GDPR Compliance Policy

Effective date: December 06, 2025

This GDPR (General Data Protection Regulation) Compliance Policy explains how dailymealstudio (https://dailymealstudio.com) collects, uses, stores, and protects personal data of individuals located in the European Economic Area (EEA). We are committed to respecting your privacy and to handling your personal information in a transparent, lawful, and secure manner.

1. Data We Collect

We only collect the personal data that is necessary to provide our services and improve your experience. The categories of data we process include:

Email address: collected when you subscribe to our newsletter, request a quote, or contact us via the website.
Cookies and similar tracking technologies: used for session management, analytics, and personalized content.
Analytics data: aggregated information about page views, referral sources, and device types generated by tools such as Google Analytics.

2. How We Use Your Data

We process the data listed above for the following purposes:

To send you newsletters, promotional offers, and transactional emails you have explicitly requested.
To improve website functionality, diagnose technical issues, and understand user behaviour through analytics.
To comply with legal obligations, such as keeping records for tax or accounting purposes.

3. Legal Basis for Processing

Under GDPR, we must have a lawful basis for each type of processing. Our legal bases are:

Consent: When you voluntarily provide your email address and explicitly opt‑in to receive communications, we rely on your consent (Article 6(1)(a)). You may withdraw this consent at any time (see Section 7).
Legitimate interest: The use of cookies and analytics for improving website performance and security is based on our legitimate interest (Article 6(1)(f)). This interest is balanced against your rights and expectations, and you can object at any time (see Section 7).

4. Data Protection Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers: Our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
Limited retention: Personal data is retained only for as long as necessary to fulfil the purposes described in this policy. Email addresses are deleted 24 months after the last interaction unless you have opted to remain subscribed.
Access controls: Only authorised personnel with a legitimate need can access personal data, and all staff receive GDPR awareness training.

5. Your GDPR Rights

As a data subject, you enjoy a set of rights under GDPR. Each right is described below together with a Bootstrap 5 icon for quick reference.

Right to Access

You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of that data in a structured, commonly used format.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure (“Right to be Forgotten”)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent and no other legal basis applies.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data or while we consider a request for erasure.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller where technically feasible.

Right to Object

You may object, on grounds relating to your particular situation, to processing of your personal data for direct marketing, profiling, or where processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us using the details provided in Section 9. Your request will be handled in accordance with the GDPR and will be responded to within 30 calendar days. If we need additional information to verify your identity, we will let you know promptly.

7. Contact Information

If you have questions about this policy, wish to make a request, or need further clarification, please reach out to our Data Protection Officer (DPO) at:

dailymealstudio
Email: gdpr@dailymealstudio.com

8. International Transfers

We do not transfer personal data outside the European Economic Area (EEA). All processing takes place on servers located within the EEA or in jurisdictions that provide an adequate level of data protection as recognised by the European Commission.

9. Data Retention

We retain personal data only for the period necessary to achieve the purposes outlined in this policy:

Email addresses: up to 24 months after the last interaction, unless you remain subscribed.
Cookies & analytics data: aggregated and anonymised data is kept for up to 12 months; raw data that could identify an individual is deleted after 6 months.

10. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any revisions will be posted on this page with a revised “Last Updated” date. We encourage you to review the policy regularly.

11. Your Complaints

If you believe that we have not complied with your data‑protection rights, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside, work, or where the alleged infringement occurred.

Thank you for trusting dailymealstudio with your personal data. We are dedicated to safeguarding your privacy and upholding the highest standards of data protection.