GDPR

Last updated: March 21, 2024

At Recipes Crock, we are committed to protecting the privacy and data of our users in compliance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement outlines our practices regarding the collection, processing, and protection of personal data of individuals located in the European Union (EU).

Data Collection and Processing

We collect and process personal data only for specified, explicit, and legitimate purposes. We ensure that the data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. The types of personal data we collect may include:

  • Contact information such as name, email address, postal address, and phone number.
  • Information specific to the services provided, such as order history and preferences.
  • Demographic information such as age, gender, and household details.
  • Device information and other unique identifiers.
  • Internet or other network activity, including browsing history.
  • Geolocation data.
  • Inferences drawn from the above information.

Lawful Basis for Processing

We rely on one or more lawful bases for processing personal data under the GDPR, including:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Data Subject Rights

Under the GDPR, data subjects have the following rights regarding their personal data:

  • The right to access their personal data.
  • The right to rectify inaccurate or incomplete personal data.
  • The right to erasure of personal data (“right to be forgotten”).
  • The right to restrict processing of personal data.
  • The right to data portability, allowing data subjects to receive their personal data in a structured, commonly used, and machine-readable format.
  • The right to object to processing of personal data.
  • Rights related to automated decision making and profiling.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments. We also conduct data protection impact assessments where necessary and maintain records of processing activities.

International Data Transfers

We may transfer personal data to countries outside the EU in compliance with applicable data protection laws. Where such transfers occur, we ensure adequate safeguards are in place to protect the data.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer responsible for overseeing compliance with the GDPR and related data protection laws. You may contact our DPO at contact page for any questions or concerns regarding data protection.

Changes to this GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our data processing practices or legal requirements. We encourage you to review this statement periodically for any updates.

If you have any questions or concerns about our GDPR compliance or data protection practices, please contact us at contact page.

This GDPR Compliance Statement was last updated on March 21, 2024.