Privacy Policy
This policy explains how Vital Kitchen Lab collects, uses, discloses, retains and protects personal data when you visit our website or contact us about educational services.

1. Who we are and the scope of this policy
Vital Kitchen Lab is a Singapore-based provider of online healthy cooking education, practical recipe instruction, meal-planning resources and related learner support. Our principal contact address is 51 Bras Basah Road #09-04 Singapore 189554 In this policy, “Vital Kitchen Lab”, “we”, “us” and “our” refer to the organisation responsible for the website freshtableacademy.sg and the personal data collected through it.
This policy applies when you browse the website, submit a course-registration request, send a contact enquiry, subscribe to Fresh Notes, communicate with our team, participate in an online course or otherwise Interact with our digital educational services. It does not automatically govern an independent website, platform or service operated by another organisation, even where we provide a link to it. That third party’s own privacy terms apply to its activities.
We aim to handle personal data in accordance with applicable Singapore data-protection requirements, including the Personal Data Protection Act 2012 and related regulations and guidance. “Personal data” generally means data about an identifiable individual, whether the person can be identified from that data alone or together with other information to which an organisation has or is likely to have access.
2. Personal data we may collect
2.1 Information you provide directly
When you submit a form or communicate with us, we may collect your name, email address, telephone number, preferred course, learning Interests, enquiry details and any other information you choose to include. If you register for a course through a later enrolment process, we may also collect scheduling preferences, billing or transaction records supplied through the agreed process, records of consent, learner-support correspondence and information reasonably required to administer access.
Please avoid placing unnecessary sensitive information in free-text fields. In particular, do not submit identity-document numbers, payment-card details, passwords, detailed medical information or confidential information belonging to another person through a general website form. Our public forms are designed for ordinary educational enquiries, not for receiving high-risk data.
2.2 Information generated through use of the website
Our systems may receive technical information such as the Internet Protocol address used for a request, browser and device characteristics, operating system, referring page, pages visited, approximate timestamps, language settings and diagnostic events. In the supplied website build, form submissions store a one-way hash of the originating Internet Protocol address rather than the plain address. Such information may help us secure forms, investigate errors, understand broad usage patterns and maintain reliable services.
2.3 Information from other sources
We may receive information from a person acting with your authority, an organisation arranging group learning, a technology provider supporting course delivery or a public source where collection is permitted and relevant. When another person provides your data, that person should have an appropriate basis for doing so and should tell you about the disclosure where required.
3. Purposes for collecting, using and disclosing data
We may process personal data for purposes that a reasonable person would consider appropriate in the circumstances, including:
- responding to contact requests, registration enquiries and questions about course structure, access or scheduling;
- providing, administering and supporting online educational services, learner accounts, classes, resources and communications;
- confirming identity where reasonably necessary to protect an account, act on a privacy request or prevent misuse;
- sending a newsletter or course update where you have requested it, and recording or implementing an unsubscribe choice;
- operating, securing, troubleshooting, backing up and improving the website and associated information systems;
- maintaining business, attendance, consent, support and transaction records for legitimate administrative, audit and legal purposes;
- protecting the rights, safety, security and property of learners, staff, service providers and the public;
- complying with applicable laws, lawful requests, regulatory expectations, court orders and dispute-resolution processes; and
- carrying out another purpose that we notify to you and for which any required consent or other lawful basis has been obtained.
We do not use a course enquiry to make medical diagnoses, provide treatment, make credit decisions or promise individual health outcomes. Our services are educational. Where a proposed new use is not reasonably connected to the original notified purpose, we will consider whether additional notice or consent is required before proceeding.
4. Consent, deemed consent and withdrawal
Where consent is required, we seek it through a clear action, such as submitting a form after reading the accompanying notice, selecting a newsletter option or agreeing to enrolment terms. In some circumstances, applicable law may recognise deemed consent or permit collection, use or disclosure without consent. We will rely on such grounds only where we reasonably consider the relevant conditions to be met.
You may withdraw consent for a purpose by contacting us using the details in section 13. A withdrawal does not invalidate processing that occurred before it took effect. We will explain any likely consequences, which may include an inability to continue a newsletter, answer an unfinished request or provide a service that genuinely requires the information. We will cease the affected processing within a reasonable period unless retention or use remains permitted or required by law.
5. How we may disclose personal data
We do not sell personal data to advertisers. We may disclose limited data to service providers that help us operate our business, such as website hosting, email delivery, course platforms, communications, secure storage, professional advisers or technical support. Such providers should receive only the information reasonably needed for their task and be subject to appropriate contractual, confidentiality or data-protection obligations.
We may also disclose information to a government authority, regulator, court, law-enforcement body, insurer, professional adviser or other party where disclosure is required or authorised by law, reasonably necessary to establish or defend legal claims, or necessary to respond to a serious security or safety concern. If the organisation is reorganised, merged or transferred, relevant records may be disclosed under suitable confidentiality arrangements as part of due diligence or transferred to a successor that continues the applicable purposes.
6. Overseas transfers
Some technology suppliers may process or store information outside Singapore. Before making or permitting an overseas transfer, we take reasonable steps appropriate to the circumstances to ensure that the transferred personal data receives a standard of protection comparable to that required under applicable Singapore law. Measures may include contractual terms, supplier assessments, access controls, security requirements and limits on further use or disclosure.
The Internet is global and no method of transfer is completely risk-free. We choose proportionate safeguards but cannot represent that every technical event is impossible. If a particular course platform has material additional terms or locations, these may be disclosed during the enrolment process.
7. Protection and security
We use reasonable administrative, physical and technical measures to protect personal data against unauthorised access, collection, use, disclosure, copying, modification, loss, disposal or similar risks. Depending on the system, measures may include restricted access, least-privilege permissions, transport encryption, password controls, system updates, backups, logging, supplier checks and staff confidentiality expectations.
The provided website stores form submissions in a server-side file within a protected storage directory. For deployment, the hosting environment should deny public web access to that directory, use appropriate file permissions, serve the website over HTTPS, maintain security updates and restrict administrative access. Operators should also review whether a production database or managed form service is more appropriate for their expected volume and risk profile.
No security programme can guarantee absolute security. If we become aware of a data incident, we will investigate, contain and assess it, take remedial action and make notifications where required. Users should protect their email accounts and devices, avoid sending unnecessary confidential data and notify us promptly if they suspect misuse of an Interaction with Vital Kitchen Lab
8. Accuracy and correction
We take reasonable steps to ensure that personal data used for a decision affecting you, or disclosed to another organisation, is accurate and complete where required. You can help by providing current information and notifying us when material details change. To request correction, contact us and identify the record and proposed change. We may verify your identity and may retain an audit record of the request and action taken.
We may decline or limit a correction where an exception applies, the request relates to an opinion that cannot appropriately be replaced as requested, the proposed information cannot be verified, or the record must be preserved for legal reasons. Where appropriate, we may annotate the record with your statement.
9. Retention and disposal
We retain personal data only for as long as the purpose for which it was collected continues to be served and retention remains necessary for a legal or business purpose. The period varies according to the record. A simple unanswered enquiry may be kept for a shorter period than an enrolment, transaction, attendance, consent or dispute record. Security logs may be retained for a limited operational period, while records needed for accounting, contractual or legal purposes may be retained longer.
When data is no longer required, we take reasonable steps to delete it, anonymise it or otherwise remove the means by which it can be associated with an individual. Backup copies may persist for a limited cycle until overwritten, with access restricted and restoration governed by operational procedures.
10. Access, correction and other requests
Subject to applicable law and exceptions, you may request access to personal data about you that is in our possession or under our control and information about how it was used or disclosed within the relevant period. You may also request correction of an error or omission. Submit a sufficiently specific written request to [email protected] with the subject “Privacy request”.
We may ask for information needed to verify identity, authority and scope. We will not disclose another person’s data or information protected by an applicable exception. A reasonable fee may be charged where permitted for an access request; if so, we will provide an estimate before proceeding. We aim to respond as soon as reasonably possible and will communicate if more time is needed.
11. Children and information about other people
Our general website is directed to adults and is not designed to collect personal data directly from children without appropriate involvement of a parent, guardian or responsible organisation. If a minor may participate in a programme, separate arrangements and consent requirements may apply. A parent or guardian who believes a child has submitted personal data without appropriate authorisation should contact us promptly.
Do not provide another person’s personal data unless you are authorised to do so and the disclosure is appropriate. For group enquiries, provide only the minimum information needed at the initial stage.
12. Cookies, links and external services
The website uses essential browser storage for functions such as remembering a cookie preference and may use optional analytics only according to the choices and implementation described in our Cookie Policy. External links are provided for convenience and do not mean that we control the external operator’s privacy practices. Review the relevant third-party terms before submitting data.
Our social-card metadata may allow a social platform to display a preview when a page is shared. Any direct Interaction with a third-party platform is governed by that platform’s rules.
13. Contacting our Data Protection contact
Questions, withdrawals, complaints and access or correction requests may be sent to the Data Protection contact at Vital Kitchen Lab, 51 Bras Basah Road #09-04 Singapore 189554, by email at [email protected] or by telephone at +65 6338 4275. Please use the subject “Privacy request” for data-rights correspondence. Do not send identity documents unless we specifically request a suitable verification method.
We will review a privacy complaint fairly, may ask for clarifying information and will explain the outcome or next step. Nothing in this policy limits a right available under applicable law or a right to contact the relevant Singapore regulator.
14. Changes to this policy
We may update this policy to reflect changes in services, technology, operations or legal requirements. The effective date at the top shows the latest published version. Material changes may also be highlighted on the website or communicated through an appropriate channel where reasonably practicable. Continued use after publication does not remove any consent requirement that applies to a new purpose.
This policy is a website governance document and not legal advice to another organisation. Vital Kitchen Lab should periodically review the deployed version, actual suppliers, retention schedule and technical controls to ensure the description remains accurate.