Privacy Policy

Last updated: August 2, 2025

1. Data Controller Information

Data Controller

Company: Planifica - School Schedule Optimizer

Location: Casablanca, Morocco

Privacy Contact: privacy@planifica.education

Phone: +212 643 18 68 97

Planifica ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when you use our AI-powered school scheduling platform and related services.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, school details)
  • Educational data (teacher information, subject details, classroom configurations)
  • Scheduling preferences and constraints
  • Communication records (support requests, feedback)
  • Payment information (processed by third-party payment processors)

2.2 Automatically Collected Information

  • Usage data and analytics
  • Device and browser information
  • IP address and location data
  • Cookies and similar tracking technologies

3. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

Consent (Article 6(1)(a))

  • Contact form submissions with explicit consent
  • Marketing communications (with separate consent)
  • Non-essential cookies and analytics

Contract (Article 6(1)(b))

  • Providing scheduling optimization services
  • Generating AI-powered schedule recommendations
  • User account management and authentication
  • Processing service subscriptions

Legitimate Interest (Article 6(1)(f))

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Technical maintenance and support
  • Analytics for service enhancement (anonymized where possible)

Legal Obligation (Article 6(1)(c))

  • Tax and accounting records
  • Regulatory compliance reporting
  • Response to lawful requests from authorities

4. Third-Party Data Processors

We work with trusted third-party processors under GDPR Article 28 data processing agreements:

Service ProviderPurposeData LocationSafeguards
Cloud InfrastructureHosting, data storage, computingEU/EEAGDPR Article 28 DPA, encryption
Email ServiceTransactional emails, notificationsEU/EEAStandard Contractual Clauses
Analytics ProviderUsage analytics (anonymized)VariousIP anonymization, consent-based
Security ServicesDDoS protection, threat detectionGlobalAdequacy decisions, SCCs

International Data Transfers

Where personal data is transferred outside the EU/EEA, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Additional technical and organizational measures

5. Data Security

We implement industry-standard security measures to protect your information:

  • End-to-end encryption for sensitive data
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure data transmission (HTTPS/TLS)
  • Regular backup and disaster recovery procedures

6. Data Retention Periods

We retain personal data only as long as necessary for the stated purposes:

Data CategoryRetention PeriodLegal Basis
Contact Form Data3 years from last contactLegitimate interest for customer service
User Account DataDuration of subscription + 1 yearContract performance
Educational DataDuration of subscription + 2 yearsContract performance, backup
Financial Records7 yearsLegal obligation (tax law)
Analytics Data26 months (anonymized after 14 months)Legitimate interest for service improvement
Security Logs13 monthsLegitimate interest for security

Automated Deletion

We have implemented automated systems to delete personal data when retention periods expire, ensuring compliance with data minimization principles under GDPR Article 5.

7. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

🔍 Right of Access (Article 15)

Request a copy of all personal data we hold about you, including processing purposes and recipients.

Exercise Right →

✏️ Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Request Correction →

🗑️ Right to Erasure (Article 17)

Request deletion of your personal data when it's no longer needed or you withdraw consent.

Delete My Data →

⏸️ Right to Restrict Processing (Article 18)

Request limitation of processing while we resolve accuracy disputes or objections.

Restrict Processing →

📦 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format for transfer to another service.

Export Data →

🚫 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

Object to Processing →

📋 How to Exercise Your Rights

  • Online: Use our Data Subject Rights Portal for access and deletion requests
  • Email: Contact privacy@planifica.education for other rights
  • Response Time: We respond within 1 month (may be extended to 3 months for complex requests)
  • Verification: We may request identity verification to protect your data
  • Free of Charge: Exercising your rights is free unless requests are excessive

8. Children's Privacy

Our services are designed for educational institutions and are not intended for direct use by children under 13. We do not knowingly collect personal information from children under 13 without appropriate parental or institutional consent. If you believe we have collected information from a child under 13, please contact us immediately.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Our cookie banner allows you to manage your preferences:

Essential Cookies

Required for basic website functionality. These cannot be disabled as they are necessary for the service to operate.

Analytics Cookies

Help us understand how visitors interact with our website. We use IP anonymization and require your consent.

Marketing Cookies

Used to deliver relevant advertisements. We only use these with your explicit consent.

Cookie Management

You can manage your cookie preferences at any time through our cookie banner or by contacting us. Disabling certain cookies may impact website functionality.

10. Data Breach Notification

Security Incident Response

In the unlikely event of a data breach affecting your personal data, we will:

  • Notify the supervisory authority within 72 hours (GDPR Article 33)
  • Inform affected individuals without undue delay if high risk is involved (GDPR Article 34)
  • Provide clear information about the nature of the breach and our response measures
  • Offer guidance on steps you can take to protect yourself

11. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in our practices or legal requirements. We will notify you of material changes:

  • By email to your registered address (for significant changes)
  • Through prominent notices on our platform
  • By updating the "Last updated" date at the top of this notice

Your Continued Use: Continued use of our services after changes become effective constitutes acceptance of the updated privacy notice, unless we indicate that affirmative consent is required.

12. Contact Information

For privacy-related questions, data subject rights requests, or concerns about our data processing:

📧 Data Controller Contact

Company: Planifica - School Schedule Optimizer

Privacy Email: privacy@planifica.education

Phone: +212 643 18 68 97

Address: Casablanca, Morocco

🏛️ Supervisory Authority

Authority: Commission Nationale de contrôle de la protection des Données à caractère Personnel (CNDP)

Role: You have the right to lodge a complaint with the supervisory authority if you believe your data protection rights have been violated.

Website: www.cndp.ma

✅ Quick Actions

Exercise Your RightsContact Privacy Team