GDPR Compliance Policy for Kitchenfastmeals

Last Updated: April 03, 2026

1. Introduction

Kitchenfastmeals (the “Company”, “we”, “our”, “us”) is committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the GDPR. If you have any questions or concerns about your data, please contact us at [email protected].

2. Data We Collect

Email addresses: Collected when you sign up for newsletters, place orders, or request customer support.
Cookies and similar technologies: Used to personalise your experience, analyse traffic, and remember your preferences.
Web analytics data: Includes IP addresses, device information, and browsing behaviour gathered via Google Analytics and other third‑party services.

3. Legal Basis for Processing

We process personal data on the basis of:

Consent: When you voluntarily provide your email address or opt‑in to marketing communications, we rely on your explicit consent.
Legitimate interest: We use cookies and analytics to improve our website’s functionality and to deliver relevant content. We conduct a legitimate interest assessment to ensure that our interests do not override your fundamental rights.
Contractual necessity: Processing of email addresses and order information is necessary to fulfil our contractual obligations with you.

4. How We Protect Your Data

SSL encryption: All data transmitted between your browser and our servers is protected by TLS 1.3.
Secure servers: We host our services on ISO 27001‑certified data centres with regular penetration testing.
Limited retention: Personal data is retained only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

5. Your GDPR Rights

You have the following rights regarding your personal data. To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Right to Access

You may request a copy of all personal data we hold about you, including the purposes of processing, categories of data, recipients, and the source of the data.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure

Also known as the “right to be forgotten”. You may ask us to delete your personal data if it is no longer necessary or if you withdraw consent.

Right to Restrict Processing

Under certain circumstances, you can request that we restrict the processing of your data, for example while we verify its accuracy.

Right to Data Portability

You may receive your personal data in a structured, commonly used format and request its transfer to another controller.

Right to Object

You can object to the processing of your data for direct marketing purposes or profiling, and we must stop processing unless we can show compelling legitimate grounds.

Right to Withdraw Consent

You can withdraw consent at any time. We will cease processing your data for the purposes for which you gave consent, unless another legal basis applies.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please send a written request to [email protected] with the following information:

Your full name and contact details.
A clear statement of the right you wish to exercise.
Any supporting documentation that proves your identity (e.g., a copy of your passport or driver’s licence).

We will confirm receipt of your request within 5 business days and respond in full within 30 days. If you need to expedite your request, please include a brief explanation of the urgency. In exceptional circumstances, we may require additional verification to protect your privacy and security.

7. Retention Periods

Personal data is retained for the period necessary to fulfil the purposes for which it was collected or to meet legal obligations. Typical retention periods are:

Email addresses: up to 5 years after the last interaction, unless you opt‑out earlier.
Order and transaction data: until the end of the statutory accounting period (7 years).
Analytics data: aggregated and anonymised for 12 months.

8. Data Security Measures

We employ industry‑standard security practices to safeguard your data, including:

Encryption of data in transit (TLS 1.3) and at rest (AES‑256).
Regular vulnerability assessments and penetration testing.
Role‑based access controls and two‑factor authentication for staff.
Annual data protection impact assessments (DPIA).

9. Third‑Party Transfers

We may share your personal data with trusted third‑party service providers (e.g., payment processors, email marketing platforms) that comply with GDPR. All such providers sign data processing agreements that enforce GDPR‑compliant safeguards. Data is not transferred outside the European Economic Area unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

10. Contact Information

If you have any questions about this policy, wish to lodge a complaint, or want to exercise your rights, please contact our Data Protection Officer:

Kitchenfastmeals
GDPR Officer
Email: [email protected]

For complaints to supervisory authorities, you may contact the Information Commissioner’s Office (ICO) in the UK or the relevant Data Protection Authority in the EU.

11. Policy Updates

We may update this policy from time to time. The revised version will be posted on our website with the new “Last Updated” date. We encourage you to review this policy periodically to stay informed about how we handle your personal data.