Discovery School

Privacy Policy

Last updated: 20/09/2025

DiscoverySchool OÜ (“Company,” “we,” “our,” or “us”) is committed to safeguarding the privacy and security of personal data entrusted to us. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.

1. Data Controller

The data controller responsible for the processing of your personal data is:

DiscoverySchool OÜ
Tuuliku 4c, Tallinn, Estonia, 10621
Email: discoverytimegm@gmail.com
Phone: +372 5885 3408

2. Categories of Personal Data Collected

We may collect and process the following categories of personal data:

  • Identification data (e.g., full name, date of birth where required)
  • Contact details (e.g., email address, telephone number, postal address)
  • Payment information (processed securely through third-party providers; we do not store full card details)
  • Information provided during registration for classes, events, or related services
  • Communications and correspondence with us (e.g., emails, messages, or support requests)

We only collect personal data necessary for the purposes set out in this Privacy Policy.

3. Legal Bases for Processing

We process personal data under the following lawful bases as provided by Article 6 of the GDPR:

  • Performance of a contract (Art. 6(1)(b)): To register participants, deliver classes, and provide related services.
  • Compliance with legal obligations (Art. 6(1)(c)): To fulfill obligations under applicable laws, such as accounting and tax requirements.
  • Legitimate interests (Art. 6(1)(f)): To improve our services, ensure the security of our systems, and communicate relevant updates.
  • Consent (Art. 6(1)(a)): For optional communications such as newsletters or marketing. Consent may be withdrawn at any time.

We do not sell, lease, or otherwise disclose personal data to third parties for marketing purposes.

4. Purposes of Processing

Personal data may be processed for the following purposes:

  • Registration, scheduling, and delivery of courses, events, and programs
  • Communication with participants regarding schedules, changes, and support
  • Processing of payments and issuance of invoices
  • Maintenance of business operations and improvement of services
  • Compliance with legal and regulatory obligations

5. Data Sharing and Disclosure

We may share personal data with:

  • Service providers and processors (e.g., IT service providers, payment processors) engaged under contractual obligations to ensure GDPR compliance
  • Public authorities or regulators where required by applicable law

We ensure that any third party processing personal data on our behalf does so under appropriate safeguards.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. When no longer needed, personal data will be securely deleted or anonymized.

7. Data Subject Rights

Under the GDPR, you have the following rights:

  • Right of access: To obtain confirmation and a copy of the personal data held about you
  • Right to rectification: To correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): To request deletion of your personal data under certain circumstances
  • Right to restriction of processing: To request the limitation of processing in certain cases
  • Right to data portability: To receive your personal data in a structured, commonly used format and transfer it to another controller
  • Right to object: To object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, please contact us at [Insert contact email].

You also have the right to lodge a complaint with the relevant supervisory authority.

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized access, alteration, disclosure, or destruction of personal data.

9. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other mechanisms compliant with the GDPR.

10. Changes to This Policy

We may amend this Privacy Policy from time to time. Any updates will be published on our website, with the “last updated” date revised accordingly. We encourage you to review this policy periodically.

Contact Information
If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us at:

DiscoverySchool OÜ
Tuuliku 4c, Tallinn, Estonia, 10621
Email: discoverytimegm@gmail.com
Phone: +372 5885 3408