GDPR Policy

Last Updated: 03/10/2025

This GDPR Compliance Policy explains how SweeRecipes.com (“we,” “us,” or “our”) complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals located in the European Economic Area (EEA) and United Kingdom (UK).

2. Data Controller Information

Data Controller: Mia (SweeRecipes.com)
Contact Email: [email protected]

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: For cookies and marketing communications
  • Contractual necessity: To provide our services to you
  • Legitimate interests: For website security and analytics
  • Legal obligation: Where required by law

4. Data Subject Rights

Under GDPR, you have the following rights:

  • Right to Access
    You may request access to your personal data we process.
  • Right to Rectification
    You may request correction of inaccurate personal data.
  • Right to Erasure (Right to be Forgotten)
    You may request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing
    You may request limitation of how we process your personal data.
  • Right to Data Portability
    You may request your data in a structured, machine-readable format.
  • Right to Object
    You may object to certain types of processing.
  • Rights Related to Automated Decision-Making
    You have rights regarding automated decision making and profiling.

5. How to Exercise Your Rights

To exercise your GDPR rights, please:

  1. Contact us at [email protected]
  2. Clearly specify which right you wish to exercise
  3. Provide sufficient information for us to process your request
  4. We will respond within 30 days

6. International Data Transfers

We use appropriate safeguards for data transfers outside the EEA/UK, including:

  • Standard Contractual Clauses
  • Adequacy decisions
  • Approved certification mechanisms

7. Data Protection Measures

We implement appropriate technical and organizational measures including:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection

8. Data Breach Procedures

In case of a personal data breach, we will:

  • Notify supervisory authorities within 72 hours
  • Inform affected individuals without undue delay
  • Document all data breaches

9. Data Retention

We retain personal data only as long as necessary for:

  • Fulfilling the purposes outlined in our Privacy Policy
  • Complying with legal obligations
  • Resolving disputes and enforcing agreements

10. Third-Party Processors

We use the following GDPR-compliant processors:

  • Ezoic: For analytics and personalization
  • Google LLC: For advertising and analytics
  • Email service providers: For communications

All processors provide adequate GDPR compliance measures.

11. Consent Management

We obtain and manage consent through:

  • Clear cookie consent banner
  • Granular consent options
  • Easy withdrawal mechanisms
  • Consent records and documentation

12. Data Protection Officer

While not legally required, data protection inquiries can be directed to:
Email: [email protected]

13. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available here:

https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en

14. Updates to This Policy

We may update this GDPR Compliance Policy periodically. Significant changes will be notified to users.

15. Contact Us

For GDPR-related inquiries, please contact:
Email 1: [email protected]
Email 2: [email protected]
Response Time: Within 30 days