GDPR Compliance Policy – Dishyday

This GDPR Compliance Policy (the “Policy”) explains how Dishyday (the “Company”, “we”, “us” or “our”) collects, processes, stores and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). By using our website at https://dishyday.info you acknowledge that you have read, understood and agreed to this Policy.

1. Data We Collect

Dishyday collects the following types of personal data:

Email addresses – When you subscribe to our newsletter, register for an account, or contact us for support.
Cookies and similar tracking technologies – We use first‑party and third‑party cookies to remember your preferences, analyze traffic patterns and personalize content.
Analytics data – Google Analytics, Plausible and other analytics services record anonymized IP addresses, device information, and browsing behaviour to help us improve the user experience.

2. Legal Basis for Processing

The processing of your personal data is based on the following lawful bases:

Consent – For newsletter subscriptions, account creation and optional marketing communications. Consent is freely given, specific, informed and unambiguous.
Legitimate Interest – For website analytics, security monitoring, and improving our services. We conduct a legitimate interest assessment to ensure that these interests do not override your rights.

3. Data Protection Measures

We employ a range of technical and organisational measures to protect your personal data:

Transport Layer Security (TLS) – All data transmitted between your browser and our servers is encrypted using TLS 1.3.
Secure servers – Our hosting environment is protected by firewalls, intrusion detection systems, and regular vulnerability scans.
Access controls – Personal data is accessible only to employees who require it to perform their job functions, and all staff complete confidentiality training.
Data minimisation and retention – We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations.

4. Your GDPR Rights

Under the GDPR, you have the following rights with respect to your personal data. Each right is illustrated with an icon for quick reference.

Right to Access

You can request a copy of the personal data we hold about you. We will provide the information in a structured, commonly used, and machine‑readable format within 30 days of your request.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may ask us to correct it. We will update the data promptly and inform you once the correction is completed.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data where no legal basis for processing remains. We will remove the data from all our systems unless a statutory retention requirement applies.

Right to Restrict Processing

Under certain circumstances, you can ask us to limit how we process your data (e.g., if you contest its accuracy). We will store the data but will not use it for further processing until the restriction is lifted.

Right to Data Portability

You can obtain your personal data in a structured, machine‑readable format and transfer it to another controller. We will provide the data in a commonly used format (e.g., CSV or JSON) within 30 days.

Right to Object

You can object to the processing of your data for direct marketing or profiling purposes. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate interests that override your objection.

Right to Withdraw Consent

If you have given us consent for any processing activity, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of any processing that was carried out before the withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights described above, please contact us at [email protected] with a brief description of your request. When possible, include identifying information (e.g., email address, username, or any other unique identifier) so we can locate your data quickly.

We will respond to your request within 30 calendar days. If the request is complex or requires additional verification, we may extend the period by a further 30 days. In such cases, we will inform you of the extension and the reason for the delay.

6. Data Retention

Dishyday retains personal data for the periods specified below unless a longer retention period is required by law:

Email addresses: 5 years from the last interaction.
Cookies and analytics data: 6 months for session cookies; 1 year for persistent cookies.
Other data: as required for contractual obligations or legal claims.

7. Security of Your Data

We treat your personal data with the highest level of security. In addition to the measures listed in section 3, we conduct regular penetration testing and vulnerability assessments. All staff members undergo annual security awareness training, and we enforce strict password policies and two‑factor authentication for internal access.

8. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where necessary, inform affected individuals directly with clear guidance on protective actions.

9. Changes to This Policy

We reserve the right to update this Policy at any time. Any changes will be posted on this page with a revised “Last Updated” date. Your continued use of our website after any changes constitutes acceptance of the new terms.

10. Contact Us

If you have questions, concerns, or wish to exercise your GDPR rights, please reach out to us at:

Website: https://dishyday.info
Email: [email protected]
Address: 42 Culinary Lane, Flavor Town, FL 12345, USA

Last Updated: April 03, 2026