Dishtodelight GDPR Compliance Policy

Dishtodelight (“we”, “our”, “us”) is committed to protecting the privacy and personal data of our users in accordance with the European Union General Data Protection Regulation (GDPR) and other applicable data‑protection laws. This policy explains what personal data we collect, how we use it, the legal bases for processing, and the rights you have as a data subject.

1. Data We Collect

• Email addresses: We collect your email address when you register for an account, subscribe to our newsletter, or place an order. This data is used to communicate with you, provide customer support, and send transactional information.
• Cookies and similar technologies: Our website uses first‑party cookies to remember your preferences, keep you logged in, and to provide a personalized user experience. We also use third‑party cookies from analytics providers (e.g., Google Analytics) to collect anonymous usage data.
• Analytics data: We gather aggregated, non‑personal data about how visitors interact with our site (page views, session duration, device type, etc.) to improve functionality and performance. This data is anonymised and does not identify you individually.

2. How We Protect Your Data

We implement a range of technical and organisational measures to safeguard your personal data:

• All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS).
• We store personal data on secure, access‑controlled servers hosted in data centres that meet ISO 27001 and SOC 2 compliance standards.
• Personal data is encrypted at rest using AES‑256 encryption.
• Access to personal data is limited to authorised personnel who require it for legitimate business purposes, and all staff undergo regular data‑protection training.
• We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. After that, data is securely deleted or anonymised.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you sign up for our newsletter, create an account, or opt‑in to marketing communications, you give explicit consent. You can withdraw this consent at any time by contacting us.
• Legitimate Interest: We process data that is necessary for the legitimate interests of Dishtodelight, such as improving our services, analysing usage patterns, and ensuring the security of our website. We conduct a proportionality assessment to ensure that these interests do not override your fundamental rights.

4. Your GDPR Rights

Under the GDPR you have the following rights. The icons beside each right are from Bootstrap Icons.

• Right to Access – You can request a copy of the personal data we hold about you.
• Right to Rectification – You can ask us to correct inaccurate or incomplete data.
• Right to Erasure – You may request deletion of your personal data, subject to legal retention obligations.
• Right to Restrict Processing – You can restrict the processing of your data if you contest its accuracy or the legality of its use.
• Right to Data Portability – You can obtain your data in a structured, commonly used format and transfer it to another controller.
• Right to Object – You can object to processing for direct marketing, profiling, or other purposes.
• Right to Withdraw Consent – You can withdraw consent at any time without affecting the lawfulness of processing that relied on consent before withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. In your message, include:

• Your full name and the email address you used on Dishtodelight.
• A clear statement of the request (e.g., “I would like to exercise my Right to Access my personal data”).
• Any additional information that will help us identify your account (e.g., order number, subscription ID).

We will respond to your request within 30 days of receiving it, in line with GDPR requirements. If we need more information to verify your identity or to fulfil your request, we will contact you for clarification. In some cases, we may be unable to comply fully (for example, if the data is needed for a legal obligation). In such instances, we will inform you of the reason and any alternative measures you can take.

6. Retention of Personal Data

We retain personal data for the shortest time necessary to fulfil the purposes for which it was collected. Typical retention periods are:

• Account information – until account deletion or a maximum of 10 years, whichever is sooner.
• Order and transaction data – 7 years for tax and accounting purposes.
• Marketing preferences – until you opt‑out or delete your account.

7. Contact Us

If you have any questions about this GDPR Compliance Policy, or if you wish to exercise your rights, please email us at [email protected]. We will respond within 30 days.

Last Updated: April 03, 2026