GDPR Compliance Policy for Flavormealflow

Last Updated: April 03, 2026

Flavormealflow (“we”, “our”, or “us”) is committed to protecting the privacy and personal data of our users in accordance with the General Data Protection Regulation (GDPR) and related data protection laws. This policy explains what personal data we collect, how we use it, the legal basis for processing, the rights you have as a data subject, and how you can exercise those rights. If you have any questions or concerns, please contact us at [email protected].

1. Types of Personal Data We Collect

Email addresses: When you sign up for newsletters, create an account, or place an order, we collect your email address to communicate with you.
Cookies and web beacons: We use first‑party cookies to remember your preferences and to personalize your experience on our website. Third‑party analytics cookies are also used to gather aggregated data about website usage.
Analytics data: Tools such as Google Analytics or Matomo capture anonymous data about how visitors interact with our site, including page views, device types, and geographic location.

2. How We Protect Your Data

All data transmitted to and from our website is encrypted using HTTPS (TLS 1.3). We store personal data on secure servers located in the European Economic Area (EEA), protected by industry‑standard firewalls and access controls. Only authorized personnel have access to personal data, and all staff undergo regular data protection training. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. After the retention period, data is securely deleted or anonymised.

3. Legal Basis for Processing

We rely on two primary legal bases under the GDPR to process your personal data:

Consent: When you voluntarily provide your email address or other personal data, you explicitly consent to its use for the purposes described in this policy.
Legitimate interest: We process data that is necessary to improve our services, such as analysing traffic patterns or personalising content. We conduct a legitimate interest assessment to ensure that our interests do not override your rights and freedoms.

4. Your GDPR Rights

Right to Access

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data. To exercise this right, please contact us at [email protected].

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request us to correct it. Provide the details that need to be updated and we will rectify them promptly.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data, provided there is no legal obligation to retain it. Examples include when you cancel your account or withdraw consent.

Right to Restrict Processing

Under certain circumstances, you can request that we limit the processing of your personal data. For example, if you contest the accuracy of the data, we can suspend processing until the issue is resolved.

Right to Data Portability

You may receive your personal data in a structured, commonly used, and machine‑readable format, or request that we transmit it directly to another controller.

Right to Object

You can object to the processing of your data for direct marketing or profiling purposes. Upon receiving your objection, we will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

At any time, you may withdraw consent that you have previously provided. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights above, please send a written request to [email protected]. Your request should include:

Your full name and contact details.
A clear statement of the right you are exercising.
Any identifying information that will help us locate your personal data (e.g., email address, account number).

We will respond to your request within 30 days of receipt. If you need a quicker response due to urgent circumstances, please let us know in your email and we will do our best to expedite the process.

6. Retention of Personal Data

We retain your personal data for the shortest time necessary to achieve the purposes for which it was collected. Typical retention periods are:

Email addresses: up to 2 years after the last interaction, unless you request deletion earlier.
Cookie data: 1 year for session cookies, 2 years for persistent cookies.
Analytics data: anonymised aggregates are stored indefinitely, while raw data is retained for 6 months.

7. Security Measures and Data Breach Notification

We implement technical and organisational measures to safeguard your data against accidental loss, unlawful processing, and unauthorized access. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where necessary, inform affected individuals.

8. Contact Us

For any questions about this GDPR Compliance Policy or to exercise your data protection rights, please contact:

Flavormealflow Data Protection Officer
Email: [email protected]

We appreciate your trust in Flavormealflow and remain committed to protecting your privacy and personal data.