GDPR Compliance Policy

Site: newrecipeworld.com

Contact for GDPR matters: [email protected]

Last Updated: April 03, 2026

---

1. Introduction

NewRecipeWorld (“we”, “our”, “us”) is committed to safeguarding the privacy and personal data of every visitor, subscriber, and user of our website. This policy explains how we collect, use, store, and protect your personal data in compliance with the European Union General Data Protection Regulation (GDPR) and related data protection laws.

2. Types of Personal Data We Collect

We collect the following categories of personal data:

• Email addresses: When you sign up for our newsletter, create an account, or participate in contests.
• Cookies and tracking data: We use first‑party and third‑party cookies to personalize content, measure site performance, and analyze user behavior.
• Analytics data: Google Analytics, Matomo, and other analytics services collect IP addresses, device information, and usage patterns to improve our services.

3. Legal Basis for Processing

Our processing of personal data is based on the following lawful bases:

• Consent: For newsletter subscriptions, account creation, and optional marketing communications. Consent is freely given, specific, informed, and unambiguous.
• Legitimate interest: For site analytics, security monitoring, and improving user experience. We conduct a legitimate interest assessment to ensure that our interests do not override your rights.

4. How We Protect Your Data

We employ robust technical and organizational measures to safeguard your personal data:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard HTTPS.
• Secure Servers: Our hosting environment is protected by firewalls, intrusion detection systems, and regular security audits.
• Access Controls: Personal data is accessible only to authorized personnel who require it for legitimate business purposes.
• Limited Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is accompanied by an icon for quick reference.

You may request a copy of the personal data we hold about you, including the purposes of processing, categories of data, recipients, and storage periods.

If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it.

Also known as the “right to be forgotten.” You may request that we delete your personal data, subject to legal obligations and legitimate interests.

Under certain circumstances, you can ask us to limit the processing of your data—for example, if you contest its accuracy or if processing is unlawful.

You can obtain a copy of your personal data in a structured, commonly used, and machine‑readable format and transfer it to another controller.

You may object to the processing of your personal data for direct marketing or profiling purposes. If you object, we will cease processing unless we can demonstrate a compelling legitimate interest.

At any time, you can withdraw consent that you have previously given. This does not affect the lawfulness of processing based on consent before withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. Include the following information to help us process your request efficiently:

• Your full name and contact details.
• A description of the request (e.g., “I would like to access all personal data you hold about me”).
• Any supporting documents that confirm your identity (e.g., a copy of a passport or driver’s licence).

We will respond to your request within 30 calendar days, in line with GDPR requirements. If we need additional time, we will inform you of the reason and provide an updated deadline.

7. Retention and Deletion Policies

We retain personal data for the minimum period required to fulfill the purposes for which it was collected. Typical retention periods include:

• Email addresses: 2 years after the last interaction unless the user requests deletion.
• Cookies and analytics data: 12 months, with anonymised data retained for aggregated analysis.
• Other data: As required by applicable laws or for legitimate business purposes.

When personal data is no longer needed, we delete it securely using industry‑standard deletion methods, ensuring it cannot be recovered.

8. Data Sharing and Third‑Party Processors

We may share your data with trusted third‑party service providers (e.g., email marketing platforms, analytics vendors) that process data on our behalf. All such processors are bound by data processing agreements that enforce GDPR compliance and safeguard your personal data.

9. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with a new “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we protect your data.

10. Contact Us

If you have any questions, concerns, or wish to lodge a complaint, please reach out to our Data Protection Officer at [email protected]. For complaints to a supervisory authority, please refer to the relevant EU member state’s data protection regulator.