Privacy Policy

ProfPlanner Application
Last updated: October 21, 2025
Version: 1.1

---

1. Introduction

PROFPLANNER SAS, a simplified joint-stock company with a share capital of €1,000, registered under SIRET number 990 031 320 00015, with its headquarters located at 118 rue de Tolbiac, 75013 Paris, France, is committed to protecting the privacy and security of your personal data.

This privacy policy informs you about how we collect, use, store, and protect your personal data in the context of using the ProfPlanner application.

Data Controller: ABDUL CADER Ayaz
Contact for personal data: contact@profplanner.com

---

2. Personal Data We Collect

2.1 Identification and Account Data

• Email address (unique login identifier)
• First and last name
• Professional title or position
• Encrypted password
• Account creation date
• Last login date

Legal Basis: Contract execution (Article 6(1)(b) GDPR)
Purposes: Account creation and management, secure authentication, service-related communication, personalized technical support.

2.2 Planning and Educational Data

• Personal and educational tasks
• Calendar events and schedules
• Course categories and subjects
• Student groups and classes
• Workspaces and projects
• External calendar URLs (Pronote, EcoleDirecte, etc.)
• Imported calendar files (iCal format)
• Working hours and break periods

Legal Basis: Contract execution and legitimate interests (service improvement)
Purposes: Provision of planning features, educational organization, synchronization with external calendars.

2.3 Student-Related Data

• Student names
• Class or group information
• Educational observations and notes
• Participation history and results

Legal Basis: Contract execution and legitimate interests (educational management)
Purposes: Educational tracking, class organization, performance analysis.

Important note: As a user, you are responsible for obtaining necessary consents from the data subjects (students or their legal parents/guardians).

2.4 Navigation and Technical Data

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent
• Technical errors and security logs

Legal Basis: Legitimate interests (security, service improvement)
Purposes: Service security, fraud prevention, technical improvement, anonymized usage statistics.

---

3. Purposes of Processing

We process your personal data for the following purposes:

• Service provision: Account creation, authentication, schedule and task management
• Personalization: Adapting the interface and features according to your preferences
• Communication: Sending important notifications, newsletters (with consent), customer support
• Security: Protection against unauthorized access, detection of suspicious activities
• Continuous improvement: Usage analysis, development of new features
• Legal obligations: Compliance with tax and accounting obligations

---

4. Recipients of Data

Your personal data is intended for the following categories of recipients:

• Authorized personnel: Employees and agents of PROFPLANNER SAS authorized to process your data
• Technical subcontractors: Hosting providers (Scalingo, Scaleway), email services, analytics tools
• Competent authorities: Within the framework of our legal obligations or a judicial request

We do not sell or rent your personal data to third parties for marketing purposes.

---

5. Data Retention Period

We retain your personal data for the period necessary for the purposes for which they were collected:

• Account data: Duration of the contractual relationship + 3 years after termination
• Planning data: Duration of subscription + 1 year (unless earlier deletion requested)
• Billing data: 10 years (accounting and tax obligations)
• Connection logs: 1 year (IT security)
• Cookies and navigation data: Maximum 13 months

---

6. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

6.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information about the processing.

6.2 Right to Rectification (Article 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed.

6.3 Right to Erasure / Right to be Forgotten (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning you in certain cases (end of contractual relationship, withdrawal of consent, etc.).

6.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to obtain restriction of processing of your data in certain cases.

6.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit those data to another controller.

6.6 Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data based on legitimate interest, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

6.7 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

6.8 Exercising Your Rights

To exercise these rights, you can contact us:

• By email: contact@profplanner.com
• By mail: PROFPLANNER SAS - DPO, 118 rue de Tolbiac, 75013 Paris, France

We will respond within a maximum of 30 days. Proof of identity may be requested to verify your identity.

If you believe that the processing of your data constitutes a violation of the GDPR, you have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr or with the data protection authority in your country of residence.

---

7. Data Security

We implement appropriate technical and organizational measures to ensure the security of your personal data:

• Encryption: SSL/TLS encryption for all communications, encryption of sensitive data
• Authentication: Passwords hashed with bcrypt, two-factor authentication available
• Backups: Regular encrypted data backups
• Restricted access: Role-based access control, multi-factor authentication for administration
• Monitoring: Continuous monitoring, intrusion detection, audit logs
• Security testing: Regular audits, penetration testing

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will inform you as soon as possible in accordance with the GDPR.

---

8. International Data Transfers

We strive to store and process your data within the European Union. However, some of our subcontractors (particularly for analytics and customer support services) may be located outside the EU.

In such cases, we ensure that these transfers are governed by:

• Adequacy decisions of the European Commission
• Standard contractual clauses approved by the European Commission
• Recognized certification mechanisms (when applicable)

---

9. Cookies and Similar Technologies

Our application uses cookies and similar technologies for:

• Essential cookies: Technical operation of the application, authentication, security
• Preference cookies: Remembering your choices (language, display, etc.)
• Analytical cookies: Understanding application usage (anonymized)

You can manage your cookie preferences through your browser settings. Please note that refusing essential cookies may affect the functioning of the application.

---

10. Changes to the Privacy Policy

We reserve the right to modify this privacy policy at any time. Changes will be posted on this page with a revised update date.

For substantial changes, we will notify you by email or through a notification in the application.

We encourage you to review this page regularly to stay informed of any changes.

---

11. Contact

For any questions regarding this privacy policy or the processing of your personal data, you can contact us:

• Email: contact@profplanner.com
• Postal address: PROFPLANNER SAS, 118 rue de Tolbiac, 75013 Paris, France