Information Stewardship Framework
Understanding how your details travel through our operations and what controls you maintain over that journey.
In Effect: January 2025Running culinary masterclasses in Joliette means people trust us with their contact information, dietary restrictions, payment details — and sometimes stories about why they want to learn a particular technique. That trust matters to us, so we've built systems that treat personal details as what they are: borrowed information that comes with responsibility.
This document walks you through what happens when you register for a class, send us a question, or browse our schedule. You won't find cookie tracking details here — those live in a separate policy. What follows focuses on the details you actively share and how we manage them from arrival to eventual removal.
Our Approach to Data Stewardship
We operate from a position of minimization. If we don't need a particular piece of information to deliver your masterclass experience or communicate with you effectively, we don't ask for it. When details do enter our systems, they serve specific operational purposes — and once those purposes expire, retention timelines kick in automatically.
Categories of Information We Receive
Identity Elements
When you register for a masterclass, we capture your name, email address, and phone number. These anchor your booking and enable us to reach you about schedule changes or class preparation requirements.
Dietary & Allergy Specifications
Because our classes involve food preparation and tasting, we need to know about allergies, intolerances, or dietary preferences that affect ingredient selection and kitchen safety protocols.
Financial Transaction Records
Payment processing generates records including transaction amounts, dates, and partial card information (last four digits). Our payment processor handles full card details — we never see or store complete card numbers.
Communication History
Email conversations, phone call notes, and message exchanges create a record of your questions, our responses, and any special arrangements we've made for your participation.
Class Participation Notes
After classes, we sometimes record notes about technique questions you asked or specific challenges you encountered. This helps us personalize recommendations if you return for additional sessions.
Technical Interaction Data
When you visit our website, basic technical information gets logged: your browser type, device category, and pages you viewed. This helps us fix broken links and improve site navigation.
The Information Lifecycle
Entry Point
Details enter our systems when you fill out a registration form, send an email, make a phone call, or complete a payment. Each entry point channels information directly into our customer management database where it gets tagged with a timestamp and source identifier.
Active Use Period
Between booking and class completion, your information stays actively accessible to our small team. We reference it to send reminders, answer questions about ingredients or timing, and prepare personalized recipe handouts. During this phase, your details might get viewed multiple times but only by staff directly involved in delivering your class experience.
Post-Class Retention
After your class concludes, information moves into a less-frequently-accessed state. We keep it for potential follow-up communications about future classes that match your interests, but access becomes less frequent. Financial records stay longer due to accounting requirements, but contact details and dietary notes follow shorter timelines.
Scheduled Removal
Once retention periods expire — typically between twelve and thirty-six months depending on information type — automated deletion processes kick in. Records get permanently removed from active databases, and backup systems purge them during their next refresh cycle. Financial records tied to tax obligations may persist longer, but only in archived accounting systems with restricted access.
How Information Gets Worked With
Class Delivery Operations
Your name appears on class rosters. Email addresses receive confirmation messages, preparation instructions, and schedule updates. Phone numbers enable quick communication if something unexpected happens — like equipment failure forcing a reschedule.
Dietary information guides ingredient purchasing and kitchen prep. If you've indicated a shellfish allergy, we know to use alternative ingredients and clean equipment thoroughly before your session.
Communication Management
We maintain conversation history so different team members can reference previous discussions without making you repeat information. When you email asking about knife skills prerequisites, and someone else later calls you to confirm your booking, they can see that earlier exchange.
Communication records also protect both parties — if a dispute arises about what was agreed upon, we can refer back to documented exchanges rather than relying on memory.
Experience Personalization
Notes from previous classes help us tailor recommendations. If you struggled with pastry techniques but excelled at sauce work, we might suggest our advanced sauce masterclass rather than a baking-focused session. This relies on instructors recording observations during classes — nothing covert, just practical notes.
Business Operations
Financial records feed into accounting systems for tax preparation and revenue tracking. Anonymized participation patterns help us decide which class topics to expand and which to discontinue. We might notice that pasta-making classes fill faster than bread workshops, prompting schedule adjustments.
Protection Mechanisms
Database access requires individual credentials with activity logging. Each team member has permissions limited to their role — kitchen staff can see dietary restrictions but not payment history, while administrative staff access financial records but not detailed participation notes.
All data transmission happens over encrypted connections. When you submit a registration form, that information travels through secure channels that prevent interception during transit.
Payment processing outsources to certified third-party services that specialize in financial data security. We never handle or store full credit card numbers — that responsibility stays with payment processors who maintain compliance with card industry standards.
Regular backups protect against data loss, but those backups themselves get encrypted and stored separately from active systems. Access requires additional authentication layers beyond normal system credentials.
Automated monitoring watches for unusual access patterns — like someone suddenly downloading large volumes of records or accessing information outside normal business hours. These triggers generate alerts for immediate investigation.
Remaining Vulnerabilities
Despite these measures, perfect security doesn't exist. Sophisticated attacks might bypass protections. Employee errors could expose information accidentally. Equipment failures might cause temporary data accessibility issues. We work to minimize these risks but can't eliminate them entirely. If a breach occurs that affects your information, we'll notify you directly and explain what happened along with steps we're taking in response.
Your Control Mechanisms
Duration Framework
Contact Information
Names, email addresses, and phone numbers stay active for twenty-four months after your last class or inquiry. This window allows us to reach you about relevant new offerings without maintaining perpetual contact lists. After expiration, these details get automatically purged unless you've attended another class or made a new inquiry, which resets the timeline.
Dietary Specifications
Allergy and dietary preference records follow the same twenty-four month timeline as contact information. We assume these might change over time and that keeping outdated dietary restrictions could actually create safety risks if you return years later with different requirements.
Financial Documentation
Payment records persist for seven years to satisfy tax authority requirements and handle potential audit requests. After that mandatory period expires, financial records move into permanent deletion queues. We keep only what regulators demand, nothing additional.
Communication Archives
Email exchanges and phone call notes get retained for eighteen months. This shorter window recognizes that most communication context becomes irrelevant relatively quickly — what you asked about class prerequisites two years ago probably doesn't inform current interactions.
Participation Notes
Instructor observations about your class performance stay accessible for thirty-six months. This longer retention acknowledges that skill development happens gradually and someone might return for intermediate classes years after completing beginner sessions. After three years, these notes disappear automatically.
Regulatory Basis
Canadian privacy legislation, particularly Quebec's private sector privacy law, establishes baseline requirements for how businesses handle personal information. We operate under those frameworks plus principles borrowed from broader international standards even where not legally required.
Different information categories rest on different legal foundations. Contact details and dietary specifications rely on contractual necessity — we literally cannot deliver the masterclass you purchased without knowing who you are and what ingredients to avoid. Payment processing similarly depends on contract performance since we need to receive payment for services rendered.
For uses beyond core service delivery — like sending promotional emails about new class offerings or conducting satisfaction surveys — we rely on consent you provide during registration or through subsequent opt-in mechanisms. You can withdraw that consent without affecting our ability to deliver classes you've already booked.
Financial record retention stems from legal obligation. Canadian tax authorities require businesses to maintain transaction documentation for specified periods. We don't choose to keep this information longer than necessary — regulators mandate it, and we comply with those timelines exactly.
Where we make decisions about participation notes and communication archives, we rely on legitimate business interests balanced against your privacy expectations. Recording which techniques you found challenging helps us provide better recommendations, but we limit how long those notes persist and who can access them to maintain reasonable boundaries.
Reaching Us About Information Concerns
Send privacy-specific questions or requests to contact@salavattore.top with "Privacy Inquiry" in the subject line. We typically respond within three business days, though complex requests like full data exports may take up to two weeks.
Phone
Call us at +1 (450) 659-1153 during business hours. Phone works best for urgent concerns or clarification questions. For formal requests like data deletion, we'll ask you to follow up in writing so we have documented confirmation of your instructions.
Written correspondence can reach us at 1075 Boulevard Firestone, Joliette, QC J6E 6X6. We're located in the Galeries Joliette food court at ground level. Mail responses typically take longer than electronic communication but provide formal documentation if that matters for your situation.
In Person
Stop by during class hours or scheduled office times. In-person conversations work well for complex situations where back-and-forth discussion helps, but we'll still ask for written confirmation of formal requests to ensure accuracy.