GDPR Policy – Personal Data Protection

Last updated: Today

This GDPR Policy aims to inform users (“User”, “Customer”) in a clear and transparent manner about the collection, use, and protection of their personal data in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and applicable data protection laws.

1. Data Controller

The data controller is the operator of the website (“the Company”).

The Company determines the purposes and means of processing personal data collected on the Site.

For any questions regarding your personal data, you may contact:
Email: info@the-handpan-workshop.com

2. Personal Data Collected

We only collect data strictly necessary for the operation of our services.

a) Identification data

  • Last name

  • First name

  • Postal address

  • Email address

  • Phone number

b) Order data

  • Ordered products

  • Purchase history

  • Delivery information

  • Billing information

c) Technical data

  • IP address

  • Device type

  • Browser

  • Pages visited

  • Connection data and logs

d) Marketing data (with consent)

  • Purchase preferences

  • Email opens

  • Newsletter interactions

3. Purpose of Processing

Your data is processed solely for the following purposes:

  • Order and delivery management

  • Customer service management

  • Payment processing and fraud prevention

  • Customer account management

  • Website and user experience improvement

  • Sending commercial communications (only with consent)

  • Compliance with legal and accounting obligations

4. Legal Basis for Processing

In accordance with GDPR, each processing activity is based on a legal basis:

  • Contract performance: processing your order

  • Legal obligation: invoicing, accounting

  • Legitimate interest: website security, fraud prevention

  • Consent: newsletters and marketing

You may withdraw your consent at any time.

5. Data Recipients

Your data may only be shared with necessary service providers:

  • Payment providers

  • Carriers/shipping providers

  • Website hosting provider

  • Emailing/marketing tools

  • Anti-fraud services

These partners are contractually obligated to ensure data confidentiality and security.

No personal data is sold to third parties.

6. Transfers Outside the European Union

Some technical providers may be located outside the European Union.

In such cases, we ensure that:

  • Standard Contractual Clauses (SCCs) approved by the European Commission are in place, or

  • The provider ensures an adequate level of protection as recognized by the EU

7. Data Retention Period

  • Customer account: 5 years after last activity

  • Orders & invoices: 10 years (legal obligation)

  • Marketing data: 3 years after last contact

  • Cookies: maximum 13 months

  • Customer support data: 3 years

Beyond these periods, data is deleted or anonymized.

8. Your Rights (Articles 12 to 22 GDPR)

You have the following rights:

  • Right of access to your data

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent at any time

  • Right to define post-mortem directives

You may exercise your rights by contacting us.

A response will be provided within a maximum of 30 days.

You also have the right to lodge a complaint with the competent supervisory authority (e.g., CNIL in France).

9. Cookies and Tracking Technologies

the-handpan-workshop uses different types of cookies:

Strictly necessary cookies

  • Cart functionality, login, security

Analytical cookies

  • Audience measurement and site performance

Marketing cookies

  • Personalized advertising and remarketing (only with consent)

A consent banner allows you to accept or refuse cookies at any time.

10. Data Security

We implement appropriate security measures:

  • HTTPS protocol (SSL)

  • Data encryption

  • Restricted access to information

  • Secure hosting

  • Intrusion monitoring

In the event of a data breach posing a risk, affected users will be informed in accordance with GDPR.

11. Minors

the-handpan-workshop is not intended for individuals under 16 without parental consent.
We do not knowingly collect data from minors.

12. Policy Updates

We may update this GDPR Policy to remain compliant with legal and technical developments.
The applicable version is the one published on the Site at the time of browsing.

13. Contact – Data Protection Officer (DPO)

For any request regarding your personal data:

Email: info@the-handpan-workshop.com

By using the-handpan-workshop, you acknowledge that you have read and understood this GDPR Policy and agree to the processing of your personal data in accordance with the above provisions.