GDPR COMPLIANCE STATEMENT

Last Updated: October 30, 2025

Our Commitment to GDPR

Yum Recettes is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA).

Data Controller Information

Yum Recettes acts as the data controller for personal information collected through our website.

Contact Details:

  • Entity Name: Yum Recettes
  • Email: gdpr@yumrecettes.com
  • Address: [Your Business Address]

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent (Article 6(1)(a))

  • Newsletter subscriptions
  • Cookie consent
  • Marketing communications
  • Optional data collection

Legitimate Interest (Article 6(1)(f))

  • Website analytics and improvement
  • Fraud prevention and security
  • Direct marketing to existing users
  • Network and information security

Legal Obligation (Article 6(1)(c))

  • Compliance with applicable laws
  • Responding to legal requests
  • Tax and accounting requirements

Contract Performance (Article 6(1)(b))

  • Providing requested services
  • Fulfilling user requests
  • Account management

Your GDPR Rights Explained

1. Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this information within one month of your request.

What you will receive:

  • Confirmation of data processing
  • Copy of your personal data
  • Information about data usage and sharing
  • Data retention periods

2. Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data. We will update your information within one month and notify relevant third parties if necessary.

3. Right to Erasure / Right to be Forgotten (Article 17)

You can request deletion of your personal data when:

  • Data is no longer necessary for original purpose
  • You withdraw consent
  • You object to processing
  • Data was unlawfully processed
  • Legal obligation requires deletion

Exceptions:
We may retain data when required for legal compliance, establishing legal claims, or exercising freedom of expression.

4. Right to Restrict Processing (Article 18)

You can request we limit how we use your data when:

  • You contest data accuracy
  • Processing is unlawful but you oppose deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

5. Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

6. Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds.

7. Right to Withdraw Consent (Article 7(3))

You can withdraw consent at any time for consent-based processing. This does not affect the lawfulness of processing before withdrawal.

8. Right Not to be Subject to Automated Decision-Making (Article 22)

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

How to Exercise Your Rights

To exercise any GDPR rights:

  1. Email: gdpr@yumrecettes.com
  2. Subject Line: Include “GDPR Request” and specify your right
  3. Information Needed: Provide sufficient details to identify your data
  4. Verification: We may request identification to verify your identity
  5. Response Time: We will respond within one month (extendable to three months for complex requests)

Data Protection Measures

We implement appropriate technical and organizational measures:

Technical Measures

  • SSL/TLS encryption for data transmission
  • Encrypted data storage
  • Regular security updates and patches
  • Firewall and intrusion detection systems
  • Access controls and authentication
  • Regular security audits and testing

Organizational Measures

  • Data protection policies and procedures
  • Staff training on data protection
  • Data processing agreements with third parties
  • Privacy by design and by default
  • Data protection impact assessments
  • Incident response procedures

Data Processing Agreements

All third-party service providers who process personal data on our behalf have signed Data Processing Agreements (DPAs) ensuring GDPR compliance. Our processors include:

  • Web hosting providers
  • Email service providers
  • Analytics platforms
  • Payment processors (if applicable)
  • Cloud storage services

International Data Transfers

When we transfer data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Binding Corporate Rules where applicable
  • Explicit consent for specific transfers

Data Breach Procedures

In the event of a personal data breach:

  1. Detection and Assessment: We will assess the breach severity within 24 hours
  2. Authority Notification: We will notify the relevant supervisory authority within 72 hours when required
  3. Individual Notification: We will inform affected individuals without undue delay if there is a high risk to rights and freedoms
  4. Documentation: We maintain records of all data breaches including facts, effects, and remedial actions

Supervisory Authority

If you are not satisfied with how we handle your data or your rights requests, you have the right to lodge a complaint with your local data protection authority.

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

Children’s Data Protection

We do not knowingly collect or process personal data from children under 16 without parental consent. If we discover such data, we will delete it immediately.

Cookie Consent Management

We obtain explicit consent before placing non-essential cookies. Our cookie consent banner allows you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize cookie preferences
  • Access detailed cookie information
  • Withdraw consent at any time

Data Retention Schedule

Data TypeRetention PeriodLegal Basis
Newsletter subscriptionsUntil unsubscribeConsent
Comments and reviewsIndefinite or until deletion requestedLegitimate interest
Analytics data26 monthsLegitimate interest
Contact form inquiries2 yearsLegitimate interest
Account dataUntil account deletionContract
Legal documentationAs required by lawLegal obligation

Privacy by Design and Default

We implement privacy by design principles:

  • Data minimization: We collect only necessary data
  • Purpose limitation: Data used only for stated purposes
  • Storage limitation: Data kept no longer than necessary
  • Integrity and confidentiality: Appropriate security measures
  • Accountability: We demonstrate compliance

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that pose high risks to individual rights and freedoms, including:

  • Large-scale processing of special category data
  • Systematic monitoring of publicly accessible areas
  • Automated decision-making with legal effects
  • Processing involving new technologies

Transparency and Information

We are committed to transparency in our data processing activities. This statement, along with our Privacy Policy, provides clear and accessible information about:

  • What data we collect
  • Why we collect it
  • How we use it
  • Who we share it with
  • How long we keep it
  • Your rights regarding your data

Regular Reviews and Updates

We regularly review our data protection practices and update our policies to ensure ongoing GDPR compliance. This statement was last updated on October 30, 2025.

Questions and Contact

For any questions about GDPR compliance or our data protection practices:

GDPR Inquiries: gdpr@yumrecettes.com
General Privacy: privacy@yumrecettes.com
Data Protection Officer (if applicable): dpo@yumrecettes.com