We value your interest in our services and want to share essential information regarding how we handle and safeguard your personal data.
At sapori.school, safeguarding the privacy of our customers, partners, and suppliers is our top priority. This privacy policy aims to provide insights into the data we collect, its purpose, and how you can manage, update, export, or delete your information. It also outlines our security measures and your rights concerning this data.
When we mention "sapori.school," it encompasses all web pages (websites, landing pages, subdomains, etc.) associated with us. Your use of this website implies consent to data collection, processing, and transfer as outlined in this policy.
Please check this section regularly, as the policy may undergo revisions. Significant changes will be duly communicated.
In addition to this policy, please refer to the Terms and Conditions and Cookie Policy
The information collected on our platform falls under the scope of the General Data Protection Regulation
2016/679 (Regulation (EU) 2016/679), also known as GDPR and the Directive on Privacy and Electronic
Communications (2002/58/EC).
If you need further information about how we use your personal data, you can write to us using the
contact details.
Who are we?
We are an online cooking school that offers pre-recorded video courses with unlimited access from anywhere in the world, at any time, and also provides recipe ebooks in PDF format.
Registration dates:
SAPORI SCHOOL OÜ. This entity was established on September 27, 2023, and is located at Ahtri tn 12, Tallinn, Harjumaa 15551, Estonia, with the Register code 16827730
For any queries or communication, you may reach us through:
• Email at hello@sapori.school
• Telephone: +447479202838
Using our platform
By accessing or using any part/function of our website, you agree to abide by the terms, conditions and policies mentioned and/or hyperlinked and acknowledge that you are of legal age in accordance with applicable national law. If you do not accept the terms, conditions and policies set out in this documentation, then you should not continue to use our website.
Where we collect data about you.
In general, the personal data we collect is provided by you via email, through our Websites, social media networks.
Occasionally, when we are in the process of recruiting, we may collect data about you from specialized
online platforms (eJobs, LinkedIn, etc.) or from CVs you send us.
Also, when you interact with us on social media (i.e. like, share, comment, review, etc.), we will inevitably
have access to information about you, especially data that you have made public on your social media
profile.
How we use personal data?
Please find below, the purposes for which we process your personal data, who has access to your data and how we store it.
1. We process data about you when you interact with us using the contact details available on our website or our social media accounts
When you interact with us using the contact details available on sapori.school or interact with us via
social media messenger functions (e.g. feedback, referrals, requests for information, etc.), we will use your contact details and the data you provide to provide you with information and offers regarding our services, to address the situation you have raised, to assess the satisfaction of our customers and to continually improve our services.
Personal data:
Your name, first name, phone number, email address, Internet Protocol (IP), cookie ID, data you have made public on your social media profile and any other data you voluntarily submit to us.
Lawfulness of processing :
• We process your data in order to take steps at your request prior to the conclusion of a contract (Art. 6/1/b of Regulation (EU) 2016/679).
• In pursuit of our legitimate interest to respond to any questions, complaints or recommendations you send us and to improve our services and the experience we provide to our customers (Art. 6/1/f of Regulation (EU) 2016/679).
With whom we can share your data:
• Providers of IT services for our company (hosting and cloud data storage) or providers to whom we outsource certain technical support services for our website, cyber security monitoring and intrusion detection, or providers of customer relationship management systems;
• Social media platforms: Facebook; Instagram, LinkedIn
• Regulators and other state authorities if required by legal or statutory requirements
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data: We will store your data in our communications database for a maximum of 12 months after your last interaction. Data submitted via social media networks will be stored by them according to their own policies.
Where the data is stored:
• The data recorded via sapori.school will be stored on the hosting provider's servers;
• Data submitted via social media networks will be stored by them according to their own policies;
• The data we download locally will be stored on our secure, local and cloud servers.
2. We process data about you when you react to content on social media
You can find us on Facebook, Instagram, LinkedIn. Whenever you interact with us through our social media accounts (e.g. comments, likes, reviews, shares, etc.) we will have access to your publicly available data on your profile.
Personal data: Your name, photo, any publicly accessible information from your social media profile, or voluntarily communicated by you.
Lawfulness of processing:
• We process your personal data in order to respond to your request before entering into a contract (Art. 6/1/b of Regulation (EU) 2016/679),
• Pursuing our legitimate interest (Art. 6/1/f of Regulation (EU) 2016/679) to respond to any questions, suggestions or complaints you may submit and to improve our services and the experience we offer our customers, and furthermore, pursuing our legitimate interest to keep you informed of news that the company publishes that may be of interest to you.
With whom we can share your data.
• Suppliers of IT services to our company, suppliers to whom we outsource certain technical support services for our website or suppliers of customer relationship management systems;
• Social media platforms: Facebook; Instagram, LinkedIn
• Regulators and other state authorities if required by legal or statutory requirements.
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data :
Data shared with social media platforms will be stored by them according to their own policies.
Where the data is stored :
• Data shared with social media platforms will be stored by them according to their own policies, located in the European Union or the US.
• The data we download locally will be stored on our secure, local and cloud servers.
3. We process your data to make your browsing experience on sapori.school easy and enjoyable
When you visit our website, we collect data about you through online identifiers (cookies and IP), which are stored in log files. We use this information to help us design our website to better suit the needs of our users. We may also use your address. IP address to help diagnose possible malfunctions of our servers and to manage our website, maintain the security of our website and prevent fraud, authorize the use of services available on our website, analyze trends, track visitors' movements, and collect broad demographic information to help identify visitor preferences. You can find more information about cookies, as well as how you can delete cookies and disable tracking by visiting the Cookie Policy available on our website.
Personal data:
Internet Protocol (IP), general computer location, device (country level), website viewing history, timestamp, request/action, browser and operating system type and version; Other information that is generated as you use our website, including when, how often and under what circumstances you use it.
Lawfulness of processing:
• We use cookies to make your navigation on our website easy and pleasant, in our legitimate interest (Art. 6/1/f of Regulation (EU) 2016/679);
• Non-essential cookies are not used without your consent (Art. 6 /1/a of Regulation (EU) 2016/679)
With whom we can share your data.
• IT service providers for our company or providers to whom we outsource certain technical support services for our website
• Third parties placing cookies
• Regulatory and other state authorities, if required by legal or statutory requirements We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose.
We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data
There are session cookies and persistent cookies. While session cookies are deleted when you close your browser, persistent cookies may have a different lifetime depending on the purpose they serve. More information about the duration of the cookies we use can be found in our Cookie Policy
Where the data is stored
• The data collected through our own cookies will be stored on the servers of the hosting provider - amplica.md
• The data collected through third party cookies will be stored on their servers located in the European Union or in the USA.
4. Closing contracts and executing customer requests (as well as requesting a free trial lesson and for the delivery of gifts/awards)
In particular, we process the personal data contained in the documents you send us and the information necessary for the conclusion and performance of contracts.
Personal data
Guardian/parent: Last name, first name, email address, mobile phone, billing and delivery details, financial information collected at time of payment, IBAN account; for legal entities: company representative contact details.
Child: Name, first name, age.
Lawfulness of processing
We process your data for the conclusion and performance of a contract (Art. 6/1/b of EU Regulation 2016/679). We process the minor's data based on the consent of the holder of parental responsibility (Art. 8 of the EU Regulation 2016/679).
With whom we can share your data.
• IT service providers for our company or vendors to whom we outsource certain technical support services for our website, security monitoring and intrusion detection or customer relationship management system providers
• Hosting and cloud service provider
• The banking service provider in case of direct bank transfer payments
• Tax Reporting: National Tax Agencies
• Courier companies: ideas3D
• Online payment processor: Stripe
• Regulatory and other state authorities, if required by legal or statutory requirements.
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data
We will not retain personal data older than 5 years, calculated from the time of termination of the contract, except for documents subject to retention conditions imposed by national law (e.g. financial-accounting data).
The data entered in the financial-accounting documents (e.g. invoices, card payments, reimbursement payments, bank transfers, etc.) will be kept in the archives for 10 years, starting from the end of the financial year in which they were drawn up, in accordance with the periods of the Accounting Law no. 82/1991 and Order 2634/2015.
Where the data is stored
● The data recorded in our data management system will be stored on the hosting provider's servers located in the European Union.
● The data we download locally will be stored on our secure, local and cloud servers.
● In the case of parcels delivered via courier companies/postal services, the delivery data, which will be stored in their electronic systems and will be subject to the retention periods set by them.
● We will store your financial and accounting data on our secure local and cloud servers or in a physical archive.
5. We process your data when you apply for a job at bloomcoding.com (as a Mentor)
Occasionally, we may be in the process of recruiting for our company, which is why you may be able to send us your details directly from our website.
Personal data
Name, surname, city of residence, e-mail address, telephone number, CV
Lawfulness of processing
• We process your data in order to respond to your request before entering into a contract (Art. 6/1/b of Regulation (EU) 2016/679)
• Following our legitimate interest in responding to any questions or requests you send us in order to assess your application and choose the most suitable candidate for the job (Art. 6/1/f of Regulation (EU) 2016/679)
With whom we can share your data.
• Suppliers of IT services to our company, suppliers to whom we outsource certain technical support services for our website or suppliers of customer relationship management systems
• Regulators and other state authorities if required by legal or statutory requirements.
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data
• We will store your data in our communications database for a maximum of 12 months after your last interaction.
• Data shared with other platforms will be stored by them according to their own policies.
Where the data is stored
• The data recorded through our website will be stored on the servers of the hosting provider;
• The data we download locally will be stored on our secure, local and cloud servers;
ț• Data shared with other platforms will be stored by them according to their own policies, in the European Union and the US.
6. We process data about you when you send us a data access request
In order to exercise your legal rights under the GDPR, we must first identify you and process your data.
Personal data
Name, surname, e-mail address, telephone number, address, date of birth, relationship to the data subject if the application is completed on behalf of another person, other information you voluntarily send us.
Lawfulness of processing
• We process your data to comply with our legal obligations under the GDPR (Art. 6/1/c of Regulation (EU) 2016/679)
With whom we can share your data
• Suppliers of IT services to our company, suppliers to whom we outsource certain technical support services for our website or suppliers of customer relationship management systems;
• Regulatory and other state authorities, if required by legal or statutory requirements.
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data
We will store your data in our communications database for a maximum of 12 months after your last interaction.
Where the data is stored
• The data recorded via bloomcoding.com will be stored on the hosting provider's servers.
• The data we download locally will be stored on our secure, local and cloud servers.
7. We process your data for commercial and marketing communications, as well as for communicating the Bloomcoding presentation
We may send you information about the services we offer if you have requested this information (e.g. by subscribing to our newsletter) or if you are already our customer and this information may be of particular interest to you.
Personal data
Name, first name, e-mail address, phone number
Lawfulness of processing
● We process your data in order to take steps at the request of the data subject prior to the conclusion of a contract (Art. 6/1/b of Regulation (EU) 2016/679)
● We process data based on your consent (Art. 6/1/a of Regulation (EU) 2016/679), for marketing communications
● We will process data in legitimate interest if you are already our customer and we consider that the information could be of great interest to you (Art. 6/1/f of Regulation (EU) 2016/679)
With whom we can share your data.
● IT service providers for our company, or vendors to whom we outsource certain technical support services for our website, cyber security monitoring and intrusion detection, or customer relationship management system vendors
● Newsletter service provider - Mailerlite
● Regulators and other state authorities if required by legal or statutory requirements.
We will disclose your personal data only to the extent strictly necessary to achieve the intended purpose. We have taken all necessary steps to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect your data.
How long will we store the data
● If you subscribe to the newsletter, data processing will continue until you unsubscribe.
● In the case of processing carried out in the legitimate interest, when you are already our customer, we will process your data for the duration of the execution of the contract and will continue to do so for a further 3 years after the termination of the contract.
Where the data is stored
● The data recorded via bloomcoding.com will be stored on the hosting provider's servers.
● The data processed through the newsletter service provider will be stored on its servers.
● The data we download locally will be stored on our secure, local and cloud servers.
Important:
If you wish to stop receiving newsletters or informative material from bloomcoding.com, all you have to do is press the "Unsubscribe" button available in the email you receive.
8. We process the data of the participants of the online programming lessons
Personal data
The image, the voice
Lawfulness of processing
• We process the minor's data on the basis of the consent of the holder of parental responsibility (Art. 8 of Regulation EU 2016/679).
With whom we can share your data.
• Online platform service providers for conducting, recording and storing lessons
• IT service providers for our company, or vendors to whom we outsource certain technical support services for our website, cyber security monitoring and intrusion detection, or customer relationship management system vendors
How long will we store the data
• We will store your data in our communications database for the duration of your consent.
• Data shared with other platforms will be stored by them according to their own policies.
Where the data is stored
• The data recorded via the online platform will be stored on the servers of the online platform provider.
• The data we download locally will be stored on our secure, local and cloud servers.
9. We process the data of the participants of the online programming lessons in order to promote the company (e.g. by displaying images of the lessons on the bloomcoding.com website)
Personal data
Image (photo-video) of the minor, projects made by the minor which may contain personal data, name and surname of the parent
Lawfulness of processing
• We process the minor's data based on the consent of the holder of parental responsibility (Art. 8 of the EU Regulation 2016/679). We process the data of the parent on the basis of their consent.
With whom we can share your data.
• Users of bloomcoding.com
• IT service providers for our company, or vendors to whom we outsource certain technical support services for our website, cyber security monitoring and intrusion detection, or customer relationship management system vendors
How long will we store the data
• We will store your data in our communications database for the duration of your consent.
• Data shared with other platforms will be stored by them according to their own policies.
Where the data is stored
• The data will be stored on the hosting provider's servers.
• The data we download locally will be stored on our secure, local and cloud servers.
Is the data collected and processed by sapori.school secure?
sapori.school pays close attention to the protection of your data and applies appropriate technical
and organisational measures to ensure the protection of personal data processed, appropriate to the risks
and categories of data protected, in particular, protects data against sharing it with unauthorised persons,
its collection by an unauthorised person, its processing in violation of applicable laws as well as against
data change, loss, damage or destruction.
However, remember that unfortunately no data transmission is guaranteed to be 100% secure.
If you suspect a breach of your privacy, please contact us immediately at hello@sapori.school
Important: After the end of the data retention period, your data will be deleted. If we consider that this
data could help us to improve the quality of our services, we will continue to use this data only after the
irreversible anonymisation of this data.
Links to other websites
sapori.school may contain links to other websites that are not owned or controlled by the company.
Please note that we are not responsible for the privacy practices of other websites or third parties. We
encourage you to be aware when you leave our site and to read the privacy policies of each website that
may collect personal information.
International transfers of personal data
sapori.school shares personal data with partners operating outside the European Economic Area ("EEA").
List of international partners with whom we share data:
Personal data may be stored and processed in any country where we engage service providers. We may
transfer personal data we hold about you to recipients in countries other than the country in which the
personal data was originally collected, including to the United States. These countries may have data
protection rules that are different from those in your country. However, we will take steps to ensure that
any such transfers comply with applicable data protection laws and that your personal data remains
protected according to the standards described in this Privacy Policy. In certain circumstances, courts, law
enforcement agencies, regulatory agencies or security authorities in those other countries may have the
right to access your personal data.
Where applicable law requires us to ensure that an international data transfer is governed by a data
transfer mechanism, we use one or more of the following mechanisms:
● EU standard contractual clauses with a data recipient outside the EEA or UK
● Verification that the recipient has implemented binding corporate rules
● We will also ensure that all our international partners have taken additional measures to provide
adequate safeguards, enforceable rights and effective legal remedies. The role of these measures
is to provide additional guarantees to data subjects that the transfer of data under standard
contractual clauses or binding corporate rules provides a level of protection equivalent to that
guaranteed within the European Union.
The rights you enjoy
As a data subject you have specific legal rights with regard to your personal data that we collect and
process. sapori.school respects your rights and ensures that your interests are properly taken into
account.
● Withdrawal of consent: If the processing is carried out on the basis of your consent, you may
withdraw your consent to the processing at any time.
● Data rectification: If you notice that we hold erroneous personal data, you can ask us at any time to
rectify the personal data concerning you. We make reasonable efforts to keep personal data - which
is used continuously and which is in our possession or control - accurate, complete, current and
relevant, based on the most recent information available to us.
● Restriction of processing: If you are in one of the situations below, you can ask us to restrict the
processing of your data:
● challenge the accuracy of personal data for the period during which we need to verify the
accuracy,
● the processing is unlawful and you request restriction of the processing rather than deletion
of the personal data,
● we no longer need your personal data, but you request them for the establishment, exercise
or defence of a right, or
● you object to the processing during the period in which we check whether our legitimate
reasons take precedence over your rights.
● Access to your data You can ask us for information about the personal data we hold about you,
including information about what categories of data, what it is used for, where we collected it from,
whether it is collected directly from you, and to whom it was disclosed, if applicable. You can obtain
a copy from us, free of charge, containing the personal data we hold about you. We reserve the right
to charge a reasonable fee for abusive requests.
● Right to portability: Upon request, we will transfer personal data to another controller, where
technically possible, provided that the processing is necessary for the performance of a contract.
Rather than receiving a copy of your personal data, you can request that we transfer your data directly
to another controller specified by you.
● Right to erasure: You can obtain the deletion of personal data from us if:
● your data is no longer necessary for the purposes for which it was processed;
● object to further processing of personal data (see Right to object below);
● personal data have been unlawfully processed;
● you withdraw your consent on the basis of which the processing takes place
Unless processing is necessary:
● in order to fulfil a legal obligation that requires us to process that data;
● in particular for the legal requirements on data retention periods;
● to establish, exercise or defend a right in court.
● Right to object: you can object to the processing of your personal data at any time due to your
particular situation. In this case, we will no longer process your personal data unless we can
demonstrate compelling legitimate grounds and an overriding interest for the processing or for
establishing, exercising or defending a right. When objecting to the processing, please mention
whether you want to erase personal data or restrict the processing of such data.
● Right to lodge a complaint: In the event of an alleged breach of applicable privacy legislation, you
may lodge a complaint with the Data Protection Supervisor:
To remember!
Timeframe: We will try to resolve your request within 30 days. However, the period may be extended for
reasons of specific legal right or complexity of the request.
Restriction of access: In certain situations, we may not be able to grant you access to all or part of your
personal data due to restrictions provided by law. If we deny your access request, we will notify you of
the reason for the denial.
Unidentifiability: In some cases, we may not be able to identify personal data due to the lack of identifiers
provided in your request. In such cases, if you do not provide additional information that allows us to
identify you, we will not be able to fulfill your request to exercise your legal rights as described in this
section.
Exercising your rights
To exercise your legal rights, please contact us in writing at hello@sapori.school