ARCHIBY.COM PRIVACY POLICY AND COOKIE POLICY

1. INTRODUCTION AND SCOPE
   1.1. This Privacy Policy and Cookie Policy (“Policy”) sets out the procedures and principles regarding the processing, retention, protection and transfer of personal data obtained through the website with the domain name Archiby.com and related digital platforms (“Site”), operated by Archiby BV (“Archiby”, “Company”, “We”).
   1.2. Archiby is an organization established and centrally located in Belgium and, in the processing of personal data, acts in compliance with the applicable legislation of Belgium and other relevant countries, in particular the General Data Protection Regulation of the European Union (EU 2016/679) (“GDPR/AVG”).
   1.3. This Policy applies to all natural persons visiting the Site and to natural persons acting on the Site as users, members, corporate members, professionals, customers or with similar capacities (“User”).

2. IDENTITY OF THE DATA CONTROLLER
   2.1. Your personal data is processed by Archiby BV, whose details are provided below, in its capacity as data controller:
   • Title: Archiby
   • Address: Excelsiorlaan 31, 1930 Zaventem, Belgium
   • E-mail: info@archiby.com
   • Telephone: +32 456 90 19 67

3. CATEGORIES OF PERSONAL DATA PROCESSED
   3.1. The following categories of personal data may be processed via the Site:

a) Identity Information: Name, surname, username, title, company/corporate member information (to the extent it can be associated with a natural person).
b) Contact Information: E-mail address, telephone number, address information, country/city information.
c) Account and Usage Information: Membership information, log-in and log-out records, password (stored in our systems in an encrypted form that cannot be reversed), preferences and settings.
d) Project and Listing Information: Project descriptions, listing texts, budget information, delivery time, uploaded drawings, photographs, documents and similar content.
e) Messaging and Communication Records: On-site messages, support requests, complaints, evaluations and feedback.
f) Financial Information: Invoice information, payment transaction records, payment dates and amounts. (Your bank/credit card details are processed in encrypted form by third-party payment service providers and are not directly stored by Archiby.)
g) Technical Information: IP address, browser type, operating system, device information, cookie records, log information, session information.
h) Marketing and Profiling Information: Preferences, areas of interest, pages visited, viewed listings and projects, campaign and newsletter subscription status.

4. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
   4.1. Your personal data is processed for the purposes set out below and on the legal grounds specified under the GDPR:

a) Conclusion and Performance of a Contract
• Creation and management of a membership account via the Site,
• Publication of project/work requests, submission and acceptance of offers and management of these processes,
• Enabling communication between Users and professionals, corporate members and other service providers,
• Execution of payment, collection and invoicing processes.

b) Our Legitimate Interests
• Ensuring the security of the Site, detecting and preventing misuse and fraud attempts,
• Improving system performance, infrastructure security and quality of service,
• Examining complaints, disputes and non-compliance allegations; carrying out internal audit and control processes such as freezing memberships and blacklisting,
• Maintaining a trust-based control and supervision mechanism at national and sectoral level.

c) Fulfilment of Legal Obligations
• Compliance with tax, accounting, financial and commercial law obligations,
• Responding to the requests of competent administrative and judicial authorities,
• Compliance with statutory retention periods.

d) Processing Based on Explicit Consent
• Sending marketing, announcements, campaigns, newsletters and similar commercial communications by electronic means,
• Providing personalized content and advertisements through cookies and similar technologies,
• Making recommendations and guidance suitable to the User profile.

5. TRANSFER OF PERSONAL DATA
   5.1. Your personal data may be transferred, with the necessary security measures in place and limited to the purposes specified above, to the following categories of recipients:

a) Service Providers:
• Companies providing hosting, cloud and data center services,
• Payment infrastructure providers, banks and financial institutions,
• Companies providing information technologies, software, maintenance and support services,
• Companies providing analytics, security, logging and monitoring services.

b) Advisors and Business Partners:
• Natural and legal persons providing legal, financial, tax, audit and consultancy services,
• Business partners and organizations with which cooperation is established, to the extent required by the business relationship.

c) Legal Authorities and Public Institutions:
• Competent administrative and judicial authorities,
• Supervisory and regulatory bodies,
• Law enforcement authorities in mandatory cases.

5.2. If your personal data is to be transferred outside the European Economic Area within the framework of the GDPR, no data transfer shall be made without ensuring appropriate safeguards (adequacy decision, standard contractual clauses, etc.).

6. RETENTION PERIODS FOR PERSONAL DATA
   6.1. Personal data is retained for as long as necessary for the purposes of processing and by taking into account limitation periods and mandatory retention periods stipulated in the applicable legislation.

6.2. In general:
• Membership and account data is retained for as long as your account remains active; in the event that the account is closed, such data may be retained for an additional reasonable period within the framework of legal obligations.
• Financial and accounting data is retained, in most cases, for at least 5 (five) years in accordance with applicable legislation.
• Your project and listing information may be retained for an average of 2 (two) years to address the risk of disputes and for reference purposes; at the end of this period, it may be anonymized and used for statistical purposes.
• Data processed via cookies may be retained for the duration of the session or up to 24 (twenty-four) months, depending on the type of cookie.

6.3. Upon expiry of the retention period, personal data is deleted, destroyed or anonymized by Archiby in an irreversible manner.

7. SECURITY OF PERSONAL DATA
   7.1. Archiby takes technical and organizational measures to ensure the security of personal data. In this context:
   • Secure communication via HTTPS,
   • Use of strong encryption methods,
   • Role-based limitation of access rights,
   • Use of firewalls and intrusion detection/prevention systems,
   • Backup and disaster recovery mechanisms,
   • Regular updating and testing of systems

are implemented.

7.2. Staff and business partners are informed about data protection and privacy and are authorized to access data only to the extent necessary for the performance of their duties.

8. CHILDREN’S PRIVACY
   8.1. The Site is, as a rule, not directed at persons under the age of 18 (eighteen).

8.2. It is not intended that persons under the age of 18 create an account on the Site or share their personal data without the consent of their legal guardian or custodian. If such a situation is detected, the relevant account is subject to a separate review and, if deemed necessary, may be closed; personal data shall be deleted or anonymized within a reasonable period of time.

9. RIGHTS OF USERS
   9.1. As a data subject, you have the following rights under the GDPR:
   a) To request information as to whether your personal data is being processed,
   b) To request access to your personal data,
   c) To request the rectification of inaccurate or incomplete data,
   d) To request the erasure of data (“right to be forgotten”) where the purpose of processing no longer exists, the consent on which the processing is based is withdrawn, or the processing is unlawful,
   e) To request the restriction of processing,
   f) To receive your personal data in a structured, commonly used and machine-readable format and to have this data transmitted to another data controller (data portability),
   g) To object to data processing based on our legitimate interests and to processing for direct marketing purposes,
   h) Not to be subject to a decision based solely on automated processing and to object to such decisions.

9.2. You may submit your requests regarding your rights to Archiby through the following communication channels:
• E-mail: info@archiby.com
• Address: Excelsiorlaan 31, 1930 Zaventem, Belgium

9.3. As a rule, Archiby will respond to your applications within 1 (one) month. Where necessary, this period may be extended by a further 2 (two) months in accordance with the GDPR; in such case, you will be informed accordingly.

9.4. Your right to lodge a complaint with the competent data protection authority in your country regarding the processing of your personal data remains reserved.

10. COOKIE POLICY
    10.1. When you visit or use the Site, Archiby makes use of cookies and similar technologies for the purposes of improving user experience, ensuring security, enhancing performance and carrying out statistical analysis.

10.2. Cookies are small text files stored on your devices such as computer, tablet or smartphone. These files enable your device to be recognized when you revisit the Site.

10.3. The main types of cookies used on the Site are as follows:

a) Strictly Necessary Cookies: These cookies ensure the functioning of the basic features of the Site (such as logging in, security, form processing). Without these cookies, the Site may not function properly.

b) Functional Cookies: These cookies help remember your personal settings such as preferred language, region and similar preferences.

c) Analytics and Performance Cookies: These cookies are used to analyse, in an anonymous or aggregate form, Site traffic, visit durations, pages visited and similar statistics.

d) Marketing and Targeting Cookies: These cookies are used to deliver advertisements and content tailored to your interests. Such cookies may, in many cases, be placed by third-party service providers and are subject to your explicit consent.

10.4. Management of Your Cookie Use
• You can accept, refuse or delete cookies via your browser settings.
• Please note that if you disable cookies, some sections or features of the Site may not function properly.

10.5. Third-Party Cookies
Third-party services such as Google Analytics, YouTube, map services and social media widgets may be used on the Site, and these services may place cookies. The use of such cookies is subject to the privacy and cookie policies of the respective third parties. Archiby does not have full control over these cookies, and you are advised to review the policies of the relevant third-party providers for detailed information.

11. THIRD-PARTY LINKS AND INTEGRATIONS
    11.1. The Site may contain links to third-party websites, platforms or applications. Archiby is not responsible for the privacy and cookie practices applied on websites accessed via such links.

11.2. Users are advised to carefully review the privacy and cookie policies of the relevant platforms before sharing personal data on third-party sites.

12. AMENDMENTS TO THE POLICY
    12.1. Archiby reserves the right to update, amend or partially/entirely renew this Policy at any time.

12.2. Amendments to the Policy shall become effective as of the date they are published on the Site. In the event of material changes, Users will, where possible, be informed via e-mail, notification or on-site announcements.

12.3. Your continued use of the Site shall be deemed as your acceptance of the updated provisions of the Policy.

13. EFFECTIVE DATE
    13.1. This Privacy Policy and Cookie Policy has entered into force as of 01 June 2024 and is accessible via Archiby.com.