GDPR Compliance Policy

Effective Date: December 06, 2025

DailyMealFlow (https://dailymealflow.com) is committed to protecting the privacy and personal data of its users in accordance with the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, how we process it, the legal bases for processing, the security measures we employ, and the rights you enjoy under the GDPR.

1. Data We Collect

We collect only the data that is necessary to provide, improve, and personalize our services. The categories of personal data we process include:

Email address: Used for account creation, newsletters, promotional offers, and communication regarding your account.
Cookies and similar tracking technologies: Small text files stored on your device to remember your preferences, analyse site usage, and deliver targeted content.
Analytics data: Aggregated information such as page views, click‑through rates, and device type collected via third‑party analytics services (e.g., Google Analytics) to improve site performance and user experience.

2. How We Protect Your Data

DailyMealFlow implements a comprehensive set of technical and organisational measures designed to safeguard personal data against unauthorised access, accidental loss, or unlawful processing:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using Secure Sockets Layer (SSL) technology (HTTPS) to prevent interception.
Secure Servers: Our hosting environment is hosted in data centres that comply with recognised security standards (ISO 27001, SOC 2) and employ firewalls, intrusion detection systems, and regular security patches.
Limited Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Email addresses are kept until you unsubscribe or request deletion; analytics data is anonymised after 12 months; cookie data is automatically cleared according to the expiry set in each cookie.
Access Controls: Access to personal data is restricted to authorised staff members who require it to perform their duties. All staff receive regular training on data protection and confidentiality.
Regular Audits: We conduct periodic security audits and vulnerability assessments to identify and remediate potential risks.

3. Legal Basis for Processing

Under the GDPR, we must have a lawful basis for each type of processing. DailyMealFlow relies on the following bases:

Consent (Article 6(1)(a)): When you voluntarily subscribe to our newsletter or accept the use of non‑essential cookies, you give explicit consent for those specific purposes.
Legitimate Interests (Article 6(1)(f)): Processing of analytics data and the use of essential cookies (e.g., session management) are necessary for the efficient operation of the website and improvement of our services. We have performed a Legitimate Interests Assessment (LIA) to ensure that our interests do not override your fundamental rights and freedoms.

4. Your GDPR Rights

As a data subject, you enjoy a series of rights under the GDPR. Each right is described below together with a representative Bootstrap Icon for quick visual reference.

Right to Access

You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of that data in a structured, commonly used, and machine‑readable format.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, or you object to the processing and there are no overriding legitimate grounds.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data or assess the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller without hindrance.

Right to Object

You may object to the processing of your data for direct marketing purposes or on grounds relating to your particular situation. We will cease processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Whenever processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details provided in Section 8. When submitting a request, include the following information to help us verify your identity and locate your data efficiently:

Full name and email address used on DailyMealFlow.
A clear description of the right you wish to invoke (e.g., “I request a copy of all personal data you hold about me”).
Any supporting documentation that confirms your identity (e.g., a scanned ID or a signed statement).

We will acknowledge receipt of your request within 5 business days and will provide a substantive response no later than 30 calendar days, unless a longer period is required due to the complexity of the request. If an extension is needed, we will inform you of the reason and the expected completion date within the initial 30‑day period.

6. Response Time

Our standard response time for all GDPR‑related requests is **30 days** from the date of receipt. In exceptional cases where the request is complex or numerous, we may extend the period by a further two months, as permitted by Article 12(3) of the GDPR. You will be notified of any such extension and the reasons for it.

7. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in legislation, our data processing activities, or improvements to our security measures. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of DailyMealFlow after such changes constitutes acceptance of the revised policy.

8. Contact Information

If you have questions about this policy, wish to exercise any of your GDPR rights, or want to lodge a complaint, please contact our Data Protection Officer:

Email: gdpr@dailymealflow.com
Website: https://dailymealflow.com

Alternatively, you may submit a written request to the following postal address (for EU residents):

Data Protection Officer
DailyMealFlow Ltd.
123 Culinary Avenue
1000 Brussels, Belgium

We will respond to all inquiries in accordance with the GDPR and applicable national data‑protection laws.

Last Updated: December 06, 2025