GDPR Compliance Policy

Kitchenmealstudio (“we”, “our”, “us”) is committed to protecting the privacy and personal data of our users. This policy explains how we collect, use, share, and protect the data you provide through our website kitchenmealstudio.com, and how you can exercise your rights under the European Union General Data Protection Regulation (GDPR). By using our services, you consent to the practices described herein.

1. Data We Collect

We collect the following types of personal data:

Email addresses: When you sign up for newsletters, create an account, or request a recipe, we store your email address to communicate with you.
Cookies and tracking pixels: We use first‑party and third‑party cookies (e.g., Google Analytics, Hotjar) to analyze traffic, personalize content, and improve our services.
Usage analytics: We gather anonymised data such as page views, session duration, and device information to optimise user experience.

2. Legal Basis for Processing

We process your personal data on the following lawful bases:

Consent: For marketing communications and newsletters, we rely on your explicit consent. You can withdraw consent at any time.
Legitimate interest: We process data to improve our website, provide personalised content, and detect fraud or abuse. We conduct a proportionality assessment to ensure that these interests do not override your rights.

3. How We Protect Your Data

We employ industry‑standard security measures to safeguard your personal data:

SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers: Our hosting environment is compliant with ISO 27001 and SOC 2, with regular penetration testing.
Access controls: Only authorised staff with a legitimate need can access personal data. Two‑factor authentication is enforced for administrative accounts.
Data minimisation and retention: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Email addresses are deleted after 12 months of inactivity unless you opt‑in to a newsletter.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for quick reference.

Right to Access – You can request a copy of the personal data we hold about you. We will provide the information in a commonly used format within 30 days.
Right to Rectification – If any personal data is inaccurate or incomplete, you may ask us to correct it. We will update the records promptly.
Right to Erasure – Also known as the “right to be forgotten”, you can request deletion of your personal data, subject to legal retention obligations. We will delete the data within 30 days.
Right to Restrict Processing – You may limit the processing of your data (e.g., for accuracy checks). We will comply unless a legal obligation requires us to continue processing.
Right to Data Portability – You can obtain your personal data in a structured, machine‑readable format and transfer it to another controller, where feasible.
Right to Object – You may object to processing for direct marketing or profiling purposes. We will stop processing unless we can demonstrate compelling legitimate interests.
Right to Withdraw Consent – If we rely on your consent, you can withdraw it at any time. Withdrawal does not affect the legality of processing that relied on consent before withdrawal.

5. How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: [email protected]

In your request, please provide:

Your full name and contact details.
A description of the data you are requesting or the action you wish us to take.
Any supporting documents that verify your identity (e.g., a copy of a passport or driver’s licence).

We will acknowledge receipt of your request within 5 business days and respond within 30 days, as mandated by GDPR. If we need additional information to verify your identity, we will let you know promptly.

6. Contact Information

For any questions, concerns, or complaints regarding this policy or our data handling practices, please contact:

Kitchenmealstudio – Data Protection Officer
Email: [email protected]

7. Updates to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the bottom of this page indicates the most recent revision. We encourage you to review this policy regularly.