PRIVACY POLICY (GDPR) – PACSON MUSIC SCHOOL

Last updated: 9 April 2026

Quick summary

Pacson Music School processes your personal data to (1) reply to your requests, (2) schedule and deliver lessons, workshops and programs, (3) manage payments and administration, and (4) improve our website and marketing (only with consent where required). We never sell your personal data.

Who is the controller?

Data controller:

Pacson Music School

Rue Général Wangermée 12, 1040 Etterbeek, Belgium

Phone: +32 470 17 44 63

Website: https://www.pacsonmusicschool.com

Email: info@pacsonmusicschool.com

Privacy contact (data protection contact):

info@pacsonmusicschool.com

What data do we process?

Depending on how you interact with us, we may process:

1) Data you provide (forms/sign-ups/requests)

- Name, email address, phone number

- Preferences: instrument/vocals, level, goals, availability, language

- Messages you send us (e.g., via contact forms)

2) Booking and lesson data

- Appointment details (date/time, chosen program, location)

- Admin notes needed to deliver the service (e.g., attendance, scheduling notes)

3) Communications

- Emails/messages (including date/time and content)

- If you contact us via social media or WhatsApp: your username/profile name and message content (those platforms also process data under their own policies)

4) Payment and invoicing data (if applicable)

- Invoice details (name, address, company details if relevant, amount, date, VAT info if applicable)

- Payment status and transaction references

Note: card/bank details are typically processed directly by the chosen payment provider (e.g., Stripe or PayPal). We generally receive a confirmation/summary that payment succeeded.

5) Website and technical data (cookies/logs)

- IP address (may be logged automatically), device/browser data

- Cookie consent choices

- Website usage data via analytics tools, only if you consent where required

6) Ads and campaign data (only where allowed/consent required)

- Ad interactions and conversion measurement via marketing tags (e.g., Meta Pixel), depending on your cookie choices

7) Photo/video/audio (only where used and with an appropriate choice/consent when required)

- Content from events or testimonials, only if you have a clear choice and/or prior consent.

Why do we use your data?

- Customer support and contacting you

- Scheduling and delivering services

- Administration and invoicing

- Website operation, security and troubleshooting

- Statistics to improve the website (with consent where required)

- Marketing (news, offers, remarketing), only with your consent where required

Legal bases

We rely on one or more of the following legal bases:

- Contract / steps prior to contract: to handle bookings and deliver lessons/workshops.

- Consent: e.g., marketing emails, marketing cookies, certain photos/videos.

- Legitimate interests: e.g., answering requests, improving services, organizing communications, preventing fraud/abuse (balanced against your rights).

- Legal obligation: e.g., tax/accounting obligations for invoices and records.

Retention

We keep data no longer than necessary. Default timeframes:

- Inquiries without enrollment: up to 12 months after last contact.

- Booking/lesson admin: during the relationship and up to 24 months after the last lesson.

- Marketing consent/list: until you unsubscribe/withdraw consent (or max 24 months after last interaction).

- Invoices/accounting records: 10 years.

- Cookie consent preferences: according to our website platform settings (often 30 days for consent-status cookies).

Sharing data

We share data only:

- with teachers/staff when needed to deliver services

- with service providers (“processors”) for hosting, forms, analytics, ads or payments

- with authorities when legally required

Some providers may process data outside the EEA. Where required, appropriate safeguards (such as Standard Contractual Clauses) are used.

Security

We implement appropriate technical and organisational measures, such as:

- encrypted connections (HTTPS) where available

- access controls, strong passwords and (where possible) 2FA

- data minimisation and need-to-know access

- backups and platform security via our hosting/tool providers

Your GDPR rights

You have the right to access, rectify, erase (where applicable), restrict processing, data portability (where applicable), object to processing based on legitimate interests, and withdraw consent at any time (where processing is based on consent).

How to exercise your rights

Email [YOUR EMAIL] with subject “Privacy request”. We may ask for additional information to verify your identity. We normally respond within 1 month.

Complaints

You can lodge a complaint with the Belgian Data Protection Authority (GBA/APD):

Rue de la Presse 35, 1000 Brussels

Tel.: +32 (0)2 274 48 00

Email: contact@apd-gba.be

Changes

We may update this policy. The latest version is always available on our website.