https://modelviewer.allplan.com privacy policy

 

Data protection is particularly important to our company. This privacy policy provides an overview of how we process your personal data when you visit https://modelviewer.allplan.com and register for our Model Viewer service. We inform you about what data we collect from you and how we use it. We also inform you about your rights under applicable data protection laws and provide you with contact details for anyone you can contact if you have any questions.

Personal data is any data that can be linked to you personally, e.g., name, address, email addresses, user behavior. We have taken comprehensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are regularly reviewed and adapted to technological progress.

 

1. Data controller

 Responsible party pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR)

ALLPLAN GmbH

Konrad-Zuse-Platz 1

81829 Munich

Germany

Email: info@allplan.com

 

2. How to contact the data protection officer

You can reach our data protection officer at dataprotectionofficer@allplan.com or at our postal address with the addition "Data Protection Officer."

 

3. Legal basis for our data processing in accordance with the GDPR

The processing of personal data may be based on various legal grounds. If we need your data to fulfill a contract with you or to respond to your inquiries about a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent to a specific data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby your interests worthy of protection are always weighed against our legitimate interests. The legal basis for this is Art. 6 (1) (f) GDPR. If the processing is necessary for compliance with a legal obligation to which we are subject, the legal basis is Art. 6 (1) (c) GDPR.

Below, we explain how we process your personal data when you visit https:// modelviewer.allplan.com.

Legal basis for our data storage in accordance with TDDDG

According to § 25 TDDDG, the storage of information on the end user's device or access to information already stored on the end user's device is only permitted if the end user has given their consent on the basis of clear and comprehensive information, i.e. with consent to data processing.

For the storage of information on your device or access to information already stored on your device, we therefore obtain your consent in accordance with Section 25 (1) TDDDG and consequently only process purely technical data after obtaining your consent.

When providing you with information and obtaining your consent, we comply with the requirements of the TDDDG in accordance with the design provisions of the GDPR.

In accordance with Section 25 (2) TDDDG, consent is not required in exceptional cases

• if the storage of information on the end user's terminal equipment or access to information already stored on the end user's terminal equipment is solely for the purpose of transmitting a message via a public telecommunications network; or
• if the storage of information on the end user's terminal equipment or access to information already stored on the end user's terminal equipment is strictly necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.

 

4. Processing of personal data when accessing the website https://modelviewer.allplan.com

 When you use the website for purely informational purposes by accessing https://modelviewer.allplan.com, i.e. if you do not register, we collect the following technical information (log file data):

The collection of this data is technically necessary to display our website to you and to ensure its stability and security. We (and our hosting service providers) generally do not know who is behind an IP address. We do not link the above data to other data.

The legal basis is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and § 25 para. 2 no. 2 TDDDG due to the technical necessity described above. In weighing up the interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, we have balanced our interest in providing the service against your interest in the data protection-compliant processing of your personal data. Since the following data is technically necessary for the provision of our service in order to offer you our website and also to ensure stability and security, in particular to protect against misuse, we have come to the conclusion that this data must be processed in accordance with state-of-the-art data security and taking into account your interest in data protection-compliant processing. If the processing is based on another legal basis (e.g., consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG), this will be indicated accordingly.

 

5. Registration via ALLPLAN Connect

To use our Model Viewer, you must first register as a user. You can do this in our customer service portal, ALLPLAN Connect. Information on data protection when using our customer portal can be found at: https://connect.allplan.com/privacy-policy.html

When you register via "ALLPLAN Connect," we collect personal data from you in order to create a user profile for you in ALLPLAN Connect and to enable you to log in to the Model Viewer. For this purpose, the following personal data is processed from you as a user of the platform:

We collect and store the following personal data from you for registration purposes:

Mandatory information is marked as mandatory in the respective registration form; all other information is voluntary.

• Use of the Model Viewer

If you register via ALLPLAN Connect, we use the double opt-in procedure for registration. This means that after you enter your email address, we will send a confirmation email to the email address you provided, asking you to confirm your registration.

If you register yourself with ALLPLAN Connect, your registration will be automatically deleted from the database if you do not confirm the confirmation email within 24 hours. If you have been invited by one of our users via email, your registration will be automatically deleted from the database if you do not confirm it within 7 days. After your confirmation, we will store your data for the storage period specified in the table.

In addition, we store the time of registration when you register. The purpose of this procedure is to be able to prove your registration in accordance with our accountability obligations and, if necessary, to investigate any possible misuse of your personal data. Due to the fulfillment of our accountability obligations, we have a legitimate interest in processing the data from the double opt-in procedure in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

The data we collect is stored in accordance with legal obligations and then deleted. Personal data is only stored for as long as it is necessary for the aforementioned purposes and there are no legal obligations to retain it for verification and storage purposes. Your data that is not subject to any statutory retention period or Art. 17 (3) GDPR will generally be stored for as long as your employer and you as authorized customers are interested in using our learning content and the data is necessary for this purpose.

You can delete the user profile you have created yourself at any time via our service portal "ALLPLAN Connect." When you delete your account, all personal data that is not subject to any legal retention obligations or Art. 17 (3) GDPR will be anonymized.

 

7. ALLPLAN Login Service: Single Sign-On (SSO)

We use the ALLPLAN Login Service, a single sign-on (SSO) technology, to make it easier for you to log in and access various services and applications. The authentication mechanism allows users to authenticate themselves to multiple applications, services, or systems with a single login (user name and password). With SSO, users do not need to enter separate login details for each application, but can access various resources with their login details once.

The basic concept of SSO is that there is a central authentication server that acts as an intermediary between the user and the various applications. When a user logs in to SSO for the first time, their identity is verified and a token or ticket containing their authentication information is issued. This token is then accepted by the connected applications to authenticate the user without requiring them to log in again.

When a user wants to access a protected resource, the application redirects them to the central authentication server. This checks the token and ensures that it is valid. If the token is accepted, the user is considered authenticated and granted access to the resource without having to enter additional login details.

Before you can use SSO, the user must first register with the ALLPLAN Connect platform (see point 5), where the user accounts created are stored securely in the central user management system. Once you have registered, you can log in via SSO with your user name and password and access all applications. On the Allplan Connect platform, you also have the option of resetting your password if you have forgotten it or wish to assign a new password for other reasons. The corresponding functions are available to you to initiate the recovery process. After confirming your identity, you can set a new password that meets your security requirements. This ensures that your data is protected and you can access the platform securely.

 

8. Cookies and website analysis

8.1 Cookies

Our website uses cookies. Cookies are files that are stored on your computer by a website you visit and enable your browser to be recognized. Cookies transmit information to the website that set the cookie. Cookies can store various types of information, such as your language settings, the duration of your visit to our website, or the entries you have made there. This means, for example, that you do not have to re-enter the required form data each time you use the website. The information stored in cookies can also be used to recognize preferences and tailor content to areas of interest.

There are different types of cookies: Session cookies are data records that are only stored temporarily in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined period of time, which may vary depending on the cookie. With this type of cookie, the information may also be stored in text files on your computer. However, you can delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting. These cookies are used, for example, by marketing companies.

The legal basis for the possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is § 25 para. 1 TDDDG and Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the storage and processing of data is based on our overriding legitimate interests, the legal basis is Section 25 (2) No. 2 TDDDG and Art. 6 (1) (1) (f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper functioning of the website, to provide basic functions, to measure reach and, with your consent, to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you wish to prevent cookies from being stored, you can do so via your Internet browser settings. Instructions for common browsers can be found here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.

When you visit our website, all users of our website are informed about our use of cookies and referred to this privacy policy via an information banner from our consent management platform Usercentrics. As a user, you will also be asked for your consent to the use of certain cookies, in particular for the personalization of services and for marketing measures. After you have given your consent, you can revoke it at any time with future effect by accessing the cookie management via the icon (fingerprint) in the lower left corner of each page and removing the check mark behind the processing you have consented to. In the cookie management, you will also find further information about the cookies we use.

 

8.2 Usercentrics

We use the Usercentrics service to manage consent on our website. Usercentrics is software provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our consent tool during a previous visit to our website. This cookie is necessary because it enables the website to recognize whether you have consented to tracking or not. In addition, a log file is created to prove that consent has been given. This file contains the IP address in anonymized form, information about the browser used, data on the scope of consent, and the date and time of the visit. The legal basis for this can be found in Section 25 (2) No. 2 TDDDG and in our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

The purpose of data processing is to make our website user-friendly and legally compliant. We want to make it as easy as possible for you to give or withdraw your consent and to increase the transparency of data processing by cookies, pixels, tags, or similar on our website. Our legitimate interest also lies in the purpose of data processing.

The cookie containing your consent or refusal to use cookies is stored on your device for one year. The consent data (consent given and withdrawal of consent) is stored for three years.

Cookies are stored on the user's computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.

 

8.3 Website analysis

For the purpose of analyzing and optimizing our websites, we use various services, which are described below. We use these services to analyze how many users visit our website, which information is most in demand, or how users find the offer. We also collect data about which website a user came to our website from (known as the referrer), which subpages of our website were accessed, or how often and for how long a subpage was viewed. This helps us to make our offerings user-friendly, find errors, and improve our offerings.

 

8.3.1 Matomo

We use the open source web analytics software Matomo on our website. The software is operated exclusively by our own servers.

Cookies are used to analyze how the website is used. For this purpose, the usage information collected in the cookie (including your abbreviated IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transfer any data to servers outside our control. Your IP address is immediately anonymized during this process, so that you are not identifiable to us as a user. The information collected about your use of this website will not be passed on to third parties. We use the data collected for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in data processing and its purpose lies in optimizing our website, adapting its content, and improving our offering. The interests of users are adequately protected by anonymization. We store the analysis data only for as long as is necessary for the purpose of data processing, but for a maximum of 14 months.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the data processing described is your consent, Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.

 

9. Google Tag Manager

For reasons of transparency, we would like to point out that we use Google Tag Manager from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code that are used, among other things, to measure traffic and visitor behavior, track the effectiveness of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. We use Tag Manager for the Google Analytics service. If you have disabled this, Google Tag Manager will take this into account. For more information about Google Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html .

 

10. Storage period

We store your personal data for as long as necessary to fulfill our legal and contractual obligations in connection with the use of our service.

After the expiry of a contract, we generally delete your data after 10 years due to the fulfilment of commercial and tax retention obligations (in particular retention periods under the German Commercial Code (HGB) or the German Fiscal Code (AO)). In order to retain supporting documents within the scope of the statute of limitations provisions of the BGB, a retention period of up to 30 years may be necessary in individual cases.

 

11. Transfer of data

We do not disclose your personal data to third parties for purposes other than those listed. We only disclose your personal data to third parties if:

• You have given your express consent
• the disclosure is necessary for the enforcement, exercise, or defense of legal claims and there is no reason to assume that you have a legitimate interest in the non-disclosure of your data,
• there is a legal obligation to disclose the data and this is necessary and legally permissible for the performance of the contract or for the settlement of contractual relationships with you.

In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure that they also comply with the provisions of data protection laws within the scope of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection information of the providers. The respective provider is responsible for the content of third-party services, whereby we check the services within the scope of what is reasonable to ensure compliance with the statutory provisions.

 

12. Data transfer to third countries

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In such cases, we will ensure that the recipient has an adequate level of data protection before transferring your personal data. This means that EU standard contracts (EU standard contractual clauses) and the agreement of any further necessary measures or an adequacy decision by the European Commission ensure that a level of data protection comparable to the standards within the EU is achieved.

When data is transferred outside the European Union, the high European level of data protection does not apply. In the event of a transfer, it is possible that no adequacy decision by the EU Commission within the meaning of Art. 45 (1) and (3) GDPR currently exists. This means that the EU Commission has not yet positively determined that the country-specific level of data protection is equivalent to the level of data protection in the European Union based on the GDPR, which is why we have created the above-mentioned appropriate safeguards.

Possible risks that cannot be completely ruled out in connection with the transfer of data include, in particular:

• Your personal data could potentially be processed beyond the actual purpose.
• In addition, there is a possibility that you will not be able to sustainably assert and enforce your data protection rights, such as your right to information, correction, deletion, or data portability.
• There may also be a higher probability of incorrect data processing and the protection of personal data not meeting the requirements of the GDPR in terms of quantity and quality.

 

13. Data security

At ALLPLAN, your personal data is transmitted in encrypted form. This applies to all form processes (including registration, login, and ordering). ALLPLAN uses the SSL/TLS encryption system (Secure Socket Layer/Transport Layer Security). Although no one can guarantee absolute protection, ALLPLAN secures its website and other systems against loss, destruction, access, modification, or distribution of your data by unauthorized persons through technical and organizational measures. Our security measures are regularly reviewed and adapted to technological progress.

 

14. Your rights

You have the following rights with regard to personal data concerning you:

 

14.1 General rights

You have the right to information, correction, deletion, restriction of processing, objection to processing, and data portability. If the processing is based on your consent, you have the right to revoke this consent with effect for the future.

To exercise your rights, please contact us by email at dataprotectionofficer@allplan.com or by post at Allplan GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described under this point is free of charge for you.

 

14.2 Rights in data processing based on legitimate interests

In accordance with Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. e GDPR (data processing in the public interest) or based on Art. 6 para. 1 lit. f GDPR (data processing to safeguard a legitimate interest); This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

 

14.3 Right to lodge a complaint with a supervisory authority

Without prejudice to these rights and the possibility of other administrative or judicial remedies, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the "Ortxml-ph-0000@deepl.internal" where the processing of your personal data on which you believe infringes data protection regulations (Article 77 GDPR).

 

15. Links to other websites

Our websites may contain links to websites of other providers. We would like to point out that this privacy policy applies exclusively to the website https://modelviewer.allplan.com. We have no influence on and do not control other providers' compliance with applicable data protection regulations.

 

16. Changes to the privacy policy

We reserve the right to change or adapt this privacy policy at any time in accordance with applicable data protection regulations.

 

As of: July 23, 2025