Last updated: 10 March 2026
This Privacy Policy explains how Terrible French Pastry School collects, uses, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR).
1. Data Controller
Terrible French Pastry School
Grundtvigsvej 10A
1864 Frederiksberg
Denmark
Email: contact@terrible.dk
Phone: +45 25 14 78 50
2. Personal Data We Collect
Information you provide directly
- Name
- Email address
- Phone number
- Billing information
- Course booking details
- Gift card recipient information
- Messages sent through contact forms or email
Automatically collected information
- IP address
- Browser type
- Device information
- Pages visited
- Date and time of access
- Referring website
3. Payment Processing
Payments on this website are processed by:
Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Dublin 2
Ireland
Stripe processes payment data such as billing information and payment method details.
We do not store credit card information on our servers.
Stripe acts as an independent data controller for payment processing and fraud prevention.
Stripe Privacy Policy:
https://stripe.com/privacy
4. Analytics and Cookies
Google Analytics
We use Google Analytics to analyze website traffic and improve our services.
Provider:
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA
United States
Google Analytics collects information such as:
- Pages visited
- Device and browser information
- Approximate location
- User interaction data
Analytics cookies are only activated after user consent where required.
Google Privacy Policy:
https://policies.google.com/privacy
5. Social Media
Terrible French Pastry School maintains a presence on social media platforms in order to communicate with customers, promote courses, and share information about our activities.
These platforms may include:
- Other social media platforms where we maintain official profiles
When you interact with our social media pages (for example by commenting, messaging, or liking posts), the respective platform may collect and process personal data.
In these cases:
- The social media platform acts as an independent data controller
- We may receive limited information such as usernames, comments, or messages
- Data is used to respond to inquiries or manage our social media presence
The legal basis for this processing is our legitimate interest in communicating with customers and promoting our services.
6. Sharing of Personal Data
We may share personal data with trusted third parties where necessary for operating our business.
| Recipient | Purpose | Legal Basis |
|---|---|---|
| Stripe Payments Europe Ltd. | Payment processing and fraud prevention | Contract performance |
| Google LLC | Website analytics | User consent |
| Website hosting provider | Website infrastructure and security | Legitimate interest |
| Accountant or accounting software | Financial reporting and bookkeeping | Legal obligation |
| Legal advisors if required | Compliance and legal obligations | Legal obligation |
All processors are required to handle personal data in accordance with GDPR.
7. International Data Transfers
Some third-party providers may process data outside the European Economic Area (EEA).
When this occurs, we rely on appropriate safeguards such as:
- EU Standard Contractual Clauses (SCCs)
- European Commission adequacy decisions
- Additional contractual protections where required
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Booking and transaction records | 5 years (accounting laws) |
| Customer inquiries | 12 months |
| Analytics data | According to Google Analytics settings |
| Server logs | Up to 12 months |
9. Your GDPR Rights
You have the following rights:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to withdraw consent
10. Exercising Your Rights
To exercise your rights, contact us:
contact@terrible.dk
We respond to requests within 30 days as required by GDPR.
11. Data Security
We use appropriate technical and organizational measures including:
- HTTPS encryption
- Access controls
- Secure payment processing
- Limited staff access to personal data
12. Complaints
If you believe your personal data has been processed unlawfully, you may lodge a complaint with the Danish supervisory authority:
Datatilsynet
https://www.datatilsynet.dk
13. Changes to This Policy
We may update this Privacy Policy from time to time.
The latest version will always be available on this page.