GDPR Compliance Policy

Effective Date: December 06, 2025

This GDPR (General Data Protection Regulation) Compliance Policy explains how Daily Meal Kitchen (https://dailymealkitchen.com) collects, uses, stores, and protects personal data of individuals located in the European Economic Area (EEA). We are committed to protecting your privacy and to complying with the GDPR and all applicable data‑protection legislation.

1. Data We Collect

We collect and process the following categories of personal data:

• Email address – required for account creation, newsletter subscriptions, order confirmations, and customer support.
• Cookies and similar tracking technologies – used to remember your preferences, analyse site usage, and improve the user experience.
• Analytics data – aggregated information such as IP address, browser type, device type, and pages visited, collected via Google Analytics and other analytics services.

2. Legal Basis for Processing

We rely on the following lawful bases under Article 6 of the GDPR:

• Consent (Article 6(1)(a)) – When you voluntarily subscribe to our newsletter or accept optional cookies, you give explicit consent for us to process your data for those specific purposes.
• Legitimate Interests (Article 6(1)(f)) – We process data such as analytics and essential service cookies to improve site performance, prevent fraud, and ensure the security of our services.
• Contractual Necessity (Article 6(1)(b)) – Processing your email address is necessary to fulfil orders, send invoices, and provide customer support.

3. How We Protect Your Data

We employ a range of technical and organisational measures to safeguard personal data:

• SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers – Our hosting environment is ISO‑27001 certified, with regular security patches and intrusion‑detection monitoring.
• Limited Retention – Email addresses are retained only as long as you maintain an active account or until you request deletion. Analytics data is anonymised after 12 months.
• Access Controls – Only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.
• Data Breach Procedures – In the unlikely event of a breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

4. Your GDPR Rights

Under the GDPR you have the following rights concerning your personal data. Each right is accompanied by a Bootstrap Icon for easy identification.

• Right to Access – You may request confirmation that we are processing your data and obtain a copy of the data we hold about you.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it.
• Right to Erasure (Right to be Forgotten) – You may request the deletion of your personal data where there is no overriding legal reason for us to retain it.
• Right to Restrict Processing – You can ask us to limit the way we use your data while we verify the accuracy of the information or while a legal claim is being considered.
• Right to Data Portability – You may receive your personal data in a structured, commonly used electronic format and transmit it to another controller.
• Right to Object – You can object to the processing of your data for direct marketing, profiling, or where we rely on legitimate interests.
• Right to Withdraw Consent – Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before the withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at gdpr@dailymealkitchen.com. Include your full name, a clear description of the right you wish to invoke, and any information that will help us identify your records (e.g., the email address used on the site).
2. We may ask for additional verification to ensure that we are responding to the legitimate data subject.
3. We will acknowledge receipt of your request within 5 business days and will provide a substantive response no later than 30 calendar days, in accordance with Article 12 of the GDPR.
4. If your request is complex or involves multiple records, we may extend the response period by an additional two months, but we will inform you of the extension and the reasons for it within the original 30‑day period.
5. If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority in your Member State.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Email addresses – retained while the user maintains an active account or until a deletion request is received. Inactive accounts are archived after 24 months and deleted after 36 months.
• Cookies – essential session cookies are deleted when the browser is closed. Persistent cookies are set with a maximum lifespan of 12 months, after which they are automatically removed.
• Analytics data – aggregated and anonymised after 12 months; raw IP addresses are deleted after 6 months.

7. International Data Transfers

All processing takes place within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for third‑party email service providers), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place.

8. Changes to This Policy

We review this policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such changes constitutes acceptance of the revised policy.

9. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer:

This policy is intended to provide clear and transparent information about how Daily Meal Kitchen processes personal data in compliance with the GDPR. It does not replace the need for legal advice tailored to your specific circumstances.