GDPR Compliance Policy

Kitchentasteflow (the “Website”) is committed to protecting the privacy and personal data of all users in accordance with the European Union General Data Protection Regulation (GDPR) and related data‑protection laws. This policy explains how we collect, use, share, and safeguard your personal information, and outlines the rights you have as a data subject under the GDPR.

1. Who We Are

Site: Kitchentasteflow
Contact for GDPR matters: [email protected]
Last Updated: April 03, 2026

2. Types of Personal Data We Collect

We collect the following categories of personal data when you interact with our Website:

Email addresses: When you subscribe to our newsletter, create an account, or contact us, we store your email address for communication and marketing purposes.
Cookies and similar tracking technologies: We use first‑party cookies to remember your preferences, session information, and to provide a personalized browsing experience. Third‑party analytics cookies are used to gather aggregated usage statistics.
Web analytics data: Tools such as Google Analytics and Matomo collect data about page views, device types, IP addresses, and referral sources to help us improve site performance and content relevance.

3. Legal Basis for Processing

Our processing activities are based on the following legal grounds:

Consent: When you sign up for our newsletter or create an account, you explicitly consent to receive marketing communications and to the use of cookies for analytics.
Legitimate Interest: We process data necessary to secure the functionality of the Website, improve user experience, and comply with legal obligations. This includes the use of analytics to monitor site performance and to detect security threats.

4. How We Protect Your Data

We implement robust technical and organizational measures to safeguard your personal information:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard SSL/TLS protocols.
Secure Servers: Our hosting infrastructure is protected by firewalls, intrusion detection systems, and regular vulnerability assessments.
Access Controls: Only authorized personnel with a legitimate business need can access personal data. All staff undergo data‑protection training.
Data Retention: Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Email addresses are kept for up to 2 years after the last interaction unless you request deletion.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Click the icons below for a brief explanation of each right.

Right to Access

You may request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data.

Right to Erasure

You may request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You can limit how we use your data while we verify its accuracy.

Right to Data Portability

You may receive your data in a structured format or transfer it to another controller.

Right to Object

You can object to processing for direct marketing or profiling purposes.

Right to Withdraw Consent

You may revoke any consent you have previously given at any time.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact us using the information below. We will respond to your request within 30 days, in line with GDPR requirements.

Email: [email protected]
Address: 123 Culinary Lane, Flavor City, FC 45678

When contacting us, please provide:

Your full name and contact details.
A clear statement of the request (e.g., “I wish to access my personal data”).
Any evidence that you are the data subject (e.g., a copy of a government ID or a screenshot of your account).

7. Data Retention and Deletion

We retain personal data only for as long as necessary to achieve the purposes outlined in this policy or to comply with legal obligations. When the retention period expires, or upon your request for deletion, we will permanently erase the data from all active and backup storage systems, except where a legal or regulatory requirement mandates longer retention.

8. Security Measures and Breach Notification

In addition to the technical safeguards mentioned earlier, we conduct annual security audits and penetration testing to identify and remediate vulnerabilities. If we discover a data breach that could pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

9. International Transfers

We do not transfer personal data outside the European Economic Area (EEA). All processing is carried out within the UK, EU, or other countries that provide an adequate level of protection as recognized by the European Commission.

10. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Any changes will be posted on this page and will take effect immediately upon publication. Your continued use of the Website after any modifications constitutes acceptance of the updated terms.

11. Contact Us

If you have any questions about this policy, your personal data, or wish to exercise your GDPR rights, please contact us at [email protected] or by post at the address listed above.