GDPR Compliance

Your data protection rights and how Kitchen Assistant complies with the General Data Protection Regulation

🛡️

🇪🇺 About GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens and unifies data protection for all individuals within the European Union (EU) and the European Economic Area (EEA).

Kitchen Assistant is committed to full GDPR compliance. This page explains how we protect your personal data, your rights under GDPR, and how to exercise those rights.

📊 Data We Collect

Transparency about what personal data we collect and why

👤 Account Information

What: Email address, username, account preferences

Why: To create and manage your account, sync data across devices

Legal Basis: Contractual necessity and legitimate interest

🍳 Recipe & Cooking Data

What: Recipes you create/save, cooking preferences, meal plans

Why: To provide the core functionality of the app

Legal Basis: Contractual necessity

📱 App Usage Analytics

What: Feature usage, app crashes, performance data (anonymized)

Why: To improve app functionality and user experience

Legal Basis: Legitimate interest

🎯 Points & Sharing Activity

What: Social sharing activity for points system

Why: To track earned points and provide extended access

Legal Basis: Consent and contractual necessity

⚖️ Your GDPR Rights

You have comprehensive rights over your personal data

Right to Information

You have the right to know what personal data we collect, how we use it, and who we share it with. This page and our Privacy Policy provide this information.

Right of Access

You can request a copy of all personal data we hold about you. We'll provide this in a commonly used electronic format within 30 days.

Right to Rectification

You can ask us to correct any inaccurate or incomplete personal data. You can update most information directly in the app settings.

Right to Erasure

You can request deletion of your personal data. You can delete your account directly in the app, or contact us for complete data removal.

Right to Restrict Processing

You can ask us to limit how we process your data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You can request your data in a machine-readable format to transfer to another service. We provide export functionality in the app.

Right to Object

You can object to processing based on legitimate interests. You can opt out of analytics and marketing in your account settings.

Rights Related to Automated Decision Making

We don't use automated decision-making or profiling, but you have the right to human review of any automated processes.

🔒 How We Protect Your Data

Technical Safeguards

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict authentication and authorization systems
  • Regular Security Audits: Continuous monitoring and vulnerability assessments
  • Data Minimization: We only collect data necessary for functionality

Organizational Measures

  • Privacy by Design: Data protection built into all systems from the start
  • Staff Training: Regular privacy and security training for all team members
  • Data Processing Agreements: GDPR-compliant contracts with all third parties
  • Incident Response: Clear procedures for handling any data breaches

🗓️ Data Retention

We only keep your personal data for as long as necessary:

Account Data

Retained while your account is active, plus 30 days after account deletion for backup purposes

Recipe & Cooking Data

Retained while your account is active. Deleted immediately when you delete your account

Analytics Data

Anonymized analytics retained for up to 2 years for service improvement

Communication Records

Support emails and communications retained for 3 years for quality assurance

🤝 Third Party Data Sharing

We are committed to minimal data sharing. We only share data with:

Essential Service Providers

  • Cloud Infrastructure: Secure hosting and database services (with GDPR-compliant contracts)
  • Analytics: Anonymized usage analytics to improve the app
  • Customer Support: Support ticket systems to help resolve your issues

We DO NOT Share Data With

  • ❌ Advertising companies
  • ❌ Data brokers
  • ❌ Social media platforms (unless you explicitly share)
  • ❌ Any company without a legitimate business need

International Transfers: If we transfer data outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses or adequacy decisions.

Exercise Your GDPR Rights

To exercise any of your GDPR rights, contact us using any of these methods:

📧 Email: Privacy Rights Request

📝 Contact Form: Use our secure contact form

📱 In-App: Use the "Data Rights" section in app settings

Response Time: We will respond to all requests within 30 days (or 60 days for complex requests with notification).

Verification: We may ask you to verify your identity to protect your data from unauthorized access.

⚖️ Complaints & Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

For EU/EEA Residents

You can contact the supervisory authority in your country. A full list is available at: European Data Protection Board

Austrian Data Protection Authority

As we are based in Vienna, Austria, our lead supervisory authority is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien, Austria
Email: dsb@dsb.gv.at

Preferred Resolution

Before filing a complaint with a supervisory authority, we encourage you to contact us directly. We are committed to resolving any privacy concerns quickly and fairly.

📅 Updates to This Page

Last Updated: January 2025

We may update this GDPR compliance page to reflect changes in our data processing activities or legal requirements. We will notify you of any material changes through the app or email.

Version History:

  • v1.0 (January 2025) - Initial GDPR compliance page