GDPR Compliance Policy

EasyMealStudio (the “Company”, “we”, “us” or “our”) is committed to protecting and respecting your privacy. This GDPR Compliance Policy explains what personal data we collect, how we use it, the legal basis for processing, and the rights you have under the General Data Protection Regulation (EU) 2016/679.

1. Who We Are

EasyMealStudio is a digital platform that offers meal planning, recipe recommendations, and related services. We operate from the European Economic Area and are fully compliant with EU data protection laws.

2. Data We Collect

• Email Addresses: Collected when you sign up for newsletters, create an account, or request support.
• Cookies & Similar Technologies: Used to personalize content, analyze traffic, and improve user experience. Examples include session cookies, analytics cookies, and marketing cookies.
• Analytics Data: Information gathered through tools such as Google Analytics and Matomo to understand how visitors interact with our site.

3. Legal Basis for Processing

We process your data under the following lawful bases:

• Consent: When you voluntarily subscribe to our newsletter or create an account, you explicitly consent to receive communications and store your email address.
• Legitimate Interest: For analytics and cookie usage, we rely on legitimate interest to improve our services, provided we perform a balancing test to ensure your interests are not overridden.

4. How We Protect Your Data

Security is paramount. We employ a range of technical and organisational measures, including:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is protected by HTTPS.
• Secure Servers: Hosted on industry‑standard, hardened infrastructure with regular vulnerability assessments.
• Access Controls: Strict role‑based access limits who can view or modify personal data.
• Limited Retention: Personal data is stored only as long as necessary to fulfil the purposes for which it was collected. Email addresses are retained for up to 5 years after last interaction unless you request deletion sooner.

5. Your GDPR Rights

You have several rights regarding your personal data. Below is a concise overview of each right, accompanied by an icon for quick reference.

• Right to Access: You may request a copy of the personal data we hold about you. This includes the purposes of processing, categories of data, recipients, and retention periods.
• Right to Rectification: If any of your personal data is inaccurate or incomplete, you can request us to correct it.
• Right to Erasure (Right to be Forgotten): Under certain conditions, you can ask us to delete your personal data. This applies when data is no longer necessary, or you withdraw consent.
• Right to Restrict Processing: You can request that we limit how we use your data, for example, while we verify its accuracy.
• Right to Data Portability: You can obtain your data in a structured, commonly used format and transfer it to another controller.
• Right to Object: You may object to processing for direct marketing or profiling purposes at any time.
• Right to Withdraw Consent: You can withdraw consent at any time, and this will not affect the lawfulness of processing based on consent before withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. In your email, include:

• Full name and contact details.
• Clear statement of the right you wish to exercise.
• Any supporting information that helps us locate your data (e.g., email address used for registration).

We will respond to your request within 30 days. If we need more information to process your request, we will contact you within the same period.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes stated in this policy. Typical retention periods are:

• Email addresses: up to 5 years after last interaction.
• Cookies: session cookies are deleted when the browser is closed; other cookies are retained as per their specified lifetimes.
• Analytics data: aggregated and anonymised data is retained for up to 12 months.

8. Changes to This Policy

We reserve the right to update this policy. Any amendments will be posted on our website and will take effect immediately upon publication. The last update to this policy was on April 03, 2026.

9. Contact Us

If you have any questions or concerns about this policy or your personal data, please reach out to us at [email protected]. We are happy to help you understand how we protect your privacy.