GDPR Policy

Last Updated: October 28, 2025

1. Introduction

RecipeChic.com (“we,” “us,” “our,” or “Site”), owned by Chef Emma Reynolds, is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals located in the European Union (EU) and European Economic Area (EEA). This GDPR Policy explains how we collect, process, store, and protect personal data in accordance with GDPR requirements.

For information about how we collect and use data more broadly, please also review our Privacy Policy.

2. Legal Basis for Processing

A. Consent

We process personal data with your explicit consent when you:

  • Subscribe to our newsletter
  • Create an account on our Site
  • Submit contact forms or inquiries
  • Participate in surveys or promotions
  • Accept cookies through our cookie banner

You have the right to withdraw your consent at any time by contacting privacy@recipechic.com.

B. Contractual Necessity

We process personal data necessary to fulfill our contractual obligations when you:

  • Purchase products or services from RecipeChic.com
  • Create and maintain a user account
  • Subscribe to paid services or memberships

C. Legal Obligation

We process personal data when required by applicable laws, regulations, or court orders, including tax and accounting requirements.

D. Legitimate Interests

We process personal data based on our legitimate interests in:

  • Improving and optimizing our Site and user experience
  • Preventing fraud and ensuring security
  • Analyzing user behavior and trends
  • Sending promotional communications (where not prohibited)
  • Protecting our legal rights and interests

We conduct a Legitimate Interests Assessment (LIA) to ensure our processing does not override your fundamental rights and freedoms.

E. Vital Interests

In rare circumstances, we may process personal data to protect vital interests, such as your health or safety.

3. Categories of Personal Data We Process

A. Data You Provide

  • Contact Information: Name, email address, telephone number, postal address
  • Account Information: Username, password (encrypted), profile information
  • Payment Information: Billing address, payment card details (processed by secure third-party processors)
  • Communication Data: Messages, comments, inquiries, and feedback you submit
  • Preference Data: Your dietary preferences, cooking interests, recipe preferences

B. Data Collected Automatically

  • Technical Data: IP address, device type, browser type, operating system, device identifiers
  • Usage Data: Pages visited, links clicked, time spent on pages, referral sources, search queries
  • Cookie Data: Information stored through cookies and similar tracking technologies
  • Location Data: General geographic location based on IP address (not precise GPS tracking)

C. Data from Third Parties

  • Analytics Providers: Aggregated data about website usage and trends
  • Social Media Platforms: Basic profile information if you link your accounts
  • Payment Processors: Confirmation of successful transactions

4. Data Collection Methods

A. Cookies and Tracking Technologies

We use the following types of cookies on RecipeChic.com:

Essential Cookies: Required for site functionality (login, security, preferences)

  • Legal basis: Legitimate interests and contractual necessity
  • Duration: Session or 12 months

Performance/Analytics Cookies: Track how users interact with our Site

  • Legal basis: Legitimate interests
  • Providers: Google Analytics
  • Duration: Up to 2 years

Marketing Cookies: Enable targeted advertising and promotional content

  • Legal basis: Consent (where required by law)
  • Duration: Varies by platform

Third-Party Cookies: Set by external services for analytics, advertising, and functionality

You can control cookie preferences through our Cookie Management Tool or your browser settings. Note that blocking essential cookies may limit your ability to use certain Site features.

B. First-Party and Third-Party Data

We do not purchase or trade personal data. We only use data that you provide or that we collect directly through your interaction with our Site.

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Newsletter Subscribers: Until you unsubscribe
  • User Accounts: While your account is active, plus 12 months after account deletion
  • Payment Information: As required for tax and accounting purposes (typically 7 years)
  • Support Communications: 3 years after the final communication
  • Marketing Communications: Until you withdraw consent
  • Technical Logs: 30-90 days
  • Analytics Data: Typically 26 months (Google Analytics default)

Upon request, we will delete your personal data, subject to legal retention requirements and our legitimate business interests.

6. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

A. Right of Access

You have the right to request and obtain a copy of your personal data that we hold. We will provide this information within 30 days of your request.

B. Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update your information directly through your account or by contacting us.

C. Right to Erasure

You have the right to request deletion of your personal data (“right to be forgotten”), except where:

  • Data is necessary to fulfill a contract
  • We have a legal obligation to retain it
  • Data is necessary for legitimate interests
  • The data is required for legal claims

We will respond to erasure requests within 30 days.

D. Right to Data Portability

You have the right to receive your personal data in a structured, commonly-used, machine-readable format and to transmit it to another controller. We will provide your data in CSV or JSON format within 30 days of request.

E. Right to Restrict Processing

You have the right to restrict or suspend our processing of your personal data in certain circumstances, such as:

  • Whilst you contest the accuracy of the data
  • Where processing is unlawful but you don’t want deletion
  • Where we no longer need the data but you require it for legal claims
  • Where you object to processing

F. Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing within 30 days, except where we have compelling legitimate grounds or legal requirements.

G. Right to Withdraw Consent

Where we process data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.

H. Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your GDPR rights. Contact details for EU data protection authorities are available at www.edpb.europa.eu.

7. Exercising Your Rights

To exercise any of your GDPR rights, please submit a written request to:

Email: privacy@recipechic.com
Mail: Chef Emma Reynolds, RecipeChic.com, [Your Address]

In your request, please specify which right(s) you wish to exercise and provide sufficient information to identify you (name, email, account details if applicable). We will verify your identity before processing your request to ensure we only disclose data to the rightful data subject.

We will respond to all requests within 30 days. If your request is complex or we receive multiple requests, we may extend this period by up to two months, with notification.

8. International Data Transfers

Personal data collected from EU/EEA residents may be transferred to and processed in the United States or other countries outside the EU/EEA. These countries may not have the same level of data protection as the EU.

A. Transfer Mechanisms

We utilize the following mechanisms for lawful international data transfers:

Standard Contractual Clauses (SCCs): We include SCCs in our data processing agreements with third-party service providers to ensure adequate safeguards.

Adequacy Decisions: We rely on European Commission adequacy decisions where applicable.

Your Consent: By using RecipeChic.com and providing your personal data, you consent to transfers as described in this policy.

B. Transfers to Service Providers

Our service providers (hosting, email, analytics, payment processing) are located in various jurisdictions. We ensure all transfers are governed by appropriate legal safeguards, including:

  • Data Processing Agreements (DPAs)
  • Standard Contractual Clauses
  • Binding Corporate Rules (where applicable)

9. Data Processing and Processors

A. Data Controller

Chef Emma Reynolds, operating RecipeChic.com, is the data controller responsible for the lawful processing of personal data.

B. Data Processors

We use the following third-party data processors:

  • Email Service Provider: [Name] – for newsletter and email communications
  • Web Hosting Provider: [Name] – for website hosting and data storage
  • Analytics Provider: Google Analytics – for website usage analysis
  • Payment Processor: [Name] – for secure payment processing
  • Customer Support Platform: [Name] – for managing inquiries and support tickets

All processors are contractually bound by Data Processing Agreements that comply with GDPR Article 28 requirements, including:

  • Processing only on instructions from the controller
  • Maintaining confidentiality and security
  • Implementing appropriate technical and organizational measures
  • Assisting with data subject rights requests
  • Deleting or returning data upon contract termination

C. Sub-Processors

Our processors may use sub-processors. We maintain an updated list of sub-processors available upon request.

10. Data Security and Protection

We implement comprehensive technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

A. Technical Measures

  • SSL/TLS encryption for data transmission
  • AES-256 encryption for data at rest
  • Secure password hashing with bcrypt
  • Regular security audits and penetration testing
  • Web Application Firewalls (WAF)
  • DDoS protection

B. Organizational Measures

  • Limited access to personal data on a need-to-know basis
  • Employee data protection training
  • Written information security policies
  • Data protection by design and by default
  • Incident response procedures

C. Data Breach Notification

If a data breach occurs that poses a risk to your rights and freedoms, we will:

  • Notify affected individuals without undue delay and no later than 72 hours after becoming aware
  • Provide details of the breach, its consequences, and measures we’re taking
  • Notify the relevant data protection authority where required by law

11. Children’s Data

RecipeChic.com is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it immediately.

For users aged 16-18, we may require parental or guardian consent for certain processing activities. If you are a parent or guardian and believe your child’s data has been collected without your consent, please contact us immediately at privacy@recipechic.com.

12. Cookies and Cookie Policy

A. Cookie Management

We use cookies to enhance your browsing experience. On your first visit, we present a Cookie Consent Banner allowing you to:

  • Accept all cookies
  • Decline non-essential cookies
  • Customize your cookie preferences

You can change your preferences at any time through our Cookie Management Tool.

B. Cookie Categories

Strictly Necessary: Required for site functionality and security (cannot be disabled) Preferences: Remember your choices and settings Statistics/Analytics: Understand how you use our Site Marketing: Enable targeted content and advertising

C. Third-Party Cookies

Third-party providers may set cookies on our Site for analytics and advertising. You can find information about these providers’ cookie policies and opt-out options in our Cookie Policy.

13. Marketing and Communications

A. Newsletter and Promotional Emails

We send marketing communications only to users who have actively opted in (double opt-in confirmation). You can unsubscribe at any time by:

  • Clicking the unsubscribe link in any email
  • Updating your account preferences
  • Contacting privacy@recipechic.com

B. Transactional Emails

We will continue to send transactional emails (order confirmations, password resets, account notifications) even if you unsubscribe from marketing communications.

C. Legitimate Interest Processing

Where we process your data for marketing based on legitimate interests, you have the right to object to such processing at any time.

14. Data Protection Impact Assessment

For high-risk processing activities, we conduct a Data Protection Impact Assessment (DPIA) to evaluate the risks and implement appropriate safeguards. High-risk activities may include:

  • Large-scale processing of sensitive data
  • Systematic monitoring
  • Processing involving new technologies
  • Automated decision-making

15. Data Protection Officer (DPO)

While RecipeChic.com may not be required to appoint a DPO under GDPR, we have designated a Privacy Officer to oversee data protection compliance and serve as a point of contact for data protection inquiries.

Privacy Officer Contact: Email: privacy@recipechic.com

16. Compliance with GDPR Articles

This policy ensures compliance with key GDPR articles:

  • Article 5: Data processing principles (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, confidentiality)
  • Article 6: Legal basis for processing
  • Article 9: Special categories of data (we do not intentionally collect sensitive data)
  • Article 12-22: Your rights and our obligations
  • Article 25: Data protection by design and by default
  • Article 28: Data processing agreements
  • Article 32: Security measures
  • Article 33-34: Breach notification
  • Article 35: Data Protection Impact Assessment
  • Article 44-49: International data transfers

17. Updates to This Policy

We may update this GDPR Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated to you via email (where we have your email address) or through a prominent notice on our Site. Your continued use of RecipeChic.com following such changes constitutes your acceptance of the revised policy.

18. Contact Information

For questions, complaints, or requests regarding GDPR compliance and your data rights, please contact:

Chef Emma Reynolds
RecipeChic.com
Email: privacy@recipechic.com
Email: contact@recipechic.com

We will respond to all data subject requests and inquiries within 30 days of receipt.

19. Acknowledgment and Acceptance

By using RecipeChic.com, you acknowledge that you have read and understood this GDPR Policy and agree to the processing of your personal data as described herein.