Home / Privacy & GDPR
Legal

Your data.
Our obligation.

We self-host our systems. No tracking, no resale, no extra-EU transfers. This page explains what we collect, why, and what you can demand from us.

Updated · 2026-04-29 | GDPR-compliant (EU 2016/679)

01Data controller

The controller of your personal data is:

Legal nameItalique SRL
Trading asAncalagon
VAT / Company no.BE 0798.398.288
Registered officeRue Jules Stiernet 88, 4252 OMAL, Belgium
OfficeChaussée de Waremme 163, 4520 Antheit, Belgium
Privacy contactprivacy@ancalagon.be
Phone+32 494 06 80 35

// Italique SRL is a company under Belgian law, subject to GDPR and the Belgian Data Protection Act of 30 July 2018.

02Who this policy covers

This policy covers all personal data processed by Italique SRL as part of Ancalagon's activities:

  • Visitors of ancalagon.be (including the contact form);
  • Users of the Ancalagon Manager (manager.ancalagon.be);
  • Clients and their operational contacts (billing, contracts, support);
  • Job applicants who send us their CV.

03Data we collect

Website visitors

Data
Source
Required
Name, email, phone, company, message
Contact form
Email + message
Server logs (IP, user-agent, timestamp)
Automatic (security)

Manager users

  • Full name, email, phone (optional), password (bcrypt-hashed)
  • Account verification status, access logs
  • Company, address, city, postal code, country, VAT no.

Contract & billing data

  • Signatory identity, signed contracts, project email threads
  • Invoices, payments, banking references

Job applicants

  • Résumé, cover letter, recruitment correspondence

04Why we collect this data

  • Deliver and maintain our infrastructure services and the Manager;
  • Notify you of incidents, changes, or maintenance windows;
  • Provide 24/7 technical support;
  • Ensure platform security (abuse detection, fail2ban, audit);
  • Meet legal obligations (accounting, tax, judicial requisitions);
  • Manage the commercial and contractual relationship.

Per GDPR Article 6, each processing activity rests on one of the following bases:

  • Contractual necessity — service delivery and invoicing;
  • Legal obligation — accounting, tax retention, compliance;
  • Legitimate interest — platform security, fraud prevention;
  • Consent — where required (e.g. submitting the contact form).

06Retention period

Category
Duration
Reason
Contract & invoices
10 years
Belgian accounting law
Active Manager accounts
Term of contract
Contractual
Closed Manager accounts
24 months
Audit, soft-delete
Contact form messages
24 months
Sales follow-up
Server logs
12 months
Security, intrusion
Unsuccessful applications
6 months
Talent pool (with consent)

Past these terms, data is irreversibly deleted or anonymised. Soft-deleted records remain accessible to a restricted set of administrators for audit purposes only.

07Hosting & sub-processors

Ancalagon is itself a hosting provider. All data is stored on our own infrastructure, in Belgium and Luxembourg, within Tier III or equivalent datacenters. We do not delegate storage, compute, or backups to US hyperscalers.

  • Application hosting: Ancalagon infrastructure (BE / LU)
  • Databases: self-hosted, replicated in Belgium
  • Backups: self-hosted, encrypted at rest
  • Transactional email: Ancalagon-internal SMTP servers
  • No transfer outside the EU/EEA.

08Security

We apply reasonable technical and organisational measures to protect your data:

  • TLS 1.3 encryption on all external connections;
  • Passwords stored as bcrypt with per-record salt;
  • Backups encrypted at rest (AES-256);
  • Multi-factor authentication on all administrator access;
  • Network segmentation, firewalls, intrusion detection (IDS);
  • Centralised logging and 24/7 alerting;
  • Security patches within 7 days for high-severity CVEs;
  • Least-privilege access: data accessible only to staff who need it.

09Cookies & tracking

The site ancalagon.be uses no analytics, no advertising pixels, no third-party cookies. We don't track your browsing. We don't know who you are until you write to us.

The only local storage we perform is:

  • anca.lang — your language choice (FR / EN), stored in browser localStorage. This value never leaves your machine.

The Manager (manager.ancalagon.be) uses a strictly-necessary session cookie to keep you signed in. No analytics or marketing cookies are set.

10Your rights under GDPR

GDPR grants you the following rights. You can exercise them free of charge by writing to privacy@ancalagon.be. We reply within one month at most.

ART. 15

Right of access

Get a copy of the data we hold about you.

ART. 16

Rectification

Correct inaccurate or incomplete information.

ART. 17

Erasure («right to be forgotten»)

Request deletion of your data, subject to legal obligations.

ART. 18

Restriction

Freeze processing while a dispute is resolved.

ART. 20

Portability

Retrieve your data in a structured, readable format.

ART. 21

Objection

Object to processing based on legitimate interest.

ART. 22

Automated decisions

We make no automated decisions about you.

ART. 7

Withdrawal of consent

When processing relies on consent, you can withdraw it anytime.

// we may ask for reasonable proof of identity before responding, to avoid a third party exercising your rights on your behalf.

11Data breach

In case of a breach likely to result in a risk to your rights and freedoms, we will notify the Belgian Data Protection Authority (APD/GBA) within 72 hours of becoming aware, per GDPR Article 33. If the risk is high, you will be notified directly by email.

12Changes to this policy

This policy may evolve: new services, legal changes, contractual requirements. Any material change will be flagged by email to affected users and published on this page with a new updated stamp.

13Contact & complaints

For any question on your data or this policy, write to us. A real person will reply — not an automated ticket.

privacy@ancalagon.be

Reply within one month max (GDPR art. 12.3) — usually within days.

Email us

If you feel your rights are not respected, you may lodge a complaint with the competent supervisory authority:

AuthorityBelgian Data Protection Authority (APD/GBA)
AddressRue de la Presse 35, 1000 Bruxelles
Webautoriteprotectiondonnees.be
Phone+32 (0)2 274 48 00