Data Protection

Our Commitments

Advances in classical computing, the internet, and artificial intelligence increase the risks to individuals' rights and freedoms.

In this context, CentraleSupélec applies the General Data Protection Regulation (GDPR). Because progress must serve humanity, we are committed to protecting personal data and limiting the potential impact of our activities on individuals' rights and freedoms.

At CentraleSupélec, the Data Protection Officer (DPO) reports to the Director General and addresses the Management Committee if necessary; the DPO also participates in crisis units as required.

CentraleSupélec raises awareness among all information system users about the need to protect personal data. Each data processing operation implemented is subject to clear and precise information: objectives, categories of data processed, recipients, retention period, security, etc. CentraleSupélec documents its GDPR compliance (particularly through Registers) and its continuous compliance approach.

CentraleSupélec's GDPR Compliance Measures

In the Context of Our Activities

All Departments are responsible for the GDPR compliance of the IT systems they implement; the DPO supports them in this process. In particular, we analyze processes and information systems, we strive to process only strictly necessary data, we regularly review access rights, and we apply the data retention periods that we define.

This sphere of protection extends to CentraleSupélec's suppliers and subcontractors, through the verification or in-depth improvement of contract compliance with the GDPR, collaboration in the event of security breaches, and even auditing subcontractors accessing systems or data that pose the highest risk to individuals. These compliance checks apply to subcontractors directly accessing personal data as well as to IT system subcontractors.

The Information Systems Department contributes to this compliance by developing and selecting systems that promote compliance by design and by default. Together with the Information System Security Manager (ISSM) and our Education and Research Security partners, it strengthens system security and monitors new threats.

In the Context of Our Training Programs

In addition to general training in law and corporate social responsibility, the School raises students' awareness of GDPR concepts and obligations.

In the Context of Our Research Activities

CentraleSupélec systematically evaluates the GDPR compliance of research contracts involving the processing of personal data. If necessary, the DPO works with their counterparts at our funders to define and strengthen contracts, security protocols, data retention periods, etc. We pay particular attention to health-related research activities.

Within the CentraleSupélec Ecosystem

CentraleSupélec's DPO provides assistance to structures directly affiliated with the School: EXED, Fondation CentraleSupélec, Digital Lab. Their compliance approach is identical to that of the School, even in the absence of a formal Data Protection Officer designation.

The DPO participates in the development and revision of partnership and exchange agreements within the scope of studies – for example, on topics such as dual degrees or studies outside the European Union.

Within the framework of Université Paris-Saclay, the DPO discusses GDPR compliance topics with other institutions of the University and participates in joint actions. The DPO also works with the DPOs of the members of the Groupe Ecoles Centrale, other organizations on the Paris-Saclay Plateau, and other Universities.

Your Rights

We are committed to respecting your rights. In compliance with the GDPR, the doctrine of the French Data Protection Authority (CNIL), and other applicable regulations, if you wish to exercise your rights, obtain further information on this Policy, or report any difficulties, please do not hesitate to contact the Data Protection Officer by email: dpo@centralesupelec.fr. We commit to responding to you promptly, generally within one week, rather than within the one-month period stipulated by the regulations.

The Director General of CentraleSupélec

StartupsMentorsEventsNewsroomContact
Programs
MaturationIncubationAcceleration
Training
I am a CentraleSupélec student
Entrepreneur Pathway (1A/2A)Entrepreneur Tech Year (gap year)Entrepreneur Track (3A)
I am an aspiring entrepreneur
MSc CentraleSupélec
— ESSEC Entrepreneurs
I am a researcher
Deeptech+
Gif-sur-Yvette
Headquarters
9, Rue Joliot-Curie,
Gif-sur-Yvette,
Île-de-France 91190, FR
Paris
Station F
5 Parv. Alan Turing,
Paris, Île-de-France 75013 FR
Follow us
InstagramYouTubeLinkedin
Fr
En
©21stbyCentraleSupélec
2025
DEsign:
PAMP.AM
DEV:
a.BASSEMAYOUSSE