GDPR Policy - flavorkitchencorner

GDPR Compliance Policy

At FlavorKitchenCorner, we respect your privacy and are committed to protecting the personal data we collect. This policy explains how we comply with the General Data Protection Regulation (GDPR) and outlines your rights as a data subject. It applies to all users accessing flavorkitchencorner.com and any related services.

Data We Collect

Email addresses: Collected when you subscribe to newsletters, create an account, or request recipes.
Cookies: We use first‑party and third‑party cookies to remember preferences, analyze traffic, and personalize content.
Analytics: Tools such as Google Analytics track anonymous usage data to improve site performance.

How We Protect Your Data

SSL Encryption: All data transmitted between your browser and our servers is protected by TLS 1.3 encryption.
Secure Servers: Our hosting infrastructure is located in the European Economic Area and complies with ISO/IEC 27001 standards.
Limited Retention: Personal data is retained only as long as necessary for the purposes it was collected. Email addresses are stored for up to 12 months after the last interaction unless you opt‑in to a longer subscription.

Legal Basis for Processing

We process personal data based on the following lawful bases:

Consent: When you explicitly agree to receive marketing communications or use certain site features.
Legitimate Interest: For improving user experience, analyzing site usage, and providing relevant content.

Your GDPR Rights

Under the GDPR, you have the following rights concerning your personal data:

Right to Access: You may request a copy of the personal data we hold about you.

Right to Rectification: You can ask us to correct inaccurate or incomplete information.

Right to Erasure: You may request the deletion of your personal data where no legal obligation requires us to keep it.

Right to Restrict Processing: You can limit how we use your data, for example, if you contest its accuracy.

Right to Data Portability: You may receive your data in a structured, machine‑readable format and transfer it to another controller.

Right to Object: You can object to processing for direct marketing or profiling purposes.

Right to Withdraw Consent: You may withdraw consent at any time, and this will not affect the lawfulness of any processing carried out before withdrawal.

How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at [email protected] with a brief description of your request. Provide identifying details such as your name, email address, and any relevant account information to help us locate your data quickly.

Procedure

Identify the request: Specify which right you are invoking (e.g., “Right to Erasure”).
Provide proof of identity: For security, we may ask for a copy of a government ID or a recent email exchange.
We confirm receipt: Within 5 business days, we will acknowledge your request and outline the next steps.
Processing: We will process your request within 30 calendar days, unless the request is complex, in which case we may extend the timeframe by an additional 30 days.
Confirmation: Once processed, you will receive an email confirming the action taken.

Response Time

We aim to respond to all GDPR‑related inquiries within 30 calendar days of receipt. If we need more time due to the complexity of the request, we will inform you and provide an updated estimate.

Cookies and Tracking Technologies

We use the following types of cookies:

Essential: Necessary for site functionality (e.g., session cookies).
Performance: Track visitor behavior to improve site usability.
Marketing: Deliver personalized content and ads.

You can manage your cookie preferences through the browser settings or by using the cookie banner that appears on first visit.

Data Transfers

We do not transfer personal data outside the European Economic Area unless necessary for legitimate business purposes. In such cases, we ensure appropriate safeguards such as standard contractual clauses or adequacy decisions are in place.

Security Measures

In addition to encryption and secure servers, we implement:

Regular vulnerability assessments and penetration testing.
Multi‑factor authentication for administrative access.
Strict access controls limiting data access to authorized personnel only.

Retention Policy

Personal data is retained for no longer than necessary to achieve the purpose for which it was collected. After the retention period, data is securely deleted or anonymized.

Contact Us

If you have any questions or concerns about this policy, please contact us at [email protected]. We also welcome feedback on how we can improve our privacy practices.

Last Updated: April 03, 2026