GDPR Compliance Policy – CozyFlavorHome

Last Updated: April 03, 2026

Who We Are

CozyFlavorHome (the “Company”, “we”, “us”, or “our”) is a food‑blogging and recipe‑sharing website operating from the United Kingdom. We are committed to safeguarding your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under GDPR.

Personal Data We Collect

The only personal data we collect directly from visitors to cozyflavorhome.com is the email address you provide when you subscribe to our newsletter or register for a user account. In addition, we automatically collect the following data through standard web technologies:

• Cookies and Similar Technologies: We use first‑party cookies to maintain session state, remember user preferences, and enable newsletter subscriptions. Third‑party cookies are used by Google Analytics and other marketing partners for traffic analysis.
• Analytics Data: Google Analytics collects IP addresses, device information, and browsing behaviour to help us improve site usability and content relevance.

Legal Basis for Processing

Our processing activities are based on two lawful bases:

1. Consent: When you voluntarily provide an email address for newsletters or account registration, you give explicit consent for us to store and use that data for communication and account management.
2. Legitimate Interest: We process analytics data and cookies to understand user behaviour, improve our services, and comply with legal obligations. We have conducted a legitimate interest assessment to ensure that our interests do not override your privacy rights.

How We Protect Your Data

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3, ensuring that your personal information is protected against interception.

Secure Servers: Our hosting environment is hardened, monitored 24/7, and regularly audited by third‑party security firms. Access to personal data is limited to essential staff who require it to perform their duties.

Limited Retention: We retain email addresses for the duration of your subscription or account activity, and we delete them automatically after 12 months of inactivity. Analytics data is retained for 6 months, in line with Google Analytics’ retention settings, after which it is anonymised.

Your GDPR Rights

Right to Access

You have the right to request a copy of any personal data we hold about you. This includes the email addresses we store, the cookies set on your browser, and any analytics data that can be linked to you. We will provide this information in a commonly used, machine‑readable format within 30 days of your request.

Right to Rectification

If you find that any of your personal data is incorrect or incomplete, you may ask us to correct it. For example, if you typed an incorrect email address during subscription, we will update it promptly.

Right to Erasure (Right to be Forgotten)

You can request the deletion of your personal data, including your email address and any associated account data. If you are not a subscriber or registered user, we can delete the cookies and analytics data that can be directly linked to you, subject to legitimate interest and legal obligations.

Right to Restrict Processing

You may request that we restrict the processing of your personal data. For instance, if you contest the accuracy of a data point, we can suspend its use while we verify its correctness. This restriction will be applied until the issue is resolved.

Right to Data Portability

You can receive your personal data in a structured, commonly used, and machine‑readable format (e.g., JSON or CSV) and have the right to transmit that data to another controller, where technically feasible. We will provide the data within 30 days of your request.

Right to Object

You may object to the processing of your data for direct marketing purposes or for profiling. If you exercise this right, we will cease to use your data for these purposes immediately, unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

If you gave consent for us to send newsletters or store your email, you can withdraw that consent at any time by clicking the unsubscribe link in any email or contacting us at [email protected]. We will remove your email from our marketing lists within 30 days of your withdrawal.

How to Exercise Your Rights

To exercise any of the rights above, please send a written request to [email protected]. In your email, include the following details to help us identify your data quickly:

• Your full name
• The email address you used on our site
• A brief description of the request (e.g., “I want to delete my email address”)

We will acknowledge receipt of your request within 5 working days and respond within 30 days, as required by GDPR. If we need additional information to verify your identity, we will contact you to obtain it. Once your request is processed, we will confirm the action taken via email.

Data Security & Retention

All personal data is stored on encrypted servers located in the UK. We employ role‑based access controls, two‑factor authentication for administrative accounts, and regular penetration testing. Personal data is retained only for as long as it is necessary to achieve the purposes for which it was collected. After the retention period, data is securely erased or anonymised.

Contact Information

If you have any questions, concerns, or wish to lodge a complaint with a supervisory authority, please contact us at:

CozyFlavorHome – Data Protection Officer
Email: [email protected]

By using our website, you acknowledge that you have read, understood, and agreed to this GDPR Compliance Policy. We reserve the right to update this policy at any time. The most recent version will always be available on our site.