GDPR Compliance Policy

Last Updated: April 03, 2026

1. Introduction

DishesDaily (the “Website”) is committed to protecting the privacy and personal data of its users in accordance with the European Union’s General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, the legal basis for processing, and your rights under the GDPR. By using the Website, you acknowledge that you have read, understood, and agreed to the terms of this policy.

2. Data We Collect

Email addresses: We collect email addresses when you subscribe to our newsletter, create an account, or contact us through the website. These addresses enable us to send you updates, promotional offers, and support information.
Cookies: The Website uses first‑party cookies to enhance user experience, remember preferences, and facilitate navigation. Third‑party cookies from analytics providers track visitor interactions for website performance improvement.
Analytics: We employ services such as Google Analytics (with anonymised IP addresses) to collect aggregated data on page views, device types, and geographical location. This information helps us optimise the site and tailor content to user interests.

3. Legal Basis for Processing

The processing of personal data on the Website is based on two lawful bases:

Consent: When you voluntarily provide your email address or interact with the newsletter sign‑up, you explicitly consent to the use of that data for marketing and communication purposes.
Legitimate Interest: The collection of cookies and analytics data is necessary for the legitimate interest of improving website functionality, user experience, and marketing effectiveness. We have conducted a legitimate interest assessment and determined that the benefits outweigh any potential privacy impact.

4. How We Protect Your Data

SSL Encryption: All data transmitted between your browser and the Website is encrypted using TLS (HTTPS), protecting against interception or tampering.
Secure Servers: Personal data is stored on industry‑standard secure servers with restricted physical and logical access, regular vulnerability scans, and intrusion detection systems.
Limited Retention: We retain personal data only for as long as necessary to fulfil the purpose for which it was collected. Email addresses are kept for up to 12 months after the last interaction unless the user requests deletion. Cookies are stored according to their specified lifetime, and analytics data is retained for 6 months.

5. GDPR Rights and How to Exercise Them

Under the GDPR, you possess the following rights. If you wish to exercise any of these rights, please contact us at [email protected]. We will respond within 30 days, in line with GDPR requirements.

Right to Access

You may request a copy of the personal data we hold about you, along with information about how it is processed and who it is shared with.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request corrections to ensure it is correct.

Right to Erasure

You may ask for the deletion of your personal data, subject to certain legal retention obligations.

Right to Restrict Processing

You can request that we limit the processing of your data, for example, if you contest its accuracy.

Right to Data Portability

You may obtain your personal data in a structured, commonly used, and machine‑readable format and transfer it to another controller.

Right to Object

You can object to the processing of your data for direct marketing or profiling purposes.

Right to Withdraw Consent

If you have given us consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of processing that relied on consent before its withdrawal.

6. Exercising Your Rights

To exercise any of the above rights, please send an email to [email protected] with the following details:

Your full name and contact information.
Clear identification of the personal data you wish to access, correct, delete, or otherwise process.
A statement of the specific right you are exercising (e.g., “I request access to my personal data”).

We will verify your identity before processing your request to protect against unauthorized access. If additional information is needed, we may contact you for clarification. We commit to responding within 30 calendar days, and if the request is complex or involves multiple data subjects, we may extend this period by an additional 30 days, informing you of the extension and the reasons for it.

7. Data Retention and Deletion

Personal data collected through email subscriptions is retained for 12 months after the last interaction unless the user explicitly requests deletion. Cookie data is retained according to its specified lifespan, and analytics data is kept for a maximum of 6 months. When data is no longer required or upon deletion request, we securely erase it from all active databases and backups, ensuring it cannot be reconstructed.

8. Contact Information

For any questions, concerns, or to exercise your GDPR rights, please contact:

DishesDaily Data Protection Officer
Email: [email protected]

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Any changes will be posted on this page, and the “Last Updated” date will be revised accordingly. We encourage you to review this policy periodically to stay informed about how we protect your personal data.