GDPR Compliance Policy

Last Updated: December 06, 2025

1. Introduction

Daily Dish Studio (“we”, “our”, “us”) respects the privacy of all individuals whose personal data we process in the course of operating dailydishstudio.com. This GDPR Compliance Policy explains how we collect, use, store, and protect personal data in accordance with the European Union’s General Data Protection Regulation (EU) 2016/679 (GDPR). By using our website, you acknowledge that you have read and understood the terms set out below.

2. Data We Collect

We process the following categories of personal data:

Email addresses – collected when you subscribe to our newsletter, request a demo, or contact us via the contact form.
Cookies and similar tracking technologies – used to improve site performance, remember preferences, and analyse visitor behaviour.
Analytics data – aggregated information such as IP address, browser type, device, and pages visited, collected through third‑party analytics services (e.g., Google Analytics) to understand how users interact with our site.

3. Legal Basis for Processing

We rely on the following lawful bases under Article 6 of the GDPR:

Consent – when you voluntarily provide your email address for newsletters or marketing communications, you give us explicit consent to process that data.
Legitimate Interests – we process cookies and analytics data to improve the functionality, security, and user experience of our website, which is a legitimate interest recognised by the GDPR.

Whenever we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

4. How We Protect Your Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk:

SSL Encryption – all data transmitted between your browser and our servers is protected by HTTPS/TLS encryption.
Secure Servers – our hosting environment is hardened, regularly patched, and monitored 24/7 for suspicious activity.
Limited Retention – personal data is retained only for as long as necessary to fulfil the purpose for which it was collected. Email addresses are deleted automatically after 24 months of inactivity, and analytics data is anonymised after 12 months.
Access Controls – only authorised personnel with a legitimate need can access personal data, and all access is logged.

5. Your GDPR Rights

Under the GDPR, you enjoy a series of specific rights concerning your personal data. Each right is presented with a Bootstrap icon for quick visual reference.

Right to Access

You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of the data in a structured, commonly used format.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent and no other legal basis for processing applies.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data, resolve a dispute, or assess the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller without hindrance.

Right to Object

You may object, on grounds relating to your particular situation, to the processing of your data for direct marketing, scientific or historical research, or statistical purposes.

Right to Withdraw Consent

Whenever we rely on your consent to process personal data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

Send a written request to our Data Protection Officer at gdpr@dailydishstudio.com. Include your full name, the email address you used with us, and a clear description of the right you wish to invoke.
We may ask for additional information to verify your identity before fulfilling the request. This step is necessary to protect your data from unauthorised access.
We will respond to your request within 30 calendar days. If the request is complex or numerous, we may extend the period by a further two months, but we will inform you of any extension within the initial 30‑day window.
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside.

7. Data Retention

We retain personal data only for as long as necessary:

Email addresses – retained for 24 months after the last interaction, unless you request deletion earlier.
Cookies & analytics – retained for 12 months in an anonymised form; raw IP addresses are deleted after 30 days.

When the retention period expires, the data is securely destroyed or permanently anonymised.

8. International Data Transfers

All processing takes place on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary, we will ensure an adequate level of protection by using standard contractual clauses approved by the European Commission.

9. Updates to This Policy

We review this policy regularly and may amend it to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such changes constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer:

Daily Dish Studio – Data Protection Officer
Email: gdpr@dailydishstudio.com
Website: https://dailydishstudio.com