GDPR Compliance Policy

Last Updated: April 03, 2026

1. Introduction

At flavordishflow (the “Company”, “we”, “us” or “our”), we are committed to protecting the privacy and personal data of our users. This GDPR Compliance Policy explains how we collect, use, store, and share the personal data that you provide to us when you visit flavordishflow.com (the “Website”). It also details the rights you have under the European Union General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and how you can exercise those rights.

2. Data We Collect

The types of personal data we collect are limited to what is necessary to provide and improve our services. The categories of data include:

Email addresses – When you subscribe to our newsletter, request a recipe, or create an account, we store the email address you provide.
Cookies and similar technologies – We use cookies to remember your preferences, analyze traffic, and personalize content. Some cookies are essential for website functionality, while others are optional and can be disabled in your browser.
Analytics data – We employ tools such as Google Analytics to gather aggregated information about how visitors interact with the Website. This data is used to optimize user experience and is never linked to any individual user.

No other personal data is collected without your explicit consent. We do not sell or share personal data with third parties except as required by law or to trusted service providers who perform specific functions on our behalf (e.g., hosting, email delivery, analytics). All such third parties are bound by confidentiality agreements and are required to comply with GDPR.

3. Legal Basis for Processing

Our processing activities are based on the following lawful bases:

Consent – When you sign up for our newsletter or create an account, you provide explicit consent for us to store and use your email address for communication and account management.
Legitimate Interest – We process email addresses, cookies, and analytics data to improve website functionality, deliver personalized content, and ensure the security of our services. These activities are necessary for the legitimate interests of the Company and do not override your fundamental rights.

We conduct a Data Protection Impact Assessment (DPIA) whenever a new processing activity is introduced that may pose a high risk to individuals’ rights and freedoms. The DPIA confirms that the processing is proportionate and that safeguards are in place.

4. Data Security Measures

Protecting your personal data is a top priority. We employ multiple technical and organisational safeguards:

SSL/TLS encryption – All data transmitted between your browser and our servers is protected by HTTPS, ensuring that data cannot be intercepted or tampered with.
Secure servers – Our hosting environment is located in EU data centres that meet ISO/IEC 27001 standards. Physical access to servers is restricted, and network access is monitored 24/7.
Limited retention – Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected. Email addresses are stored for up to 12 months after the last interaction unless you request deletion. Analytics data is retained for 12 months in aggregate form.
Encryption at rest – All stored data is encrypted using AES‑256 encryption to protect against unauthorized access.
Access controls – Only authorised staff members with a legitimate need to access personal data are granted access. All staff undergo regular privacy and security training.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. We are committed to respecting these rights and providing a clear process for you to exercise them.

Right to Access

You may request a copy of any personal data we hold about you. We will provide you with a concise summary of the data, the purposes for which it is processed, and the categories of recipients. This information will be supplied in a commonly used, machine-readable format.

Right to Rectification

If any of your personal data is inaccurate, incomplete, or outdated, you can request that we correct it. We will update the information promptly and verify the accuracy of the corrected data.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data where no legitimate basis exists to continue processing it. This includes email addresses that are no longer needed for the purposes of your account or subscription. We will remove the data from all active databases and backup copies where feasible, except where we are legally required to retain it.

Right to Restrict Processing

You can request that we limit the processing of your personal data. During the restriction period, we may store the data but will not use it for any purpose other than to comply with legal obligations or to respond to your request for rectification or erasure.

Right to Data Portability

You may receive the personal data you provided to us in a structured, commonly used, machine-readable format and have the right to transmit it to another controller, provided that the processing is based on consent or contract. We will provide the data in formats such as CSV or JSON.

Right to Object

You can object to the processing of your personal data for direct marketing, profiling, or other legitimate interests. If you object, we will cease processing your data for those purposes unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

If we rely on your consent to process your personal data, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. We will stop processing your data for the purposes for which consent was given immediately upon receipt of your withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: [email protected]

In your request, please include:

Your full name and contact details (email or phone).
A description of the request (e.g., “I would like to request a copy of all personal data you hold about me”).
Any relevant identifiers (e.g., email address used on the Website).

We will respond to your request within 30 days, as required by the GDPR. If you need a response sooner or have a more complex request (e.g., multiple rights combined), we will contact you to clarify your needs. Where we need additional verification to confirm your identity, we will request supporting documentation.

7. Retention Periods

Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Specific retention periods are: