GDPR Compliance Policy

Last Updated: April 03, 2026

1. Introduction

Dinnerlyx (the “Site”) is committed to protecting the privacy and personal data of all users and visitors. This GDPR Compliance Policy explains how we collect, use, share, and safeguard your personal information in accordance with the General Data Protection Regulation (EU) 2016/679 and related national laws. By using the Site, you acknowledge that you have read, understood, and agreed to the terms outlined herein.

2. What Data We Collect

We collect only the personal data that is necessary to provide and improve our services. The types of data we gather include:

Email addresses: For account registration, password recovery, newsletters, and marketing communications.
Cookies and similar tracking technologies: To remember your preferences, analyze traffic, and personalize content.
Analytics data: Anonymous usage statistics collected via Google Analytics, Matomo, or other third‑party analytics tools to understand how visitors interact with the Site.

No sensitive personal data (such as race, health information, or political views) is collected unless explicitly provided by the user in a specific context (e.g., a medical recipe request). All data collection is performed with transparency and user consent where required.

3. Legal Basis for Processing

We rely on the following legal bases to process your personal data:

Consent: Where we ask for explicit permission before collecting or using your data (e.g., email subscriptions, marketing opt‑ins).
Legitimate Interest: For purposes such as improving website functionality, preventing fraud, and delivering personalized content. We perform a proportionality assessment to ensure that our interests do not override your rights.
Contractual Necessity: When processing is required to fulfill a contract you have entered with us (e.g., account creation, order processing).
Legal Obligation: To comply with applicable laws, regulatory requirements, or court orders.

4. How We Protect Your Data

Protecting your personal data is a top priority for Dinnerlyx. We employ a range of technical and organizational measures to safeguard information against unauthorized access, alteration, disclosure, or destruction:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard SSL/TLS protocols.
Secure Servers: We host our services on secure, hardened servers that are regularly patched and monitored by experienced security professionals.
Access Controls: Only authorized personnel with a legitimate need to access personal data are granted access, and all access is logged and audited.
Data Minimisation & Retention: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Email addresses are automatically deleted after 12 months of inactivity, and analytics data is anonymised within 30 days.
Regular Security Audits: Independent third‑party security assessments are conducted annually to identify and remediate vulnerabilities.

5. Your GDPR Rights

Under the GDPR, you have the following rights with respect to your personal data. The icons next to each right are provided for quick visual reference. Please note that the icons are decorative and do not alter the legal meaning of the rights.

Right to Access

You may request a copy of the personal data we hold about you, including the purposes of processing, the categories of data, and the recipients of your data.

Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you can request that we correct it promptly.

Right to Erasure

Also known as the “right to be forgotten.” You can request that we delete your personal data when it is no longer needed, or if you withdraw consent and no other legal basis exists.

Right to Restrict Processing

You may ask us to suspend the processing of your data (e.g., if you contest its accuracy) while we verify its correctness or resolve a dispute.

Right to Data Portability

You can receive your personal data in a structured, commonly used, and machine‑readable format, or request that we transfer it directly to another controller where feasible.

Right to Object

You may object to the processing of your data for direct marketing or profiling purposes. We will cease such processing unless we can demonstrate a compelling legitimate interest that overrides your objection.

Right to Withdraw Consent

If we rely on your consent to process data, you may withdraw it at any time. Withdrawal does not affect the legality of processing before it was withdrawn.

6. How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the following methods:

Email: [email protected]
Postal Mail: Dinnerlyx Privacy Officer, 1234 Culinary Way, Food City, FC 56789, United Kingdom.

In your request, please provide a brief description of the action you wish to take, any relevant personal data you can share to help us identify you (e.g., email address or account username), and proof of identity if required. We will respond to your request within 30 days, in line with GDPR requirements. If you need a more immediate response, we may contact you to confirm the details of your request.

7. Contact Information

For any questions, concerns, or complaints related to this policy or your personal data, please reach out to our Data Protection Officer at [email protected]. Our office hours are Monday to Friday, 9:00 am to 5:00 pm GMT. We also accept inquiries through our online contact form, which is available on the Site’s footer under “Privacy & Legal.”

8. Effective Date & Changes

This GDPR Compliance Policy is effective from April 03, 2026. We reserve the right to update this policy at any time. Any changes will be posted on the Site, and the date of the latest revision will be updated accordingly. We encourage you to review this policy periodically to stay informed about how we protect your personal data.