GDPR Compliance Policy
Kitchenfoodflow (“we”, “us”, or “our”) is committed to protecting the privacy and personal data of our users in accordance with the European Union General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and share personal information, the legal basis for such processing, and the rights you have as a data subject. If you have any questions or concerns, please contact us at [email protected].
Data We Collect
- Email Addresses – When you subscribe to our newsletter, create an account, or contact us, we collect your email address to communicate with you, deliver content, and respond to inquiries.
- Cookies & Tracking Technologies – We use first‑party cookies to remember your preferences, analyze site usage, and personalize your experience. Third‑party cookies may be set by partners for analytics and advertising purposes.
- Analytics Data – We employ web analytics tools (e.g., Google Analytics) to gather aggregate data such as page views, session duration, and referral sources. This data helps us improve the site and services.
How We Protect Your Data
We employ a combination of technical and organizational measures to safeguard your personal information:
- Secure Socket Layer (SSL) – All data transmitted between your browser and our servers is encrypted with TLS 1.2 or higher.
- Secure Servers – Our hosting infrastructure is located in EU data centers with 24/7 monitoring, firewalls, and intrusion detection systems.
- Access Controls – Only authorized personnel with a legitimate business need can access personal data. All staff undergo privacy training.
- Limited Retention – Personal data is retained only as long as necessary to fulfill the purposes described in this policy or as required by law. After that, it is securely deleted or anonymized.
Legal Basis for Processing
We rely on the following lawful bases to process your personal data:
- Consent – When you voluntarily provide your email address or opt‑in to marketing communications, we process that data based on your explicit consent.
- Legitimate Interest – For purposes such as site analytics, improving user experience, and fraud prevention, we process data when it is necessary and proportionate to our legitimate business interests, provided no overriding rights of data subjects exist.
Your Rights Under the GDPR
Right to Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Right to Withdraw Consent
How to Exercise Your Rights
You may exercise any of the rights listed above by contacting us at [email protected]. Please include the following information to help us verify your identity and process your request efficiently:
- Full Name – The name associated with the account or data.
- Email Address – The email address we have on record.
- Detailed Request – Specify the right you are exercising and provide any relevant details (e.g., data you want deleted, corrected, or transferred).
- Proof of Identity – A scanned copy of a government‑issued ID or a signed statement confirming your identity may be required for certain requests.
We will respond to your request within 30 days of receipt. If we need additional time to verify your identity or to comply with legal obligations, we will notify you of the delay and provide an estimated completion date.
Data Retention and Security Measures
We retain personal data for the following periods, after which it is securely deleted or anonymized:
- Email Addresses – Up to 12 months after the last interaction, unless you have opted to remain on our mailing list.
- Cookies & Tracking Data – Session cookies are deleted when the browser closes; persistent cookies are deleted after 90 days of inactivity.
- Analytics Data – Aggregated data is retained for 12 months to evaluate trends; personally identifying details are never stored.
All data is stored on encrypted servers with daily backups. We conduct regular vulnerability assessments, penetration testing, and audits to ensure the integrity and confidentiality of your personal information.
Policy Updates
We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date at the top of this page indicates the most recent revision. We encourage you to review this policy periodically to stay informed about how we protect your data.
Last Updated: April 03, 2026