GDPR Compliance Policy

Last Updated: April 03, 2026

Introduction

Quickfoodkitchen (the “Company”) respects the privacy of all individuals who visit https://quickfoodkitchen.com (“the Website”). This policy explains how we collect, use, share, and protect your personal data in accordance with the European Union’s General Data Protection Regulation (GDPR) and related data‑protection laws. By accessing or using the Website, you acknowledge that you have read and understood this policy.

Data We Collect

We collect the following types of personal data:

• Email addresses: When you sign up for newsletters, create an account, or place an order, we store your email address to communicate with you, provide customer support, and send promotional offers.
• Cookies: The Website uses first‑party and third‑party cookies to remember your preferences, track session activity, and personalize content. Cookies are stored in your browser and are not used to identify you personally unless combined with other data.
• Analytics data: We employ Google Analytics and Matomo to gather information about how users interact with the Website (e.g., pages visited, time spent, device type). This data is aggregated and anonymised for performance and marketing analysis.

Legal Basis for Processing

We process personal data based on the following lawful bases:

• Consent: When you voluntarily provide your email address or other personal data, you give explicit consent for us to use that data for the purposes stated in this policy.
• Legitimate interest: We rely on legitimate interest to manage our Website, improve user experience, and prevent fraud. This interest is balanced against your privacy rights, and we conduct a legitimate interest assessment to ensure compliance.

How We Protect Your Data

Security is a top priority. We employ a multi‑layered approach to safeguard your personal data:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard SSL/TLS protocols.
• Secure Servers: We host our data on secure, monitored servers with physical access controls, firewalls, and intrusion detection systems.
• Limited Retention: Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. After that, it is securely deleted or anonymised.

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Below are icons for quick reference, followed by detailed explanations of each right and how to exercise them.

Right to Access

You may request a copy of the personal data we hold about you. This includes the purposes of processing, categories of data, recipients, and any data transfers outside the EU.

Right to Rectification

If any personal data is inaccurate or incomplete, you can request that we correct it promptly.

Right to Erasure

Under certain circumstances (e.g., data no longer needed, withdrawal of consent), you may request the deletion of your personal data.

Right to Restrict Processing

You can ask us to limit the processing of your data when you contest its accuracy, the legality of its use, or if you want it stored but not used for marketing.

Right to Data Portability

You may receive your personal data in a structured, machine‑readable format and have the right to transmit it to another controller.

Right to Object

You can object to processing for direct marketing, profiling, or other legitimate interest purposes. If you object, we will cease processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

You may withdraw consent at any time. Withdrawal does not affect the legality of processing based on consent before withdrawal.

How to Exercise Your Rights

To exercise any of the rights listed above, please contact us using the following methods:

• Email: [email protected]
• Mail: Quickfoodkitchen, Privacy Officer, 1234 Culinary Blvd, Food City, FC 56789

When contacting us, please provide sufficient information to verify your identity and specify the request. We will respond to all requests within 30 days, in accordance with GDPR requirements. If additional time is needed, we will inform you and provide a reason for the delay.

Retention of Personal Data

Personal data is retained for the following periods unless a longer retention period is required by law:

• Email addresses: Until the user unsubscribes or requests deletion.
• Cookies: Session cookies expire when you close your browser; persistent cookies expire after 30 days unless you opt‑out.
• Analytics data: Anonymised aggregated data is retained for 12 months to analyze trends.

Security of Your Data

We implement administrative, technical, and physical safeguards to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Regular security audits and penetration testing.
• Role‑based access controls and least‑privilege principles.
• Encryption of data at rest using AES‑256.
• Continuous monitoring of network traffic for suspicious activity.

Changes to This Policy

We may update this GDPR Compliance Policy from time to time. Any changes will be posted on the Website with an updated revision date. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

Contact Us

If you have any questions or concerns regarding our data practices, or if you wish to exercise any of your GDPR rights, please reach out to our Data Protection Officer at [email protected]. We are committed to protecting your privacy and ensuring compliance with all applicable data‑protection laws.