GDPR Policy

Last Updated: February 13, 2025

Introduction

This GDPR (General Data Protection Regulation) Policy explains how KitchenQuill processes personal data in compliance with the European Union’s data protection law. We believe in transparency and want to ensure you understand how and why we handle your personal information.

Data Controller Information

KitchenQuill acts as the data controller for personal information collected through our website. We determine the purposes and means of processing personal data in accordance with GDPR requirements.

Legal Basis for Processing

We process your personal data under the following legal bases:

Consent

When you explicitly agree to us processing your data, such as when you accept our use of cookies for non-essential purposes.

Legitimate Interests

Where processing is necessary for our legitimate interests, such as improving our recipes and content, provided these interests don’t override your fundamental rights.

Contract Performance

When processing is necessary to fulfill our obligations to you, such as responding to your queries about recipes.

Legal Obligations

When we need to process data to comply with legal requirements.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you and information about how we process it.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data when it’s no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can ask us to temporarily or permanently stop processing your personal data under certain circumstances.

Right to Data Portability

You can request your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to our processing of your personal data for direct marketing purposes or based on legitimate interests.

Data We Process

We process the following categories of personal data:

Essential Processing

Information necessary for the website to function:

  • IP addresses
  • Browser type and version
  • Operating system information
  • Page view statistics

Optional Processing (With Consent)

Additional information you choose to provide:

  • Your recipe preferences
  • Dietary restrictions
  • Recipe ratings and reviews

International Data Transfers

While KitchenQuill is based in the United States, we may transfer your data to countries outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place through:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions issued by the European Commission
  • Other legally approved transfer mechanisms

Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are:

  • Account information: Until you request deletion
  • Analytics data: 26 months
  • Cookie data: Varies by cookie type (see Cookie Policy)
  • Communication records: 2 years after last contact

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

Data Protection Officer

While we’re not required to have a Data Protection Officer, we take data protection seriously. For any GDPR-related inquiries, please use our website’s contact form.

Data Breach Procedures

In the event of a personal data breach, we will:

  1. Assess the risk to individuals’ rights and freedoms
  2. Notify the relevant supervisory authority within 72 hours if required
  3. Inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms
  4. Document all breaches and our response measures

Automated Decision Making

KitchenQuill does not engage in automated decision-making or profiling that would produce legal effects or similarly significant effects on individuals.

Children’s Data

We do not knowingly collect or process personal data from children under 16 without parental consent. If we discover we have collected such data, we will take steps to delete it promptly.

Changes to This Policy

We review this policy regularly and will post any updates on this page. Material changes will be notified to users through a prominent notice on our website.

Cross-Border Data Transfers

For users in the UK and Switzerland, we apply the same high standards of data protection as required under GDPR.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR.