GDPR Compliance Policy

Effective Date: December 01, 2025

Website: dishesdaily.com

Data Protection Contact: gdpr@dishesdaily.com

---

1. Introduction

dishesdaily (the “Company”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of its users in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy explains what personal data we collect, why we process it, how we safeguard it, and the rights you enjoy under the GDPR.

2. Personal Data We Collect

• Email addresses: Collected when you subscribe to our newsletter, register for an account, or contact us.
• Cookies & similar technologies: Used to remember preferences, analyse traffic, and deliver personalised content.
• Analytics data: Aggregated information such as page views, device type, IP address (anonymised where possible), and referral source, collected through tools like Google Analytics.

3. Legal Basis for Processing

We process personal data only when we have a lawful basis under the GDPR:

• Consent (Article 6(1)(a)): When you voluntarily provide your email address or accept cookies, you give us explicit consent to use that data for the purposes described.
• Legitimate Interests (Article 6(1)(f)): The use of analytics and essential cookies is necessary for the proper functioning of the site, improving user experience, and protecting the security of our services.

4. How We Protect Your Data

Security is a core priority. We employ a range of technical and organisational measures to safeguard personal data, including:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers: Our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
• Limited Retention: Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is retained for a maximum of 24 months in an aggregated, pseudonymised form.
• Access Controls: Only authorised personnel with a legitimate need can access personal data, and all staff receive GDPR training.

5. Your GDPR Rights

Under the GDPR you enjoy a series of rights concerning your personal data. Each right is explained below, together with an icon from Bootstrap Icons for quick reference.

Right to Access

You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of that data. This includes information about the purposes of processing, the categories of data concerned, and the recipients of the data.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the processing is unlawful.

Right to Restrict Processing

In certain circumstances you can request that we limit the way we use your data, for example while we verify the accuracy of the data or the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine‑readable format, and to transmit that data to another controller without hindrance.

Right to Object

You may object, on grounds relating to your particular situation, to the processing of your personal data for direct marketing, scientific or historical research, or statistical purposes. We will cease processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time, free of charge. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer at gdpr@dishesdaily.com. In your request, include:

1. Your full name and the email address you used with dishesdaily.
2. A clear description of the right you wish to invoke (e.g., “I would like to exercise my Right to Access”).
3. Any additional information that will help us verify your identity (e.g., a recent order number).

We will acknowledge receipt of your request within 5 business days and will provide a substantive response no later than 30 calendar days, as required by Article 12 of the GDPR. In complex cases, we may extend this period by an additional two months, but you will be informed of the extension and the reasons for it.

7. Data Retention Periods

Email addresses: Retained for as long as you remain subscribed or until a deletion request is received. Inactive accounts are purged after 24 months of inactivity.

Cookies & analytics: Session cookies are deleted when you close your browser. Persistent cookies are retained for up to 12 months unless you delete them manually. Aggregated analytics data is stored for a maximum of 24 months.

8. International Transfers

All processing takes place within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., to a service provider in the United States), we ensure an adequate level of protection by relying on the EU‑U.S. Data Privacy Framework or Standard Contractual Clauses.

9. Updates to This Policy

We may amend this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the top of the page indicates the most recent revision. Continued use of the site after any changes constitutes acceptance of the updated policy.

10. Additional Information

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, such as the Data Protection Authority in your EU Member State.

This policy is provided for informational purposes and does not constitute legal advice. For any specific concerns, please contact us at gdpr@dishesdaily.com.