GDPR Compliance Policy
Welcome to Simpleflavormeals (the “Site”). This policy explains how we collect, use, protect, and share your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and related data‑protection laws. By using the Site or providing any personal information, you acknowledge that you have read, understood, and agreed to the terms set out below.
1. What Personal Data We Collect
We collect the following categories of personal data:
- Email addresses – When you sign up for newsletters, order meals, or register for an account, we store the email address you provide.
- Cookies and Tracking Technologies – We place HTTP cookies, web beacons, and similar tracking technologies on your device to understand how you use the Site, personalize content, and measure marketing effectiveness.
- Analytics Data – We use third‑party analytics services (e.g., Google Analytics) to gather anonymised usage statistics such as page views, device type, and referral sources. No personally identifiable information is sent to these services.
2. Legal Basis for Processing
We process your personal data on the following lawful bases:
- Consent – By subscribing to our newsletter or creating an account, you explicitly consent to receive marketing communications and to the use of cookies for analytics purposes.
- Legitimate Interest – We process data to provide, maintain, and improve the Site, to communicate with users, and to comply with legal obligations. We perform a legitimate interest assessment to ensure that our interests are balanced against your privacy rights.
3. How We Protect Your Data
We employ a comprehensive set of technical and organisational measures to safeguard your personal data:
- SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using 256‑bit SSL/TLS certificates.
- Secure Servers & Firewalls – We host data on ISO 27001‑certified servers with redundant power supplies, firewalls, and intrusion detection systems.
- Access Controls – Only authorised personnel with a legitimate need can access personal data. Role‑based permissions and multi‑factor authentication are enforced.
- Data Minimisation & Limited Retention – We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Email addresses are stored for up to 12 months after the last interaction, unless you request deletion earlier.
4. Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for clarity.
- Right to Access – You may request a copy of the personal data we hold about you. We will provide the information in a structured, commonly‑used format.
- Right to Rectification – If any of your data is inaccurate or incomplete, you can ask us to correct it. We will update the records promptly.
- Right to Erasure – Also known as the “right to be forgotten.” You can request that we delete your personal data, subject to legal retention requirements.
- Right to Restrict Processing – You may ask us to limit how we process your data (e.g., for verification purposes). During restriction, we will only store the data for the duration of the restriction.
- Right to Data Portability – You can obtain your data in a machine‑readable format and transfer it to another controller. We will provide the data in a commonly‑used format (e.g., CSV).
- Right to Object – You can object to the processing of your data for direct marketing or profiling. Upon objection, we will cease processing for those purposes.
- Right to Withdraw Consent – You may withdraw consent at any time. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.
5. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us at [email protected] with a brief description of your request and the data you wish to act upon. If you are requesting data erasure or restriction, please include any relevant account or order details to help us locate your records.
We will respond to your request within 30 calendar days. If the request is complex or requires additional verification, we may extend the response time by an additional 30 days, provided we notify you of the delay and the reason for the extension.
6. Retention Periods
We retain personal data for the minimum period necessary to achieve the purposes stated in this policy. Typical retention periods are:
- Email addresses – 12 months after the last interaction (or longer if required for legal or regulatory reasons).
- Cookie data – up to 2 years, in compliance with the EU e‑Privacy Directive.
- Analytics data – anonymised data is retained indefinitely for statistical purposes; personal identifiers are deleted immediately after processing.
7. Changes to This Policy
We reserve the right to update this GDPR Compliance Policy from time to time. We will notify you of any material changes by posting a notice on the Site and updating the “Last Updated” date. Your continued use of the Site after such changes constitutes your acceptance of the revised terms.
8. Contact Information
For any questions, concerns, or requests regarding your personal data, please contact:
Simpleflavormeals Data Protection Officer
Email: [email protected]
Website: https://simpleflavormeals.com
Last Updated: April 03, 2026