Information on the protection of your personal data
1 We are responsible for your data
The protection and security of your personal data is of utmost importance to us. In order for you to feel completely confident and secure with us in terms of the security of your data, the processing of your personal data is carried out in strict compliance with the General Regulations on the Protection of Personal Data (GDPR). Personal data is any data that can identify you or make you identifiable. Your personal data will only be processed by us when there is a legitimate basis for this, or when you have given us your prior consent.
We, refers to André Theunis master luthier SPRL, Rue Charles Hanssens, 11 1000 Brussels and our service providers, who process your data on our behalf, for the purposes indicated below (hereinafter: us).
Our service providers include printers, routing companies, telephone call centers, address brokers, Internet service providers, data centers and payment service providers. You can reach us by mail at the above address or by e-mail at firstname.lastname@example.org.
It is important for us that you can know at all times, thanks to the information below, what personal data is collected during your visit to our website and when using our offers and services, and how those - these are dealt with subsequently.
2 Are your data perfectly secure?
We take the appropriate technical and organizational measures to protect your personal data against manipulation, loss, destruction or access by unauthorized persons, and to guarantee your rights and respect for the applicable principles of data protection. personal data, at European and French level (Article 32 of the GDPR).
The measures taken ensure the confidentiality and integrity of your data, while ensuring the availability and resilience of systems and services over the long term, when processing your data. In addition, they must allow the rapid restoration of data availability as well as their access in the event of a physical or technical incident.
Encryption of your data is also part of these security measures. Your data is transmitted to us in encrypted form by Transport Layer Security (TLSv1.2, RSA2048 Bit) depending on the browser used.
All information you enter online is encrypted before it is transmitted. Therefore, this information cannot at any time be seen by unauthorized third parties.
Our data processing and our security measures are continuously improved in line with technological innovations.
Our staff are of course bound by an obligation of confidentiality and compliance with legal requirements in terms of data protection, by means of a written contract that they have signed.
3 Our Data Protection Officer
If you have any questions about the protection or security of personal data, you can contact our Personal Data Protection Officer by e-mail at or by mail to André Theunis, Rue Chalres Hanssens, 11 1000 Brussels
4 What do the required data or fields mean?
If, during data collection, certain fields or certain data are qualified as mandatory or marked with an asterisk (*), this means that the entry of these data is necessary, either for contractual reasons or for legal reasons , or that we need this data to conclude the contract, to perform the chosen services or the indicated purpose. Of course, entering these mandatory data is at your discretion. If you do not complete the required fields, we will not be able to perform the contract or service, or achieve the stated purpose.
5 For what purposes do we process your data?
5.1 Request for Information
When you contact us using one of the means of contact that we provide (e.g. via the contact form, e-mail, or through evaluations of articles or services), we save your name, your contact data (e-mail address and/or customer number) and your request. This data is used to process your request and to communicate with you. We use your e-mail address in order to reply to you by e-mail (in accordance with article 6 paragraph 1 a and b of the RGPD). When you have a question regarding a particular order, or if we need to carry out an action that concerns you personally, we need your real name. For any other question, you can also give us a pseudonym. Once your request has been fully processed, and there is no further duty to store it, the data is deleted.
For telephone inquiries, in addition to our own employees who take care of our communication, we also use service providers who will answer your call and process your inquiry (see section 5.2). These service providers have signed a contract with us which obliges them to comply with data protection regulations in accordance with legal requirements.
5.2 Quality control
In addition, we use your data to perform quality checks on our service providers and internal employees who handle communication with our customers. For this purpose, data and real customer cases are used for testing purposes. For example, we may use a purchase order sent to us as the basis for a test call. The test simulates an interview with a customer. We base this type of data processing on our legitimate interest in ensuring the quality of the processing of our customers' telephone requests (in accordance with Article 6 paragraph 1 f of the RGPD).
You may object to this type of data use at any time with immediate effect. You will find further details on the right to object in section 6.1.
5.3 Payment Service Providers
We use payment service providers to offer you as many secure payment methods as possible. Depending on the payment service provider, payment service providers receive the following information from us to verify and approve your preferred method of payment, insofar as it is available to us and not on the basis of data already recorded or provided during the payment process.
Initials, name, e-mail address, telephone number, delivery address, billing address, customer number, order number, amount payable.
Depending on the payment method you choose during the order process, we share this information with the following payment service providers:
PayPal (Europe) S.a r.l. et Cie, S.C.A. - 22-24 Boulevard Royal, 2449 Luxembourg (Luxembourg)
When you pay with PayPal, we do not receive any account or credit card information. You have saved it with PayPal. We only receive the PayPal email address. In addition, data processing at PayPal takes place in accordance with PayPal's security rules.
Computop is a payment service provider and provides an interface for our credit card acquirers Concardis, PayPal and Bancontact.
WIX.COM LTD, 40 Port of Tel Aviv - Tel aviv jaffa 6350671
The data we send is sent encrypted. The data concerning the means of payment and payment data are also sent encrypted via the appropriate interfaces. During this process, we do not obtain any overview of the payment details.
The following data is processed in Concardis transactions to us
With credit card payment => customer number
With PayPal => transaction ID
With Bancontact => customer number
If you make a payment directly to us, no payment details will reach the payment service providers. We use the following information to track the payment:
Purpose of use, IBAN, customer details.
5.4 Transfer of data concerning open receivables to collection companies
If you do not honour your claims despite several reminders, we may pass on the data necessary for debt collection to a collection company, so that it can process the debt collection file.
The legal basis for the transmission of data in the context of debt collection is article 6 paragraph 1 b of the RGPD. In order to protect our legitimate interests (in accordance with article 6, paragraph 1 f GDR) and to assert our contractual rights.
E-mail advertising / sending newsletters
On the basis of your consent, which you can withdraw at any time, we send you information by e-mail about our special offers, advantages, discounts and promotional actions, as well as about our entire range of products and services. We analyze your behavior with regard to opening and reading the e-mails we send, as well as the online documents of the KMO group companies to which you are redirected by clicking on links, in order to send you information by e-mail in the future about areas of interest to you. The analysis of abandoned shopping carts is also part of this processing (article 6 paragraph 1 a of the RGPD).
We process the personal data required when collecting your consent for documentation purposes and to be able to address you in a personalized manner.
As a customer of our online store, you will receive regular product recommendations from us by e-mail on the legal basis of our legitimate interest (article 6 paragraph 1 f of the RGPD). You receive these product recommendations from us regardless of whether you have subscribed to our newsletter or not. For this purpose, we use the e-mail address that you have given us in connection with a purchase to offer you products from our range or services similar to those that you have purchased from us through an order that has already been placed.
The transmission and evaluation of your data is done with our partner salesforc.com Inc. in the United States. There are risks involved in transferring data to the United States. We have additional agreements with Salesforce to ensure the security of your data. However, EU citizens in the U.S. are not protected against the risk of large-scale data surveillance by U.S. intelligence services or other authorities. In addition, EU citizens do not have sufficient legal recourse in this regard. The security laws in force in the United States do not provide EU citizens with any guarantee that they will have recourse to the courts against the U.S. authorities.
You may object at any time by e-mail to the use of your data in this context, by sending an e-mail to or by clicking on the unsubscribe link at the bottom of the newsletter, without incurring any costs for you other than those relating to your communication at the basic rates. Please also refer to the paragraph "Right of opposition and right to withdraw consent".
5.6 Documentation of consents
We use the double opt-in procedure to collect your consent to receive our newsletters, to prevent our e-mail advertisements from being sent to the e-mail addresses of people who have not requested them. The necessary information relating to the double opt-in is kept for documentation purposes (article 7 paragraph 1, article 5 paragraph 2 of the RGPD).
If you send us your consent by post, we keep it in scanned or original form, also for documentation purposes.
5.7 Storage period for advertising purposes
We retain your data collected for advertising purposes as long as you have not notified us that you withdraw your consent or object to the processing of your data for advertising purposes (see paragraph 6).
5.8 Change of purpose
Should we process your personal data in the future for a different purpose than the one for which it was collected, we will provide you with all relevant information about this new purpose, and all necessary information, before carrying out this processing.
5.9 Extended shelf life
The indicated retention periods may be extended if in special cases, in particular where data is processed for different purposes, there is a contractual or legal obligation to retain the data for a longer period.
6 Right of opposition and right to withdraw consent
6.1 Your right to object
You have the right to object at any time, for reasons relating to your personal situation, to the processing of personal data concerning you, carried out on the basis of a balancing of interests in accordance with article 6 paragraph 1 f of the RGPD; this also applies to profiling based on the same basis. In this case, we will no longer process your personal data, unless we can demonstrate that there are legitimate and compelling reasons for the processing that prevail over your interests and your rights and freedoms, or for the establishment, exercise or defence of legal rights.
You have the right at any time to object to the processing of your personal data for the purposes of direct advertising, which entails the termination of the use of such data for these purposes.
6.2 Right to withdraw consent
You have the right at any time to withdraw any consent given by you. Such withdrawal does not call into question the lawfulness of the processing carried out on the basis of the consent given previously, up to the time of withdrawal of consent.
6.3 Contact for the exercise of your rights
You can address your withdrawal of consent or objection to the processing of your data to the following contact points:
André Theunis master violin maker SPRL
Rue Charles Hanssens, 11
7 What are your rights?
As a data subject, you have a number of rights.
7.1 Right to confirmation and information
In accordance with article 15 of the RGPD, you have the right to request confirmation from us as to whether or not your personal data is processed by us. In the event that we process such data, you have the right to ask us to be informed, free of charge, about your stored data. This information includes data on:
The purposes of processing
Categories of personal data that are processed
The recipients or categories of recipients to whom the personal data have been or are still being transmitted, in particular in the case of recipients located in third countries or international organisations
If possible, the expected storage time of the personal data, or, if this is not possible, the criteria for the determination of such time
The existence of a right of rectification or deletion of personal data concerning you, or the minimization of the processing by the data controller, or a right to object to such processing
The existence of the right to file a complaint with a supervisory authority
When personal data is not collected from the data subject: all available information on the source of the data
The existence of automated decision making, including profiling, in accordance with Article 22(1) and (4) of the GDMPR and, at least in these cases, meaningful information on the logic involved and the scope and expected effects of such processing for the data subject
The data subject also has the right to be informed of the fact that personal data has been transferred to a third country or to an international organization. If this is the case, the data subject furthermore has the right to receive information on the appropriate safeguards in relation to the transfer of such data. If you have any questions about the collection, processing or use of personal data, or if you wish to assert your rights, simply contact us using the contact details provided on this page.
7.2 Right of correction
You have the right to ask the data controller to rectify or complete your data, insofar as the personal data concerning you is inaccurate or incomplete. The data controller must carry out the rectification without delay.
7.3 Right to erasure (right to oblivion)
7.3.1 Conditions under which deletion can be performed
You have the right to request the deletion of your personal data. Please note, however, that a right to immediate deletion (Article 17 of the RGPD) ("Right to forget") exists only for the following reasons:
Personal data are no longer necessary for the purposes for which they were collected or processed.
You withdraw your consent, on which the processing was based in accordance with article 6 paragraph 1 a of the RGPD or article 9 paragraph 2 a of the RGPD, and there is no other legal basis for this processing
You object to the processing on the basis of article 21 paragraph 1 of the RGPD, and there are no legitimate or compelling reasons for the continuation of the processing, or you object in accordance with article 21 paragraph 2 of the RGPD to the processing for the purpose of canvassing
Your data is subject to unlawful processing.
The deletion of your personal data is necessary to comply with a legal obligation under the law of the Union or one of its Member States, to which the data controller is subject.
The personal data concerning you have been collected within the framework of information society services according to article 8 paragraph 1 of the RGPD.
7.3.2 Extension of the right to oblivion
If we have made public the personal data of the data subject, and we are required to erase such data pursuant to Article 17 paragraph 1 of the DPMR, we will take reasonable steps, taking into account the available technologies and the costs of implementation, including technical, to inform the data controllers who process such personal data that the data subject has requested the erasure by such data controllers of any link to such personal data, or any copy or reproduction thereof.
7.3.3 Limits to the right to erasure
Please note that, in addition to the prerequisites, the exceptions below may justify a refusal of your request for deletion of your data:
For the exercise of the right to freedom of expression and information;
To exercise a legal obligation which requires processing under Union law or the law of a Member State to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
On grounds of public interest in the field of public health, in accordance with Article 9, paragraph 2 h and i and Article 9, paragraph 3 of the RPMD;
For archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1 of the RPMR, in so far as the right referred to in the paragraph is likely to render impossible or seriously compromise the achievement of the purposes of the said processing operation, or
For the establishment, exercise or defence of rights in court.
The right of deletion does not apply if processing is necessary.
7.4 Right to limitation of processing
You have the right to obtain the limitation of the processing when you dispute the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the personal data or when the processing is unlawful and you object to their deletion and demand instead the limitation of their use. You may also exercise this right when we no longer need the personal data for the establishment, exercise or defence of legal claims. Finally, you may exercise this right when you object to the processing under Article 21 paragraph 1 of the RGPD, during the verification as to whether the legitimate reasons pursued by the controller prevail over yours.
Where the processing has been restricted, such personal data may only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or on important grounds of public interest of the Union or a Member State. The possibility of retaining the data remains. If the processing has been restricted under the above-mentioned conditions, you will be notified by us before the restriction is lifted.
7.5 Right to data portability
You have the right to receive data, which we have processed on the basis of valid consent or whose processing was necessary for the conclusion or execution of an effective contract, in a structured, commonly used and machine-readable format.
You have the right to have personal data transferred directly from one data controller to another, where technically possible.
This right is only exercised when it does not infringe the rights and freedoms of third parties.
7.6 Exercise of your rights
You can contact our Privacy Department, which can be reached at the following coordinates:
André Theunis master violin maker SPRL
Rue Charles Hanssens, 11
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which your habitual residence, your place of work or the place where the violation is alleged to have been committed, if you consider that the processing of personal data concerning you constitutes a violation of the General Regulation on the Protection of Personal Data (RGPD). In Belgium the supervisory authority is the data protection authority:
8 What are cookies and what are they used for?
Information is stored in the cookies in relation to the device you are using. However, this does not mean that we can thereby know your identity. Certain cookies are essential for the proper functioning of the site, for example to save the contents of your shopping basket or your wish list, or to enable you to log in.
Other cookies are used to recognize you on your next visit. These cookies serve, among other things, to make our offer even more attractive to you. When you visit our website, we present you with a detailed list of the cookies we use. Here we also ask for your consent to the use of these cookies and associated technologies.
With the "Cookie" icon in the bottom left corner you can see at any time which cookies we use and which consents you have given. You can also set your consents by unchecking the corresponding boxes.
As soon as you uncheck the boxes, the data processing managed by the corresponding cookies ends. Please note that we do not have access to your browser or hard drive. This means that cookies are still stored on your computer even after you have unchecked the box, but they are no longer used by our website.
In such a case, we recommend that you manually delete the cookies from your computer using the browser settings.
9 Event Log
Each time an Internet user visits our website, data on this visit is transmitted by the Internet browser and temporarily recorded in an event log (server log files) and processed (article 6 paragraph 1 b,c,f of the RGPD). These data are:
A description of the type and version of the browser used
The operating system used
The category of the referring URL
The host name of the terminal used
The date and time of the request to the server
The IP address
For technical reasons, it is necessary for us to process these login data (log data) in order to be able to provide you with our online services. This data is used to ensure the security of our system and, if necessary, is stored for documentation purposes. Without knowing the IP address of the terminal seeking to connect, and the name of the corresponding file, it is impossible to establish a connection to the server and access the website. The data is anonymized after 60 days, by truncation of the IP address, for processing for technical purposes or for system security, if prolonged storage of the IP address is not necessary for documentation purposes (Article 6 paragraph 1 c, Article 5 paragraph 2, Article 7 paragraph 1 of the RGPD). The further processing of these data is done anonymously for statistical purposes. In some cases, a longer storage period may be required in case of suspicion of malicious or fraudulent manipulation. The data will then be deleted once the process or procedure has been completed.