YummyMeals GDPR Compliance Policy

Last Updated: December 01, 2025

1. Introduction

YummyMeals (https://yummymeals.us) is committed to protecting the privacy and security of personal data belonging to our users, customers, and visitors. This GDPR Compliance Policy explains how we collect, use, store, and safeguard personal information in accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”). By using our website, you acknowledge that you have read and understood the terms set out in this policy.

2. Data We Collect

YummyMeals processes the following categories of personal data:

Email addresses – collected when you sign up for newsletters, create an account, or request support.
Cookies & similar technologies – used to remember your preferences, analyse site traffic, and improve user experience.
Analytics data – includes IP addresses, browser type, device information, and pages visited, collected through Google Analytics and other approved tools.

We do not collect sensitive data (e.g., health, racial, or political information) unless you voluntarily provide it in a support request, in which case it is treated with the same level of protection.

3. How We Protect Your Data

YummyMeals employs a multi‑layered security framework to ensure that personal data remains confidential, integral, and available only to authorized personnel:

SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).
Secure Servers – Our hosting environment is hardened with firewalls, intrusion detection systems, and regular vulnerability scans.
Access Controls – Only employees who need personal data to perform their duties are granted access, and they must use strong, unique passwords and two‑factor authentication.
Limited Retention – Email addresses are retained for the duration of your subscription or until you request deletion. Analytics data is anonymised after 12 months, and cookies are cleared according to their individual lifespans (session or up to 2 years for persistent cookies).
Data Back‑ups – Regular encrypted backups are performed, and restoration procedures are tested quarterly.

4. Legal Basis for Processing

Under GDPR, processing must be based on a lawful basis. YummyMeals relies on the following:

Consent – When you opt‑in to receive newsletters, promotional offers, or accept cookies, you give us explicit consent.
Legitimate Interest – For activities such as fraud prevention, server security, and performance analytics, we process data on the basis of legitimate interest, balanced against your fundamental rights and freedoms.

If we ever need to rely on a different legal basis, we will inform you at the point of collection.

5. Your GDPR Rights

You enjoy a set of rights under GDPR. Each right is listed below with a Bootstrap Icon for quick visual reference.

Right to Access

You may request a copy of the personal data we hold about you, together with information about how we process it.

Right to Rectification

If any of your data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data where there is no compelling reason for its continued processing.

Right to Restrict Processing

You can ask us to limit the way we use your data while we verify its accuracy or while a dispute is being resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller.

Right to Object

You may object to the processing of your data for direct marketing, scientific/historical research, or any other purpose based on legitimate interest.

Right to Withdraw Consent

Whenever we rely on your consent, you can withdraw it at any time, and we will cease the related processing as soon as practicable.

6. How to Exercise Your Rights

To invoke any of the rights listed above, please follow these steps:

Send a written request to gdpr@yummymeals.us. Include your full name, email address used with YummyMeals, and a clear description of the right you wish to exercise.
If you are requesting erasure or restriction, please specify the data you want removed or limited.
We may ask for additional verification (e.g., a copy of a government‑issued ID) to confirm your identity and protect against fraudulent requests.
Upon receipt, we will acknowledge your request within 5 business days and begin processing it.

We will provide you with a written response, including any information we are required to disclose, within 30 calendar days. In complex cases, the deadline may be extended by an additional 60 days, and we will notify you of any extension and the reasons for it.

7. Updates to This Policy

YummyMeals reviews this GDPR Compliance Policy regularly and may amend it to reflect changes in law, technology, or business practices. All updates will be posted on this page with a revised “Last Updated” date. Continued use of the site after any changes signifies your acceptance of the revised policy.

8. Contact Information

If you have any questions, concerns, or wish to exercise your GDPR rights, please contact our Data Protection Officer at:

YummyMeals – Data Protection Officer
Email: gdpr@yummymeals.us
Website: https://yummymeals.us