DATA PROCESSING
INTERNAL ALARM PROCEDURE
Your statement is a serious process and can have implications for the persons reported. Hence, it is important to consider properly the truthfulness of the facts and words reported to avoid libel. We remind you that only factual and pertinent pieces of information and documents that are directly related to the facts related are allowed.
In order to ensure confidentiality and rights of the persons concerned, any alert will lead to a rigorous analysis and a detailed internal audit.
The confidentiality of the author’s identity of report made selflessly and in good faith will be preserved, when denouncing acts contrary to our Code of conduct, crimes or offences of which the author had direct knowledge.
To what ends are your private data processed?
emlyon business school may collect, use, transfer, stock or perform any other processing (collectively “process”) your personal data, in the framework of the management of your alarm on the platform
https://speakup.emlyon.com, which allows to report facts of violence, harassment, discrimination, theft, corruption, insider influence, conflict of interests, fraud or any violation of the School’s Anti-Corruption Code of Conduct.
These data processing aim at managing the alerts sent:
- Receiving of the alert
- Follow-up of the alert
- Follow-up of the investigation following the alert
What are the bases for the data processing?
emlyon business school implements processing operations relating to the management of reports received on the Speakup platform as part of a legal obligation (article 6-1, c. of the RGPD). This obligation covers the implementation of a reporting system for facts falling within the scope of the protection of whistleblowers under articles 6 to 16 of the Sapin 2 law, as well as for violations of the School's Anti-Corruption Code of Conduct (article 17-II, 2. of the Sapin 2 law).
Reports of physical, sexual or sexist violence, harassment, discrimination, theft or fraud are made on the basis of emlyon business school's legitimate interest in guaranteeing that its students and employees are listened to, supported and protected in the face of such behaviour (article 6-1, f. of the GDPR).
Who are the persons concerned by this data processing?
The alert platform is open to permanent (employees) and occasional (freelancers and other contributors) collaborators of Early Makers Group and its subsidiaries, as well as to students of the different programs offered by emlyon business school.
The persons denounced within the reports made on the platform are also concerned by this data processing. However, due to the high risk for the realization of the purpose of the alert platform, their right to information is not applicable, based on the exemption from the article 14.5 of GDPR.
What data are needed for these processing?
The author of the alert may communicate his/her last name, first name, profession, e-mail address and telephone number if he/she decides not to proceed with an anonymous alert; in this case, he/she will be given an access code to be able to follow the procedure while remaining anonymous. The information transmitted in the alert and any attachments are also processed.
The identity, functions and contact details of the persons who are the subject of an alert and of the persons involved in its collection or processing may also be processed.
Who has access to your personal data?
Only School employees designated on the home page of the alert platform have access to the data provided by the authors of alerts. These referents may, only with the prior consent of the author of the alert, transfer information to any other emlyon business school employee whose participation is necessary for the proper handling of the alert.
The personal data collected on the platform is also accessible to the service provider making the platform available to the School; a data processing agreement guarantees that this subcontractor will not extract or exploit the personal data stored on the platform.
emlyon business school may also transfer the content of reports to the competent administrative and judicial authorities, in the event of an investigation or at the request of the author of the report.
How long will your data be retained?
emlyon business school retains the alert and the personal data it contains for a period that varies according to the status of the alert:
- Alert clearly outside the scope of the alert system: immediate deletion of the alert and the data it contains.
- Alert closed without action: deletion of the alert two months after the end of the investigation.
- Alert followed by a disciplinary/litigation procedure: conservation for the duration of the limitation period of public action in order to allow the communication of evidence in the event of criminal proceedings: six years after the closure of the procedure when the alert concerns a fact likely to be qualified as a misdemeanor, and twenty years when the facts are likely to be qualified as a crime.
Information and rights
The data controller is the company Early Makers Group S.A., represented by Ms. Isabelle HUAULT, President of the Board.
Each user whose personal data has been processed has the following rights
- Right of access to the processed data, in order to be communicated all the personal data collected on the applicant
- Right to rectification of processed data when they are incomplete, inaccurate, ambiguous or outdated
- Right to erasure of processed data, when the deletion of such data is based on legitimate grounds
- Right to restriction of processing, in order to temporarily suspend the use of certain data
- Right to object to processing, when this request is based on legitimate grounds.
Persons whose personal data are being processed may request to exercise these rights from the Data Protection Officer, who will respond to the request within one month, at the following address: dataprivacy@em-lyon.com.
It is also possible for any person whose personal data is being processed to submit a complaint to the French national supervisory authority for data protection (CNIL).
