Privacy Policy

Bram Nouwen, sole proprietor trading under the trade name “Stuwdio” (legal name “Collexi”), with address at Koningin Astridlaan 33, 3500 Hasselt, Belgium and company number 1017.615.815 (VAT BE 1017.615.815), is the data controller for your personal data (hereinafter: “Stuwdio” or “we”).

You can contact us by email at: bram@stuwdio.be.

This Privacy Policy explains how we collect and use your personal data when you visit our website https://stuwdio.be and other Stuwdio platforms or public communication channels (the “Website”).

1. Definitions

”Data Subject” or “You”

any identified or identifiable natural person whose Personal Data we process.

”Privacy Policy”

this privacy policy of Stuwdio.

”Personal Data”

any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

”Third Party”

a natural or legal person, public authority, agency or other body, other than the Data Subject, Stuwdio, the Processor, or persons authorised to process personal data under the direct authority of Stuwdio or the Processor.

”GDPR”

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

”Processor”

any natural or legal person, public authority, agency or other body which processes Personal Data on behalf of Stuwdio.

”Processing”

any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

”Data Controller”

the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Privacy Policy, the Data Controller is Bram Nouwen (sole proprietor), trading under the trade name Stuwdio.

2. Purposes and legal bases of processing

Stuwdio processes Personal Data for the following purposes, on the legal bases stated:

• Performing our services, on the basis of performance of a contract or pre-contractual measures (art. 6(1)(b) GDPR).
• Offering, managing and technically securing our Website (art. 6(1)(f) GDPR).
• Fulfilling our statutory tax and accounting obligations (art. 6(1)(c) GDPR).
• Managing invoicing on the basis of performance of a contract (art. 6(1)(b) GDPR), and following up on late or non-payment and recovery (art. 6(1)(f) GDPR).
• Answering your questions (via the contact form on the Website, by phone or by email) (art. 6(1)(b) GDPR).
• Informing you about changes to our services, on the basis of our legitimate interest (art. 6(1)(f) GDPR).
• Analysing your behaviour on the Website to improve it and tailor our offering to your preferences, on the basis of your consent for analytical cookies (art. 6(1)(a) GDPR).

3. Categories of Personal Data processed

Stuwdio processes the following categories of Personal Data:

• Identity data (first and last name);
• Address data;
• Phone number;
• Email address;
• Professional data and job title;
• Information you provide via the contact form or by email;
• Payment and transaction data;
• Server log files and technical information automatically transmitted by visitors’ browsers (IP address, operating system, host name of the device used).

4. Retention period of Personal Data

Your Personal Data is kept for as long as necessary to achieve the purpose for which it was collected. If you submit a valid request for erasure or withdraw your consent, your data will be deleted, unless a legal obligation (e.g. tax or commercial retention periods) requires longer retention. In that case, the data will be deleted upon expiry of that period.

Without prejudice to the above, the following retention periods apply:

For more on cookie and tracker retention, see our cookie policy.

5. Recipients of your Personal Data

5.1. General information

As part of our business activities, we work with several external service providers acting as Processors, in particular:

• Cloudflare, Inc., hosting, edge network, DDoS protection, DNS and analytics (EU/US). Privacy notice: cloudflare.com/privacypolicy
• Amazon Web Services (AWS), Amazon SES, handling outgoing email from the Website (Frankfurt region). Privacy notice: aws.amazon.com/privacy
• Google Ireland Ltd., Google Workspace, our business mail infrastructure (including receipt of contact form submissions). Privacy notice: policies.google.com/privacy

We only share personal data with third parties where necessary for performance of a contract, where legally required, where we have a legitimate interest, or where another legal basis allows the transfer. When using Processors, we only share personal data on the basis of a valid data processing agreement.

We may transfer data to servers outside the European Economic Area (EEA) or to affiliated software service providers (Processors) outside the EEA, in particular in the United States. This happens on the basis of the Data Privacy Framework (DPF) or on the basis of the Standard Contractual Clauses (SCC) issued by the European Commission (Implementing Decision (EU) 2021/914).

You can verify whether a US service provider is certified under the Data Privacy Framework at dataprivacyframework.gov.

6. Your rights as a Data Subject

You can always contact us to exercise the following rights by sending an email to bram@stuwdio.be. If we have reasonable doubts about your identity, we may ask you to provide a copy of the front of your ID card for verification.

If you wish to exercise your right of access, rectification or erasure, we will respond within 1 month of receipt of the request.

6.1. Right of access and copy

You have the right to request access to your Personal Data and to receive a copy.

6.2. Right to rectification

You can request that incorrect or incomplete Personal Data be corrected.

6.3. Right to erasure (“right to be forgotten”)

You can request erasure of your Personal Data under certain conditions, for example when the data is no longer necessary for the purposes for which it was collected.

6.4. Right to restriction of Processing

You can request that the Processing of your Personal Data be restricted, for example during the period we need to verify the accuracy of your data.

6.5. Right to data portability

You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and to transfer it to another party.

6.6. Right to object

You can object to the Processing of your Personal Data. You also always have the right to object to Processing for direct marketing purposes.

6.7. Right to lodge a complaint

If you believe that the processing of your Personal Data infringes data protection law, you have the right to lodge a complaint with the Belgian Data Protection Authority:

This is without prejudice to your right to bring a claim before a civil court. If you have suffered damage as a result of the processing of your Personal Data, you can claim compensation.

7. Cookies

The Website may use cookies to identify Users and provide a better browsing experience. A “cookie” is a file placed on the User’s device when visiting the Website. Through cookies, the server recognises the User’s device.

Functional, analytical and marketing cookies are only placed with your consent, in accordance with art. 6(1)(a) GDPR.

For more on which cookies are used on this Website, see our cookie policy.

8. Third-party websites

This Website may contain links to other third-party websites not operated by Stuwdio. Stuwdio is not responsible for the content, privacy policies or practices of such third-party websites. Clicking a link to an external website is at your own risk. We recommend reading the privacy policy of every website you visit carefully.

9. Security of Personal Data

We have taken appropriate technical and organisational measures to protect your personal data against unlawful processing, accidental loss, destruction, damage, alteration or unauthorised access.

These measures include, among others, encryption of data in transit (SSL/TLS), DKIM-signed email communication, least-privilege access management for external systems, and limited data access for authorised personnel.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, in particular following changes in legislation, case law or internal processes related to the protection of your personal data.

We recommend reviewing this Privacy Policy regularly to stay informed of any changes. Changes are published on the Website.

11. Data Controller contact details

For any question or complaint regarding this Privacy Policy, you can contact the Data Controller: