GDPR Compliance Policy

Last Updated: April 03, 2026

Introduction

Realflavorkitchen (the “Website”) is committed to protecting the privacy of its users and complying with the General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, the legal bases for our processing activities, the safeguards we employ, and the rights you have as a data subject. By accessing or using the Website, you acknowledge that you have read and understood this policy.

Data We Collect

• Email addresses: Collected when you subscribe to our newsletter, register for an account, or place an order. This data allows us to communicate with you about promotions, order updates, and other relevant information.
• Cookies: We use first‑party and third‑party cookies to remember your preferences, enable session management, and provide a personalized browsing experience. Cookies also help us analyze traffic patterns and improve site performance.
• Analytics data: We employ web analytics tools (e.g., Google Analytics) to collect aggregated information such as page views, referral sources, and device types. This data is used solely for statistical analysis and does not identify you personally.

How We Protect Your Data

Encryption & Secure Transmission: All data transmitted between your browser and our servers is protected with TLS 1.2+ (HTTPS). This ensures that personal information, such as email addresses, is encrypted during transit.

Secure Servers & Access Controls: We host our data on industry‑standard secure servers that are regularly audited and monitored. Access to personal data is restricted to authorized staff who require it for legitimate business purposes.

Limited Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. For example, email addresses are kept for the duration of your subscription, while analytics data is deleted after 12 months.

Legal Basis for Processing

Consent: When you voluntarily provide your email address or opt‑in to marketing communications, we rely on your explicit consent. You may withdraw this consent at any time by following the unsubscribe link or contacting us.

Legitimate Interest: We process cookies and analytics data under a legitimate interest basis to improve website usability, analyze performance, and deliver relevant content. We conduct a balancing test to ensure that our interests do not override your privacy rights.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for clarity.

Right to Access

You may request a copy of the personal data we hold about you. This includes details such as the categories of data, the purposes of processing, and the recipients of your information. We will provide the requested data in a structured, machine‑readable format within 30 days.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request that we correct it. We will rectify the information promptly and confirm the changes within 30 days of your request.

Right to Erasure

Also known as the “right to be forgotten,” you may ask us to delete your personal data when it is no longer necessary, when you withdraw consent, or if the processing is unlawful. We will delete the data unless we have a legal obligation to retain it, and we will confirm the deletion within 30 days.

Right to Restrict Processing

You can request that we limit the use of your data, for example, if you contest its accuracy or if the processing is unlawful but you oppose deletion. During the restriction period, we will only store the data for legitimate purposes and will inform you of any updates within 30 days.

Right to Data Portability

You have the right to receive your personal data in a commonly used, machine‑readable format and to transfer it to another controller. We will provide the data in formats such as CSV or JSON within 30 days of your request, unless the request is manifestly unfounded or excessive.

Right to Object

You may object to the processing of your data for direct marketing, profiling, or other purposes. Upon receiving an objection, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests. We will respond within 30 days.

Right to Withdraw Consent

If you previously provided consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal. We will honor your withdrawal promptly and confirm it within 30 days.

How to Exercise Your Rights

To exercise any of the rights above, please contact our Data Protection Officer (DPO) at [email protected]. In your communication, specify the right you wish to exercise, provide identifying details (e.g., email address, name), and attach any supporting documentation if necessary. We will acknowledge receipt within 5 business days and respond within 30 days, as mandated by the GDPR.

Response Time and Complaint Procedure

We are committed to responding to all legitimate requests within 30 days. If you believe your request has not been handled in a timely manner or if you are dissatisfied with our response, you may file a complaint with the supervisory authority in the EU member state where you reside. The contact details of the relevant supervisory authority are available on the European Commission’s website.

Updates to This Policy

We may update this policy from time to time to reflect changes in our data processing activities or legal requirements. Updated versions will be posted on the Website and will carry a new “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

Contact Us

If you have any questions about this GDPR Compliance Policy or your personal data, please contact us at:

Realflavorkitchen – Data Protection Officer

Email: [email protected]