GDPR Compliance Policy

Site: cozykitchenfood.com
Contact Email: [email protected]
Last Updated: April 03, 2026

1. Introduction

cozykitchenfood (“we”, “our”, “us”) is committed to protecting the privacy and personal data of our users. This policy explains how we collect, use, store, and share personal information in compliance with the European Union’s General Data Protection Regulation (GDPR) and related data‑protection laws. By accessing or using our website, you acknowledge that you have read and understood this policy.

2. What Personal Data We Collect

• Email Addresses: Collected when you subscribe to our newsletter, place an order, or contact us. Used to communicate with you, deliver your order, and send marketing offers if you have opted in.
• Cookies: We use first‑party cookies for session management, preferences, and analytics. Third‑party cookies from Google Analytics and social media platforms track usage patterns to improve our services.
• Analytics Data: Anonymous usage statistics are gathered via Google Analytics, Hotjar, and Matomo. This data helps us understand traffic, user behaviour, and improve the website’s performance.

3. Legal Basis for Processing

We process your personal data on the following lawful bases:

• Consent: You have explicitly consented to receive marketing communications when you opt‑in at our newsletter signup form.
• Legitimate Interest: We rely on legitimate interest to provide a seamless user experience, manage orders, and improve our services. This includes the use of analytics to enhance website functionality.

4. How We Protect Your Data

• SSL/TLS Encryption: All data transmitted between your browser and our servers is protected by industry‑standard HTTPS encryption.
• Secure Servers: We host our data on secure, GDPR‑compliant servers with regular vulnerability scans, firewalls, and intrusion detection systems.
• Limited Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. For example, email addresses are kept for the duration of your subscription or until you unsubscribe.

5. Your GDPR Rights

Under the GDPR you have the following rights regarding your personal data. We are committed to responding to all legitimate requests within 30 calendar days.

Right to Access

You may request a copy of the personal data we hold about you, including the purposes of processing, categories of data, and recipients. Submit a written request to [email protected].

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can ask us to correct or update it. Contact us at [email protected] with the details.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data, provided there is no legal obligation to retain it. Email us at [email protected] with a clear statement of your request.

Right to Restrict Processing

In certain circumstances, you can ask us to limit how we process your data (e.g., if you contest its accuracy). Notify us via [email protected] and we will comply where legally possible.

Right to Data Portability

Request a structured, machine‑readable copy of your personal data. We will provide it in a commonly used format (e.g., CSV or JSON) within 30 days of receiving your request.

Right to Object

You may object to the processing of your data for direct marketing or profiling. To exercise this right, contact [email protected] and we will stop processing for those purposes.

Right to Withdraw Consent

At any time, you can withdraw consent that you previously gave for marketing communications. This can be done by unsubscribing from our newsletter or by emailing [email protected]. Withdrawal does not affect the legality of any processing that occurred before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights above, please send a written request (email or postal mail) to: [email protected]. Your request should include:

• Your full name and contact information.
• A clear statement of the right you are exercising.
• Any relevant details that will help us identify the data (e.g., email address, order number).

We will confirm receipt of your request and respond within 30 calendar days. If we need additional information to verify your identity, we may request further documentation.

7. Data Retention

We retain personal data only as long as necessary:

• Email addresses: until you unsubscribe or we no longer have a legitimate reason to retain them.
• Cookies: session cookies are deleted when you close your browser; persistent cookies are retained for 12 months.
• Analytics data: anonymised data is kept for 12 months to improve our services.

8. Security Measures

Beyond SSL/TLS, we implement:

• Regular security audits and penetration testing.
• Encryption of data at rest using AES‑256.
• Role‑based access controls limiting who can view or edit personal data.

9. International Transfers

We do not transfer personal data outside the European Economic Area (EEA). If future changes require such transfers, we will ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place and inform you accordingly.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and the “Last Updated” date will be revised. Your continued use of the website constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or wish to lodge a complaint, please contact our Data Protection Officer at [email protected]. For complaints to supervisory authorities, you may contact the relevant regulator in your country.