Privacy Policy

Effective Date: 17 June 2018
Last Updated: 13 July 2025

This Privacy Policy explains how Sayuri Healing Food Academy (“we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you use our website, enroll in our courses, or engage with us online or offline.

This policy complies with the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). If you are a resident of the European Economic Area (EEA) or California, additional rights apply to you, as noted below.

By using our services, you agree to the terms of this Privacy Policy.

1. Definitions

Personal Data: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

Data Subject: The person to whom the data relates.

Controller: The entity determining the purposes and means of processing personal data.

Processor: A third party acting on behalf of the controller.

Sensitive Personal Data: Includes data such as racial or ethnic origin, religious beliefs, health data, etc.

2. What Data We Collect

We collect the following categories of data:

Identifiers

  • Full name, email, phone number, country of residence & gender (when disclosed)

  • Billing and shipping addresses

  • Social media usernames (if you connect or contact us via those channels)

Commercial Information

  • Purchase history

  • Registration and course attendance records

  • Feedback, reviews, and testimonials

Internet Activity

  • IP address

  • Browser type and device ID

  • Page views, session duration, navigation paths

  • Referring URLs

Audio/Visual

  • Photos and videos captured during in-person events (with consent)

Geolocation (approximate)

  • From your IP address or device (if allowed)

3. How We Collect Your Data

  • Directly: via website forms, email, course registration, reviews, and customer service interactions.

  • Automatically: through cookies, pixels, analytics tools (Google Analytics, Facebook Pixel, TikTok Pixel, etc.).

  • From third parties: payment processors (Stripe, PayPal, Xendit, Midtrans), marketing platforms (Kajabi), ad networks, analytics partners.

  • Offline: when you attend our courses and provide feedback or reviews.

4. Purpose and Legal Basis for Processing

We process your data under the following lawful bases (per GDPR Article 6):

Purpose

Legal Basis

To deliver services

Contract

To process payments

Contract

To send marketing

Consent or Legitimate Interest

To analyze user behavior

Legitimate Interest

To fulfill legal obligations

Legal Obligation

To maintain security

Legitimate Interest

We will not collect more information than is necessary for these purposes.

5. Your Rights Under GDPR (EU/EEA Residents)

If you reside in the EU/EEA, you have the following rights under the GDPR:

  • Right to Access – You may request a copy of your personal data.

  • Right to Rectification – You may request corrections to inaccurate or incomplete data.

  • Right to Erasure – You may request that we delete your data (“right to be forgotten”).

  • Right to Restrict Processing – You may limit how we use your data.

  • Right to Data Portability – You can request your data in a machine-readable format.

  • Right to Object – You may object to data processing based on legitimate interest or for direct marketing.

  • Right to Withdraw Consent – At any time, without affecting previous processing.

  • Right to Lodge a Complaint – With your data protection authority (see Supervisory Authority below).

6. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you are entitled to the following rights:

  • Right to Know – You can request details about the personal information we’ve collected, used, or shared in the past 12 months.

  • Right to Access – You can request a copy of your personal information.

  • Right to Delete – You can request deletion of your personal data (with some exceptions).

  • Right to Correct – You can request that we correct inaccurate personal data.

  • Right to Opt-Out of Sale/Sharing – We do not sell your personal data. However, we use analytics and advertising services that may qualify as a “sale” or “sharing” under California law. You may opt out (see below).

  • Right to Limit Use of Sensitive Information – We do not collect or use sensitive personal data for profiling or advertising.

  • Right Not to Be Discriminated Against – You won’t be denied services for exercising your rights.

To exercise these rights, email [email protected] with the subject line: “CCPA Request” or “GDPR Request” depending on your jurisdiction.

To opt out of data sharing for advertising, visit:

Your Ad Choices

Google Ad Settings

7. Third-Party Services and Data Sharing

We share data with trusted processors and platforms that enable us to provide services or improve your experience. These include:

  • Kajabi (email marketing)

  • Surecart (e-commerce)

  • Google Analytics, Google Ads, Site Kit, Google Fonts

  • Facebook, Instagram, TikTok, YouTube, Bing (pixels/ads)

  • PayPal, Stripe, Xendit, Midtrans (payment processors)

  • YouForm (online forms)

  • Recaptcha (fraud prevention)

  • Trustpilot (public reviews)

  • WhatsApp & LINE (customer support)

These services may store your data in the U.S., EU, or other jurisdictions. Where applicable, we use Data Processing Agreements and Standard Contractual Clauses (SCCs) to ensure legal safeguards for international data transfers under GDPR.

8. Data Security & Retention

We employ encryption (HTTPS), pseudonymization, and access restrictions. While no system is impenetrable, we take reasonable steps to prevent unauthorized access, disclosure, alteration, or destruction.

We retain your data:

  • For as long as you are a customer

  • For as long as required for legal or contractual obligations

  • Until you request deletion (unless data must be retained by law)

9. Children’s Data

Our services are not directed at children under 16. We do not knowingly collect data from children. If we discover that a child has submitted personal data, we will delete it immediately.

10. Cookies & Tracking Technologies

We use cookies to:

  • Remember your settings and preferences

  • Monitor site performance

  • Deliver personalized ads

Types used:

  • Strictly Necessary Cookies – essential for site function

  • Functionality Cookies – for remembering preferences

  • Analytics Cookies – used by Google, Facebook, etc.

  • Advertising Cookies – serve personalized ads

You may disable cookies in your browser or use these opt-out links:

11. Contact Information

For all privacy-related inquiries:

Sayuri Healing Food Academy

[email protected]

We are located in Ubud, Bali – Indonesia

12. Supervisory Authority

For EU/EEA residents:

Contact your local data protection authority.

https://edpb.europa.eu/about-edpb/board/members_en

For Indonesia:

https://www.dlapiperdataprotection.com/index.html?t=authority&c=ID

For California residents:

Office of the Attorney General – California Department of Justice

https://oag.ca.gov/privacy/ccpa

13. Changes to This Policy

We reserve the right to update this policy to reflect changes in practices, regulations, or law. You will be notified of significant changes via email or through our website.

Effective Date: 17 June 2018
Last Updated: 13 July 2025

Follow us @Sayuri_healing_food

Follow a manual added link
Courses
Events
Cookbooks

Sayuri Healing Food is a Plant-based Café and Culinary Training Academy based in Ubud, bali

JL Sukma kesuma 2 – Ubud, Kabupaten Gianyar, Bali 80571, Indonesia

Privacy PolicyTerms & Conditions

About Us
Contact & Support
Training Schedule

  Secure payment through Stripe & Megatix

© Copyright Sayuri Healing Food – by RIZE

Academy
Café & Events
Review Your Cart
0
Add Coupon Code
Subtotal
Checkout