GDPR Compliance Policy

Welcome to Yumfoodjourney (the “Website”). This policy explains how we collect, use, store, and protect the personal data of visitors and users in compliance with the European Union’s General Data Protection Regulation (GDPR) and related data‑protection laws. By accessing or using the Website, you acknowledge that you have read, understood, and agree to this policy.

1. What Personal Data We Collect

Email addresses – Collected when you sign up for newsletters, create an account, or request a recipe or special offer.
Cookies and similar tracking technologies – We use first‑party cookies to remember your language preference, login session, and to enhance the overall user experience. Third‑party analytics cookies (e.g., Google Analytics) are also employed to gather anonymised traffic data.
Analytics data – Includes IP addresses, device type, operating system, browser, referral URLs, pages visited, time spent on each page, and interaction with site features.

2. How We Protect Your Personal Data

SSL/TLS encryption is enforced across all pages, ensuring that data transmitted between your browser and our servers remains confidential and tamper‑proof. All personal data are stored on secure, access‑controlled servers located within the European Economic Area (EEA). We implement the following safeguards:

Role‑based access control and strict authentication for all staff.
Regular vulnerability scans and penetration testing.
Encrypted backups with a 30‑day retention period for logs and a 90‑day retention for user data.
Automatic deletion of data that no longer serves a legitimate purpose or is requested by the user.

3. Legal Basis for Processing Personal Data

We rely on the following legal bases for processing personal data:

Consent – For activities such as newsletter subscriptions, marketing communications, and the use of analytics cookies. Consent is freely given, specific, informed, and unambiguous.
Legitimate interest – For improving the Website’s functionality, ensuring security, and providing a personalised user experience. We perform a legitimate interest assessment to balance our interests against your privacy rights.

4. Your GDPR Rights

Under the GDPR, you possess the following rights with respect to your personal data. Each right is illustrated with a Bootstrap icon for easy reference.

Right to Access

Request a copy of all personal data we hold about you, including the sources, purposes, and categories of data processed.

Right to Rectification

Ask us to correct any inaccurate or incomplete personal data.

Right to Erasure

Request deletion of personal data when it is no longer necessary or if you withdraw consent.

Right to Restrict Processing

Ask us to limit the processing of your data while we verify its accuracy or assess the legality of the processing.

Right to Data Portability

Obtain your personal data in a structured, commonly used format and transfer it to another controller.

Right to Object

Object to the processing of your data for direct marketing or profiling purposes.

Right to Withdraw Consent

Withdraw consent at any time, and we will cease processing your data for the purpose for which consent was given.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) via email at [email protected]. When contacting us, provide the following information to help us identify your request quickly:

Your full name and contact details.
Any identifiers you use on the Website (e.g., user ID, email address).
A clear statement of the right you wish to exercise (e.g., “I request the deletion of my email address”).
Any supporting documentation that may help verify your identity.

We will respond to your request within 30 days of receiving it. If we need additional information to process your request, we will contact you promptly. In exceptional cases, we may extend the response time by an additional 30 days and will inform you of the reason for the delay.

6. Contact Information

For any questions, concerns, or complaints regarding this GDPR Compliance Policy or our data‑processing practices, please reach out to our DPO:

Yumfoodjourney GDPR Compliance Office
Email: [email protected]
Last Updated: April 03, 2026

7. Policy Updates

We reserve the right to modify this policy at any time. Any changes will be reflected on this page with an updated “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we handle your personal data.