CookMora GDPR Compliance Policy

1. Introduction

CookMora (accessible at https://cookmora.com) is committed to protecting the privacy and personal data of its users, visitors, and subscribers. This GDPR Compliance Policy explains how we collect, use, store, and safeguard personal data in accordance with the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR). By using our website, you consent to the practices described herein.

If you have any questions or concerns about this policy, please contact our Data Protection Officer at gdpr@cookmora.com.

2. Data We Collect

CookMora processes the following categories of personal data:

• Email addresses: collected when you subscribe to our newsletter, request a recipe, or contact us through the website.
• Cookies and similar tracking technologies: used to remember your preferences, analyse site usage, and deliver personalized content.
• Analytics data: aggregated information such as IP address, browser type, device type, pages visited, and time spent on each page, collected via Google Analytics and other web‑analytics services.

We do not collect sensitive data (e.g., health, racial, or religious information) unless you voluntarily provide it in a specific communication, in which case it will be treated with the same level of protection.

3. Legal Basis for Processing

Our processing activities are based on the following lawful grounds under GDPR:

• Consent (Article 6(1)(a)): When you voluntarily provide your email address or accept cookies, you give explicit consent for us to use that data for the purposes described at the point of collection.
• Legitimate Interests (Article 6(1)(f)): The use of analytics and non‑essential cookies is necessary for improving the website’s performance, security, and user experience. We have performed a balancing test to ensure that our interests do not override your fundamental rights.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. How We Protect Your Data

CookMora employs a range of technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers: Our hosting environment is protected by firewalls, intrusion‑detection systems, and regular security patches.
• Limited Retention: Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, pseudonymised form for a maximum of 24 months.
• Access Controls: Only authorised personnel with a legitimate business need can access personal data, and all access is logged and reviewed periodically.
• Data Breach Procedures: In the unlikely event of a breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

5. Your GDPR Rights

Under GDPR, you enjoy a series of rights concerning your personal data. Each right is listed below with a brief description and the method to exercise it.

• Right to Access

  You may request a copy of the personal data we hold about you, together with information about the purposes of processing, categories of data, and recipients. Submit your request via gdpr@cookmora.com.

• Right to Rectification

  If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it. Email the details of the correction to gdpr@cookmora.com.

• Right to Erasure (Right to be Forgotten)

  You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent. Send a deletion request to gdpr@cookmora.com. Note that we may retain data required for legal compliance (e.g., tax records).

• Right to Restrict Processing

  You can ask us to limit the processing of your data while we verify its accuracy or while we consider a request for erasure. Requests are handled via gdpr@cookmora.com.

• Right to Data Portability

  You may receive your personal data in a structured, commonly used, machine‑readable format (e.g., CSV) and transmit it to another controller. To request a portable copy, email gdpr@cookmora.com.

• Right to Object

  You have the right to object, on grounds relating to your particular situation, to the processing of your data for direct marketing, profiling, or legitimate‑interest based activities. Object by contacting gdpr@cookmora.com. We will cease the relevant processing unless we demonstrate compelling legitimate grounds that override your interests.

• Right to Withdraw Consent

  Where we rely on your consent (e.g., for newsletters or non‑essential cookies), you may withdraw it at any time. Withdrawal can be made by clicking the “unsubscribe” link in any email or by adjusting your cookie preferences on our site. You may also email gdpr@cookmora.com for assistance.

To exercise any of the above rights, please provide sufficient information to verify your identity (e.g., the email address used for registration). We will acknowledge receipt of your request within 5 business days and aim to respond no later than 30 days, in line with GDPR Article 12.

6. International Data Transfers

CookMora stores data on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for technical support), we will ensure an adequate level of protection through standard contractual clauses or other approved mechanisms.

7. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review the policy regularly.

8. Contact Information

For any inquiries, complaints, or to exercise your rights, please contact our Data Protection Officer: