GDPR - HomeCookBites

GDPR Compliance Statement – homecookbites.com

Effective Date: December 27, 2025

Last Updated: December 27, 2025

Introduction

HomeCookBites.com is committed to protecting the privacy and personal data of all users, including those in the European Economic Area (EEA), United Kingdom (UK), and Switzerland. This GDPR Compliance Policy outlines how we comply with the General Data Protection Regulation (GDPR) and your rights under this regulation.

1. Data Controller Information

Data Controller: HomeCookBites.com

Contact Information: Email: privacy@homecookbites.com Website: https://homecookbites.com

For GDPR-related inquiries, please contact our Data Protection Officer at: dpo@homecookbites.com

2. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

Consent: When you provide explicit consent for specific processing activities (e.g., newsletter subscriptions, cookie consent)

Contractual Necessity: When processing is necessary to provide services you’ve requested

Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms

Legal Obligation: When we must process data to comply with legal requirements

3. Personal Data We Collect

Information You Provide:

Name and email address (newsletter subscriptions, comments)
Contact information (contact forms)
User-generated content (comments, reviews, photos)
Communication preferences

Information Automatically Collected:

IP address
Browser type and version
Device information
Cookie identifiers
Pages visited and browsing behavior
Referring/exit pages
Date and time stamps

Information from Third Parties:

Social media profile information (if you interact via social platforms)
Analytics data from service providers

4. How We Use Your Personal Data

We use your personal data for the following purposes:

To deliver website content and services
To send newsletters and recipe updates (with your consent)
To respond to your inquiries and comments
To analyze and improve website performance
To display personalized advertisements (with your consent)
To prevent fraud and ensure security
To comply with legal obligations
To maintain records and communications

5. Your Rights Under GDPR

As an EEA, UK, or Swiss resident, you have the following rights:

Right to Access You have the right to request access to the personal data we hold about you.

Right to Rectification You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”) You have the right to request deletion of your personal data under certain circumstances.

Right to Restriction of Processing You have the right to request that we limit how we use your personal data.

Right to Data Portability You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object You have the right to object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent Where processing is based on consent, you have the right to withdraw that consent at any time.

Right Not to Be Subject to Automated Decision-Making You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or significant effects.

Right to Lodge a Complaint You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

6. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: gdpr@homecookbites.com or privacy@homecookbites.com

Subject Line: “GDPR Request – [Your Right]”

Required Information:

Your full name
Email address associated with your data
Description of your request
Proof of identity (if necessary)

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days and will inform you of the extension.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

Newsletter subscriptions: Until you unsubscribe or request deletion
Comments and user content: Until you request deletion or we remove them
Analytics data: Typically 26 months (Google Analytics default)
Contact form inquiries: Up to 2 years for business records
Cookie data: As specified in our cookie consent banner

8. International Data Transfers

Our website is hosted in the United States. If you are accessing our website from the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for international transfers, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Ensuring third-party service providers comply with GDPR or equivalent standards
Data processing agreements with service providers

9. Third-Party Data Processors

We work with third-party service providers who process personal data on our behalf:

Email Marketing Services (e.g., Mailchimp, ConvertKit)

Purpose: Newsletter delivery and email communications
Data shared: Name, email address
Location: United States
Safeguards: Standard Contractual Clauses

Analytics Services (e.g., Google Analytics)

Purpose: Website analytics and performance monitoring
Data shared: IP address (anonymized), browsing behavior
Location: United States
Safeguards: Data Processing Amendment, IP anonymization

Advertising Networks (e.g., Google AdSense, Mediavine)

Purpose: Display advertisements
Data shared: Cookie identifiers, browsing data
Location: United States and international
Safeguards: IAB TCF compliance, consent management

Content Delivery Networks (e.g., Cloudflare)

Purpose: Website performance and security
Data shared: IP address, request data
Location: Global network
Safeguards: GDPR-compliant DPA

Social Media Platforms (e.g., Pinterest, Facebook, Instagram)

Purpose: Social sharing and engagement
Data shared: Interaction data, cookies
Location: United States
Safeguards: Standard Contractual Clauses

All third-party processors are contractually required to protect your data and use it only for specified purposes.

10. Cookie Consent and Management

We use cookies and similar tracking technologies on our website. Under GDPR, we:

Obtain your explicit consent before placing non-essential cookies
Provide clear information about cookie purposes
Allow you to manage cookie preferences
Respect your choices regarding cookies

Cookie Categories:

Strictly Necessary Cookies: Essential for website functionality (no consent required)

Performance Cookies: Analytics and website improvement (consent required)

Functionality Cookies: Enhanced features and personalization (consent required)

Marketing Cookies: Personalized advertising (consent required)

You can manage cookie preferences through our cookie consent banner or your browser settings.

11. Children’s Data

Our website is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If we discover we have collected data from a child under 16, we will delete it promptly.

If you believe we have collected data from a child under 16, please contact us immediately at: privacy@homecookbites.com

12. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

SSL/TLS encryption for data transmission
Secure hosting infrastructure
Regular security updates and patches
Firewall protection
Access controls and authentication

Organizational Measures:

Data protection policies and procedures
Staff training on data protection
Regular security audits
Data breach response procedures
Privacy by design principles

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Notify affected individuals without undue delay if the breach poses a high risk
Document the breach and our response measures
Take steps to mitigate the breach and prevent future occurrences

14. Marketing Communications

If you have consented to receive marketing communications (newsletters, recipe updates), you have the right to:

Withdraw consent at any time
Unsubscribe using the link in every email
Update your communication preferences
Object to direct marketing

We will process your opt-out request within 24-48 hours.

15. Profiling and Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

We may use analytics and advertising technologies to understand user preferences and display relevant content, but these do not result in decisions that significantly affect you without human oversight.

16. Updates to This Policy

We may update this GDPR Compliance Policy from time to time. Material changes will be communicated through:

Website notice
Email notification (if you’re subscribed)
Updated “Last Updated” date

Continued use of our website after changes constitutes acceptance of the updated policy.

17. Supervisory Authority

If you are located in the EEA, UK, or Switzerland and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority:

For EEA residents: Find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

For UK residents: Information Commissioner’s Office (ICO) Website: https://ico.org.uk Phone: +44 303 123 1113

For Swiss residents: Federal Data Protection and Information Commissioner (FDPIC) Website: https://www.edoeb.admin.ch

18. Contact Us

For any GDPR-related questions, concerns, or requests, please contact us: