Family Flavor Recipes – GDPR Compliance Policy

1. Introduction

Family Flavor Recipes (the “Website”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of our visitors, subscribers, and users in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we collect it, how we process it, and the rights you have under the GDPR. By using our site you consent to the practices described herein.

2. Personal Data We Collect

We only collect data that is necessary for the legitimate purposes described below. The categories of personal data we process include:

• Email address – collected when you subscribe to our newsletter, request a recipe, or contact us via the website.
• Cookies and similar tracking technologies – used to remember your preferences, analyse traffic, and improve user experience.
• Analytics data – aggregated information such as page views, referral sources, and device type, collected through Google Analytics and other services.

We do not collect sensitive data (e.g., health information, political opinions) unless you voluntarily provide it in a support request, in which case it will be handled with the same level of protection.

3. Legal Basis for Processing

Our processing activities are based on the following lawful grounds under Article 6 of the GDPR:

• Consent – when you voluntarily sign up for our newsletter or accept cookies, you give explicit consent for us to process your email address and tracking data.
• Legitimate Interests – we process analytics data and use cookies to improve site performance, security, and user experience, which are legitimate interests that do not override your fundamental rights.

If you withdraw consent, we will no longer rely on that basis for processing the data covered by the consent, but we may still process it on other lawful grounds where applicable (e.g., legal obligations).

4. How We Protect Your Data

We employ a range of technical and organisational measures to safeguard personal data, including:

• SSL/TLS Encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers – our hosting environment is hardened, regularly patched, and monitored for unauthorised access.
• Limited Retention – email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months.
• Access Controls – only authorised personnel with a legitimate need can access personal data, and they are bound by confidentiality agreements.

5. Your GDPR Rights

You enjoy a suite of rights under the GDPR. Each right is listed below with a brief description and an accompanying Bootstrap Icon for quick reference.

• Right to Access – You may request a copy of the personal data we hold about you, together with information about how we process it.
• Right to Rectification – If any of your data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.
• Right to Erasure (“Right to be Forgotten”) – You may request that we delete your personal data, subject to certain legal exceptions (e.g., when data is required for tax compliance).
• Right to Restrict Processing – You can ask us to limit the ways we use your data while we verify the accuracy of the data or resolve a dispute.
• Right to Data Portability – You may receive your data in a structured, commonly used format and transmit it to another controller where technically feasible.
• Right to Object – You can object to the processing of your data for direct marketing, profiling, or where processing is based on legitimate interests.
• Right to Withdraw Consent – Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at gdpr@familyflavorrecipes.com. Include your full name, the email address associated with your account (if applicable), and a clear description of the action you wish us to take.
2. We may ask for additional information to verify your identity and ensure that we do not disclose data to an unauthorised third party.
3. Once verified, we will act on your request within 30 calendar days. In complex cases, we may extend this period by an additional two months, but we will inform you of the extension and the reasons for it within the initial 30‑day window.

All correspondence will be handled in plain language, and we will provide you with a written confirmation of the actions taken, unless an exemption applies (e.g., where providing the information would adversely affect the rights of another individual).

7. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Email subscriptions: retained until you unsubscribe or request deletion.
• Cookies & analytics: session cookies are deleted when you close your browser; persistent cookies are retained for a maximum of 12 months, after which they are automatically cleared.

When the retention period expires, the data is either securely destroyed or anonymised so that it can no longer be linked to an identifiable individual.

8. International Transfers

Family Flavor Recipes operates its servers within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., to a third‑party analytics provider), we ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place to guarantee an equivalent level of protection.

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review the policy regularly.

10. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer: