GDPR Policy - dailydinnerkitchen

Daily Dinner Kitchen – GDPR Compliance Policy

Daily Dinner Kitchen (“we”, “us”, “our”) is committed to protecting the personal data of our visitors, customers, and newsletter subscribers in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we collect it, how we safeguard it, and the rights you have under the GDPR.

1. Data We Collect

We process only the data that is necessary for the purposes described below. The categories of personal data we collect include:

Email address – when you subscribe to our newsletter, request a recipe, or contact us.
Cookies and similar tracking technologies – to improve site functionality, remember your preferences, and analyse traffic.
Analytics data – aggregated information such as IP address, device type, browser, pages visited, and time spent on the site, collected via Google Analytics and other services.

2. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

Consent (Article 6(1)(a)) – when you voluntarily provide your email address or accept cookies, you give us explicit consent to use that data for the stated purposes.
Legitimate interests (Article 6(1)(f)) – we process analytics and technical data to improve the website’s performance, security, and user experience, which is a legitimate interest that does not override your fundamental rights.

3. How We Protect Your Data

We implement a range of technical and organisational measures to ensure the confidentiality, integrity, and availability of your personal data:

All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS).
Our servers are hosted in secure data centres with regular security audits, firewalls, and intrusion‑detection systems.
Access to personal data is restricted to authorised personnel who need it to perform their duties.
Data is retained only for as long as necessary: newsletter addresses are kept until you unsubscribe, analytics data is anonymised after 12 months, and cookie identifiers are deleted after 30 days unless you renew consent.

4. Your GDPR Rights

Under the GDPR, you enjoy a set of rights regarding your personal data. Each right is illustrated with a Bootstrap Icon for easy reference.

Right to Access

You have the right to obtain confirmation that we are processing your data and, where applicable, a copy of the personal data we hold about you.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit the way we use your data while we verify the accuracy of the data or while a dispute is being resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller.

Right to Object

You may object to the processing of your data for direct marketing, scientific or historical research, or for the performance of a task carried out in the public interest.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us using the details provided in Section 9. When you make a request, we will:

Verify your identity to protect your data from unauthorised access.
Log the request in our internal tracking system.
Provide a response within 30 calendar days, as required by the GDPR. In exceptional cases, we may extend this period by a further two months, but we will inform you of any extension and the reasons for it.

6. Contact Information

If you have questions about this policy, wish to exercise your rights, or need further assistance, please reach out to our Data Protection Officer (DPO) at:

Daily Dinner Kitchen – Data Protection Officer
Email: gdpr@dailydinnerkitchen.com

7. International Data Transfers

All personal data is stored on servers located within the European Economic Area (EEA). If we ever need to transfer data outside the EEA (e.g., to a third‑party service provider), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place.

8. Retention Periods

We retain personal data only for the period necessary to fulfil the purposes for which it was collected:

Email addresses – retained until you unsubscribe or request deletion.
Cookie identifiers – deleted after 30 days of inactivity unless you renew consent.
Analytics data – aggregated and anonymised after 12 months; raw data is deleted after this period.

9. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date.

Last Updated: December 06, 2025