Back to home

Privacy Policy

Last updated: March 2026

This privacy policy describes how Ikimas, sole proprietor and publisher of Plan de Garde accessible at plandegarde.lu, collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).

1. Data Controller

Plan de Garde is published by Ikimas. See our Legal Notice for full publisher details.

2. Data Collected

In the context of using the Plan de Garde service, we collect the following data:

Account data

  • First and last name
  • Email address
  • Password (stored in hashed form)
  • Phone number (optional)

Usage data

  • Doctor initials (for schedule display)
  • Organizational data related to on-call schedules (schedules, assignments, facilities)
  • Off-day declarations and reasons (optional)

Audit data

  • Shift swap requests and associated messages between doctors
  • In-app notifications (record of actions taken on schedules and accounts)

Technical data

  • IP address
  • Browser type, operating system, and user agent
  • Session data

Important: Plan de Garde does not collect any health data or patient data. The service is a purely organizational tool for managing on-call schedules.

3. Purposes and Legal Basis

PurposeLegal basisData concerned
Account creation and managementPerformance of contract (Art. 6.1.b GDPR)Name, email, password, phone
Providing the scheduling servicePerformance of contract (Art. 6.1.b GDPR)Initials, schedules, assignments, off-days
Sending service-related notificationsPerformance of contract (Art. 6.1.b GDPR)Email
Maintaining audit trailsLegitimate interest (Art. 6.1.f GDPR)Swap requests, messages, notifications
Security and abuse preventionLegitimate interest (Art. 6.1.f GDPR)IP address, user agent, session data

4. Email Notifications

Automated notifications are sent exclusively from noreply@notifications.plandegarde.lu and relate solely to the operation of the service (on-call alerts, schedule changes, account information). No commercial or promotional emails are sent.

5. Data Recipients

Your personal data is accessible to:

  • The data controller, for service administration
  • Your team administrator, for managing members and schedules
  • Members of your team, limited to initials and shared schedules

Technical subprocessors:

  • Render (application hosting) — European Union (Frankfurt, Germany)
  • Resend (transactional email delivery) — European Union (Ireland)
  • OVH (domain name and related services) — France

6. Data Retention

DataRetention period
Account dataDuration of use of the service. Deleted upon request or account closure
Schedule and usage dataDuration of use of the service. Deleted upon account closure
Session data (IP, user agent)Sessions expire after 7 days. Expired records are purged periodically
Verification tokens (email verification, password reset)Tokens expire after use or within a short validity window. Expired records are purged periodically

7. Your Rights

In accordance with the GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request the deletion of your data
  • Right to restriction: restrict the processing of your data
  • Right to portability: receive your data in a structured, readable format
  • Right to object: object to processing based on legitimate interest

To exercise these rights, contact us at: support@plandegarde.lu

We will respond to your request within a maximum of 30 days.

8. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted communications (HTTPS/TLS)
  • Password hashing
  • Restricted data access through authentication
  • Regular backups

9. Cookies

Plan de Garde uses only strictly necessary cookies for the operation of the service (session cookies, authentication). No tracking, advertising, or analytics cookies are used.

10. Supervisory Authority

If you believe the processing of your data does not comply with the GDPR, you may file a complaint with:

  • CNIL (Commission Nationale de l'Informatique et des Libertés) — French authority — cnil.fr
  • CNPD (Commission Nationale pour la Protection des Données) — Luxembourg authority — cnpd.public.lu

11. Changes

This privacy policy may be updated. Any substantial changes will be notified by email or through the service. The last update date is indicated at the top of this document.

See also: Terms of Service · Legal Notice