GDPR Compliance Policy – DailyKitchenFlavor

Last Updated: April 03, 2026

1. Introduction

DailyKitchenFlavor (the “Website”) is committed to protecting the privacy of individuals who visit our site and who provide personal data to us. This policy explains how we collect, use, store, and share personal data in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. By using the Website, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We collect the following types of personal data when you interact with the Website:

• Email addresses – when you sign up for newsletters, submit recipe requests, or contact us.
• Cookies and similar tracking technologies – to remember your preferences, improve site functionality, and measure traffic.
• Analytics data – aggregated and anonymised data collected via third‑party services (e.g., Google Analytics) to understand user behaviour and optimise content.

3. How We Use Your Data

We process your personal data for the following purposes:

• Providing and improving services – delivering newsletters, recipe recommendations, and personalized content.
• Communication – responding to enquiries and providing customer support.
• Analytics and optimisation – analysing traffic patterns and site performance to enhance user experience.
• Legal compliance – retaining data required for statutory obligations and contractual commitments.

4. Legal Basis for Processing

We rely on the following lawful bases under the GDPR to process your personal data:

• Consent – for marketing emails and optional newsletters. You may withdraw consent at any time.
• Legitimate interest – for analytics, cookies, and improving site functionality. We conduct a proportionality assessment to ensure that legitimate interest does not override your privacy rights.
• Contractual necessity – for communication and support related to your interactions with the Website.

5. Data Protection Measures

DailyKitchenFlavor implements a range of technical and organisational safeguards to protect your personal data:

• SSL/TLS encryption – all data transmitted between your browser and our servers is encrypted using the latest TLS protocols.
• Secure servers and access controls – we host data on reputable, secure data centres and restrict access to authorised staff only.
• Regular security audits – periodic penetration testing and vulnerability assessments are carried out to identify and remediate risks.
• Limited retention – data is stored only as long as necessary: email addresses for 12 months after the last interaction, cookies for 2 weeks, and analytics data for 30 days.

6. Your GDPR Rights

Under the GDPR, you have several rights regarding your personal data. Below is a detailed explanation of each right and how you can exercise it. Each right is accompanied by a Bootstrap icon for quick reference.

Right to Access

You can request a copy of the personal data we hold about you, including the purposes for which it is processed, the categories of data, and the recipients to whom it has been disclosed. To exercise this right, email us at [email protected] with the subject “GDPR Access Request” and provide a brief description of the data you wish to obtain.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you may ask us to correct it. Contact us via the same email address with the specific details that need updating, and we will rectify the information promptly.

Right to Erasure

Also known as the “right to be forgotten,” you can request deletion of your personal data when it is no longer necessary for the purposes we collected it for, or if you withdraw consent and no other lawful basis applies. Send an email stating “GDPR Erasure Request” and we will delete your data within the statutory period, unless a legal retention requirement applies.

Right to Restrict Processing

You may request that we temporarily limit the processing of your data, for example if you contest its accuracy. Notify us by email with the subject “GDPR Restriction Request” and we will impose a restriction while we investigate.

Right to Data Portability

If you want to transfer your data to another service provider, you can request a structured, machine‑readable copy of the personal data we hold. Email us with the subject “GDPR Portability Request,” and we will provide the data in a commonly used format (e.g., CSV or JSON) within 30 days.

Right to Object

You can object to the processing of your data for direct marketing or profiling purposes. To exercise this right, send an email titled “GDPR Object Request” and we will stop processing the data for those purposes, except where a compelling legitimate interest exists.

Right to Withdraw Consent

If you have given us consent to process your data (e.g., for newsletters), you can withdraw that consent at any time. Simply reply to any marketing email with “Unsubscribe” or send an email with the subject “GDPR Consent Withdrawal.” We will honour your request immediately and cease sending marketing communications.

7. How to Exercise Your Rights

To exercise any of the rights outlined above, please contact us at [email protected] with the following information:

• Your full name and contact details.
• A description of the personal data or request (e.g., “I want all email addresses associated with my account”).
• Any supporting documentation you believe is necessary to verify your identity.

We will respond to your request within 30 days of receiving it. If the request is complex or requires additional verification, we may extend this period but will keep you informed of any delay.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The retention periods are:

• Email addresses: 12 months after the last interaction or until you request deletion.
• Cookies: 2 weeks for session cookies, 1 month for persistent tracking cookies.
• Analytics data: 30 days, stored in aggregated form only.

9. International Transfers

We may transfer data to servers located outside the European Economic Area (EEA) for processing and storage. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in compliance with GDPR.

10. Contact Information

If you have any questions, concerns, or wish to exercise a GDPR right, please contact our Data Protection Officer at [email protected]. We are committed to resolving any issues promptly and transparently.

11. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Any changes will be posted on this page with a new “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we handle your personal data.