STUDIO ES

Privacy Declaration

and Cookie policy

Privacy Declaration

Last updated: December 19, 2024

Introduction

This Privacy Declaration explains how Studio ES (“we”, “us”, “our”), registered under KBO/BCE number 1008.559.775, collects, uses, and protects your personal information. As a data controller under the General Data Protection Regulation (GDPR) and the Belgian Law of 30 July 2018 on the Protection of Natural Persons with regard to the Processing of Personal Data (“Belgian Privacy Law”), we are committed to protecting your privacy and handling your data with transparency and care.

1. Contact Information

Studio ES is the data controller for personal information collected through our services. For any privacy-related matters, including exercising your rights under GDPR, contact:

Data Controller:

  • Name: Studio ES
  • Email: sam at studio-es dot be (specify “Privacy Matter” in subject)
  • Address: Frederik de Merodestraat 3, 2800 Mechelen, Belgium
  • Phone: +32 499 35 31 60
  • KBO/BCE: 1008.559.775

2. Information We Collect and How We Use It

2.1 Personal Information

We collect and process the following categories of personal information:

Basic Contact Information:

  • Identity information (name, date of birth)
  • Contact details (email address, phone number, address)
  • Booking preferences and history

Purpose: Contract fulfillment, service delivery, communication
Legal basis: Contract performance, legitimate interests

Health and Session Information:

  • Health information you provide
  • Session notes and observations
  • Treatment preferences and progress records

Purpose: Service customization, therapeutic record-keeping
Legal basis: Explicit consent, provision of health-related services

Payment Information:

  • Payment records
  • Invoice details

Purpose: Payment processing, accounting requirements
Legal basis: Contract performance, legal obligations

2.2 Website Information

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Visit timestamp
  • Pages visited
  • Referring website

Purpose: Website security, service improvement
Legal basis: Legitimate interests

3. Legal Bases in Detail

We process your data under the following legal bases:

Contract Performance:

  • Booking management
  • Service delivery
  • Payment processing

Legal Obligations:

  • Tax and accounting requirements
  • Professional practice requirements
  • Responding to legal requests

Legitimate Interests:

  • Service improvement
  • Website security
  • Communication about your bookings

We balance our legitimate interests against your rights and interests.

Explicit Consent:

  • Processing health information
  • Marketing communications
  • Session documentation 

You can withdraw consent at any time.

4. Special Categories of Data

We process health-related information under Article 9(2)(h) of GDPR and the corresponding provisions of the Belgian Privacy Law for the provision of therapeutic services, and under Article 9(2)(a) GDPR and Belgian Privacy Law based on your explicit consent. This processing is subject to professional secrecy obligations under Belgian law.

5. Data Sharing and Recipients

5.1 Categories of Recipients

We share your information with:

  • Payment processors (such as Hipsy BV, SimplyBook.me LTD)
  • Website hosting provider (Hetzner GmbH)
  • Email service provider (Hetzner GmbH, Google LLC)
  • Professional advisors (accountant, legal counsel) (Fidiaz NV)
  • Public authorities when legally required

5.2 Third-Party Processors

All our processors are bound by data processing agreements ensuring:

  • Processing only on our instructions
  • Appropriate security measures
  • Confidentiality obligations
  • Compliance with GDPR and with the Belgian Privacy law

6. Data Retention

We retain personal data as follows:

  • Contact and booking information: 2 years after last booking
  • Health and session information: 2 years after last session
  • Financial records: 7 years (legal requirement)
  • Website logs: 12 months

After these periods, data is securely deleted or anonymized unless longer retention is legally required.

7. Your Rights in Detail

Under GDPR and the Belgian Privacy Law, you have the following rights:

Right to Access (Article 15 GDPR):

  • Obtain confirmation of processing
  • Access your personal data
  • Receive a copy of your data

Right to Rectification (Article 16 GDPR):

  • Correct inaccurate data
  • Complete incomplete data

Right to Erasure (Article 17 GDPR):

  • Request deletion of your data
  • Subject to legal retention requirements

Right to Restriction (Article 18 GDPR):

  • Limit processing of your data

Right to Data Portability (Article 20 GDPR):

  • Receive your data in a structured format
  • Transmit data to another controller

Right to Object (Article 21 GDPR):

  • Object to processing based on legitimate interests
  • Object to direct marketing

We will respond to requests within one month, extendable by two months for complex requests.

8. Data Security

We implement appropriate technical and organisational measures as required by GDPR and the Belgian Privacy Law, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training
  • Incident response procedures

In case of a data breach affecting your rights, we will notify you and the Belgian Data Protection Authority within 72 hours, as required by GDPR and the Belgian Privacy Law.

9. Cookies and Tracking

See our separate Cookie Policy for detailed information. Essential cookies are based on legitimate interests, all others require your consent.

10. International Data Transfers

We process data within the EU/EEA. If transfers outside the EU/EEA become necessary, we will comply with Chapter V of GDPR and the relevant provisions of the Belgian Privacy Law by:

  • We will use Standard Contractual Clauses
  • Ensure appropriate safeguards
  • Obtain your consent where required

11. Changes to This Declaration

We reserve the right to update this declaration to reflect changes in GDPR, the Belgian Privacy Law, or our practices. Changes will be:

  • Posted on our website
  • Notified by email for significant changes
  • Effective 30 days after posting

12. Complaints and Redress

You have the right to:

  1. Contact us for privacy concerns
  2. File a complaint with the Belgian Data Protection Authority:

13. Additional Information

This declaration is governed by Belgian law, including the Belgian Privacy Law, and interpreted in accordance with GDPR. In case of conflict, the Dutch version prevails.

Cookie Policy

At Studio ES, we respect your privacy and aim to be transparent about how we use cookies on our website. This policy explains what cookies we use and how they help us provide you with a better, more personalized experience.

What Are Cookies?

Cookies are small text files that websites place on your device to help the sites provide a better user experience. They’re widely used to make websites work more efficiently and provide useful information to site owners.

How We Use Cookies

We use the following types of cookies:

Essential Cookies

  • These cookies are necessary for the website to function and cannot be switched off.
  • They include cookies that enable basic functions like page navigation and access to secure areas of the website.
  • They don’t store any personally identifiable information.

Functional Cookies

  • Language preferences (reset each visit)
  • These help us remember your basic preferences during your visit.

Analytics Cookies

  • We use Google Analytics with IP anonymization to understand how visitors use our site.
  • This helps us improve our website and services.
  • These cookies collect information in an anonymous form, including:
    • Number of visitors to the site
    • Pages visited
    • Time spent on pages

Social Media and Communication

  • Facebook integration cookies for social features
  • WhatsApp widget cookies for easy communication

Your Choices

You can choose to accept or decline non-essential cookies. You can modify your cookie preferences at any time using the cookie settings button at the bottom of our website.

Managing Cookies

Most web browsers allow you to manage cookies through their settings preferences. To learn more about how to manage cookies, visit your browser’s help section.

Updates to This Policy

We may update this cookie policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to periodically review this page for the latest information.

Contact Us

If you have questions about our cookie policy, please contact us at:

  • Phone: +32 499 35 31 60
  • Address: Frederik de Merodestraat 3, 2800 Mechelen

Last updated: 1 April 2024