Back to the website

Privacy Policy

This Privacy Policy explains how Chef at Home Tuscany processes personal data in connection with the website, the reserved video-course area, payments and support requests.

Data controller

The data controller is Chef at Home Tuscany by Cinzia Malgeri. You can contact the controller by email at info@chefathome.tv.

This policy applies to the website chefathome.srl, the reserved video-course area and the official links to chefathome.tv.

Personal data processed

The website may process the following categories of personal data, depending on the features used by the visitor or registered user:

  • technical browsing data, such as IP address, request date and time, requested page, user agent and server logs needed for security and website operation;
  • reserved-area account data, such as first name, last name, email address, encrypted password, role, account status and last login;
  • payment data, such as amount, currency, payment status, PayPal order and capture identifiers, bank transfer reference and the information needed to activate course access;
  • password reset and support data, such as email address, encrypted temporary tokens and email delivery logs;
  • video access data, such as temporary streaming tokens, session information, daily bandwidth consumption and simultaneous-access checks.

The newsletter form on the landing page sends the email address entered by the user to the website contact mailbox at info@chefathome.tv. The website does not store the address in a database and does not automatically add it to a mailing list.

For anti-spam and security purposes, the form also processes technical data such as session token, timing checks, honeypot field status and short-lived hashed IP rate-limit data.

Purposes and legal bases

Service delivery

Account, payment and video-access data are processed to create the user account, manage the purchase of the video-course package, provide login, password reset, password change and access to the purchased courses. The legal basis is the performance of a contract or pre-contractual steps requested by the user.

Payments

For PayPal payments, the website creates the order and receives confirmations through PayPal APIs and webhooks. For bank transfer payments, the website creates a pending request with a unique reference; access is activated only after manual confirmation of the received payment by the administrator. The legal basis is the performance of a contract.

Security

Technical logs, CSRF protection, sessions, streaming tokens, bandwidth limits and simultaneous-access checks are processed to prevent abuse, unauthorized access and improper use of paid content. The legal basis is the controller's legitimate interest in keeping the service secure.

Newsletter contact request

The email address submitted through the public newsletter form is used only to send a notification to the contact mailbox. The legal basis is the user's consent, expressed by accepting the Privacy Policy before sending the form.

Legal obligations

Certain data may be kept or disclosed where necessary to comply with legal obligations, authority requests or to protect the controller's rights.

How data is processed

Data is processed with electronic tools and security measures proportionate to the risk, including encrypted passwords, prepared database queries, temporary tokens, HttpOnly session cookies for the reserved area, CSRF controls and restricted video access.

The website does not use automated decision-making that produces legal effects for users and does not perform advertising profiling.

Recipients and service providers

Personal data may be processed by technical providers needed to run the service, including hosting, database, SMTP email service, PayPal for electronic payments and the bank involved in bank transfer payments. These providers process data according to their own terms and privacy notices.

Links to Amazon, social networks, PayPal or other external websites lead to independent services. After the user clicks and leaves this website, the processing of personal data is governed by the privacy policies of those third parties.

PayPal payments

If the user chooses PayPal, they are redirected to PayPal pages to authorize or complete the payment. PayPal may process account, transaction, device, technical usage, fraud-prevention and payment information according to its own privacy documentation.

Chef at Home Tuscany receives only the information needed to verify the payment, record its status and activate access to the video courses, such as PayPal order ID, capture ID, amount, currency, status and webhook event data.

Transfers outside the EEA

Some providers, especially payment services or external platforms reached through links, may process data outside the European Economic Area. Where applicable, these transfers are carried out using safeguards recognized by the GDPR, such as adequacy decisions, standard contractual clauses or equivalent lawful mechanisms.

Retention periods

  • account data: for the lifetime of the account and, after closure, for the time needed to manage obligations, disputes or security needs;
  • payment data: for the time needed to prove the purchase, manage access, provide support and comply with legal obligations;
  • password reset tokens and video tokens: for the technical duration set by the system or until they are used, revoked or expire;
  • newsletter notification email: retained only in the recipient mailbox according to normal email mailbox management;
  • technical and security logs: for a period proportionate to security and maintenance purposes;
  • hashed newsletter rate-limit data: for the short technical period needed to limit abuse;
  • technical cookies: as described in the Cookie Policy.

User rights

Users may request access, rectification, erasure, restriction, objection and data portability where applicable. Users may also withdraw any consent given, without affecting the lawfulness of processing based on consent before its withdrawal.

Requests can be sent to info@chefathome.tv. Users also have the right to lodge a complaint with the Italian Data Protection Authority or with the competent supervisory authority.

Updates

This Privacy Policy may be updated if technical, legal or organizational changes occur. Last updated: 15 May 2026.