Privacy Policy

Information about the processing of your personal data in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

Notice: This is a courtesy translation. In case of any discrepancy, the Spanish original prevails.

✓ We do not sell or rent your data for commercial purposes.

Servers in Europe, GDPR-compliant, and we take privacy very seriously.

1Data Controller

Controller

Martin Schenk S.L.

Tax ID (CIF)

B84645654

Address

Calle Claudio Coello 14, 5G 28001 Madrid · Spain

Commercial register

Madrid Volume 22655 · Book 0 · Section 8 · Sheet 71 · Page M-405160

Contact

or via the contact form

2Data We Collect

2.1 Data you provide

Registration: username, email, password
Plus service: billing details (name, address, tax ID)
Domains: registrant data required by ICANN
Content: text, images and files you upload to your website

2.2 Automatically collected data

IP address
Browser and device type
Date and time of access
Pages visited within the service

3Purposes and Legal Basis

Purpose	Legal basis	Retention
Providing the web hosting service	Contract performance	Duration of the contract
Account management	Contract performance	Active account
Invoicing and payment (Plus)	Legal obligation	6 years (LGT)
Domain registration	Contract performance	Active domain
Service-related communications	Legitimate interest	Active relationship
Security (IP addresses)	Legitimate interest	6 months
Visitor-generated content (forms, guestbook, surveys)	Contract performance	Forms 1 year · Guestbook 3 years
Deleted accounts (trash for restoration)	Legitimate interest / GDPR Art. 17	30 days, then permanent deletion
Data in system backups	Legitimate interest (disaster recovery)	Up to 6 months rolling

Deletion process in detail:

When you request deletion of your data or your account is deleted, your data is immediately removed from the active system (website offline, login disabled). However, it remains in a protected trash area accessible only by the administrator for 30 days. During this period you can request restoration by replying to the confirmation email. After 30 days, your data is automatically and irreversibly deleted via a daily process. Data in system backups (necessary for disaster recovery) is overwritten on a rolling basis within a maximum of 6 months; if a backup were to be restored in the meantime, your deletion will be re-applied.

4Recipients of the Data

The following providers process data on behalf of Palimpalem as data processors:

Recipient	Purpose	Location
Hetzner Online GmbH	Hosting and servers	🇩🇪 Germany (EU)
Stripe Payments Europe	Payment processing	🇮🇪 Ireland (EU)
DonDominio / Soluciones Corporativas IP	Domain registration and email	🇪🇸 Spain (EU)
Zoho Books / Zoho Invoice	Invoicing	🇮🇪 Ireland (EU)
ICANN registrars	International domains	🌐 ICANN
Public administrations	Legal obligations	🇪🇸 Spain

5International Transfers

The vast majority of our providers are located within the European Economic Area (EEA). When transferring data outside the EEA is necessary, we ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the European Commission
Adequacy decision for the destination country

6Your Rights

As a data subject, you have the following rights:

Access — to know what personal data we process about you
Rectification — to correct inaccurate or incomplete data
Erasure — to request the deletion of your data ("right to be forgotten")
Objection — to object to the processing of your data
Restriction — to request that processing be restricted in certain circumstances
Portability — to receive your data in a structured, commonly used format

How to exercise your rights:

Send an email to stating your name, a copy of an official ID, the right you wish to exercise and the email address registered at Palimpalem.

We respond within one month.

7Right to Complain

If you believe that the processing of your data does not comply with regulations, you may file a complaint with the competent supervisory authority:

Agencia Española de Protección de Datos (AEPD)

Calle Jorge Juan 6, 28001 Madrid, Spain

aepd.es →

8Data Security

We apply technical and organisational measures to protect your data:

Encrypted connections (HTTPS/SSL/TLS) across the entire site
Passwords stored with bcrypt hashing
Daily encrypted backups
Restricted access to personal data (least-privilege principle)
Servers physically located in Germany (EU)
Continuous security monitoring and intrusion protection

9Minors

Use of Palimpalem is reserved for people aged 14 or older (minimum age for digital consent in Spain under LOPDGDD). Minors under 14 need express authorisation from their legal guardians, who must register on their behalf and accept the terms of service.

10Cookies

Palimpalem uses only strictly necessary cookies for the operation of the service. We do not use analytics, advertising or third-party cookies. For more information, see our Cookie Policy.

11Modifications

We reserve the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments. We will notify you of any significant changes via the registered email address or a notice in the Control Centre.

12Related Documents

Last updated: 14.04.2026 · The Spanish original prevails.