Get in touch

Privacy Policy

Beyond Plans
16 Rue Washington
75008 Paris 

Policy Owner  :  Marie Soulignac 
Effective Date  :  18/09/2025 
Classification  :  Internal 
Version  :  #01 
Validity  :  This policy is valid for one year from the review date and must then be reassessed and updated if necessary.

 

Protecting your personal data is one of our commitments.  

When browsing the website https://www.beyondplans.net/ (the “Site”) as a visitor, prospect (“Prospect”), or client (“Client”), we may collect personal data concerning you.

The purpose of this policy is to inform you about how we process such data in compliance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR).

 1. Who is the Data Controller?

The data controller is Beyond Plans, a simplified joint-stock company (Société par actions simplifiée), registered with the Paris Trade and Companies Register under number 842 539 041, with its registered office located at 16 rue Washington, 75008 Paris (“we”), for the following processing activities:

  • the processing of your personal data carried out on the Website;

  • the processing related to the management of our contractual relationships with our Clients;

  • the processing related to the management of our prospecting and sales activities.

However, when our Clients use our services and subscribe to one of our offerings, we collect and process the personal data of Platform users on their behalf and for their account. In such cases, our Clients act as the data controllers for these processing activities, in accordance with Article 4 of the GDPR.

In this context, we act as a data processor with respect to the processing of users’ personal data. The conditions under which we process personal data in our capacity as a data processor are described in our Data Processing Agreement (“DPA”).

2. What personal data do we collect?

Personal data refers to any information that makes it possible to identify an individual, either directly or indirectly by cross-referencing with other data.

We collect personal data falling into the following categories:

  • Identification data (e.g. last name, first name, email address, telephone number);

  • Professional data (e.g. company name, job title / position, department, LinkedIn profile URL);

  • Any information you choose to provide to us as part of your contact request;

  • Browsing data (e.g. IP address, pages visited, date and time of connection, browser used, operating system, documents downloaded from the Website);

  • Data resulting from recordings of videoconferences between you and our customer service teams (e.g. call content and dates).

Mandatory data fields are identified when you provide your information. They are marked with an asterisk and are required in order to provide you with our services.

3. On what legal grounds, for what purposes, and for how long do we retain your personal data?

Purposes Legal basis Data retention periods
Purposes Legal basis Data retention periods
To prepare quotations, manage contracts, quotations and invoices, and ensure follow-up of the contractual relationship with our Clients		 Performance of the contract entered into by you or your company with us Personal data related to the contractual relationship are retained for the entire duration of the contract.In addition, such data may be retained for evidentiary purposes for 7 years.
To build and maintain a database of Clients and Prospects Our legitimate interest in developing and promoting our business activities Clients: data are retained for 5 years after the end of the contractual relationship.
Prospects: data are retained for 3 years from the date of your last contact with us. 
To send newsletters, marketing communications and promotional messages by email Our legitimate interest in informing and retaining our professional Clients and Prospects Data are retained for 3 years from your last contact with us or until you object to such processing.
To carry out telephone marketing campaigns Our legitimate interest in informing our professional Clients and Prospects of our latest news Data are retained for 3 years from your last contact with us or until you object to such processing.
To produce statistics on Website traffic and audience measurement through the use of cookies Your consent Data are retained for 12 months.
To place advertising cookies on the Website Your consent Data are retained for 12 months.
To manage requests relating to the exercise of data subject rights Our legitimate interest in responding to requests and maintaining a record thereof If we request proof of identity, it is retained only for the time required to verify identity and is deleted immediately thereafter.

If you exercise your right to object to marketing communications, this information is retained for 3 years.
   

 

4. Who are the recipients of your personal data?

The following recipients may have access to your personal data:

  • Our company’s staff, within the limits of their respective roles and responsibilities;
  • Our service providers (data processors), including hosting providers, newsletter delivery service providers, CRM tools, audience measurement providers, telephony software providers, and internal communication tools;
  • Where applicable, public or private bodies, solely for the purpose of complying with our legal obligations.

5. Are your personal data transferred outside the European Union?

As part of the tools we use (see the section on recipients relating to our service providers), your personal data may be transferred outside the European Union.

Where such transfers occur, they are secured using one of the following mechanisms:

  • Either the data are transferred to a country that is the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR. In this case, the country is deemed to provide a level of data protection that is adequate and compliant with the requirements of the GDPR;

  • Or the data are transferred to a country whose level of data protection has not been recognised as adequate under the GDPR. In such cases, the transfers are based on appropriate safeguards as referred to in Article 46 of the GDPR, adapted to each service provider. These safeguards may include, without limitation, the execution of Standard Contractual Clauses approved by the European Commission, the implementation of Binding Corporate Rules, or reliance on an approved certification mechanism;

  • Or the data are transferred on the basis of one of the other appropriate safeguards described in Chapter V of the GDPR.

6. What are your rights regarding your personal data?

You have the following rights with respect to your personal data:

  • Right to be informed: this is the purpose of the present Privacy Policy. This right is provided for under Articles 13 and 14 of the GDPR.

  • Right of access: you have the right to access all of your personal data at any time, in accordance with Article 15 of the GDPR.

  • Right to rectification: you have the right to have inaccurate, incomplete, or outdated personal data corrected at any time, in accordance with Article 16 of the GDPR.

  • Right to restriction of processing: you have the right to obtain the restriction of the processing of your personal data in certain cases, as provided for in Article 18 of the GDPR.

  • Right to erasure: you have the right to request the erasure of your personal data and to prevent any future collection thereof, on the grounds set out in Article 17 of the GDPR.

  • Right to lodge a complaint with a supervisory authority: in France, the CNIL, if you consider that the processing of your personal data constitutes a breach of applicable regulations (Article 77 of the GDPR).

  • Right to define instructions regarding the retention, erasure, and disclosure of your personal data after your death.

  • Right to withdraw your consent at any time: for processing activities based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. Such withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.

  • Right to data portability: subject to the conditions set out in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to request that such data be transmitted to a recipient of your choice.

  • Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process your data despite such objection where there are compelling legitimate grounds or for the establishment, exercise, or defence of legal claims.

You may exercise these rights by contacting us using the details provided below. We may ask you to provide additional information or documentation to verify your identity when processing your request.

7. What cookies do we use?

For more information on how cookies are managed, please refer to our Cookies Policy.

8. List of sub-processors

The list below describes the sub-processors involved in processing activities for which Beyond Plans acts as the data controller.

The list of sub-processors involved in processing activities for which Beyond Plans acts as a data processor is available in the Data Processing Agreement (“DPA”).

Sous-traitants ultérieurs autorisés  Activités de traitement sous-traitées  Localisation des traitements  Garanties appropriées mises en place en cas de transfert de données hors UE 
ODOO  CRM, invoicing management  EU Data Processing Agreement (DPA) executed
MICROSOFT SUITE (Exchange Online, Exchange Online Protection, Microsoft Teams, Sharepoint)  Email services, document management, internal communications France Data Processing Agreement (DPA) executed
GOOGLE ANALYTICS  Website marketing and audience analytics USA  Data Processing Agreement (DPA) executed, including Standard Contractual Clauses (SCCs)
ACTIVECAMPAIGN  Gestion des campagnes de mails marketing  Dublin, Irlande  Data Processing Agreement (DPA) executed, including Standard Contractual Clauses (SCCs)
WOJO  Video surveillance of our premises in the event of on-site visits France  Data Processing Agreement (DPA) executed

 

9. Data Protection Officer

Beyond Plans has appointed a Data Protection Officer (DPO).

The contact details of our DPO are as follows:

Ms Marie Soulignac

For any questions relating to your personal data, please contact us at:

  • By mail: Beyond Plans, 16 rue Washington, 75008 Paris, France

  • By email:dpo@beyonplans.net

10. Amendments

We may amend this Privacy Policy at any time, in particular in order to comply with regulatory, case law, editorial, or technical developments. Such amendments shall apply as of the effective date of the revised version.

You are therefore invited to consult the latest version of this Privacy Policy on a regular basis. Nevertheless, we will inform you of any significant changes to this Privacy Policy.

Effective date: 18 September 2025