China Europe International Business School Privacy Policy (CEIBS Switzerland)

 

Table of contents

1        General 2

2        Who is responsible for data processing?. 2

3        General Information. 2

3.1    What is personal data?. 2

3.2    When do we process personal data?. 2

3.3    For what purposes do we process personal data?. 3

3.4    What are the legal bases for data processing?. 3

4        Disclosure of personal data. 4

4.1    Are personal data disclosed internally or to third parties?. 4

4.2    Do we use third-party service providers?. 4

4.3    Do we transfer personal data to third countries?. 4

5        Duration of storage and retention periods?. 4

6        Your rights. 5

6.1    Right of access. 5

6.2    Right of rectification. 5

6.3    Right to erasure. 5

6.4    Right to restriction of processing. 5

6.5    Right to data portability. 5

6.6    Right of withdrawal of consent 5

6.7    Right of objection. 5

6.8    How can you exercise your rights?. 5

7        Am I obliged to provide personal data?. 6

8        To what extent is automated decision-making including profiling carried out?. 6

9        Is profiling taking place?. 6

10     Contact data protection

 

 

  1. General

CEIBS Switzerland AG (hereinafter “CEIBS”) is committed to protecting and respecting your privacy. CEIBS takes the protection of your data seriously. Below we explain what data we collect and how we use it.

  1. Who is responsible for data processing?

The data controllers are CEIBS Shanghai and CEIBS Switzerland AG:

China Europe International Business School  
699 Hongfeng Road
Pudong
Shanghai 201206
P.R.C.

CEIBS Switzerland AG
Hirsackerstrasse 46
8810 Horgen
Switzerland

  1. General Information

CEIBS wants you to feel secure about your personal data and to inform you when, for what purposes and what personal data about you are processed.

CEIBS reserves the right to amend this Privacy Policy from time to time. You should therefore read this Privacy Policy regularly. The date of the most current version (effective from) can be found at the beginning of the privacy notice.

Our privacy practices may differ in the different countries in which we operate to reflect local customs and legal requirements.

    1. What is personal data?

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or e-mail address). We process personal data which we receive from you (e.g. visiting courses, requests).

To the extent necessary for the performance of our services or the contract between you and CEIBS, we also process personal data that we lawfully receive (e.g. for the execution of our services, the performance of contracts or on the basis of your consent) from other CEIBS companies or other third parties (e.g. CEIBS Shanghai, professors).

We also process personal data from publicly accessible sources (e.g. debtors' registers, press, (social) media, internet) which we are legally entitled to receive and process.

    1. When do we process personal data?

For the provision of our services, we or third parties process personal data in the context of:

  • Providing spatial infrastructure: Personal data are processed for issues in connection with the provision of facilities (e.g. event management, course planning).
  • Course-specific process: Personal data are processed for the maintenance and provision of school services (e.g. recruitment of students, enrolling, learning process controlling, personal profiles, managing alumni database, events).
  • Career preparation process: Personal data are processed for the preparation for the career (e.g. advice concerning LinkedIn accounts, maintaining job platforms).
  • Communication process: Personal data are processed in the context of internal and external communication (e.g. course information, absence information, exchange with sponsors).
  • Marketing process: Personal data are processed in the context of marketing activities (e.g. production of marketing materials, hosting of website and (online) events).
  • Accounting process: Personal data are processed for invoicing and other accounting purposes (e.g. invoice management, payment processing).
  • Technology related processes: Personal data are processed due to the implementation and maintenance of IT-related actions (e.g. data security compliance, installation of programmes, provision of infrastructure).
  • Travelling process: Personal data are processed linked to all kind of travelling issues (e.g. visa application, student trips).
  • Personalisation: Personal data are processed for the personalisation of our offers, services and goods (e.g. courses and learning process, marketing).
  • Storage process: Personal data are processed due to storage purposes in accordance with the legal requirements and limitation periods (e.g. file retention, general storage and archiving).
    1. For what purposes do we process personal data?

CEIBS processes the personal data for the following purposes:

  • Curriculum and academic management (e.g. activities and/or coordination in connection with (online) courses and the increase of educational value thereof, organisation of the speakers).
  • Control of learning process (e.g. student performance, time management).
  • Compliance with contractual and legal obligations (e.g. payments, invoice processing, sponsorship, maintaining work processes).
  • Quality management (e.g. improvement of sales and marketing strategies, training courses, performance measurement).
  • Promotion of school and courses (e.g. public relations work, student recruitment, website, newsletter).
  • Student management (e.g. alumni network, evaluation surveys, requests).
  • Enabling business processes (e.g. communication with students, office applications).
  • Maintaining data security (e.g. storage, office management).
    1. What are the legal bases for data processing?

We process your personal data based on pre-contractual relationship or the contract between you and CEIBS.

Where necessary, personal data are processed for the purpose of ensuring our legitimate interest or those of third parties. This may be the case for student development, passing your contact data to business partner, administrative internal company processes, performance management or access control.

If we obtain your consent for the processing of personal data, this serves as the legal basis (e.g. newsletter).

Insofar as personal data are processed on the basis of a legal obligation, this serves as the legal basis. This may be the case with the transfer of personal data to authorities and third parties, the storage period or retention periods.

  1. Disclosure of personal data
    1. Are personal data disclosed internally or to third parties?

To the extent necessary for the performance of the contract between you and CEIBS and services or based on our legitimate interest, we will disclose your personal data internally (e.g. CEIBS Shanghai, CEIBS Zürich Campus) or to third parties.

In addition, your data may be disclosed to third parties if you have given your consent or if we are obliged to do so by law or by an enforceable official or court order.

    1. Do we use third-party service providers?

We use external service providers for data processing. Service providers are usually involved as so-called "processors" who are only allowed to process the traders' personal data according to our instructions. These include:

  • Information technology providers
  • Business partners/sponsors
  • Legal advisors of the company
  • Insurances and health insurance companies
  • Social security institutions
  • Training organizers
  • Tour operators
  • Service providers and responsible authorities for visa issuance
    1. Do we transfer personal data to third countries?

We also disclose personal data to third parties or processors that are not located in the EU/EEA or Switzerland. In this case, prior to the transfer, we either ensure that the recipient guarantees an adequate level of data protection (e.g. based on an adequacy decision for the country in question or the application of European Union standard contractual clauses) or that you as a user have given your consent.

We can provide you with an overview of third country recipients together with a copy of the terms specifically agreed to ensure an adequate level of data protection. Please use the details under [Jeffrey SHEN, IT and Library Centre, sjeffrey@ceibs.edu, 0086 21-28905257] for this purpose.

  1. Duration of storage and retention periods?

We process and store your personal data for as long as it is necessary to provide our (contractual) services. In all other cases, we delete your personal data, except for the following purposes:

  • Fulfilment of legal obligations (e.g. retention obligations). The retention period is generally between two and ten years.
  • Retention of evidence within the framework of limitation periods. These are usually five or ten years.
  1. Your rights
    1. Right of access

You have the right to request information about the personal data processed about you from the controller at any time and to receive a copy of this information. You also have the right to know whether personal data have been transferred to a third country.

    1. Right of rectification

You have the right to request the controller to correct any incorrect or incomplete personal data concerning you.

    1. Right to erasure

You have the right to request the controller to erase personal data concerning you without delay if the data are no longer necessary for the purposes for which they were collected or processed. The same applies if you withdraw consent or object to the processing and there are no overriding legitimate grounds for the processing, or the personal data have been processed unlawfully. In addition, you can exercise this right if the controller is subject to a legal obligation to erase the data or the personal data were collected in relation to information society services offered.

    1. Right to restriction of processing

You have the right to request the controller to restrict the processing of personal data.

    1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided.

    1. Right of withdrawal of consent

You have the right to withdraw your consent to the processing of personal data at any time. Despite withdrawal, the lawfulness of the processing carried out on the basis of your consent until withdrawal is not affected.

    1. Right of objection

You have the right to object at any time to the processing of personal data concerning you, where the processing is carried out on the basis of the legitimate interest of the controller/third party or is necessary for the performance of a task carried out in the public interest. If the personal data are processed for the purpose of direct marketing, you may object at any time.

    1. How can you exercise your rights?

To exercise your rights, contact dataprotection@ceibs.edu. You will find further details under section 10. .

Every person has the right to file a complaint with a supervisory authority.

For Switzerland:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter

Feldeggweg 1

CH-3003 Bern

Telefon: +41 (0)58 462 43 95

For EU/EEA:

Please find your supervisory authority on this list:

https://edpb.europa.eu/

 

  1. Am I obliged to provide personal data?

For the performance of the pre-contractual relationship or of the contract as well as the offering of our services, we rely on the provision of personal data or are legally obliged to collect it. If no personal data is provided, it is not possible for us to enter into a contract with you or to continue to provide or perform the contract or our services.

  1. To what extent is automated decision-making including profiling carried out?

We do not make any exclusively automated decisions within the scope of the contractual relationship or our services. We inform about the possible use of automated decisions within the scope of our legal obligations.

  1. Is profiling taking place?

In certain situations, we process personal data to evaluate certain personal aspects relating to an individual, in particular to evaluate aspects relating to an individual's study or lecturing performance, an individual’s interests and reliability. For example, we use profiling in the following cases:

  • In the context of the contractual relationship or our services (e.g. performance tracking, personal interest management) to evaluate performance and development in our company.
  • In the context of marketing (e.g. personal course & program suggestions, selection and recruitment of potential students and professors).
  1. Contact data protection

For information and suggestions on the subject of data protection, please contact our data protection manager:

CEIBS Switzerland AG
Data Protection Manager
Mr. S. Rast
Hirsackerstrasse 46
8810 Horgen
Switzerland

Tel: +41 44 728 99 87
eMail: rstefan@ceibs.edu

Representative in the EU/EEA:

Representation for data subjects in the EU

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/cc/EUprivacyrequestCEIBS
Company
Maetzler Rechtsanwalts GmbH & Co KG c/o CEIBS Switzerland AG
Address: Schellinggasse 3/10

1010 Vienna
Country: Austria

Website: https://prighter.com

Please add the following subject to all correspondence: ID-15018800556
Make an enquiry or submit request: https://prighter.com/cc/EUprivacyrequestCEIBS

If you are based in a country outside of Switzerland, EU or EEA, please refer to our data protection officer in Switzerland. He will assist you in finding your responsible contact person.