Practical workshops — budget cuts, cost control, financial restructuring
Sabbomi logo
Sabbomi
Workshop platform — skill-first learning
Est. 2021

GDPR Privacy Policy

Last updated: June 13, 2026

This Privacy Policy explains how Sabbomi ("we," "us," or "our"), operating at sabbomi.biz, collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection laws. By using our platform, you acknowledge the practices described in this document.

1. Data Controller

Sabbomi acts as the data controller for personal data collected through this platform. You may contact us at any time regarding data protection matters:

2. Scope of This Policy

This policy applies to all individuals who access or use our platform, including registered users, workshop participants, visitors, and any person whose personal data we process in connection with our services. It covers data collected directly from you, data collected automatically through your use of the platform, and data we may receive from third parties.

3. Personal Data We Collect

3.1 Data You Provide Directly

  • Full name and display name
  • Email address
  • Password (stored in encrypted form)
  • Profile information such as country, language preference, and professional background
  • Payment and billing information processed through secure third-party payment providers
  • Messages, feedback, and support communications
  • Content submitted during workshops, exercises, or collaborative activities

3.2 Data Collected Automatically

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Device identifiers and screen resolution
  • Pages visited, features used, and time spent on the platform
  • Referring URLs and exit pages
  • Session duration and interaction logs
  • Cookies and similar tracking technologies (see Section 9)

3.3 Data from Third Parties

If you register or log in using a third-party authentication provider, we may receive basic profile data such as your name and email address from that provider, subject to your privacy settings with them.

4. Legal Bases for Processing

We process your personal data only where a lawful basis exists under Article 6 of the GDPR:

Processing Purpose Legal Basis
Creating and managing your account Performance of a contract (Art. 6(1)(b))
Delivering workshops and platform features Performance of a contract (Art. 6(1)(b))
Processing payments Performance of a contract (Art. 6(1)(b))
Sending transactional and service emails Performance of a contract (Art. 6(1)(b))
Improving and securing the platform Legitimate interests (Art. 6(1)(f))
Analytics and usage monitoring Legitimate interests (Art. 6(1)(f))
Sending marketing communications Consent (Art. 6(1)(a))
Compliance with legal obligations Legal obligation (Art. 6(1)(c))

5. How We Use Your Data

We use collected personal data for the following purposes:

  • Registering and authenticating your account
  • Providing access to workshops, assignments, and learning materials
  • Facilitating collaborative tools and peer interaction features
  • Processing payments and issuing receipts or invoices
  • Sending notifications relevant to your activity on the platform
  • Responding to support requests and inquiries
  • Personalising your learning experience and language preferences
  • Monitoring platform performance, detecting errors, and preventing fraud
  • Sending promotional content where you have given consent
  • Meeting legal, regulatory, or contractual obligations

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Account data: retained for the duration of your account and for up to 3 years following account closure for legal and audit purposes
  • Payment records: retained for the period required by applicable financial and tax regulations
  • Support communications: retained for up to 2 years after the case is resolved
  • Usage and analytics data: retained in aggregated or anonymised form indefinitely; identifiable data retained for up to 24 months
  • Marketing consent records: retained until consent is withdrawn and for a reasonable period thereafter as evidence

When data is no longer required, it is securely deleted or anonymised.

7. Data Sharing and Disclosure

7.1 Service Providers

We share personal data with trusted third-party service providers acting as data processors under written agreements that require them to protect your data in accordance with GDPR. These include cloud hosting providers, payment processors, email delivery services, and analytics platforms.

7.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. You will be notified of any such change and any new privacy terms that apply.

7.3 Legal Requirements

We may disclose personal data where required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of our users or the public.

7.4 No Sale of Data

We do not sell, rent, or trade personal data to third parties for their own marketing purposes.

8. International Data Transfers

As an international platform serving users across multiple continents, your personal data may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions issued by relevant data protection authorities
  • Binding Corporate Rules where applicable

You may request a copy of the applicable safeguards by contacting us at [email protected].

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the platform. Categories of cookies we use include:

  • Strictly necessary cookies: essential for authentication, security, and core platform functionality. These cannot be disabled.
  • Functional cookies: remember your preferences such as language, region, and session settings.
  • Analytics cookies: collect aggregated data about how users interact with the platform to help us improve performance.
  • Marketing cookies: used with your consent to deliver relevant communications and measure campaign effectiveness.

You may manage your cookie preferences through your browser settings or our cookie consent tool. Withdrawing consent for non-essential cookies will not affect the operation of core platform features.

10. Your Rights Under GDPR

If you are located in the EEA or a jurisdiction that grants similar rights, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data where no lawful basis for retention applies
  • Right to restriction: request that we limit processing of your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing
  • Right not to be subject to automated decisions: request human review of any decision made solely by automated means that significantly affects you

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing your request. Exercising these rights is free of charge unless requests are manifestly unfounded or excessive.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS and at rest using industry-standard algorithms
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and vulnerability testing
  • Incident response procedures for detecting and managing data breaches
  • Staff training on data protection responsibilities

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

12. Children's Privacy

Our platform is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at [email protected] and we will take prompt steps to delete it.

13. Links to Third-Party Services

Our platform may contain links to external websites or integrated third-party tools. This policy does not apply to those services. We encourage you to review the privacy policies of any third-party services you access through our platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice on the platform prior to the changes taking effect. The updated policy will display the revised "Last updated" date at the top of this page. Continued use of the platform after changes are effective constitutes acceptance of the revised policy.

15. Complaints

If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country of residence or establishment.

16. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us: