GDPR Compliance Policy

Last Updated: December 01, 2025

1. Introduction

HappyDishRecipes (the “Site”, “we”, “us”, or “our”) is committed to protecting the personal data of its users in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This policy explains what personal data we collect, how we process it, the legal bases for processing, the security measures we employ, and the rights you enjoy under the GDPR. By using https://happydishrecipes.com, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

Email address – collected when you subscribe to our newsletter, submit a contact form, or request a password reset.
Cookies and similar tracking technologies – we use first‑party and third‑party cookies for session management, analytics, and personalized content.
Analytics data – aggregated information such as page views, click paths, device type, IP address (anonymised where possible), and referral source, collected via Google Analytics and similar services.

We do not collect any special categories of data (e.g., health, biometric, or political information). All data is processed only for the purposes described below.

3. How We Use Your Data

The personal data listed above is used for the following legitimate purposes:

Sending newsletters, promotional offers, and transactional emails you have explicitly requested.
Providing technical support and responding to enquiries submitted through our contact forms.
Improving the Site’s functionality, user experience, and content relevance through analytics.
Ensuring security, detecting fraud, and maintaining the integrity of our services.

4. Legal Basis for Processing

We rely on the following legal bases under the GDPR:

Consent (Article 6(1)(a)) – when you voluntarily subscribe to our newsletter or accept cookies, you give explicit consent for those specific processing activities.
Legitimate Interests (Article 6(1)(f)) – we process data for site security, fraud prevention, and improving the service where our interests do not override your fundamental rights.

If you withdraw consent, we will cease the processing activities that rely on consent, while continuing any processing that is necessary for legitimate interests or legal obligations.

5. Data Security & Retention

We take the security of your personal data seriously and have implemented technical and organisational measures, including:

SSL/TLS encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers – our hosting environment is hardened, regularly patched, and monitored for unauthorised access.
Access controls – only authorised personnel with a legitimate need can access personal data, and they are bound by confidentiality obligations.
Limited retention periods – email addresses are retained for as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, pseudonymised form for a maximum of 24 months.

6. Your GDPR Rights

Under the GDPR you have the following rights. Each right is accompanied by a Bootstrap Icon for quick visual reference.

Right to Access

You may request a copy of the personal data we hold about you, together with information about how we process it.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data where there is no compelling reason for us to retain it.

Right to Restrict Processing

You can ask us to limit the processing of your data while we verify the accuracy of the information or the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller.

Right to Object

You may object to the processing of your data for direct marketing, scientific/historical research, or any other legitimate interest that conflicts with your rights.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

7. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details provided in Section 9. Your request should include:

A clear description of the right you wish to invoke.
Sufficient information to verify your identity (e.g., the email address you used to register).
Any additional details that will help us locate your data quickly.

We will acknowledge receipt of your request within five (5) business days and will provide a substantive response no later than thirty (30) calendar days, unless an extension is justified by the complexity of the request or the volume of requests received. In such cases, we will inform you of the extension and the reasons for it within the original 30‑day period.

8. International Transfers

All processing takes place on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for a third‑party analytics provider), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place to protect your data in line with GDPR requirements.

9. Contact Information

For any questions regarding this policy, or to exercise any of your GDPR rights, please contact our Data Protection Officer at:

HappyDishRecipes – Data Protection Officer
Email: gdpr@happydishrecipes.com
Address: 123 Flavor Avenue, Kitchen City, EU

We will treat all enquiries confidentially and will respond in accordance with the timelines set out in Section 7.

10. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review the policy periodically.