IIOFLFrench Online

Privacy Policy

Last updated: January 2025

1. Data Controller

International Institute of French Language (IIOFL), operated from France. Contact: contact@iiofl.com

2. Data Collected

  • Registration: name, email, phone, level, learning objectives.
  • Payments: transaction ID and status only โ€” no card data stored (processed by Stripe, PCI-DSS compliant).
  • Classes: attendance records, test results.
  • Navigation: cookies and analytics (Google Analytics 4), see Cookie Policy.

3. Legal Basis (GDPR)

  • Contract performance (enrolment and payment)
  • Legitimate interest (fraud prevention, security)
  • Consent (marketing emails, cookies)

4. India โ€” DPDP Act 2023

We comply with India's Digital Personal Data Protection Act 2023. Indian residents have the right to access, correct, and delete their personal data. Contact us at contact@iiofl.com to exercise these rights.

5. Minors

For students under 18, we require explicit parental/guardian consent at registration. We do not collect data from minors without such consent.

6. Data Sharing

We share data with: Supabase (database), Stripe (payments), Brevo (email/CRM), Google (Classroom, Meet, Analytics). All are under appropriate data processing agreements.

7. Retention

Personal data is retained for the duration of the contractual relationship plus 3 years for legal obligations. You may request deletion at any time.

8. Your Rights

Under GDPR and DPDP Act, you have the right to access, rectify, erase, restrict, and port your data. Contact: contact@iiofl.com. You also have the right to lodge a complaint with the CNIL (France) or applicable Indian authority.

9. Security

We use HTTPS, database encryption at rest, and row-level security via Supabase. Passwords are hashed. No payment card data is ever stored on our servers.

Privacy Policy โ€” IIOFL | IIOFL