GDPR

This GDPR page explains how personal data is collected, used, shared, stored, and protected on myfavmeals.com, the lawful bases relied upon, data subject rights and how to exercise them via myfavmeals@myfavmeals.com, cookie consent practices, international transfers, and complaint options with supervisory authorities, consistent with Articles 13–14 transparency duties.

Who we are

  • Controller: myfavmeals.com (replace with legal entity name, registered address), which determines the purposes and means of processing personal data on this site.
  • Contact: myfavmeals@myfavmeals.com for all privacy queries, rights requests, and consent withdrawals; add a postal address and, if available, a phone number for clarity and accessibility.
  • DPO/EU representative: If appointed or required, provide the name/role and direct contact details for the Data Protection Officer and/or EU/UK representative.

What data we collect

  • Data provided directly: Account details, profile info, saved favorites, comments, messages, contact form submissions, and support communications provided on the site.
  • Data collected automatically: IP address, device/browser information, cookies and similar identifiers, usage logs, referral URLs, and interactions with pages and content, set and read according to cookie consent rules.
  • Data from third parties: If using analytics, advertising, or social plugins, list categories of personal data from those providers and whether they are linked with on‑site data.
  • Service delivery: Operate accounts and favorites, troubleshoot, and support; legal bases: performance of a contract and/or legitimate interests (state those interests).
  • Communications: Transactional emails under contract; optional newsletters/marketing under consent with withdrawal via myfavmeals@myfavmeals.com at any time without detriment.
  • Personalization and analytics: Improve content and user experience; rely on legitimate interests or consent for non‑essential identifiers, explaining interests and offering opt‑out where legitimate interests are used.
  • Compliance and security: Detect, prevent, and investigate abuse, comply with legal obligations, and enforce terms; bases: legal obligation and legitimate interests.

Cookies and similar technologies

  • Consent before setting: Non‑essential cookies (analytics, personalization, marketing) are set only after clear, affirmative, granular consent; no pre‑ticked boxes; ignoring the banner is not consent.
  • Equal choices and withdrawal: Provide Accept, Reject, and Customize with equal prominence; allow changing/withdrawing consent as easily as given via a persistent “Cookie Settings” link or by emailing myfavmeals@myfavmeals.com; log consent for audit.
  • Disclosure: Maintain a cookie list describing each cookie/category, purpose, provider, duration, and whether first‑ or third‑party, linked from this page and the banner.

How we share data

  • Service providers: Identify categories of recipients (hosting, CDNs, analytics, email services, payment processors if applicable, anti‑spam/security) and state that processors act on documented instructions under data protection terms.
  • Legal and safety: Data may be disclosed to competent authorities where required by law or to protect rights, safety, or property, or to enforce terms.
  • Business transfers: If ownership changes (e.g., merger, acquisition), provide notice and ensure protections and rights continue.

International transfers

  • Locations: Identify any transfers outside the EEA/UK and destination countries (e.g., US‑based providers), and disclose the transfer mechanism such as adequacy decisions or Standard Contractual Clauses.
  • Safeguards: Summarize technical and organizational measures and how to obtain copies of safeguards or where they are made available.

Retention

  • Criteria: Retain personal data only as long as necessary for stated purposes, considering account status, legal obligations, and dispute resolution; provide specific durations or criteria.
  • Examples: Transaction logs/security records for a defined period; cookie consents reviewed/renewed periodically with retention of consent records for compliance.

Data subject rights

  • Access, rectification, erasure: Request a copy of data, correct inaccuracies, or request deletion where no longer necessary or where consent is withdrawn and no other legal basis applies; contact myfavmeals@myfavmeals.com.
  • Restriction and objection: Request restriction in certain cases and object to processing based on legitimate interests or direct marketing; objections to marketing honored promptly via myfavmeals@myfavmeals.com.
  • Portability: Receive personal data provided in a structured, commonly used, machine‑readable format and transmit it to another controller where processing is based on consent or contract and automated.
  • Consent withdrawal: Where processing relies on consent, it can be withdrawn at any time via myfavmeals@myfavmeals.com or “Cookie Settings,” without affecting prior lawful processing; withdrawal must be as easy as giving consent.
  • Automated decisions: If any automated decision‑making, including profiling, with legal or similarly significant effects is used, disclose logic, significance, and consequences and provide rights to obtain human review and contest the decision.

Exercising rights

  • How to submit: Send requests to myfavmeals@myfavmeals.com with sufficient information to verify identity and scope; responses provided within one month, extendable where permitted by law.
  • Verification and limits: Reasonable steps may verify identity; requests can be limited where GDPR allows (e.g., rights of others, legal obligations), and reasons will be provided when declining.

Supervisory authority complaints

  • Right to complain: Data subjects may lodge a complaint with a supervisory authority in the EEA member state of residence, place of work, or alleged infringement.
  • Contacting us first: For concerns, contact myfavmeals@myfavmeals.com and efforts will be made to resolve issues promptly and transparently.

Children’s privacy

  • Audience: The service is for a general audience and does not knowingly collect personal data from children without appropriate consent where required by local law; such data will be deleted if discovered.

Security

  • Measures: Appropriate technical and organizational measures are applied proportionate to risks, including access controls, encryption in transit, regular backups, least‑privilege administration, and vendor due diligence, reviewed periodically.
  • Incident response: Procedures exist to detect, report, and investigate personal data incidents; where a breach is likely to result in risk to rights and freedoms, notify authorities and affected users as required by law.
  • External sites: This site may link to third‑party sites or embed third‑party content; their privacy practices are governed by their own policies.
  • Social plugins and SDKs: If used, list providers and purposes, clarify whether data is sent on page load or only after an action, and how consent is obtained where required.

Changes to this notice

  • Updates: This notice may be updated to reflect changes in practices or legal requirements; the “Last updated” date will be revised and, where material, additional notice will be provided.
  • Availability: Keep this Privacy/GDPR page prominently linked in the footer and at points of data collection, per transparency requirements.

Contact

  • Controller contact: myfavmeals@myfavmeals.com; add legal entity name and registered office for completeness per Article 13.
  • DPO/EU representative: If applicable, provide direct contact details for the DPO and/or EU/UK representative.

Implementation checklist reminder

  • Ensure “Privacy” and “Cookie Settings” links are always visible, and place myfavmeals@myfavmeals.com on forms and the cookie banner for withdrawals and rights, making withdrawal as easy as consent.
  • Document vendors, transfer mechanisms, retention schedules, and a rights‑request workflow with a one‑month SLA; verify the email route myfavmeals@myfavmeals.com is monitored.