Last revision: February 2023.
Who are we?
Swiss School of Business and Management Geneva Sarl or SSBM Geneva (“us”, “we”, or “our”) operates ssbm.ch and e-ssbm.com (the “Site”).
This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
Information Collection And Use
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name (“Personal Information”).
Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”).
This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this data.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information.
We sometimes use Google reCAPTCHA on our Site. These are third-party services that may be located in any country in the world (in the case of Google reCAPTCHA, it is Google LLC in the USA).
We use Google reCAPTCHA to protect online forms on our website. Data processing is based on your consent. The purpose of reCAPTCHA is to check whether a human or an automated program is entering data on our websites (e.g. in a contact form). reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. Cookies are also used for this purpose and are set by the service provider. The analysis starts automatically as soon as the visitor opens the website and runs entirely in the background. Website visitors are not informed that an analysis is taking place.
We also use plug-ins on our websites for social networks such as Facebook, Twitter, Xing and LinkedIn, which are clearly indicated (usually with a corresponding icon). We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operator of the corresponding social network registers that you are on our website and where you are, and can use this information for its own purposes. The processing of your personal data by the operator is therefore the responsibility of the operator in accordance with its own data protection provisions. We do not receive any information about you from the operator.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
To the extent permitted, we sometimes integrate visible and invisible figurative elements into our newsletters and marketing emails which, when retrieved from our servers, allow us to know if and when you have opened the email. In this way, we can also measure and better understand how you use our offers, and can tailor them to you. You can block them in your email program.
Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Data Processor (or Service Providers)
Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. We take appropriate technological and organisational security precautions to protect your personal data against unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encrypting data carriers and transmissions, pseudonymisation and checks.
Data Protection Law
We comply with applicable Data Protection Regulations including in particular the Swiss Federal Act on Data Protection (FADP) and, where possible with The EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018 (which supplements the GDPR) came into force on 25 May 2018. We refer to these as “data protection law”.
Once in force, data protection law will regulate the processing of “personal data” relating to individuals by organisations (known as “data controllers”).
Information We Collect from You
We will collect and process the following data about you:
We may process data about your use of our website and services (“usage data”). The usage data may include your geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system Google Analytics. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is your consent and our legitimate interests, namely monitoring and improving our website and services.
To conduct conference calls, online meetings, video conferences and/or webinars, we use the ‘Zoom’ or ‘Meet’ service, which is deployed on premises. The following data is processed in this respect: username, general information about service preferences, information about each user’s device and network and internet connection, for example IP address(es), MAC address, other device IDs (UDID), device type, operating system type and version, client version, information about usage of or other interaction with Zoom products (usage information), other information uploaded, provided or created by the user while using the service, and metadata used to maintain the service provided. As is generally the case with collaborative tools, other personal data may be exchanged where necessary between the IPI and meeting participants, e.g. chat messages, images, files, audio or video recordings, contact details and metadata used to maintain the service provided. Only a minimal amount of data is processed if you attend an online Zoom meeting but do not have a Zoom account. Meetings are only recorded with prior consent, and recordings are saved locally. You can find more information about the processing of personal data in Zoom’s Privacy Statement or Meet’s Privacy Stement.
We may process your account data (“account data”) that you provide to create an account on Site. The account data may include first name, last name, email, and password. The source of the account data is you. The account data may be processed for the purposes of operating our Site, providing our services, ensuring the security of our Siteand services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent.
We may process your information included in your personal profile on our website or on your LinkedIn profile (“profile data”). The profile data may include your title, your name, address, country, telephone number, email address, profile pictures, gender, date of birth, Skype ID, LinkedIn profile link, educational details and employment details. The profile data may be processed for the purposes of enabling your use of our services. The legal basis for this processing is consent and our legitimate interests, namely the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process information contained in any enquiry you submit to us regarding services, namely download brochures and registration for events (“enquiry data”). The enquiry data may include your first name, last name, email address, mobile phone number, country, work experience, academic education, programme you are interested in, city, gender, why you are considering a programme. The enquiry data may be processed for the purpose of supplying the services mentioned above and keeping proper records of those transactions. The legal basis for this processing is consent.
We may process information relating to transactions, including purchases of services (application for admission to our programme), that you enter into with us and/or through our Site (“transaction data”). The transaction data may include title, first name, middle name, last name, preferred name, personal address, nationality, second nationality, date of birth, place of birth, gender, civil status, mobile number, landline number, work phone, Skype ID, secondary email address, results of GMAT, results of GRE, CPA qualification, CFA Level 2 qualification, English level, language skills, work experience, leadership experience, job title, company name, industry, business area, country of employment, nature of organization, responsibilities of job, international experience, activities and interests, three biggest achievements, career plans, highest degree, degree awarding institution(s), annual salary for your last three positions, intention of financing your programme, if you apply for a scholarship, if you are sponsored by a company, Swiss student ID Number, how you heard about us, other programmes to which you are applying, additional information, feedback, bachelor’s degree diploma, bachelor’s degree transcript(s), master’s degree diploma, master’s degree transcript(s), doctoral degree diploma, digital passport photograph, scanned passport page, curriculum vitae and other information. Further we will ask for reference contacts. The data about a reference contact may include title, first name, last name, email address, company, position, country of employment, telephone number, mobile number, rating of candidate, relationship to candidate, how long they have known the candidate, strengths of the candidate, most improvement of the candidate, description of communication skills of the candidate, potential of the candidate becoming a manager. For the payment of the application fee we will ask for your credit card details that are processed by our payment provider. The transaction data may be processed for the purpose of supplying the requested services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletter (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent. We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Uses Made of the Information
We use information held about you in the following ways:
Disclosure of Your Information
We may share your personal information with:
We will disclose your personal information to third parties:
No disclosure or transfer of your information will be to persons or entities outside of the European Economic Area (EEA).
We may disclose (“usage data”) to our advertising, analytics and social media providers insofar as is reasonably necessary to measure the success of and improve our advertising and social media efforts. This personal data may include IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. These advertising providers include Facebook, Google Adwords, Google DoubleClick, LinkedIn, and YouTube. The legal basis for this processing and provision is consent.
Financial transactions (“transaction data”) relating to our website and services are handled by our payment services provider, Stripe Inc. (USA). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments and dealing with complaints and queries relating to such payments. You can find information about the payment services providers’ privacy policies and practices at https://stripe.com/ch/privacy
International transfers of your personal data
Our Analytics provider, Google Analytics, is situated in the United States of America. The European Commission and Switzerland has made an “adequacy decision” with respect to the General Data Protection Regulation and Federal Data Protection Act. Transfers to the United States of America will be protected by appropriate safeguards, namely the EU and Swiss approved Standard Contractual Clauses (SCCs) included in contracts with our providers. You can find more information about the SCCs here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Our Advertising and Social Media providers, may be located in the United States of America. The European Commission and Switzerland has made an “adequacy decision” with respect to the General Data Protection Regulation and Federal Data Protection Act. Transfers to the United States of America will be protected by appropriate safeguards, namely the EU and Swiss approved Standard Contractual Clauses (SCCs) included in contracts with our providers. You can find more information about the SCCs here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Where we store your personal data?
All information you provide to us is stored on our secure servers within the EEA in accordance with this policy and we will take reasonable steps to protect your information in accordance with this policy, including without limitation:
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site: any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the following rights under law in respect of your personal information:
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for compliance with a legal obligation; or for the exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, Switzerland, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given below.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. In Google Analytics, we will retain your personal data for 38 months, after which it will be deleted automatically.
In other cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) the period of retention of Usage Data will be determined based on user requests for deletion or the data is no longer required.
(b) the period of retention for Account Data will be determined based on user requests for deletion or the data is no longer required.
(b) the period of retention for Enquiry Data will be determined based on user requests for deletion or the data is no longer required.
(d) the period of retention for Notification Data will be determined based on user requests for deletion.
(e) the period of retention for Correspondence Data will be determined based on user requests for deletion or the data is no longer required and the correspondence has been completed.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Data protection officer
Our data protection officer’s contact details are:
Data Protection Officer
Geneva Business Center
Avenue des Morgines 12
Stay in touch with SSBM to receive our educational offers and promotions.
By submitting you agree to receive emails from SSBM.
|This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
|YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
|The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
|Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
|A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
|YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.