GDPR Compliance Policy – MyRecipeHaven

1. Introduction

MyRecipeHaven (the “Site”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of our visitors, members, and customers in accordance with the General Data Protection Regulation (EU) Regulation (EU) 2016/679 (GDPR). This policy explains what personal data we collect, how we process it, the legal bases for processing, the security measures we employ, and the rights you enjoy under the GDPR. By using our website (https://myrecipehaven.com) you consent to the practices described herein.

2. Personal Data We Collect

We collect and process the following categories of personal data:

• Email address – provided when you subscribe to our newsletter, create an account, or contact us.
• Cookies and similar tracking technologies – used to remember your preferences, analyse site usage, and deliver personalised content.
• Analytics data – aggregated information such as IP address, browser type, operating system, pages visited, and time spent on each page, collected via Google Analytics and other analytics services.

We do not collect sensitive personal data (e.g., health information, racial or ethnic origin) unless you voluntarily provide it in a support request, in which case it will be treated with the same level of protection.

3. Legal Basis for Processing

Under the GDPR, processing is lawful only if at least one of the following bases applies:

• Consent (Article 6(1)(a)) – When you voluntarily sign up for our newsletter or accept our cookie banner, you give explicit consent for us to process your email address and tracking data for the purposes described.
• Legitimate Interests (Article 6(1)(f)) – We process analytics data and use cookies to improve site performance, security, and user experience, which are legitimate interests that do not override your fundamental rights.

If you withdraw consent, we will no longer process data that relies solely on that consent, while data processed on the basis of legitimate interests will continue to be handled in accordance with the GDPR.

4. How We Protect Your Data

We employ a range of technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data:

• SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.3).
• Secure Servers – Our hosting environment is hardened, regularly patched, and monitored 24/7 for unauthorised access.
• Limited Retention – Email addresses are retained only while you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months. Cookies are set with appropriate expiry periods (session cookies expire on browser close; persistent cookies have a maximum lifespan of 12 months).
• Access Controls – Only authorised personnel with a legitimate need can access personal data, and they are bound by confidentiality obligations.
• Regular Audits – We conduct periodic security assessments and vulnerability scans to identify and remediate risks.

5. Your GDPR Rights

As a data subject, you enjoy the following rights under the GDPR. Each right is accompanied by a Bootstrap Icon for quick visual reference.

• Right to Access – You may request confirmation that we process your personal data and obtain a copy of that data, together with information about the purposes of processing, categories of data, and recipients.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you have the right to have it corrected without undue delay.
• Right to Erasure (Right to be Forgotten) – You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds.
• Right to Restrict Processing – You can ask us to limit the processing of your data while we verify the accuracy of the data or while we consider your objection.
• Right to Data Portability – You may receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller without hindrance.
• Right to Object – You may object to the processing of your data for direct marketing, scientific/historical research, or statistical purposes. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds.
• Right to Withdraw Consent – Where processing is based on your consent, you may withdraw it at any time, free of charge. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details provided in Section 9. Your request should include:

• Your full name and, where applicable, your account identifier (e.g., email address used for registration).
• A clear description of the right you wish to invoke (e.g., “I request a copy of all personal data you hold about me”).
• Any additional information needed to verify your identity (e.g., a copy of a government‑issued ID) – this is required only when the request could affect the privacy of another individual.

We will acknowledge receipt of your request within 5 business days and will respond no later than 30 calendar days, in line with GDPR Article 12(3). If the request is complex or numerous, we may extend the period by an additional two months, but we will inform you of the extension and the reasons for it within the original 30‑day deadline.

7. Data Retention Periods

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Email addresses – retained while you remain subscribed to the newsletter or until you request deletion; otherwise, we keep them for a maximum of 24 months for archival and legal compliance.
• Cookies – session cookies expire when the browser is closed; persistent cookies are set with a maximum lifespan of 12 months and are automatically deleted thereafter.
• Analytics data – stored in an aggregated, anonymised form for up to 12 months, after which it is purged.

When the retention period expires, the data is securely destroyed or irreversibly anonymised.

8. International Transfers

All processing takes place on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for a third‑party service provider), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place to guarantee an equivalent level of protection.

9. Contact Information

For any questions about this policy, to lodge a complaint, or to exercise your GDPR rights, please contact our Data Protection Officer:

Email: gdpr@myrecipehaven.com

We will make every reasonable effort to address your inquiry promptly and transparently.

10. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices, legal requirements, or technological developments. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the Site after such changes constitutes acceptance of the revised policy.