Privacy Policy

1. Data Controller

The data controller is 180 Degrees Consulting ESCP. If you have questions about this policy or our data practices, please contact us at escp@180dc.org.

2. Categories of Data We Process

• Contact details (e.g., name, email address) you provide via forms.
• Professional information relevant to applications and collaboration.
• Usage data and cookies for analytics and performance.

3. Purposes and Legal Bases

• Responding to inquiries and providing services — Art. 6(1)(b) GDPR.
• Operating and improving the website (including analytics) — Art. 6(1)(f) GDPR (legitimate interests). Where required, we rely on your consent — Art. 6(1)(a) GDPR.
• Recruitment and community management communications — Art. 6(1)(a) and/or 6(1)(b) GDPR.

4. Cookies and Consent Management

We use necessary cookies to ensure the site functions properly and, with your consent, analytics/performance cookies. You can manage your preferences at any time using the preferences button below.

5. Data Sources

We receive data directly from you when you interact with our site or contact us. We may also receive limited technical information from your browser and device when you access our website.

6. Recipients and Processors

We may share personal data with service providers acting as processors to operate this website and related services. This includes our content management and hosting providers.

Our content may be managed via Sanity.io (Sanity AS) and hosted with modern web infrastructure providers. These processors are bound by contractual data processing agreements.

6a. Data Processing Agreement (DPA)

We maintain Data Processing Agreements with our processors as required by GDPR Art. 28. These DPAs specify processing scope and duration, the nature and purpose of processing, categories of data subjects and personal data, confidentiality obligations, security measures, and rules for engaging sub-processors.

• Content Management: Sanity AS (Sanity.io) — CMS and media storage.
• Hosting/Delivery: industry-standard hosting and CDN providers for secure delivery.
• Analytics (consent-based): only if you grant consent in cookie preferences.

Sub-processors engaged by our processors are subject to equivalent contractual safeguards. International transfers, where applicable, rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

For a copy of our DPA or to request a signed counterpart for your organization, please contact us at escp@180dc.org.

7. International Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), as required by GDPR.

8. Retention

We retain personal data only for as long as necessary for the purposes described above or as required by law. Contact inquiries are typically retained for up to 12 months unless a longer period is required for ongoing correspondence.

9. Your Rights

• Access your data (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure — right to be forgotten (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing based on legitimate interests (Art. 21 GDPR)
• Withdraw consent at any time without affecting prior processing (Art. 7(3) GDPR)

10. Exercising Your Rights

To exercise your rights or ask questions about this policy, contact us at escp@180dc.org. We may request additional information to confirm your identity.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Material changes will be highlighted on this page.