GDPR Compliance Policy

1. Introduction

Daily Kitchen Flavor (“we”, “our”, “us”) operates the website https://dailykitchenflavor.com (the “Site”). This GDPR Compliance Policy explains how we collect, use, store, protect, and disclose personal data in accordance with the European Union’s General Data Protection Regulation (EU) 2016/679 (GDPR). By accessing or using the Site, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We only process personal data that is necessary for the purposes described below. The categories of data we collect are:

• Email address – provided voluntarily when you subscribe to our newsletter, submit a comment, or contact us.
• Cookies & similar technologies – small text files that store a unique identifier, preferences, and session information. These are used for analytics, personalization, and security.
• Analytics data – aggregated information such as IP address, browser type, operating system, pages visited, and time spent on the Site. This data is collected through third‑party services (e.g., Google Analytics) that we configure to anonymize IP addresses where possible.

3. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

• Consent (Article 6(1)(a)) – When you voluntarily provide your email address for newsletter subscriptions or comment submissions, you give explicit consent for us to store and use that data for the stated purpose.
• Legitimate Interests (Article 6(1)(f)) – The use of cookies and analytics is necessary for maintaining the security, functionality, and improvement of the Site. Our legitimate interest is balanced against your rights and expectations.

If we rely on consent, you have the right to withdraw it at any time (see Section 7).

4. How We Protect Your Data

We implement appropriate technical and organisational measures to safeguard personal data, including:

• SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers – Our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
• Access Controls – Only authorised personnel with a legitimate need can access personal data, and they are required to sign confidentiality agreements.
• Limited Retention – Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, anonymised form for a maximum of 24 months.
• Data Breach Procedures – In the unlikely event of a breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

5. Your GDPR Rights

Under the GDPR, you enjoy a range of rights concerning your personal data. Each right is explained below, accompanied by a Bootstrap icon for quick reference.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details provided in Section 9. Your request should include:

• Your full name and contact details (email address is sufficient for verification).
• A clear description of the right you wish to invoke (e.g., “I would like to exercise my Right to Erasure”).
• Any additional information that may help us locate your data (e.g., the email address you used to subscribe).

We will acknowledge receipt of your request within 5 business days and will provide a substantive response within 30 calendar days, as required by the GDPR. If additional time is needed, we will inform you of the reason and the expected deadline.

7. Response Time

All requests related to GDPR rights will be processed in accordance with the statutory deadline of 30 days. In exceptional cases—such as complex requests or when we receive a high volume of requests—we may extend the period by a further two months, but we will notify you of any extension within the initial 30‑day period.

8. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer:

We aim to respond to all inquiries promptly and transparently.

9. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in legislation, our practices, or technological developments. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the Site after such updates constitutes acceptance of the revised policy.

10. Additional Information

International Transfers: All processing takes place within the European Economic Area (EEA). If we need to transfer data outside the EEA, we will ensure an adequate level of protection through Standard Contractual Clauses or other approved mechanisms.

Automated Decision‑Making: We do not use your personal data for solely automated decisions that produce legal or similarly significant effects.

Complaints: If you believe we have not complied with the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred.