GDPR Compliance

Your rights under the General Data Protection Regulation and how we protect your personal data

Our Commitment to GDPR Compliance

Kitchen Collective is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how we ensure your personal data is handled lawfully, fairly, and transparently.

GDPR gives individuals in the European Union (and similar regulations worldwide) significant control over their personal data. We respect these rights and have implemented systems and processes to honor them.

Your GDPR Rights

Right to Access

You have the right to know what personal data we hold about you and how we process it.

How to Exercise This Right:

• View your profile information from your Profile page
• See all your recipes, discussions, and replies in your Dashboard
• Request a comprehensive data report by contacting us

Right to Rectification

You have the right to correct inaccurate or incomplete personal data we hold about you.

How to Exercise This Right:

• Update your profile information from your Profile page
• Edit your recipes and content directly
• Contact us for assistance with data corrections

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

How to Exercise This Right:

• Delete individual recipes, discussions, or replies
• Request account deletion from your Account settings
• Contact us for specific deletion requests

Important: Account deletion is permanent and irreversible. All your data will be deleted within 30 days, except where we're legally required to retain it (e.g., financial records for tax purposes).

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another service.

How to Exercise This Right:

• Your account and profile information
• All recipes you've created (with images)
• Your discussions, replies, and votes
• Food preferences and settings

Data will be provided in JSON format within 30 days of your request.

Right to Restrict Processing

You have the right to limit how we use your data in certain situations, such as when you contest the accuracy of the data.

How to Exercise This Right:

Right to Object

You have the right to object to certain types of data processing, including processing for direct marketing.

How to Exercise This Right:

We currently don't send marketing emails. If we introduce them in the future, you'll have easy opt-out options. For other objections, contact us with details.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Our Current Status:

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects. If we introduce such features in the future, you'll be informed and given options to object or request human review.

Lawful Basis for Processing Your Data

Why and how we're allowed to process your data under GDPR

Contract Performance

Processing necessary to provide our services (account management, recipe storage, discussions) is based on the contract between you and Kitchen Collective when you create an account.

Legitimate Interests

We process some data based on legitimate interests (improving our services, security, fraud prevention) while ensuring your rights and interests are protected.

Consent

For certain processing activities (like future marketing communications), we'll ask for your explicit consent, which you can withdraw at any time.

Legal Obligations

Some processing is required to comply with legal obligations (e.g., retaining financial records for tax purposes).

Data Retention Policy

How long we keep your data

Active accounts:Data retained while your account is active and for 90 days after deletion request

Deleted accounts:Personal data permanently deleted within 30 days (except legal requirements)

Public content:Recipes and discussions may be anonymized rather than deleted to preserve community value

Logs and analytics:Anonymized usage data retained for up to 2 years for security and improvement purposes

Legal requirements:Some data may be retained longer if required by law (e.g., financial records for 7 years)

International Data Transfers

Our services are hosted on cloud infrastructure that may involve data transfers outside the European Economic Area (EEA).

We ensure all international transfers comply with GDPR through:

• Using service providers with adequate data protection safeguards
• Implementing Standard Contractual Clauses (SCCs) where required
• Ensuring appropriate technical and organizational measures are in place

How to Exercise Your Rights

To exercise any of your GDPR rights:

1. Use the self-service options in your Profile and Account pages when available
2. For requests requiring manual processing, contact us through our Contact page
3. Clearly state which right you wish to exercise and provide necessary details
4. We may need to verify your identity before processing certain requests

Response Timeline:

We'll respond to your request within 30 days. For complex requests, we may extend this to 60 days with explanation. All responses are provided free of charge unless your request is manifestly unfounded or excessive.

Right to Lodge a Complaint

If you believe we've mishandled your personal data or violated your GDPR rights, you have the right to lodge a complaint with a supervisory authority.

EU Residents: Contact your local Data Protection Authority. Find yours at edpb.europa.eu

We encourage you to contact us first so we can address your concerns directly.

Changes to GDPR Practices

We'll update this page if our GDPR practices change. Significant changes will be communicated via email or platform announcement.

Last updated: December 2024

Have Questions About Your Rights?

We're here to help you understand and exercise your GDPR rights.