to simulate a conversation through messages. It uses artificial intelligence algorithms to understand and respond to users’ questions, providing instant and interactive assistance.

The User is informed that they are interacting with an artificial intelligence system and not with a human being. The processing of Data by the Chatbot does not lead to decision-making producing legal effects or significantly affecting the User or their rights.

To ensure optimal use of the chatbot, the User must provide the following Data depending on their request:

  • Their profile;
  • Last name, first name(s);
  • Mobile phone number;
  • Level of education;
  • Their country of residence.

Other information may be requested as part of this request (partnership/collaboration, choice of program, etc.), but it cannot be considered as Data within the meaning of the applicable laws and regulations.

4.7. Other Data provided

The User also has the option to contact a GEDH institution directly, by email or by phone.

In this context, the User may provide any information they wish to bring to the attention of GEDH. If the User provides Data on this occasion, GEDH will process such Data in accordance with the terms set out herein and in compliance with applicable regulations.

5. Legal basis and lawfulness of processing

Data is used by GEDH in accordance with applicable laws and regulations.

The Processing of Data is therefore lawful insofar as it meets:

  1. The legitimate interests of GEDH, based on:
    • On commercial and financial grounds requiring that the Data be processed;
    • On the organization of marketing and outreach activities directed at Users;
    • On requests for information and documentation submitted by Users.
  2. Where applicable, on the Users’ consent to the collection and processing of their Data. Certain processing activities, particularly those relating to the use of data for advertising targeting purposes on Third-party Platforms (such as Google or social media platforms, as listed in Article 8.1 hereof), rely on the User’s prior and explicit consent (opt-in), which may be withdrawn at any time.
  3. Where applicable, on the performance of a contract concluded between GEDH and the User.
  4. Where applicable, on a legal obligation.

6. Purposes of data processing

GEDH uses Data only for the purposes described in the Privacy Policy, for compatible purposes, or for the purposes disclosed to the User at the time of collection.

In particular, Data is collected for the purposes of:

  • Responding to and following up on requests for information, documentation, applications, and/or registrations submitted by the User;
  • Sending the User commercial offers, in particular regarding GEDH, its news, programs, and events;
  • Responding to requests from authorities in order to comply, in particular, with requirements relating to national security, fraud prevention, or the enforcement of laws and regulations;
  • Managing requests from Users to exercise their rights;
  • Producing commercial statistics;
  • Advertising targeting of third parties who may be interested in the services, measuring audience performance, and creating similar audiences through dedicated tools; measuring the effectiveness of online and offline advertising campaigns through the transmission of data in hashed form (notably the email address) to Third-party Platforms such as Google Ads, subject to the User’s prior and explicit consent for this purpose;
  • Organizing promotional operations and events.

7. Data retention period

Data collected on the Site is retained by GEDH for a period of 2 (two) years from the last contact with the User.

At the end of this period, GEDH may contact the User to ask whether they wish to continue receiving commercial communications. In the absence of a positive response, GEDH will delete the Data in accordance with the applicable provisions, in particular those provided for by the French Commercial Code, the Civil Code, and the Consumer Code.

In the event of an unsuccessful application, the Data collected as part of the User’s application will be retained for a period of 2 (two) years from the last contact.

Data collected in relation to the management of requests to exercise rights is retained for a period of between 1 (one) and 6 (six) years, depending on the right exercised.

Data required to establish proof of a right or of a contract, or retained in order to comply with a legal obligation, may be securely archived for a period not exceeding the time necessary for the purposes for which it is retained (including but not limited to those provided for by the French Commercial Code, the Civil Code, and the Consumer Code, as well as the accounting and tax provisions applicable to GEDH).

8. Cookies

8.1. During each of the User’s visits to the Site, GEDH collects information relating to their connection and browsing activity.

Cookies have several functions:

  • Facilitate the User’s navigation on the Site;
  • Improve and/or adapt the services, information and content offered on the Site;
  • Generate statistics on traffic and use of the Site;
  • Adapt the presentation of the Website.

Some cookies may also be used to measure the effectiveness of marketing campaigns, attribute conversions, enrich customer relationship management (CRM) tools and, subject to the User’s consent where required, enable the delivery of personalised advertising on third-party platforms such as Google (Google Analytics 4, Google Advertising Product, Google Conversion Linker, Google conversion tracking; Google remarketing; Google Tag Manager); Facebook; LinkedIn; Snapchat; TikTok; Antvoice; Bidswitch; YouTube and Vimeo.

8.2 The Cookies used by GEDH, as well as their retention period, are listed in Appendix 1 (Appendix 1: Cookies).

8.3 The placement and storage of Cookies on the User’s device are carried out in compliance with applicable laws and regulations and subject to the choices expressed by the User, which may be modified at any time.

GEDH obtains the User’s explicit consent, as soon as they access the Site, for the use of Cookies, except for so-called session cookies that are necessary for the proper functioning of the Site and which do not require the User’s consent to be placed on their device. The User cannot object to the placement of these session cookies on their device due to their limited lifespan and their essential use for the Site to function properly.

The User may choose to modify Cookie settings at any time via the Cookie settings link. They may also configure their browser to refuse all Cookies, accept all Cookies, or select only the Cookies they agree to have stored on their device.

In this regard, each browser provides different configuration options. To set up their browser, the User is invited to follow the links below:

The User is therefore free to refuse Cookies.

For more information about Cookies, the User is invited to consult the CNIL website: www.cnil.fr.

8.4 Cookies may also be placed on the User’s device by third-party companies when the User clicks on icons linking to third-party websites accessible on the Site, including social networks such as Facebook, Instagram and LinkedIn or the YouTube platform.

By clicking on the icon of one of these third-party websites, the User may share the Site’s content, follow GEDH’s social media accounts, and express their opinion to others.

Third-party Cookies make it possible to identify the User and track their browsing activity on the Site when the User’s account on the third-party website is already active on their device.

GEDH does not control the collection by third-party websites of Data relating to the User’s browsing activity on the Site.

Accordingly, GEDH recommends that Users consult the cookie policies of these third-party websites in order to understand the purposes for which their Cookies are used.

 

 

9. Access to Data

9.1. The recipients of the Data are the authorized collaborators and employees of GEDH, its institutions, as well as all entities within its group. In particular, members of the finance, marketing, sales and administrative departments, as well as the teams responsible for customer relationship management, logistics and IT services, may have access to the Data.

9.2. Furthermore, GEDH’s service providers acting as Data Processors may have access to the Data, in particular in the context of their duties related to:

  • Hosting of the Site and the Data;
  • Development and maintenance of the Site;
  • Videoconferencing services;
  • Communications Manager.

In particular:

  • AGILITATION (Axeptio), a simplified joint-stock company (SAS) with share capital of €57,500, registered with the Montpellier Trade and Companies Register under number 821 947 009, whose registered office is located at Rue Benjamin Franklin, 34000 Montpellier;
    Privacy Policy: https://www.axeptio.eu/en/cgu ;
    Contacts: https://www.axeptio.eu/contact
  • HUBSPOT France, a simplified single-shareholder joint-stock company (SASU) with share capital of €475,000.00, registered with the Paris Trade and Companies Register under number 844 620 971, whose registered office is located at 24 rue Cambacérès, 75008 Paris;
    Privacy Policy: https://legal.hubspot.com/fr/privacy-policy ;
    Contacts: https://preferences.hubspot.com/privacy
  • ODECOM (Oscar Campus), a limited liability company (SARL) with share capital of €300,000, registered with the Paris Trade and Companies Register under number 328 187 802, whose registered office is located at 9 bis rue Vézelay, 75008 Paris;
    Privacy Policy: https://www.oscar-campus.com/cookies/ ;
    Contacts: dpo@groupeidecom.com
  • OVH, a simplified single-shareholder joint-stock company (SASU) with share capital of €10,174,560, registered with the Lille Trade and Companies Register under number 424 761 419, whose registered office is located at 2 rue Kellermann, 59100 Roubaix;
    Privacy Policy: https://www.ovh.com/fr/protection-donnees-personnelles/ ;
    Contacts: abuse@ovh.net
  • LIVESTORM, a simplified joint-stock company (SAS) with share capital of €21,265.85, registered with the Paris Trade and Companies Register under number 820 434 439, whose registered office is located at 6 Boulevard Saint-Denis, 75010 Paris;
    Privacy Policy: https://livestorm.co/fr/politique-confidentialite ;
    Contacts: help@livestorm.co
  • METHODEWEB, a limited liability company (SARL) with share capital of €2,550, registered with the Paris Trade and Companies Register under number 503 077 315, whose registered office is located at 14 cours Albert 1er, 75008 Paris;
    Contacts: contact@methodeweb.com
  • BIG SUCCESS, a simplified joint-stock company (SAS) with share capital of €710,000, registered with the Paris Trade and Companies Register under number 750 425 886, whose registered office is located at 9 rue Weber, 75116 Paris;
    Privacy Policy: https://www.bigsuccess.fr/politique-de-confidentialite/ ;
    Contacts: dpo@bigsuccess.fr
  • WhatsApp LLC, a subsidiary of Meta Platforms Inc., whose registered office is located at 1 Meta Way, Menlo Park, CA 94025: GEDH may contact Users who have expressly consented to be contacted through this channel via the WhatsApp messaging service, operated by WhatsApp LLC, a subsidiary of Meta Platforms Inc. The User is informed that the use of this service involves a transfer of data outside the European Union, subject to the safeguards provided for in WhatsApp’s privacy policy, available at the following address https://www.whatsapp.com/legal/privacy-policyWhatsApp is also registered under the “Data Privacy Framework”, which ensures a level of data security equivalent to European requirements: https://www.dataprivacyframework.gov/participant/7735.
    The User may withdraw their consent at any time, either directly through the service or by sending their request to dpo@groupe-edh.com.
  • KYX AI, a simplified joint-stock company (SAS) with share capital of €1,200, registered with the Paris Trade and Companies Register under number 100 561 836, whose registered office is located at 20 rue du Louvre, 75001 Paris;
    Contacts: hello@kyx-ai.com ;
    Privacy Policy: https://kyx-ai.com/privacy-policy

The processing carried out by GEDH’s service providers is governed by agreements under which the Data Processors undertake to comply with applicable laws and regulations and, more generally, with all obligations incumbent upon them, particularly with regard to the protection of the security and confidentiality of the Data.

9.3. The Data may also be transmitted to judicial and regulatory authorities, as well as to legal auxiliaries and ministerial officers, in the context of their duties relating to debt recovery and the protection of GEDH’s interests.

10. Data Transfer

The User is informed that certain Data may be transferred, for the purposes defined above, to partners located in countries outside the European Union. GEDH takes the necessary measures to ensure the security of Personal Data.

Prior to any transfer of Data outside the European Union, and in accordance with applicable regulations, GEDH makes its best efforts to implement the necessary safeguards to secure such transfers and to ensure that they are carried out in compliance with this Privacy Policy and applicable regulations.

In particular, GEDH uses the services of HUBSPOT, which may transfer and store Data in hosting centers located in the United States and in other countries outside the European Union, exclusively for the purposes mentioned above.

This service provider implements mechanisms to ensure compliance with Personal Data regulations. To meet regulatory requirements, HUBSPOT had adopted the Privacy Shield framework as a legal mechanism for the transfer of its customers’ Data. As the Privacy Shield is no longer considered a valid transfer mechanism, this provider now applies Standard Contractual Clauses (SCCs) approved by the European Commission for transfers of Data outside the European Union.

For more information, please consult HubSpot’s Data Protection Agreement, available here: https://legal.hubspot.com/fr/dpa.

In any case, the User may withdraw at any time the consent they have given regarding the transfer of their Data outside the European Union by contacting GEDH at the following address: dpo@groupe-edh.com.

11. Data Security

Taking into account the state of knowledge, implementation costs, and the nature of the Data concerned, GEDH undertakes to implement appropriate measures to preserve the security and confidentiality of the Data. GEDH ensures that the Data is not altered or damaged and that unauthorized third parties do not gain access to it.

In particular, GEDH ensures that:

  • Raising awareness among its employees who have access to the Data regarding confidentiality requirements;
  • Securing access to its premises and IT platforms;
  • A high level of requirements regarding Data protection when selecting its partner Data Processors.

In the event of a Data breach likely to result in a risk to the rights and freedoms of natural persons, GEDH will notify the breach to the French Data Protection Authority (CNIL) as soon as possible and, at the latest, within the time limits provided by applicable laws and regulations. If a Data breach is likely to result in a high risk to the rights and freedoms of Users, GEDH will inform them of the breach as soon as possible, except in cases of exemption provided for by applicable laws and regulations.

12. Users’ Rights

In accordance with applicable regulations, the User has the following rights:

  • Right to access their Data;
  • Right to rectify, complete, or update their Data;
  • Right to object to the processing of their Data on legitimate grounds;
  • Right to request the portability of their Data, meaning the right to receive the Data provided in a structured format and the right to transmit their Data to a third party;
  • Right to request a restriction of the processing carried out by GEDH relating to their Data;
  • Right to request the erasure of their Data;
  • Right to provide instructions regarding the retention, erasure and disclosure of their Data after their death. These instructions may also be registered with a “certified digital trusted third party”. These instructions, sometimes referred to as a “digital will”, may designate a person responsible for their execution; failing this, the User’s heirs will be designated.

Notwithstanding the above, GEDH may retain certain Data where required to do so by the laws and regulations applicable to its activities, or where it has a legitimate reason to do so.

The User may exercise their rights by contacting the Data Protection Officer (DPO) by email at the following address: dpo@groupe-edh.com or by post at the following address: Groupe EDH, DPO, 61 rue Pierre Charron, 75008 Paris.

GEDH will respond to the request as soon as possible and, in any event, within the time limits provided by applicable laws and regulations.

The User may lodge a complaint with the French Data Protection Authority (CNIL).

13. Third-party websites

If the User uses links available on the Site to access third-party websites, GEDH strongly recommends that the User review the privacy policies of the websites they visit.

GEDH cannot be held liable for Data processing carried out by third-party websites.

14. Appendices

Cookies placed by https://www.efap.com
Cookies Purposes Retention period
_fbp Storage of usage history 3 months
_ga Used to store and count page views. 2 years
_gat Used to limit the request rate 1 minute
_gcl_au Advertising 3 months
_gid Used to distinguish users 1 day
_schn Traffic targeting Indefinite
_scid Identification 1 year
https://www.efap.com Necessary session cookie Session
Cookies placed by third parties
Provider Cookies Purposes Retention period
Doubleclick.net DSID Store user preferences 15 days
IDE Deliver advertisements or enable retargeting 3 weeks
URL Personalised advertising 2 months
Facebook C_user User identification 2 years
datr Targeted Advertising 2 years
dpr Performance 15 days
Targeted Advertising 2 years
sb Browser identification 2 years
xs Store a unique identifier 12 months
Google.com 1P_JAR Personalised advertising 1 month
AID 1 month
ANID 9 months
CONSENT 28 years
NID 6 months
_Secure-3PAPISID 3 years
_Secure-3PSID 1 year
_Secure-3PSIDCC 1 year
Linkedin.com AnalyticsSynHistory Data storage 1 month
UserMatchHistory LinkedIn Ads identifier synchronization 1 month
_guid Personalised advertising 3 months
bcookie Identification of devices connecting to LinkedIn 2 years
lang Used to remember the language setting Session
Li_gc Used to store users’ consent 2 years
Li_mc Used to obtain consent data 2 years
liap Used to indicate login status 2 years
lidc Facilitates the selection of data centers 1 day
lissc Tracking the use of services 1 year
Lms_ads Identification 1 month
Lms_analytics Identification 1 month
Ads.linkedin.com lang Used to remember the language setting Session
Sc-static.net X-AB Associated with the integration of content from Snapchat 1 day
Snapchat.com Sc_at Personalised advertising 1 month
t.co muc Facilitate functionalities 2 years
Twitter.com Guest_id Identification 2 years
Perzonalization_id 2 years
Youtube.com APISID Collection of information on the use of videos hosted on YouTube 3 years
CONSENT Personalised advertising 18 years
HSID Ensure fraud prevention 3 years
LOGIN_INFO Collection of information on the use of videos hosted on YouTube 2 years
PREF 2 years
SAPISID 3 years
SID 2 years
SIDCC 1 year
SSID 3 years
VISITOR_INFO1_LIVE Provide bandwidth estimates 2 years
YSC Store and track interactions Session
_Secure-1PAPISID Personalised advertising 2 years
_Secure-1PSID
_Secure-3PAPISID
_Secure-3PSID
_Secure-3PSIDCC 1 year
_ga 2 years
_gac_UA-158850311-1 2 months
Pinterest.com _pinterest_cm Personalised advertising 12 years
_pinterest_sess
TikTok.com tt_webid Personalised advertising 12 years
tt_webid_v2
ttwid

Download
brochure

Download