GDPR Compliance Policy

Last Updated: April 03, 2026

1. Introduction

dailyfoodplates.com (“we”, “our”, or “us”) is committed to safeguarding your personal data and respecting your privacy rights. This GDPR Compliance Policy explains how we collect, use, store, and protect your information, and outlines your rights under the General Data Protection Regulation (EU Regulation 2016/679). By accessing or using our website, you acknowledge that you have read, understood, and agreed to this policy.

2. Data We Collect

Email addresses: When you sign up for newsletters, create an account, or place an order, we collect your email address to communicate with you about your account, orders, promotions, and updates.
Cookies and Tracking Technologies: We use first‑party cookies to improve your browsing experience, remember your preferences, and enable essential site functions. Third‑party analytics cookies (e.g., Google Analytics) help us understand how visitors interact with the site, so we can enhance content and services.
Analytics Data: We collect aggregated, anonymised data on page views, traffic sources, device types, and geographic information. This data is used solely for performance monitoring and site optimisation.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: For marketing emails and newsletters, we obtain your explicit consent during the subscription process. You can withdraw consent at any time by clicking the unsubscribe link.
Legitimate Interest: We process data for purposes such as maintaining website security, preventing fraud, and improving user experience. Our legitimate interest is balanced against your privacy rights and is reviewed annually.

4. How We Protect Your Data

SSL/TLS Encryption: All data transmitted between your browser and our servers is protected by industry‑standard SSL/TLS encryption (HTTPS).
Secure Servers: We host our data on secure, fire‑walled servers that comply with ISO/IEC 27001 and regularly undergo penetration testing.
Limited Retention: Personal data is retained only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Email addresses are deleted after 12 months of inactivity, unless you opt in to future communications.
Access Controls: Access to personal data is restricted to authorised personnel who require it for legitimate business purposes. All staff complete GDPR training annually.

5. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with an icon for quick reference.

Right to Access

You have the right to request a copy of the personal data we hold about you. This includes the purpose of processing, categories of data, and any recipients or third parties with whom the data is shared.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you can request that we correct or complete it promptly.

Right to Erasure

Under certain circumstances, you may request the deletion of your personal data. This includes cases where the data is no longer necessary or you withdraw consent and no other legal basis applies.

Right to Restrict Processing

You can request that we restrict the processing of your personal data, for example, if you contest its accuracy or the processing is unlawful but you oppose erasure.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format, and to transfer it to another controller where technically feasible.

Right to Object

At any time, you can object to the processing of your personal data for direct marketing or profiling purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

If you have provided consent for processing, you may withdraw it at any time. Withdrawal does not affect the legality of processing carried out before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer at:

Email: [email protected]

When you send a request, please include the following information to help us identify you and verify your identity securely:

Your full name and any user identifier (e.g., account number).
A description of the request (e.g., “I would like a copy of all personal data we hold about me”).
Any supporting documentation that proves your identity (e.g., a scanned copy of a passport or driver’s licence).

We will respond to your request within 30 days of receipt. If you require an extension due to the complexity or volume of your request, we will inform you and provide a new deadline.

7. Response Time

In accordance with GDPR Article 12(3), we commit to responding to all lawful requests within 30 calendar days. If we need more time, we will notify you within the first 30 days and provide an estimate of when you can expect a final response.

8. Contact Information

For any questions, concerns, or complaints about how we handle your personal data, you may contact our Data Protection Officer at the email address provided above. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in your jurisdiction.

This policy is effective as of the date indicated above and may be amended from time to time. We will post any updates to this page and provide notice of changes in a timely manner.