GDPR Compliance Policy – dishesdaily

Effective Date: November 30, 2025

1. Introduction

dishesdaily (the “Company”, “we”, “us”, or “our”) is committed to protecting the personal data of our users, visitors, and customers in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy explains what personal data we collect, the legal bases for processing that data, how we protect it, and the rights you have under the GDPR. By using our website (https://dishesdaily.com) you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect and process the following categories of personal data:

Email address: Provided when you subscribe to our newsletter, request a recipe, or contact us.
Cookies & similar technologies: Used to remember your preferences, analyse site usage, and deliver personalised content.
Analytics data: Includes IP address, device type, browser information, pages visited, and time spent on each page. This data is collected via Google Analytics and a self‑hosted analytics solution.

3. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

Consent (Article 6(1)(a)): When you voluntarily provide your email address for newsletters or marketing communications, you give us explicit consent to process that data for the specified purpose.
Legitimate Interests (Article 6(1)(f)): We process cookies and analytics data to improve site performance, understand visitor behaviour, and enhance user experience. Our legitimate interest is balanced against your rights and freedoms, and you can object at any time.

4. How We Protect Your Data

We implement appropriate technical and organisational measures to safeguard personal data, including:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers: Our hosting environment is ISO‑27001 certified, with regular security patches and firewalls.
Access Controls: Only authorised personnel with a legitimate need can access personal data, and they are required to sign confidentiality agreements.
Limited Retention: Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months.

5. Your GDPR Rights

You enjoy a suite of rights under the GDPR. Each right is described below, accompanied by a Bootstrap icon for quick visual reference.

Right to Access

You may request confirmation of whether we hold your personal data and obtain a copy of that data in a structured, commonly used format.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data where there is no legitimate reason for us to retain it, such as when you unsubscribe from our mailing list.

Right to Restrict Processing

You can request that we limit the way we process your data, for example while we verify the accuracy of the data or when you contest its processing.

Right to Data Portability

You have the right to receive your personal data in a commonly used electronic format and transmit it to another controller where technically feasible.

Right to Object

You may object to the processing of your data for direct marketing, profiling, or any other legitimate‑interest‑based activity. We will cease processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on your consent (e.g., newsletter subscriptions), you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details provided in Section 9. Your request should include:

Your full name and, if applicable, the email address associated with your account.
A clear description of the right you wish to invoke (e.g., “I would like to exercise my right to erasure”).
Any additional information that helps us verify your identity (e.g., a recent invoice or subscription ID).

We will acknowledge receipt of your request within 5 business days and aim to provide a substantive response within the statutory 30‑day period. In complex cases, we may extend this period by an additional two months, but we will inform you of any extension and the reasons for it before the original deadline expires.

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected:

Email addresses: Retained until you unsubscribe or request deletion. If you do not interact with us for 24 months, we will automatically purge the address from our active database.
Cookies & analytics: Session cookies expire after the browsing session. Persistent cookies are retained for a maximum of 12 months. Aggregated analytics data is anonymised after 12 months and retained indefinitely for statistical purposes.

8. International Transfers

All processing takes place on servers located within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., to a third‑party analytics provider), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.

9. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer:

Data Protection Officer – dishesdaily
Email: [email protected]

10. Updates to This Policy

We may revise this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date.

Last Updated: November 30, 2025