GDPR Compliance Policy
Last Updated: April 03, 2026
Introduction
flavorkitchenhub (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This GDPR Compliance Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (EU Regulation 2016/679). The policy applies to all visitors, users, and customers of flavorkitchenhub.com.
Personal Data We Collect
- Email addresses – collected when you subscribe to newsletters, create an account, or place an order.
- Cookies & Tracking Pixels – used to remember your preferences, improve site performance, and measure traffic.
- Analytics data – aggregated, anonymised information about how visitors use the site (e.g., page views, click‑through rates, geographic location).
- Order information – name, address, phone number, and payment details for order fulfilment.
How We Protect Your Data
- SSL/TLS Encryption – all data transmitted between your browser and our servers is encrypted with industry‑standard SSL/TLS certificates.
- Secure Hosting – we host our data on secure, ISO 27001‑certified servers with regular vulnerability scans.
- Limited Retention – personal data is retained only for as long as necessary to fulfil its purpose (e.g., 12 months after the last interaction). After that, it is securely deleted.
- Restricted Access – only authorised staff members who need the data for legitimate business purposes can access it.
Legal Basis for Processing
We process personal data under the following lawful bases:
- Consent – for marketing communications and newsletter subscriptions.
- Legitimate Interest – to analyse site usage, improve services, and provide a better user experience.
- Performance of a Contract – to process orders, deliver products, and provide customer support.
Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for quick reference.
Right to Access
You may request a copy of any personal data we hold about you, including the source of the data and the purposes of processing.
Right to Rectification
You can ask us to correct inaccurate or incomplete personal data we hold.
Right to Erasure
You may request the deletion of your personal data, provided no legal obligations require us to keep it.
Right to Restrict Processing
You can ask us to limit the use of your data, for example, while we verify its accuracy.
Right to Data Portability
You may receive your personal data in a structured, commonly used format and transfer it to another controller.
Right to Object
You can object to processing for direct marketing or profiling purposes at any time.
Right to Withdraw Consent
You may withdraw consent for any processing activity at any time, without affecting the lawfulness of processing carried out before withdrawal.
How to Exercise Your Rights
To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) at:
Email: [email protected]
Address: 123 Flavor Street, Culinary City, 45678, UK
When contacting us, please provide:
- A clear statement of the request (e.g., “I wish to access all personal data we hold about me”).
- Any evidence that confirms your identity (e.g., a copy of a passport or driver’s licence).
- Specific details of the data you are requesting (if known).
We will respond to your request within 30 days of receipt. If your request is complex or requires additional verification, we may need up to 60 days, but we will keep you informed throughout the process.
Data Retention Policy
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy. Typical retention periods are:
- Email subscriptions: 12 months after last interaction unless you unsubscribe.
- Order records: 7 years for tax and legal compliance.
- Analytics data: 6 months, anonymised for trend analysis.
After the retention period, all personal data is permanently deleted using secure deletion methods that prevent recovery.
Security & Breach Notification
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
- Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
- Provide details of the breach, its potential impact, and the measures taken to mitigate it.