GDPR Compliance Policy

1. Introduction

Tastymomdish (the “Website”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of its visitors, customers, and partners in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This GDPR Compliance Policy explains the types of personal data we collect, the legal bases for processing that data, the security measures we employ, and the rights you enjoy under the GDPR. By using our site, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect and process the following categories of personal data:

• Email address: collected when you subscribe to our newsletter, request a recipe, or contact us.
• Cookies & similar technologies: used for session management, analytics, and personalized content. This includes first‑party cookies for authentication and third‑party cookies from Google Analytics.
• Analytics data: aggregated information such as IP address, device type, browser, and pages visited, used solely to improve the Website’s performance and user experience.

We do not collect any special categories of data (e.g., health, biometric, or political opinions) and we do not process data concerning minors without parental consent.

3. Legal Basis for Processing

Our processing activities are based on the following lawful grounds under Article 6 of the GDPR:

• Consent (Article 6(1)(a)): When you voluntarily subscribe to our newsletter or accept our cookie banner, you give explicit consent for us to use your email address and cookies for the purposes described.
• Legitimate Interests (Article 6(1)(f)): We process analytics data and use cookies to improve site functionality, security, and marketing efficiency. Your interests and fundamental rights are carefully balanced against our legitimate interests.

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Protect Your Data

We implement a comprehensive set of technical and organisational measures to safeguard personal data, including:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.3 or higher).
• Secure Servers: Our hosting environment is hosted in GDPR‑compliant data centres with regular security audits, firewalls, and intrusion‑detection systems.
• Limited Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Email addresses are kept until you unsubscribe; analytics data is anonymised after 12 months.
• Access Controls: Only authorised personnel with a legitimate need to access personal data are granted permissions, and all access is logged and reviewed regularly.
• Data Breach Procedures: In the unlikely event of a breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

5. Your GDPR Rights

Under the GDPR, you have the following rights concerning your personal data. Each right is accompanied by an icon for quick reference.

• Right to Access (Article 15)

  You may request a copy of the personal data we hold about you, together with information about how we process it, the purposes of processing, and the recipients of your data.

• Right to Rectification (Article 16)

  If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.

• Right to Erasure (Right to be Forgotten) (Article 17)

  You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, or the processing is unlawful.

• Right to Restrict Processing (Article 18)

  You can ask us to limit the way we use your data while we verify the accuracy of the data, or if you contest the processing.

• Right to Data Portability (Article 20)

  You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller where technically feasible.

• Right to Object (Article 21)

  You may object to processing based on legitimate interests or direct marketing. Upon receipt of a valid objection, we will cease processing unless we demonstrate compelling legitimate grounds.

• Right to Withdraw Consent (Article 7)

  If we rely on your consent for processing, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to our Data Protection Officer (DPO) at the email address below. Include the following information to help us verify your identity and locate your data:

• Your full name and the email address you used on Tastymomdish.
• A clear description of the right you wish to invoke (e.g., “I would like to access my data”).
• Any additional information that may assist us in locating the relevant records.

We will acknowledge receipt of your request within five (5) business days and will respond with the requested information or a decision within thirty (30) calendar days, as required by the GDPR. If additional time is needed, we will inform you of the extension and the reasons for it within the initial 30‑day period.

7. Contact Information

For any questions, concerns, or requests related to this GDPR Compliance Policy, please contact our Data Protection Officer:

8. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices, legal requirements, or technological developments. The “Last Updated” date at the top of this page indicates the most recent revision. Continued use of the Website after any changes constitutes acceptance of the updated policy.