GDPR Compliance Policy

Kitchenflavorstudio (“we”, “our”, “us”) is committed to protecting the privacy and personal data of the visitors, subscribers, and customers of our website kitchenflavorstudio.com. This policy explains how we collect, use, store, and safeguard personal data in accordance with the European Union’s General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018.

1. Who We Are

Website: Kitchenflavorstudio – https://kitchenflavorstudio.com
Contact for GDPR matters: [email protected]
Last Updated: April 03, 2026

2. Types of Personal Data We Collect

• Email addresses – collected when users subscribe to newsletters, create an account, or contact us via the form.
• Cookies and similar tracking technologies – used to personalize content, remember preferences, and analyze traffic patterns.
• Analytics data – aggregated, non‑personal data obtained via Google Analytics and similar services to improve website performance and user experience.

3. Legal Basis for Processing

We rely on the following lawful bases to process personal data:

• Consent – when you voluntarily provide your email address or other personal data, we obtain explicit consent to use it for the purposes specified (e.g., newsletters, order confirmations).
• Legitimate interest – for essential website operations such as ensuring security, preventing fraud, and improving user experience. This basis is balanced against your rights and freedoms.

4. How We Protect Your Data

• SSL/TLS encryption – all data transmitted between your browser and our servers is encrypted using HTTPS (SSL/TLS).
• Secure servers – we host our website on industry‑standard, secure servers that comply with ISO/IEC 27001 and regularly undergo penetration testing.
• Limited retention – personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. After that, it is securely deleted or anonymized.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access – you may request a copy of the personal data we hold about you.
• Right to Rectification – you can ask us to correct inaccurate or incomplete information.
• Right to Erasure – you may request the deletion of your personal data, subject to legal obligations.
• Right to Restrict Processing – you can ask us to limit how we process your data, for example if you contest its accuracy.
• Right to Data Portability – you may obtain your data in a structured, commonly used format and transfer it to another controller.
• Right to Object – you can object to processing for direct marketing or profiling purposes.
• Right to Withdraw Consent – you may withdraw any consent granted to us at any time, without affecting the lawfulness of processing based on consent before withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at [email protected]. In your request, include:

• Your full name and contact details.
• A clear statement of the right you are exercising (e.g., “I request the deletion of my email address”).
• Any supporting documentation that verifies your identity, if necessary.

We will respond to your request within 30 calendar days, as required by the GDPR. If the request is complex or requires additional time, we will notify you of the delay and provide an updated timeframe.

7. Contact Information

For any questions about this policy, data protection practices, or to lodge a complaint, please email [email protected]. Our Data Protection Officer can also be reached at the same address.

8. Policy Updates

We reserve the right to update this policy. Any changes will be reflected on this page, and the “Last Updated” date will be revised accordingly. We encourage you to review the policy periodically to stay informed about how we protect your personal data.