Privacy Policy

Effective date: 1 January 2026

Website: globalhospitalityinstitute.org

Brand: Global Hospitality Institute

Legal entity: Globaalne Külalislahkuse Instituut OÜ

Contact email: [email protected]

1. Introduction

Global Hospitality Institute, referred to in this Privacy Policy as GHI, we, us, or our, respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, create an account, purchase a course, enroll in a membership, download digital products, join our community, participate in exams, communicate with us, or otherwise use our learning platform and services.

Our courses, memberships, downloads, community areas, checkout pages, and learner accounts are hosted through Thinkific and related service providers. Thinkific provides the technical platform that allows us to deliver our online learning services.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Who this Privacy Policy applies to

This Privacy Policy applies to:

  1. Website visitors

  2. Learners and students

  3. Members of the GHI Member Community

  4. Purchasers of courses, memberships, templates, toolkits, downloads, exam products, or other digital products

  5. Referral partners, affiliates, and people who access our website through referral links

  6. People who contact us by email, forms, social media, or other communication channels

  7. Any other person whose personal data we process in connection with our website or services

3. Personal data we may collect

Depending on how you interact with us, we may collect the following types of personal data.

3.1 Account and identity data

This may include your name, email address, account login details, username, country, language preference, and other details you provide when creating or updating your account.

3.2 Purchase and transaction data

This may include details of products or services purchased, membership status, payment status, invoices, refunds, coupon usage, order history, and related transaction records.

We do not intentionally collect or store full payment card details. Payments are processed by third party payment providers connected to Thinkific or our website.

3.3 Learning and course activity data

This may include course enrollments, lesson progress, quiz results, exam attempts, completion status, certificate eligibility, certificate issuance records, downloaded materials, learning activity, and related academic or training records.

3.4 Exam and certification data

If you participate in an exam, assessment, certificate course, or certificate release process, we may process data related to your exam responses, pass or fail status, number of attempts, manual review status, certificate approval, certificate issue date, and certificate identification details.

3.5 Membership and community data

If you join a membership or community area, we may process data related to your membership plan, community profile, posts, comments, replies, reactions, messages, participation, and content you choose to share within the community.

3.6 Communication data

This may include emails, support requests, contact form submissions, survey responses, feedback, testimonials, questions, complaints, and other communications you send to us.

3.7 Marketing and preference data

This may include your subscription preferences, email marketing preferences, communication history, referral source, promotional interests, and whether you have opted in or opted out of certain communications.

3.8 Technical and usage data

This may include your IP address, browser type, device type, operating system, time zone, pages viewed, links clicked, login activity, course access logs, approximate location derived from technical data, cookies, analytics identifiers, and similar technical information.

3.9 Affiliate and referral data

If you use a referral link, affiliate link, or referral partner link, we may process referral tracking data to identify the source of a signup or purchase and to manage affiliate or referral partner arrangements.

4. How we collect personal data

We may collect personal data in the following ways:

  1. Directly from you when you create an account, purchase a product, enroll in a course, complete a form, submit an exam, join a community, contact us, or update your profile

  2. Automatically when you use our website or learning platform, through cookies, analytics tools, logs, and similar technologies

  3. From service providers, including Thinkific, payment processors, email service providers, analytics providers, and affiliate tracking tools

  4. From referral partners or affiliates where you accessed our services through a referral link

  5. From publicly available sources or professional platforms where relevant to a legitimate business interaction

5. Why we use personal data

We use personal data for the following purposes.

5.1 To provide our services

We process personal data to create and manage learner accounts, deliver courses, provide access to memberships, process purchases, make digital downloads available, track course progress, administer exams, issue certificates, manage access rights, and provide customer support.

5.2 To manage exams and certification

We process learning and assessment data to administer exams, review attempts, verify completion, confirm certificate eligibility, issue certificates, maintain certification records, and protect the integrity of our certification process.

5.3 To process payments and orders

We process transaction data to complete purchases, activate enrollments, manage subscriptions, issue receipts or invoices, handle refunds, and maintain financial records.

5.4 To operate memberships and communities

We process personal data to manage membership access, enable community participation, moderate content, enforce community standards, and maintain a professional learning environment.

5.5 To communicate with you

We process personal data to send account related messages, course updates, exam information, certificate notifications, purchase confirmations, membership messages, support replies, administrative notices, and service related communications.

5.6 To send marketing communications

Where permitted by law and your preferences, we may send you information about courses, memberships, tools, downloads, events, updates, offers, and related GHI services. You may unsubscribe from marketing communications at any time by using the unsubscribe link or contacting us.

5.7 To improve our website and services

We may use usage, feedback, and analytics data to understand how our website and learning platform are used, improve course content, optimize user experience, improve our products, develop new offerings, and assess marketing performance.

5.8 To manage affiliate and referral programs

We may process referral and affiliate data to track signups and purchases, calculate commissions or referral rewards, manage partner relationships, prevent abuse, and maintain accurate records.

5.9 To protect our business and users

We may process personal data to prevent fraud, misuse, unauthorized access, abuse of accounts, breach of terms, intellectual property misuse, security incidents, and other unlawful or harmful activity.

5.10 To comply with legal obligations

We may process personal data to comply with applicable laws, tax obligations, accounting requirements, regulatory obligations, lawful requests, dispute resolution, and enforcement of our legal rights.

6. Legal bases for processing personal data

Where applicable data protection laws require a legal basis for processing personal data, we rely on one or more of the following legal bases:

  1. Contractual necessity, where processing is needed to provide the services you requested, including courses, memberships, downloads, exams, certificates, account access, and customer support

  2. Consent, where you have given consent, such as for certain marketing communications, cookies, or optional data uses

  3. Legitimate interests, where processing is necessary for our reasonable business interests, such as improving services, protecting our platform, managing referrals, preventing fraud, and communicating with users, provided those interests are not overridden by your rights

  4. Legal obligation, where processing is necessary to comply with laws, financial records, tax obligations, regulatory requirements, or lawful requests

  5. Protection of rights and safety, where processing is necessary to protect the rights, property, security, or safety of GHI, our users, or others

7. Cookies and similar technologies

Our website and learning platform may use cookies, pixels, tags, analytics tools, and similar technologies.

These technologies may be used to:

  1. Keep you logged in

  2. Remember preferences

  3. Enable checkout and account functionality

  4. Measure website traffic and course page performance

  5. Understand how users interact with our content

  6. Track referrals or affiliate links

  7. Improve marketing and advertising performance

Some cookies are necessary for the website and platform to function. Others may be used for analytics, performance, marketing, or personalization.

You can usually control cookies through your browser settings. If you block certain cookies, some parts of the website or learning platform may not function correctly.

8. Third party service providers

We use third party service providers to operate our website, learning platform, checkout, email communications, analytics, marketing, and related business processes.

These providers may include:

  1. Thinkific, for course hosting, learner accounts, checkout support, memberships, communities, learning delivery, and related platform functions

  2. Payment processors, for payment handling and transaction processing

  3. Email service providers, for transactional and marketing emails

  4. Analytics providers, for website and usage analytics

  5. Advertising and tracking platforms, where used for marketing performance measurement

  6. Affiliate or referral tracking tools, where used for partner programs

  7. Cloud hosting, storage, security, and operational service providers

These third parties may process personal data on our behalf or as independent controllers, depending on the circumstances and their own terms and policies.

We do not sell your personal data.

9. Thinkific platform

Our learning platform is hosted on Thinkific. When you create an account, enroll in a course, purchase a product, access learning content, participate in community areas, or otherwise use the platform, Thinkific may process personal data as part of providing its platform services.

Thinkific may collect and process data in accordance with its own privacy policy, terms, and data processing arrangements. We encourage you to review Thinkifics privacy information for further details on how Thinkific handles personal data in connection with its platform.

10. International data transfers

Because our services are delivered online and supported by third party technology providers, your personal data may be processed in countries other than the country where you live.

This may include processing by service providers located outside Estonia, the European Economic Area, the United Kingdom, or your own country of residence.

Where required by applicable law, we will take appropriate steps to protect personal data transferred internationally. These steps may include contractual safeguards, data processing agreements, security measures, and other legally recognized transfer mechanisms.

11. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of data and the reason it is processed.

Examples include:

  1. Account data, retained while your account remains active and for a reasonable period thereafter

  2. Course progress, exam, and certificate records, retained as needed to verify completion, certificate status, and academic or professional records

  3. Transaction records, retained as needed for accounting, tax, audit, and legal compliance

  4. Support communications, retained as needed to respond to inquiries, maintain service quality, and resolve disputes

  5. Marketing data, retained until you unsubscribe or request deletion, subject to legal and operational requirements

  6. Community content, retained while the community is active and as needed for moderation, records, and continuity of discussions

When personal data is no longer required, we will delete, anonymize, or securely retain it in accordance with applicable laws and operational requirements.

12. How we protect personal data

We use reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, secure service providers, password protected accounts, platform security features, limited access to personal data, monitoring, and internal procedures.

No website, platform, or online service can guarantee absolute security. You are responsible for keeping your account login details confidential and for notifying us if you believe your account has been accessed without authorization.

13. Your rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data.

These may include the right to:

  1. Request access to your personal data

  2. Request correction of inaccurate or incomplete personal data

  3. Request deletion of your personal data

  4. Request restriction of processing

  5. Object to certain processing

  6. Request a copy of your personal data in a portable format

  7. Withdraw consent where processing is based on consent

  8. Opt out of marketing communications

  9. Lodge a complaint with a relevant data protection authority, where applicable

To exercise your rights, contact us using the details in this Privacy Policy.

We may need to verify your identity before responding to certain requests. Some requests may be limited where we need to retain data for legal, contractual, certification, security, accounting, dispute resolution, or legitimate business reasons.

14. Marketing communications

You may receive marketing communications from us if you have signed up, purchased a product, enrolled in a course, joined a membership, requested information, or otherwise interacted with GHI, and where such communications are permitted by law.

You can opt out of marketing emails at any time by clicking the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing emails, we may still send you service related messages, such as purchase confirmations, account notices, course access information, exam notices, certificate updates, membership notices, security notices, and changes to our policies.

15. Community content and user generated content

If you post, comment, reply, upload, or otherwise share content in a community area or course discussion area, that content may be visible to other learners, members, instructors, administrators, or platform users depending on the settings of that area.

You should not share personal data, confidential information, sensitive information, or information about other people unless you have the right to do so.

We may review, moderate, remove, restrict, or retain community content where necessary to operate the community, enforce our standards, protect users, investigate concerns, or comply with legal obligations.

16. Children and minors

Our services are intended for individuals who are legally able to create an account, purchase online learning products, or participate in professional education.

We do not knowingly collect personal data from children under the age required by applicable law without appropriate parental or guardian consent.

If you believe a child has provided personal data to us without appropriate consent, please contact us and we will take appropriate steps.

17. Sensitive personal data

We do not intentionally request sensitive personal data, such as health data, biometric data, precise location data, religious beliefs, political opinions, or similar sensitive categories, unless it is necessary for a specific lawful purpose and permitted by applicable law.

Please do not send sensitive personal data to us unless specifically requested and necessary.

18. Links to other websites

Our website, courses, downloads, emails, or community areas may contain links to third party websites, platforms, resources, or social media pages.

We are not responsible for the privacy practices, content, security, or policies of third party websites. You should review the privacy policies of those third parties before providing personal data to them.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, technology, business operations, or data practices.

When we update this Privacy Policy, we will revise the effective date at the top of the page. Where required, we may also notify users by email, platform notice, or other appropriate means.

Your continued use of our website or services after changes are posted means that you acknowledge the updated Privacy Policy.

20. Contact us

If you have any questions, requests, or concerns regarding this Privacy Policy or how we process personal data, please contact us at:

Global Hospitality Institute

Legal entity: Globaalne Külalislahkuse Instituut OÜ

Email: [email protected]

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-202, 10120, Estonia

We will review and respond to privacy requests in accordance with applicable law.