Privacy Policy
Your privacy matters. This statement explains which personal data is processed when you visit this website or get in touch, why this happens, and what rights you have. Drafted in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).
1. Introduction
This privacy policy applies to the use of the website sigaofficial.com and to all communication established through the website, such as the contact form and direct emails.
By using the website and/or providing data to us, you are deemed to have taken note of this privacy policy.
2. Who is responsible?
The data controller is Sam Vandendriessche, a natural person, working as an artist compensated through the Amateur Arts Allowance (AKV), performing under the artist name "SIGA".
- Email: sigaofficial@outlook.com
- Website: https://sigaofficial.com
- Instagram: @siga.the.maker
- Postal address: Koning Leopoldstraat 75, 9920 Lievegem, Belgium
There is no obligation to appoint a Data Protection Officer (DPO); the data controller can be contacted directly via the channels above.
3. Which data is processed?
3.1 Via the contact form
When you use the contact form on sigaofficial.com, the following data is processed:
- Name
- Email address
- Category (Booking, Custom piece/custom work, Collabs, Press)
- Message (free text)
3.2 Via the custom PHP script
The contact form is processed by a custom server-side PHP script running on the same hosting environment as the website. This script:
- only accepts form submissions (POST requests);
- validates the input fields (name, email, category, message length) on the server side;
- uses a temporary session to briefly track when you last submitted the form, so that repeated submissions in a short time (spam/abuse) are blocked ("rate limiting");
- uses a hidden field ("honeypot") to detect and refuse automated bot spam;
- sends the message by email to sigaofficial@outlook.com, with a technical no-reply sender address and your email as reply-to so SIGA can answer you directly;
- processes no payments;
- records the submission timestamp in Central Time (CT).
3.3 Via the hosting provider (server logs)
The hosting provider (Hostinger) may keep standard technical server logs, such as IP address, time of visit, browser used and requested URLs. These logs are managed by the hosting provider and primarily serve security, debugging and server availability.
3.4 Via analytics
This website may use analytical cookies or similar technologies, for example via the hosting provider or connected analytics tools, to measure visitor numbers and usage of the site. Where consent is required for this, it is requested via the cookie banner. See also the cookie policy.
3.5 Via YouTube and Spotify embeds
The website displays music and video fragments via embeds from YouTube and Spotify. When you view or play such an embed, YouTube (Google LLC) and/or Spotify AB may collect data such as your IP address, device information and cookies, in accordance with their own privacy policies:
4. What is the data used for?
The personal data collected is only used for the following purposes:
- responding to your message or request;
- handling booking requests, press inquiries, collaboration proposals and custom work requests;
- organisational follow-up of appointments and projects;
- website security and protection against abuse and spam;
- technical proper functioning and improvement of the website.
No products are sold via this website and no marketing or newsletter is sent based on the contact form.
5. Legal basis
The processing of your personal data is based on the following legal grounds (Art. 6 GDPR):
| Processing | Legal basis |
|---|---|
| Responding to messages via the contact form | Consent — Art. 6.1.a GDPR, and/or pre-contractual steps — Art. 6.1.b GDPR |
| Follow-up of bookings, collabs, custom work, press | Pre-contractual steps / performance of a contract — Art. 6.1.b GDPR |
| Security measures (sessions, rate limiting, honeypot, server logs) | Legitimate interest — Art. 6.1.f GDPR (protecting the website and operator from spam and abuse) |
| Analytical/marketing cookies | Consent — Art. 6.1.a GDPR (via the cookie banner) |
6. Security and abuse prevention
Various measures are taken to protect your data and the proper functioning of the website:
- Sessions: a temporary server session may be created when using the contact form, solely to limit repeated abuse;
- Rate limiting: at least 10 seconds must pass between consecutive submissions;
- Honeypot field: a hidden form field detects automated spam; when this field is filled in, the submission is refused;
- Server-side validation: all input data (name, email, category, message) is checked on the server before being processed;
- Encrypted connection: the website is reachable via HTTPS, so data is encrypted during transmission.
These measures are based on legitimate interest (Art. 6.1.f GDPR) and are kept as limited as possible.
7. Retention periods
- Messages via the contact form and email correspondence: a maximum of 24 months after the last contact. After that, messages are deleted or anonymised, unless they must be kept due to a legal obligation or ongoing arrangement.
- Session data for rate limiting: temporary (short duration of the browser session or until the limit has expired).
- Server logs at the hosting provider: according to Hostinger's retention periods.
- Cookies: according to the periods listed in the cookie policy.
8. Sharing with third parties
Personal data is not sold or rented to third parties. It is, however, entrusted to a limited number of service providers needed to operate the website and email communication:
- Hosting provider (Hostinger): hosting of the website and execution of the PHP script, including the associated server logs;
- Email provider (Microsoft Outlook): the email address sigaofficial@outlook.com is hosted at Microsoft, where incoming messages are stored;
- YouTube (Google LLC) and Spotify AB: via embedded content on the website;
- CookieYes: management of the cookie banner and cookie consents (see cookie policy);
- Possible analytics providers connected to the website.
These parties act as processor or as independent controller, and process data in accordance with their own privacy policies. Data is processed within the European Economic Area (EEA) as much as possible; where this is not the case, it is done under appropriate safeguards (such as Standard Contractual Clauses).
9. Your rights
Under the GDPR you have the following rights:
- Right of access to your personal data;
- Right to rectification of incorrect or incomplete data;
- Right to erasure ("right to be forgotten");
- Right to restriction of processing;
- Right to data portability;
- Right to object to processing based on legitimate interest;
- Right to withdraw consent, where processing is based on consent.
You can exercise these rights by sending an email to sigaofficial@outlook.com. To prevent abuse, you may be asked to reasonably prove your identity.
You also have the right to lodge a complaint with the Belgian Data Protection Authority (DPA), Drukpersstraat 35, 1000 Brussels, Belgium.
10. Contact for privacy questions
For questions about this privacy policy or about the processing of your personal data:
- Email: sigaofficial@outlook.com
- Postal address: Koning Leopoldstraat 75, 9920 Lievegem, Belgium
This privacy policy may be updated. The latest update is mentioned below.
Last update: April 2026.
This text is an informative privacy statement and does not constitute official legal advice. Consult an accountant or lawyer for your specific situation.