GDPR Compliance Policy

Effective Date: December 06, 2025

Daily Flavor Kitchen (“we”, “our”, “us”) is committed to protecting the personal data of our visitors, subscribers, and customers in accordance with the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we process it, how we protect it, and the rights you have under the GDPR.

1. Data We Collect

We collect and process the following categories of personal data:

Email addresses: Collected when you subscribe to our newsletter, request a recipe, or contact us.
Cookies and similar technologies: Used for session management, analytics, and personalising your experience.
Analytics data: Includes IP address, device type, browser, pages visited, and time spent on the site. This information is gathered through Google Analytics and other aggregate‑reporting tools.

2. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

Consent (Article 6(1)(a)): When you voluntarily provide your email address or accept our cookie banner, you give us explicit consent to use that data for the purposes described.
Legitimate Interests (Article 6(1)(f)): We process analytics data and use cookies to improve the functionality, security, and performance of our website. This is a legitimate interest that does not override your fundamental rights.

3. How We Protect Your Data

We employ a range of technical and organisational measures to safeguard your personal data:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers: Our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
Limited Retention: Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months.
Access Controls: Only authorised personnel have access to personal data, and they are required to sign confidentiality agreements.

4. Your GDPR Rights

Under the GDPR you enjoy the following rights. Each right is illustrated with a Bootstrap icon for easy reference.

Right to Access

You may request confirmation that we are processing your personal data and obtain a copy of that data, together with information about the purposes of processing, categories of data, and recipients.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data or while we consider your objection.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller.

Right to Object

You may object, on grounds relating to your particular situation, to processing of your personal data for direct marketing, scientific/historical research, or statistical purposes.

Right to Withdraw Consent

Whenever you have given us consent to process your data, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details below. Your request will be acknowledged within 5 business days, and we will provide a substantive response within the statutory period of 30 calendar days.

Email: gdpr@dailyflavorkitchen.com
Address: Daily Flavor Kitchen, Data Protection Office, 123 Culinary Avenue, Food City, EU

6. Response Time

In accordance with Article 12 of the GDPR, we commit to responding to all valid requests within 30 days. If additional time is required due to the complexity of the request, we will inform you of the extension and the reasons for it within the initial 30‑day period.

7. Data Retention Periods

We retain personal data only for as long as necessary:

Email addresses: Until you unsubscribe or request deletion.
Cookies: Session cookies are deleted when you close your browser; persistent cookies are stored for a maximum of 12 months.
Analytics data: Aggregated and anonymised after 12 months; raw data is deleted thereafter.

8. International Transfers

All processing takes place on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary, we will ensure that appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

9. Updates to This Policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such updates constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions, concerns, or wish to lodge a complaint with a supervisory authority, please contact us at the email address provided above.

Last Updated: December 06, 2025