GDPR Compliance Policy – Mydinnerjoy

Last Updated: April 03, 2026

My dinnerjoy (hereafter “Mydinnerjoy”, “we”, “us”, or “our”) respects your privacy and is committed to protecting the personal data you share with us. This policy explains how we collect, use, store, and safeguard your information in accordance with the European Union General Data Protection Regulation (GDPR) and the ePrivacy Directive. By accessing or using our services, you acknowledge that you have read, understood, and agree to the terms described below.

1. Data We Collect

We gather only the data necessary to provide, maintain, and improve our services. The categories of data we collect include:

Email addresses – for account registration, login, password recovery, newsletters, and service notifications.
Cookies and similar technologies – to remember your preferences, authenticate sessions, and analyze traffic patterns.
Analytics data – such as IP addresses, browser types, operating systems, and page views, collected via Google Analytics (with anonymization enabled) to understand user behavior and improve user experience.

2. Legal Basis for Processing

We process your personal data under the following lawful bases:

Consent – when you explicitly agree to receive marketing communications or when we use cookies that are not strictly necessary for the functioning of the site.
Legitimate Interest – for purposes such as improving our services, ensuring security, and preventing fraud. We conduct a legitimate interest assessment to balance our interests with your privacy rights.
Contractual Necessity – for processing data essential to the execution of a contract you have entered with us (e.g., account creation, order fulfillment).

3. Data Protection Measures

We employ robust technical and organizational measures to safeguard your data:

SSL/TLS Encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers – hosted on reputable cloud platforms with multi‑factor authentication, regular security audits, and intrusion detection systems.
Access Controls – only authorized personnel with a legitimate need can access personal data, and all staff undergo GDPR training.
Data Minimization & Retention – we retain personal data only as long as necessary to fulfill the purposes stated or to comply with legal obligations. For example, email addresses are kept for the duration of your account activity and are automatically deleted after 12 months of inactivity.

4. Your GDPR Rights

Under the GDPR, you have the following rights concerning your personal data. For each right, we provide a short description and an icon for quick reference.

Right to Access

You may request a copy of the personal data we hold about you, along with details of the processing activities, sources of the data, and intended recipients.

Right to Rectification

If your data is inaccurate or incomplete, you can ask us to correct or complete it. We will respond within 30 days.

Right to Erasure

You may request deletion of your personal data, provided no legal obligation requires us to retain it (e.g., statutory record‑keeping).

Right to Restrict Processing

In certain circumstances, you can ask us to suspend the processing of your data while we verify its accuracy or the legality of the processing.

Right to Data Portability

You may receive your personal data in a structured, commonly used format (e.g., CSV) and transfer it to another controller.

Right to Object

At any time, you can object to the processing of your data for direct marketing or profiling purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

If you have given us consent, you can withdraw it at any time. This will not affect the lawfulness of any processing carried out before withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. Your request should include:

Full name and contact details (email or phone).
Clear statement of the right you wish to exercise.
Any relevant identifiers (e.g., account ID, email address) that help us locate your data.

We will confirm receipt of your request within 5 business days and respond within 30 days, as required by GDPR. If we need additional information to verify your identity, we may request proof of identity, but we will never ask for sensitive personal data such as credit card numbers or bank details.

6. Data Retention and Deletion

We retain personal data for the period necessary to fulfill the purposes for which it was collected, including:

Account management – until account deletion or 12 months of inactivity.
Legal obligations – financial records for 7 years, as required by tax regulations.
Security and fraud prevention – up to 3 years from the last activity.

When data is no longer needed, we securely delete or anonymize it. For deletion requests, we will remove your data from all active databases and backup copies, subject to legal retention requirements.

7. Security Breach Notification

In the unlikely event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms. Our incident response plan ensures swift containment, investigation, and remedial action.

8. Contact Information

If you have any questions about this policy, wish to exercise your rights, or need assistance, please reach out to:

Email: [email protected]
Address: Mydinnerjoy, 123 Culinary Lane, Food City, FC 45678, United Kingdom

We reserve the right to update this policy from time to time. Any changes will be posted on this page with a new “Last Updated” date. Continued use of our services after such changes constitutes acceptance of the updated policy.