Skip to main content

Privacy Policy

Last Updated: March 14, 2026

1 — Introduction & Controller Identity

This Privacy Policy explains how VYD GOURMET SL. (“VYD GOURMET SL.”, “we”, “our”, or “us”) collects, uses, and protects your personal data when you visit this website and when you contact us about our educational programs and hospitality-focused services available across Canada. This policy is written in clear language so you can understand what information we process, why we process it, and the choices available to you.

Data Controller: VYD GOURMET SL., C. de Ramos CarriĂłn, 6, 28002 Madrid, Spain. Contact email: [email protected].

This policy is designed to align with applicable privacy laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Where local law requires additional rights or disclosures, we provide them in relevant sections below.

2 — Personal Data We Collect

We collect information that you choose to provide to us and data generated by your use of the website. The categories include:

We do not intentionally collect special‑category data (such as health information, religious beliefs, or political opinions), financial account credentials, or government identification numbers for the services described on this site.

3 — Why We Process Personal Data and Legal Bases

We process personal data for the following purposes and under the following legal bases:

Automated decision‑making: We do not engage in automated decision‑making or profiling that produces legal or similarly significant effects for individuals.

4 — Cookies and Tracking Technologies

We use cookies and similar technologies to operate the site and, subject to your choices, to understand performance and support advertising. Our categories match our Cookies Policy: Essential, Analytics, and Marketing.

You can manage consent at any time using the “Manage cookie preferences” link in the footer or the cookie banner controls. For more detail, please see our Cookies Policy.

5 — Consent (EEA/UK) and Canadian Considerations

If you are in the EEA or the UK, analytics and marketing cookies load only after you give explicit, informed consent via our cookie controls. Your selections are recorded in a consent cookie, which you can withdraw at any time without affecting the lawfulness of processing before withdrawal. Under PIPEDA, we rely on implied or express consent depending on context and sensitivity, and we limit data processing to purposes a reasonable person would consider appropriate in the circumstances.

6 — Sharing with Advertising and Service Partners

We may share limited personal data with service providers who help us operate, protect, and improve the website and deliver communications. These providers act on our instructions and do not use your data for their own independent purposes. Typical recipients include:

We do not sell personal data. If the law or a valid legal process requires disclosure, we may disclose necessary information to comply with that obligation.

7 — International Data Transfers

We are based in Spain and provide services to participants and organizations across Canada. When personal data is transferred internationally, we use appropriate safeguards permitted by applicable law, such as adequacy decisions, standard contractual clauses, or equivalent mechanisms. We assess partner practices and commitments to ensure a level of protection essentially equivalent to applicable legal requirements.

8 — Data Retention and Security

We retain personal data only for as long as necessary for the purposes described in this policy or as required by law. Typical retention periods are: inquiry records up to two years from last interaction; analytics data according to the configured analytics retention schedule; marketing cookie identifiers per their stated lifetimes; and records associated with legal obligations for the duration required by applicable regulations.

We implement administrative, technical, and organizational measures designed to protect personal data, including access controls, least‑privilege practices, secure transport (HTTPS), and vulnerability remediation processes. No online system can be guaranteed 100% secure; however, we strive to reduce risk through layered safeguards and regular reviews.

9 — Your Rights

Depending on your location, you may have rights over your personal data. Under GDPR and UK GDPR, these include the rights of access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent at any time. Under PIPEDA, you have rights to access and correct your personal information and to challenge our compliance with PIPEDA principles.

To exercise your rights, please email [email protected] with details of your request and sufficient information to verify your identity. We will respond within the timeframes required by applicable law. You may also have the right to lodge a complaint with a supervisory authority or privacy regulator in your jurisdiction.

10 — Children’s Privacy

This website and our described services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we hold data about a child under 16 without appropriate authorization, we will delete it promptly.

11 — Do Not Track

Some browsers offer a “Do Not Track” (DNT) setting. Our website does not respond to DNT signals. Cookie preferences can instead be managed using our on‑site controls described in Section 4 and in the Cookies Policy.

12 — Account and Data Deletion Requests

We do not provide user accounts on this site. To request deletion of personal data held in relation to your inquiries or participation, email [email protected] with the subject “Data Deletion Request”. After verifying your identity, we will process the request unless retention is required by law or necessary to establish, exercise, or defend legal claims.

13 — Business Transfers

If we are involved in a merger, acquisition, reorganization, asset sale, financing, or insolvency event, personal data may be transferred to a successor entity, subject to this Privacy Policy or a substantially similar policy. We will take reasonable steps to ensure continuity of privacy protections and will provide a notice on the site if practices materially change.

14 — California (CCPA/CPRA) Disclosures

For California residents, categories of personal information we may collect include identifiers (such as name, email, IP address), internet or network activity (such as browsing information), and inferences used for advertising (subject to consent where required). We do not sell personal information as defined by the CCPA/CPRA. We may share personal information for cross‑context behavioral advertising subject to your preferences. California residents can exercise rights to know, delete, correct, and opt out of sale/sharing by emailing [email protected] with sufficient information to verify identity. We will not discriminate against you for exercising your rights.

15 — Virginia (VCDPA) Disclosures

Virginia residents may have rights to access, correct, delete, and obtain a portable copy of certain personal data and to opt out of targeted advertising. We do not sell personal data. To submit a request, email [email protected] with “Virginia Privacy Request” in the subject line. If we deny your request, you may appeal by replying with “Appeal of Refusal — Privacy Request”. We will respond within statutory timeframes.

16 — Nevada Disclosures

Nevada residents may submit a verified request to opt out of the sale of covered information. We do not currently sell personal information as defined under Nevada law. You can submit a request by emailing [email protected] with “Nevada Do Not Sell Request”.

17 — Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a notice on our homepage at least 14 days before they take effect, unless a shorter period is required by law. The “Last Updated” date at the top of this page reflects the latest revision. Continuing to use the site after changes take effect means you acknowledge the updated policy.

18 — Contact

If you have questions about this Privacy Policy or how we handle personal data, please contact:

For Canadian residents, you may also raise concerns with your provincial or federal privacy regulator. For residents of the EEA or UK, you may contact your local supervisory authority. We will cooperate with regulators and seek to resolve concerns in a timely and transparent manner.