GDPR Compliance Notice

Effective date: August 27, 2025
Website:https://myrecipecritic.com/ (“Site”)
Data Controller: My Recipe Critic (“we,” “us,” or “our”)
Contact for privacy matters:[p]

This page explains how we process personal data of visitors located in the EEA, UK, and Switzerland in accordance with the EU/UK General Data Protection Regulation (GDPR/UK GDPR). For our broader practices, please also see our Privacy Policy and Cookie Policy.

Important: This notice is informational and not legal advice.

1) Who we are & scope

We publish home-cooking content (recipes, photos, videos, newsletters). This notice applies when you access the Site from the EEA/UK/CH, interact with our cookie banner, read pages, submit forms or comments, subscribe to emails, view ads, or click affiliate links.

We are the controller of the personal data we collect through the Site. Where we use service providers (hosting, analytics, email, advertising, anti-spam), they act as processors under our instructions.

2) Categories of personal data we process

• Identifiers & contact data: name, email address (if you comment or subscribe), IP address.

• Device/usage data: browser type, operating system, referring URL, pages viewed, timestamps, approximate location derived from IP.

• Content you provide: comment text, ratings, messages sent via contact forms, survey responses.

• Cookie/online identifiers: consent signal, cookie ID, advertising and analytics identifiers (where permitted).

• Transaction signals from affiliates: pseudonymous confirmation that a purchase occurred after clicking a partner link (no full payment data).

We do not knowingly collect special category data (e.g., health, religion) or precise geolocation.

3) Purposes & legal bases (GDPR Art. 6)

We use your data for these purposes under the following lawful bases:

• Operate the Site & security (load pages, prevent abuse, measure uptime): Legitimate interests (Art. 6(1)(f)).

• Cookie consent storage & honoring choices: Legal obligation/legitimate interests, and consent for non-essential cookies.

• Analytics (understand what content is useful): Consent (Art. 6(1)(a)) in the EEA/UK; disabled unless you opt in.

• Advertising / interest-based ads: Consent in the EEA/UK; disabled unless you opt in.

• Affiliate links & measurement: Consent in the EEA/UK; disabled unless you opt in.

• Email newsletters: Consent (you can unsubscribe anytime).

• Responding to messages/requests: Legitimate interests (to answer you) or Contract if your request relates to a service you asked for.

• Legal compliance (fraud, abuse, law requests): Legal obligation and/or Legitimate interests.

Where we rely on legitimate interests, we perform a Legitimate Interests Assessment (LIA) to ensure our interests are not overridden by your rights and freedoms. You have the right to object (see §9).

4) Cookies & consent management

We use a cookie banner/manager to collect and remember your choices. Categories may include:

• Strictly necessary (cannot be switched off): security, load balancing, consent storage.

• Performance/analytics (opt-in in the EEA/UK).

• Functionality (e.g., remember preferences; opt-in where required).

• Advertising/targeting & affiliate (opt-in in the EEA/UK).

You can revisit choices anytime via Cookie Settings in our footer. If your browser sends a recognized Global Privacy Control (GPC) signal from the EEA/UK, we treat it as an opt-out of non-essential cookies where applicable.

5) Recipients & international transfers

We share data with trusted processors who help us run the Site, such as:

• Hosting & CDN (serve pages securely and quickly)

• Email service (manage newsletters and transactional emails)

• Analytics provider (aggregate usage insights with consent)

• Advertising partners / ad server (show and measure ads with consent)

• Affiliate network (track qualifying purchases with consent)

• Security & anti-spam (protect the Site)

• Commenting/UGC tools (if enabled)

Some recipients may be located outside your country (including the United States). Where data are transferred internationally, we rely on appropriate transfer safeguards such as:

• Standard Contractual Clauses (SCCs) and supplementary measures; and/or

• participation in an approved data-transfer framework (if applicable to a provider).

You can request information about the specific safeguards we use by contacting [p].

6) Data retention

We keep personal data only as long as needed for the purposes above:

• Comment & contact records: up to 24 months after last activity, unless needed longer for legal reasons.

• Newsletter contact data: until you unsubscribe, plus up to 24 months to maintain suppression records.

• Analytics & advertising identifiers: per your consent and provider defaults, typically 14–26 months unless you withdraw consent earlier.

• Server logs/security data: typically 90–180 days, unless needed to investigate incidents.

• Cookie consent records: up to 24 months (to demonstrate compliance).

When no longer needed, data are deleted or irreversibly anonymized, subject to technical backups.

7) Your rights (EEA/UK/CH)

Subject to the GDPR/UK GDPR and exceptions, you may have the right to:

• Access your personal data and receive a copy.

• Rectify inaccurate or incomplete data.

• Erase data (“right to be forgotten”).

• Restrict processing in certain circumstances.

• Portability (receive your data in a machine-readable format).

• Object to processing based on legitimate interests (including simple web measurement) and to direct marketing.

• Withdraw consent at any time where processing is based on consent (this does not affect prior lawful processing).

• Not be subject to a decision based solely on automated processing that produces legal or similar significant effects (we do not engage in such decisions).

• Complain to your local supervisory authority if you believe we’re not meeting our obligations.

8) Exercising your rights

To make a request, email [p] with:

1. what right you wish to exercise, 2) details to help us locate your data (e.g., email used), and 3) proof of identity if necessary.
   We will respond within one month (extendable by two months for complex/large requests; we’ll tell you if so). If we decline a request where exceptions apply, we’ll explain why and how to appeal.

To withdraw cookie consent, use Cookie Settings in the footer or clear cookies in your browser. To unsubscribe from emails, use the Unsubscribe link included in the footer of our messages.

9) Children

Our Site is intended for a general audience and is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we will take appropriate steps to delete it.

10) Automated decision-making & profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects. Where we use analytics or ad personalization with your consent, it may involve limited profiling to show more relevant content or ads. You can opt out by refusing or withdrawing consent in Cookie Settings.

11) Security

We take appropriate technical and organizational measures to protect personal data, including HTTPS/TLS, access controls, role-based permissions, and periodic review of processors. However, no method of transmission or storage is 100% secure.

12) EU/UK representatives (Article 27)

If we do not have an establishment in the EEA/UK but target or monitor individuals there, we will appoint:

• EU representative (Art. 27 GDPR):
  [EU Representative Company]
  [Address, Country]
  Email:[e]

• UK representative (Art. 27 UK GDPR):
  [UK Representative Company]
  [Address, UK]
  Email:[u]

These contacts are for supervisory authorities and data subjects only on GDPR matters. If already appointed, update the details above accordingly.

13) Data Protection Officer (if appointed)

If we designate a Data Protection Officer (DPO), their contact will appear here:

DPO:[Name / DPO Service Provider]
Email:[d]

If we have not appointed a DPO, you may still contact [p] for all privacy questions.

14) Record of processing & DPAs

We maintain an internal Record of Processing Activities (ROPA) describing categories of data, purposes, recipients, and retention periods as required by GDPR Art. 30.
We enter into Data Processing Agreements (DPAs) with our processors and require appropriate security, confidentiality, and international transfer safeguards.

15) Advertising, measurement & affiliates (EEA/UK behavior)

• Default state: In the EEA/UK/CH, non-essential cookies (analytics, ads, affiliate tracking) are off by default until you opt in.

• Your control: You can grant or deny consent by category, and withdraw later in Cookie Settings.

• Affiliate disclosure: If you click an affiliate link and purchase, we may earn a commission at no extra cost to you. Tracking relies on cookies only when you have consented.

16) How to contact us & lodge a complaint

Email (preferred):[p]

You also have the right to lodge a complaint with your local supervisory authority (e.g., in the EEA: your country’s Data Protection Authority; in the UK: the ICO). We encourage you to contact us first so we can try to resolve your concern.

17) Updates to this notice

We may update this GDPR notice from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the Effective date above and provide additional notice where required (e.g., a banner or email). Please review this page periodically.

Quick summary for visitors in the EEA/UK

• We only set non-essential cookies (analytics/ads/affiliate) with your consent.

• You can change your mind anytime via Cookie Settings.

• You can access, erase, port, object, and withdraw consent.

• We use trusted processors and SCCs or other safeguards for international transfers.

• Contact [p] for requests or questions.

My Recipe Critic is committed to transparency and control—so you can enjoy our recipes with privacy peace of mind.