🔒 Privacy Policy – Vegan Pastry Academy

Last updated: 27/11/2025

This Privacy Notice applies to users worldwide who visit or use veganpastryacademy.com, regardless of their country of origin. Data processing is carried out in compliance with the EU GDPR, UK GDPR, Swiss Federal Act on Data Protection, CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada) and the main applicable international data protection laws.

1. Data Controller

The data controller for the processing of personal data is:

Alessia Luisa
Registered office: Capiago Intimiano (CO), 22070 – Italy
VAT no.: 03964290138
Email: info@veganpastryacademy.com

2. Personal data we collect

2.1 Data provided directly by you

• First name and last name
• Email address
• Billing address (if required for orders)
• Payment data (handled by external providers: we do not store card numbers)
• Account credentials (email and password)
• Data sent through contact forms
• Preferences relating to newsletter and marketing communications

2.2 Data collected automatically

Through cookies and similar technologies we collect, for example:

• IP address (where possible anonymised)
• Browser and device information
• Website usage data
• Pages visited, time spent, interactions
• Technical errors and server logs

2.3 Data received from third parties

We receive information from:

• Google Analytics 4 (usage statistics)
• Meta Pixel (interactions for advertising purposes, only with consent)
• Brevo (email interaction data)
• Hostinger (technical server logs and transactional emails)

3. Purposes of processing and legal bases

We process your personal data for the following purposes:

3.1 Creating and managing your user account

Legal basis: performance of a contract. The data are needed to allow you to access the digital contents you have purchased.

3.2 Purchase of online courses and e-books

Legal basis: performance of a contract. The data are needed for payments, invoicing and order confirmation.

3.3 Sending newsletters and promotional communications

Legal basis: consent. Subscription takes place via Brevo and you can withdraw your consent at any time.

3.4 Customer support

Legal basis: legitimate interest or contract. We use the data to respond to requests and provide support.

3.5 Website traffic analysis (Google Analytics 4)

Legal basis: consent. We analyse traffic to improve content, performance and usability. Without consent, this tool is not activated.

3.6 Marketing and remarketing (Meta Pixel)

Legal basis: consent. In certain countries such as the United States, this activity may be classified as “sharing” of data; an opt-out option is available.

3.7 Website security, prevention of abuse and technical operation

Legal basis: legitimate interest. We protect the site from unauthorised access, attacks and anomalies.

3.8 Legal and tax compliance

Legal basis: legal obligation. We retain the data necessary for accounting, invoicing and tax documentation.

4. Data recipients

Your data may be shared with providers acting as data processors or as independent third parties. In particular:

• Hostinger – website hosting and transactional emails
• Brevo (Sendinblue) – newsletter and marketing automation
• Google LLC – Google Analytics 4
• Meta Platforms Inc. – Meta Pixel
• YouTube and Vimeo – embedded video playback
• External payment providers (e.g. PayPal, Stripe)
• Professional advisors (accountant, legal advisors) where required by law

We do not sell or trade your personal data to third parties for commercial purposes.

5. Data transfers outside the European Union

Some providers may process personal data in countries other than yours. To ensure an adequate level of protection, we make use of:

• Standard Contractual Clauses (SCC)
• Additional technical safeguards
• Mechanisms recognised under GDPR, UK GDPR and other global data protection laws

6. Data retention

We retain personal data for periods consistent with the purposes of processing:

• Account data: as long as the account remains active
• Purchase data: 10 years (tax obligations)
• Newsletter data: as long as you remain subscribed
• Technical logs: 6–12 months
• Cookies: according to the durations indicated in the Cookie Policy

7. Data security

We apply technical and organisational measures to protect your data, including:

• traffic encryption (HTTPS)
• firewalls and intrusion prevention systems
• regular backups
• restricted access to data
• server monitoring to prevent attacks

8. Users’ rights

8.1 Users in the European Union, EEA, United Kingdom and Switzerland

You have the right to:

• access your personal data
• request rectification
• request erasure
• restrict processing
• object to processing
• request data portability
• withdraw consent you have given
• lodge a complaint with the competent supervisory authority

8.2 Users in California (CCPA/CPRA)

You have the right to:

• know what categories of data we collect
• request deletion of your data
• opt out of the sale or sharing of your personal information
• not be discriminated against for exercising your rights

8.3 Users in Brazil (LGPD)

You have the right to:

• obtain confirmation of the processing
• access your data
• request rectification, anonymisation or deletion
• port your data to another provider
• withdraw your consent

9. Minors

Vegan Pastry Academy is not intended for individuals under 16 years of age (or a different age threshold where required by local law). We do not knowingly collect data from children.

10. How to exercise your rights

You can request information or exercise your rights by sending an email to:

📩 info@veganpastryacademy.com

11. Links to external sites

The website may include links or embedded content from third parties (YouTube, Vimeo, social networks). Each platform operates according to its own privacy policy, for which we are not responsible.

12. Changes to this Notice

This Privacy Policy may be updated from time to time. We invite you to review it regularly to stay informed.

The date of the last update is indicated at the beginning of this document.