GDPR Privacy Policy

Last updated: February 01, 2025

1. Introduction

This Privacy Policy explains how Gurus Recipes (“we,” “us,” or “our”) processes personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6(1):

2.1 Consent (Art. 6(1)(a) GDPR)

  • Newsletter subscription
  • Marketing communications
  • Cookie usage (except strictly necessary)
  • Profile customization

2.2 Contract Performance (Art. 6(1)(b) GDPR)

  • Account creation and management
  • Order processing
  • Recipe sharing functionality
  • Customer support

2.3 Legal Obligations (Art. 6(1)(c) GDPR)

  • Tax compliance
  • Business accounting
  • Response to legal requests
  • Data protection obligations

2.4 Legitimate Interests (Art. 6(1)(f) GDPR)

  • Website security
  • Fraud prevention
  • Service improvement
  • Analytics

3. Categories of Personal Data

3.1 Data You Provide

  • Name and surname
  • Email address
  • Postal address
  • Phone number
  • Account credentials
  • Recipe contributions
  • Profile information
  • Payment information
  • Communications with us

3.2 Automatically Collected Data

  • IP address
  • Device information
  • Browser type and version
  • Operating system
  • Access times and dates
  • Pages visited
  • Click patterns
  • Technical logs

3.3 Special Categories of Data

We do not intentionally collect or process special categories of personal data (Article 9 GDPR). Please do not provide such information through our platform.

4. Purpose of Processing

4.1 Essential Services

  • Account management
  • Recipe platform functionality
  • User authentication
  • Security measures
  • Technical support

4.2 Service Enhancement

  • Platform improvement
  • User experience optimization
  • Content personalization
  • Feature development
  • Performance monitoring

4.3 Communication

  • Service updates
  • Technical notifications
  • Customer support
  • Marketing (with consent)
  • Newsletters (with consent)

5. Data Recipient Categories

5.1 Internal Recipients

  • Customer service team
  • Technical support staff
  • Development team
  • Security personnel

5.2 External Recipients

  • Cloud service providers
  • Payment processors
  • Analytics services
  • Email service providers
  • Hosting providers

5.3 Third-Country Transfers

When we transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate safeguards
  • Data Processing Agreements

6. Data Retention Periods

6.1 Account Data

  • Active accounts: Duration of account existence
  • Deleted accounts: 30 days post-deletion
  • Backup data: Up to 90 days

6.2 Transaction Data

  • Active records: 7 years (legal requirement)
  • Payment information: As required by payment regulations

6.3 Communication Data

  • Customer service: 2 years
  • Marketing communications: Until consent withdrawal

6.4 Technical Data

  • Log files: 90 days
  • Analytics data: 26 months
  • Security logs: 12 months

7. Your Rights Under GDPR

7.1 Right to Access (Art. 15 GDPR)

  • Request confirmation of data processing
  • Obtain copy of personal data
  • Review processing purposes
  • Know recipient categories

7.2 Right to Rectification (Art. 16 GDPR)

  • Correct inaccurate data
  • Complete incomplete data
  • Update outdated information

7.3 Right to Erasure (Art. 17 GDPR)

  • Request data deletion
  • Remove consent-based processing
  • Object to processing

7.4 Right to Restriction (Art. 18 GDPR)

  • Limit processing scope
  • Temporary processing halt
  • Maintain necessary storage

7.5 Right to Data Portability (Art. 20 GDPR)

  • Receive structured data
  • Transmit data to others
  • Direct transfer where possible

7.6 Right to Object (Art. 21 GDPR)

  • Object to processing
  • Stop direct marketing
  • Withdraw consent

8. Technical and Organizational Measures

8.1 Data Security

  • Encryption (in transit and at rest)
  • Access controls
  • Authentication systems
  • Regular security assessments
  • Intrusion detection
  • Backup systems

8.2 Organizational Controls

  • Staff training
  • Confidentiality agreements
  • Access management
  • Security policies
  • Incident response plans
  • Regular audits

9. Cookie Management

9.1 Essential Cookies

  • Purpose: Core functionality
  • Legal basis: Contract performance
  • Duration: Session-based

9.2 Analytics Cookies

  • Purpose: Service improvement
  • Legal basis: Consent
  • Duration: 26 months maximum

9.3 Marketing Cookies

  • Purpose: Personalization
  • Legal basis: Consent
  • Duration: 12 months maximum

10. Data Protection Impact Assessment

We conduct DPIAs for high-risk processing activities, including:

  • Large-scale data processing
  • New technology implementation
  • Systematic monitoring
  • Automated decision-making

11. International Data Transfers

11.1 Transfer Mechanisms

  • EU Standard Contractual Clauses
  • Adequacy decisions
  • Binding Corporate Rules
  • Specific derogations

11.2 Transfer Safeguards

  • Data minimization
  • Encryption
  • Access controls
  • Transfer impact assessments

12. Data Breach Procedures

12.1 Notification Timeline

  • Authority notification: Within 72 hours
  • Data subject notification: Without undue delay
  • Documentation requirements

12.2 Response Measures

  • Containment procedures
  • Impact assessment
  • Remediation steps
  • Prevention measures

13. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority. For a list of supervisory authorities within the EU, please visit the European Data Protection Board website.

14. Policy Updates

14.1 Change Management

  • Regular review process
  • Update notifications
  • Version control
  • Archive maintenance

14.2 Communication

We will inform you about significant changes through:

  • Email notifications
  • Website notices
  • Application updates
  • Direct communications

15. Contact Information

For all data protection related inquiries:

  • Email: contact@gurusrecipes.com

Response timeframes:

  • General inquiries: 48 hours
  • Rights requests: 30 days
  • Complex requests: 90 days (with notification)

16. Additional Information

16.1 Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant impacts.

16.2 Children’s Data

We do not knowingly process data of children under 16 without parental consent.

16.3 Data Minimization

We collect and process only data that is necessary for the stated purposes.

This Privacy Policy was last updated on the date shown above and is regularly reviewed to ensure compliance with GDPR requirements.