Planopti/GDPR

GDPR and Data Protection

Last updated: 1 March 2026

Data controller

Planopti SA, Geneva, Switzerland.

Data Protection Officer (DPO): [email protected]

For data processed by the software (client staff data), the client is the data controller within the meaning of the GDPR. Planopti SA is neither data controller nor data processor for this data in normal operation, since there is no access.

Legal basis and purposes

The legal bases for processing carried out by Planopti SA are as follows:

  • Contact form (website): consent of the individual (form submission) and legitimate interest (B2B prospecting)
  • Licence contract performance: contractual necessity (installation, configuration, support)
  • Remote support interventions: legitimate interest (software maintenance) with explicit client consent for each intervention

Planopti SA does not carry out any profiling, any automated decision-making within the meaning of Article 22 of the GDPR, or any processing for unsolicited direct marketing purposes.

Data processed via the website

The planopti.io website collects the following data:

  • Contact form: last name, first name, email address, company name, message
  • Navigation data: pages viewed, visit duration (anonymised, without third-party tracking cookies)

No third-party analytics tool is integrated into the website. No tracking cookies are placed.

Data processed by the software

The Planopti software processes personal data of the client's staff, strictly necessary for scheduling:

  • Identity: last name, first name of each employee
  • Contract: contract type (permanent, fixed-term, part-time), monthly contractual hours
  • Contact: email and phone (optional, for schedule distribution)
  • Qualifications: professional certifications and clearances required for each position
  • Scheduling: shift assignments, absences (leave, sick leave), individual constraints

The software does not process any health data (sick leave absences are recorded without medical reason), biometric data, banking data, geolocation data, or data relating to ethnic origin.

Data minimisation

In accordance with the minimisation principle (Article 5.1.c of the GDPR), the software collects only data strictly necessary for schedule generation:

  • The CP-SAT optimisation engine uses only boolean variables (agent assigned or not to a shift) and integers (hours, durations, counters)
  • No data is collected beyond what is required for the calculation
  • Contact data (email, phone) is optional and is not used by the solver
  • The audit log records the actions taken, not the content of the modified data

Architecture and data location

The on-premise architecture of the software guarantees:

  • No international transfer: data remains on the client's server, within their network. No transfer outside the European Union or Switzerland
  • No cloud hosting: Planopti SA operates no cloud server, no remote database, no SaaS service
  • Complete isolation: the software operates without internet connection. No "phone home", no synchronisation, no telemetry
  • Local storage: SQLite database, single file on the client server disk. The client controls physical and logical access to their data

Data processing

Software data: Planopti SA uses no sub-processor for the processing of software data. In normal operation, Planopti SA has no access to the data.

Planopti SA acts as data processor within the meaning of Article 28 of the GDPR only during remote support interventions expressly requested by the client. A Data Processing Agreement (DPA) is provided in this context, specifying:

  • The subject matter and duration of the intervention
  • The nature of the data that may be accessible
  • Confidentiality and security obligations
  • The prohibition on copying, extracting, or transmitting data

Website: any sub-processors (website hosting) are located in the EU or Switzerland. The list is available on request.

Data subject rights

In accordance with the GDPR (EU Regulation 2016/679) and the Swiss FADP, any individual may exercise the following rights:

  • Right of access (Art. 15): obtain confirmation that data concerning them is being processed and receive a copy
  • Right to rectification (Art. 16): request the correction of inaccurate data
  • Right to erasure (Art. 17): request the deletion of their data
  • Right to data portability (Art. 20): receive their data in a structured, machine-readable format
  • Right to object (Art. 21): object to the processing of their data
  • Right to restriction (Art. 18): request restriction of processing

For data processed via the website: contact [email protected]. Response within thirty (30) days.

For data processed by the software: the client (employer) is the data controller. Requests must be addressed directly to the client, who has all the necessary tools in the dashboard (consultation, modification, deletion, export).

Data portability

The software offers several portability mechanisms, in accordance with Article 20 of the GDPR:

  • Excel export: schedules, staff list, requirements, constraints, all exportable in standard .xlsx format
  • SQLite database: open format, readable by any compatible tool (DB Browser, Python, etc.). No software dependency to access the data
  • Snapshots: complete database backup, restorable or usable independently

Upon end of contract, the client retains all their data in these formats. No proprietary lock-in prevents data recovery or migration.

Regulatory compliance

Planopti SA complies with the following regulatory frameworks:

  • GDPR (EU Regulation 2016/679): applicable to the processing of data of individuals located in the European Union
  • FADP / nFADP (Swiss Federal Act on Data Protection, revised 1 September 2023): applicable as a Swiss company processing data of individuals in Switzerland

The on-premise architecture significantly simplifies compliance:

  • No international transfer to document
  • No cloud sub-processor to audit
  • The client retains full control over their data and the exercise of their employees' rights
  • The impact assessment (DPIA) is simplified by the absence of outbound data flows

Retention periods

Contact data (website): twenty-four (24) months after the last exchange, then permanent deletion.

Software data: under the responsibility of the client as data controller. The client defines their own retention policy and has deletion tools available in the dashboard.

Support intervention data: intervention reports are retained for the duration of the maintenance contract, then deleted within six (6) months after the end of the contract.

Technological transparency

The optimisation engine used by Planopti is CP-SAT, developed by Google and distributed open-source under the Apache 2.0 licence within the Google OR-Tools library.

Key points from a data protection perspective:

  • CP-SAT is a deterministic combinatorial optimisation solver, not an artificial intelligence or machine learning model
  • It does not generate profiles, makes no statistical inference about individuals, and produces no prediction score
  • The variables manipulated are booleans (agent assigned yes/no) and integers (hours, counters), not textual data or behavioural metadata
  • The CP-SAT source code is publicly auditable on Google's official repository
  • The processing does not fall within the scope of Article 22 of the GDPR (automated decision-making producing legal effects) as the scheduler validates and can modify each schedule before distribution

DPO contact

Data Protection Officer: [email protected]

Planopti SA, Geneva, Switzerland.

In case of an unresolved dispute, you may contact the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, or the competent supervisory authority of your country of residence within the EU.