Privacy policy


1. Who we are (Controller)
ARCHiPLAN – Architect Marcel Palm
Krinkelt, Jelaserstraße 6
4761 Büllingen, Belgium
BCE/KBO: 0866.810.806 – VAT No.: BE 0866.810.806
Email: info[at]archiplan.pro – Tel.: +32 (0)80 51 15 78
Website: https://archiplan.pro


2. Contact for data protection
A data protection officer is not legally required. For any data protection matters, please use the contact details above.


3. What data we process, for what purposes and on what legal basis
Website visit and IT security

  • Data: server log data (IP address, date/time, requested URL, referrer, user agent, status code, amount of data transferred).
  • Purpose: operation, stability and security of the website (e.g., defense against attacks).
  • Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Contact by email/phone/(contact form)

  • Data: name, contact details, content of your message, project data where applicable.
  • Purpose: responding to your inquiry; pre-contractual/contractual communication.
  • Legal basis: pre-contractual measures/contract (Art. 6(1)(b) GDPR) and/or legitimate interests (Art. 6(1)(f) GDPR).

No marketing profiles, no analytics or marketing cookies, no social media plugins.


4. Cookies

  • We only use technically strictly necessary functions/cookies (e.g., session, language).
  • No tracking or marketing cookies are used; a consent banner is not required for this.


5. Hosting and processing on our behalf
Hosting provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

  • Processing as a processor pursuant to Art. 28 GDPR on the basis of a data processing agreement.
  • Processing in data centers within the EU (primarily Germany).
  • We generally store server logs for a maximum of 30 days, longer only in specific cases of security incidents.


6. Recipients of personal data

  • IT/hosting service providers (in particular Hetzner) as processors.
  • Project participants (e.g., specialist planners, executing companies) insofar as required for contract performance.
    Disclosure always takes place on a legal basis and—where required—on the basis of contractual assurances.


7. Data transfers to third countries
No transfer to countries outside the EU/EEA is envisaged. Should a transfer be required in exceptional cases, it will only take place in compliance with Arts. 44–49 GDPR (e.g., EU Standard Contractual Clauses) and after prior information.


8. Retention periods

  • Server logs: up to 30 days (longer only in the event of security incidents).
  • Contact inquiries: up to 6 months after completion of processing.
  • Offers/quotes: up to 2 years.
  • Architects’ project files: generally up to 10 years after acceptance/completion (statutory liability periods).
    After expiry of the periods, we delete or anonymize data unless legal obligations or legitimate interests prevent this.


9. Your rights
Under the GDPR you have the following rights: access, rectification, erasure, restriction, data portability, objection to processing based on Art. 6(1)(e) or (f). You may withdraw any consent given at any time with effect for the future. To exercise your rights, please contact us using the contact details above. We respond within the statutory time limits.


10. Security
We implement appropriate technical and organizational measures (including TLS/SSL encryption, access and authorization concepts, data minimization) to protect personal data against unauthorized access, loss or misuse.


Changes to this privacy policy
We will update this policy if the legal situation or our processing activities change. The current version on this page applies.
Last updated: August 2025