Nezam
Book a demo
Legal

GDPR & data protection

Nezam processes learners' and families' data in line with the GDPR. This page sets out our commitments: processor role, record of processing, security and hosting, individuals' rights, protection of minors and data protection contact.

Last updated: June 18, 2026.

Nezam is an educational management platform for community schools and language institutes. It brings together online enrolment, attendance, grades and report cards, student progress tracking, payments, two-factor authentication and a bilingual mobile app for parents and students, with data hosted in Europe. Because it handles data relating to learners, underage students and their legal guardians, Nezam places data protection at the heart of its design ("privacy by design"). This page describes Nezam's commitments under the General Data Protection Regulation (GDPR) and complements the privacy policy.

1. Our GDPR commitments

Nezam undertakes to process personal data lawfully, fairly and transparently, for specified purposes limited to educational management. Concretely:

  • data is collected only for educational management purposes (enrolments, attendance, grades, payments, communication with families);
  • consents, authorisations (photo, outings) and mandatory documents are collected and kept in the learner's record;
  • data is only accessible to authorised people, according to each person's role (management, teacher, legal guardian, student);
  • legal guardians retain control over the information relating to their children;
  • no data is resold or used for advertising purposes.

2. Roles: data controller and processor

The allocation of responsibilities under the GDPR is as follows:

Party Capacity (GDPR) Role
The teaching organisation (Customer) Data controller Determines the purposes and means of the processing, collects consents from families, and handles requests to exercise rights.
Nezam (the publisher) Processor (Art. 28) Processes the data on behalf of and on the instructions of the organisation, implements security measures and assists the organisation in meeting its obligations.
The legal guardian Data subject / holder of parental authority For underage students, exercises rights and gives consents and authorisations on behalf of the child.

3. Record of processing

Nezam keeps a record of the processing activities carried out as a processor, as provided for in Article 30 of the GDPR. The main categories of processing carried out through the platform are:

  1. management of enrolments and re-enrolments (learners, legal guardians, subjects, time slots, waiting list);
  2. attendance tracking (roll call, reasons for absence and lateness, behaviour, validation of the roll call);
  3. educational tracking (grades by sub-skill, averages, comments, report cards);
  4. payment management (transactions, due dates, statuses);
  5. communication with families (messaging, announcements, push notifications);
  6. management of accounts and user roles.

4. Sub-processing

To provide the Service, Nezam may use sub-processors (for example for hosting, sending notifications or payments). These providers are selected for their compliance guarantees and are bound by contractual commitments that meet the requirements of Article 28 of the GDPR.

The list of sub-processors is kept up to date and can be provided to customer organisations on request at contact@nezam.fr.

5. Security & hosting

Nezam implements technical and organisational measures designed to protect data against loss, unauthorised access, disclosure or alteration, in particular:

  • encryption of data in transit and at rest;
  • individual user authentication, with two-factor authentication (2FA);
  • role-based access management, with each user only accessing the data needed for their function;
  • automatic data backups;
  • maintenance and security updates of the platform, included in the subscription.

Data is hosted in Europe. Data is never resold or used for advertising purposes. Further details appear in the legal notice.

6. Individuals' rights

In accordance with the GDPR, any data subject (legal guardian, adult student, team member) has rights over their data:

  • right of access to their data;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure ("right to be forgotten"), within the limits of legal retention obligations;
  • right to restriction of processing;
  • right to object on legitimate grounds;
  • right to data portability.

These rights are exercised primarily with the teaching organisation, the data controller. Nezam, as a processor, assists the organisation in responding to them. Any request can also be sent to contact@nezam.fr; it will be forwarded to the relevant organisation. In the event of a disagreement, the data subject may lodge a complaint with the competent supervisory authority.

7. Protection of minors

Nezam's learners are, in most cases, underage students. The processing of their data relies on the legal guardian, who gives the necessary consents and authorisations (for example for photos or outings) and exercises rights on behalf of the child. Nezam collects and keeps these consents in the learner's record and only exposes the child's data to the legal guardian and the organisation's authorised members.

The mobile app for families gives the legal guardian read-only access to their child's schooling (attendance, grades, report cards, homework) and to messaging with the team, further strengthening their control over the information.

8. Data breach

In the event of a personal data breach, Nezam undertakes, in its capacity as a processor, to inform the relevant customer organisation without undue delay, so that it can meet its notification obligations under Articles 33 and 34 of the GDPR.

9. Data protection & contact

For any question relating to the protection of your data, you can write to contact@nezam.fr or contact Nezam on WhatsApp at +33 6 84 86 52 73. Your request will be forwarded, where applicable, to the organisation responsible for the processing.

10. Changes to this page

This page may be updated to reflect changes to the Service, to sub-processors or to the regulations. The applicable version is the one published on the date of consultation, the last update of which is indicated at the top of the document.

Frequently asked questions

Frequently asked questions

Is Nezam GDPR-compliant?

Yes. Nezam is designed to process the data of learners and families in line with the General Data Protection Regulation (GDPR). The platform manages consents, authorisations (photo, outings) and mandatory documents, hosts data in Europe, and applies encryption, two-factor authentication and automatic backups.

Who is responsible for the data processed in Nezam?

The teaching organisation that uses Nezam (community school, language institute) is the data controller for its learners and their families. Nezam acts as a processor within the meaning of Article 28 of the GDPR, meaning it processes that data on behalf of and on the instructions of the organisation.

How do I exercise my rights over my data?

To exercise your rights of access, rectification, erasure, restriction, objection or portability, contact your teaching organisation first, as the data controller. You can also write to contact@nezam.fr, which will forward your request to the relevant organisation.

How is the data of underage students protected?

For underage students, data processing relies on the legal guardian. Nezam makes it possible to collect and keep the consents and authorisations given by the legal guardian (for example for photos or outings), who retains control over the information relating to their child.

Where is Nezam data hosted?

Data is hosted in Europe, with encryption of data in transit and at rest, two-factor authentication and automatic backups. Data is never resold.

Ready to simplify how you run your organisation?

Book a 20-minute demo. No card, no commitment.

Book a demo
  • No commitment
  • Money-back guarantee
  • GDPR-compliant
  • Hosted in your country