Get Certified

Privacy Policy

Privacy Policy

Effective date / Data di efficacia: 15 April 2026

This Privacy Policy explains how SafeBloom® (“we”) processes personal data in connection with safebloomeurope.com and the SafeBloom® Certification programme. It is provided under Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and applicable national law.

Data controller

SafeBloom®, c/o Marcello Polito. Contact: info@safebloom.com (subject “Privacy”).

Personal data we process

  • Account: name, email, password hash, professional role, restaurant name and city.
  • Purchase: billing address, VAT number where applicable, order history, invoices. Full payment-card numbers are not stored on our servers.
  • Course: enrolment, lesson progress, exam attempts and score, certificate, plaque shipping address.
  • Technical: IP address, browser type, device identifiers, pages viewed, referrer, timestamps, cookie IDs.
  • Marketing: email preferences, opens, clicks, language segment (lang:it / lang:en), unsubscribe status.

Purposes and legal bases

  • Provide the Services and perform the contract — Art. 6(1)(b) GDPR.
  • Comply with legal obligations (accounting, tax, consumer law) — Art. 6(1)(c).
  • Legitimate interests in security, fraud prevention and aggregated analytics — Art. 6(1)(f).
  • Marketing emails: consent or soft opt-in for customers of similar services; right to object at any time — Art. 6(1)(a)/(f) and national e-privacy rules.
  • Non-essential cookies/tracking: consent only — Art. 6(1)(a) and Directive 2002/58/EC.

Recipients and processors

We share personal data with processors acting on our instructions: Hostinger (hosting), WordPress / WooCommerce / Tutor LMS (platform), PayPal / PayPal Commerce Platform (payments), ActiveCampaign (email, automation), LiteSpeed (caching), Google (reCAPTCHA or analytics where enabled), and professional advisors (accounting, legal). Each processor is bound by a Data Processing Agreement.

International transfers

Some providers are based outside the EEA (e.g. PayPal, ActiveCampaign). We rely on adequacy decisions or Standard Contractual Clauses with supplementary measures where required.

Retention

Account and course data: while the account is active and up to 10 years after, for accounting/tax obligations. Marketing data: until unsubscribe, with a short post-unsubscribe retention. Technical logs: up to 12 months unless longer for security. Cookies: see the Cookie Policy.

Your rights

Under GDPR: access, rectification, erasure, restriction, objection, portability, withdrawal of consent (without affecting prior lawful processing). You may lodge a complaint with the Italian Data Protection Authority (Garante) or your local authority. To exercise rights: info@safebloom.com.

Children

The Services are not intended for minors. We do not knowingly collect data from persons under 18.

Automated decision-making

No automated decision-making producing legal or similarly significant effects is carried out.

Security

Technical and organisational measures include HTTPS, access controls, encrypted backups and least-privilege access. We will notify affected users and the competent authority of personal-data breaches where required by law.

Changes

We may update this Policy. Material changes will be notified by email or on the Website.

Cookie preferences