Privacy Policy

Privacy Policy for chef-speak.com

1. Introduction

At chef-speak.com (“the Website,” “we,” “us,” or “our”), we are firmly committed to protecting your privacy and safeguarding your personal data. We understand the importance of data protection and privacy rights, and we are dedicated to ensuring that the processing of all personal information complies with the applicable regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit or interact with chef-speak.com.

2. Scope and Data Controller

This Privacy Policy applies to all users of the Website and governs the collection and processing of personal information through or in connection with your use of chef-speak.com. chef-speak.com acts as the data controller for all personal data collected via the Website, and we are responsible for determining the purposes and means of processing your personal information.

If you have any questions regarding this policy or our data practices, you may contact us at: [email protected].

3. Categories of Personal Data Processed

We may collect and process the following personal data categories:

a. Usage Data
Includes information about how you use the Website, such as your browser type and version, IP address, time zone setting, access times, device identifiers, session identifiers, referral sources, and navigation paths within the Website.

b. Account Data
Includes information you provide when you register an account, such as your name, email address, mailing address, phone number, and login credentials.

c. Profile Data
Includes preferences, favorite recipes, previous purchases, saved content, behavioral data such as clickstream behavior, and other insights derived from your interaction with our Website.

d. Communication Data
Includes records of any correspondence with us, including support requests, surveys, user-submitted questions, and contact history.

e. Technical Data
Includes your device type, operating system, hardware version, device settings, system and performance data, and other technical configurations that help us optimize your user experience.

f. Transaction Data
Includes information related to purchases made on the Website, such as billing addresses, shipping details, payment confirmation, and transaction history. We do not directly store full credit card numbers; such data is handled by secure third-party payment processors.

g. Preference Data
Includes your marketing and communication preferences, consent settings, product interests, and information about your opt-in or opt-out status regarding cookies and email marketing.

4. Legal Bases for Processing

We rely on the following legal bases to process your personal data:

– Performance of Contract: When data processing is necessary to fulfill our contractual obligations or to take steps at your request before entering into a contract (e.g., processing purchases or service registrations).
– Legitimate Interest: Where we need to process your data to advance our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms (e.g., analytics, fraud prevention, customer service).
– Consent: Where we have obtained your clear and affirmative consent (e.g., for email marketing or the use of non-essential cookies).
– Legal Obligation: Where processing is necessary for compliance with a legal obligation (e.g., financial reporting, responding to official requests by public authorities).

5. Your Rights

Subject to applicable law and depending on your residency, you may have the following rights:

– Right of Access: To request a copy of the personal data we hold about you.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data, subject to certain legal exemptions.
– Right to Restriction: To request limited processing of your data in specific circumstances.
– Right to Portability: To receive a structured, commonly used, machine-readable format of the personal data you provided to us, and to request transmission to another controller.
– Right to Object: To object to processing based on our legitimate interests or for direct marketing.
– Right to Withdraw Consent: Where consent has been used as the legal basis for processing, you have the right to withdraw it at any time without affecting lawfulness of prior processing.
– California Consumer Rights (under CCPA): California residents have the right to request disclosures on what personal data we collect/sell, request deletion, and opt out of the sale of personal information.

To exercise these rights, please contact: [email protected].

6. Security Measures

The security of your personal data is a priority. We implement a comprehensive range of technical and organizational measures to safeguard your data, which include but are not limited to:

– Encryption of data transmissions via TLS/SSL
– Access controls with multi-factor authentication
– Regular security audits and system updates
– Data anonymization and pseudonymization where possible
– Staff training on data protection responsibilities
– Daily system backups and disaster recovery protocols

Although we take all reasonable precautions, no method of transmission over the Internet or storage system is entirely secure. As such, we cannot guarantee absolute security.

7. International Transfers

If we transfer your personal information outside your jurisdiction (for example, to our service providers or partners), we will ensure that appropriate safeguards are employed. For international data transfers from the European Economic Area (EEA), we rely on Standard Contractual Clauses or equivalent legal mechanisms as approved by the European Commission. We remain responsible for ensuring that your data protection rights travel with your data, regardless of the destination country.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the relevant purposes for processing, including legal, regulatory, tax, accounting, or reporting requirements. Specific retention timelines include:

– Account Data: Retained for the duration of your active account and for 6 years thereafter for recordkeeping purposes.
– Communication Data: Retained for 2 years from the last interaction.
– Transaction Data: Retained for 7 years to comply with financial and tax regulations.
– Usage, Technical, and Profile Data: Retained for up to 24 months to support analytics and site enhancements.
– Marketing Preferences: Retained until you update your preferences or withdraw consent.

We may anonymize data for statistical purposes in which case the information is no longer personal data.

9. Cookie Policy

Our Website uses cookies and similar tracking technologies that fall into the following categories:

– Essential Cookies: Required for basic Website functionality, such as account login and cart functionality.
– Functional Cookies: Enable enhanced functionality and customization, such as language preferences.
– Analytics Cookies: Help us understand user interaction through metrics like pages visited, time on site, and bounce rate; these are often set by third-party tools such as Google Analytics.
– Performance Cookies: Collect aggregated data on how Website is performing, for example to detect errors or monitor user experience consistency.

10. Cookie Management and Regulatory Compliance

We comply with the requirements of both the GDPR and CCPA in managing cookies. Upon your first visit to the Website, we display a cookie banner allowing you to accept or decline non-essential cookies. You may revisit or adjust your preferences at any time by accessing the cookie settings panel accessible on our Website footer.

For California residents, we do not sell your personal information as defined under CCPA. You may manage data sharing-related cookies as part of your opt-out preferences.

11. Children’s Privacy

chef-speak.com is not intended for use by children under the age of 13. In accordance with the Children’s Online Privacy Protection Act (COPPA) and similar legislation, we do not knowingly collect or solicit personal information from children. If we become aware that we have unintentionally collected data from a child under 13, we will take immediate steps to delete such information.

12. Policy Updates

We may update this Privacy Policy from time to time to reflect changes to our data practices or to comply with applicable regulatory requirements. Users will be notified of material changes through updates on the Website or via the contact information provided in their account. Continued use of the Website after any changes indicates your acceptance of the revised policy.

13. Contact Us

For questions, concerns, or to exercise any of your privacy rights, please contact our privacy team at:

Email: [email protected]

We are committed to maintaining compliance with GDPR and CCPA and ensuring your personal information is protected with transparency and accountability. If you have any further questions regarding our privacy practices, we encourage you to reach out to us directly.