GDPR

GDPR Compliance Addendum for Morganrecipes.com

Last Updated: [09/04/2025]

If you are located in the European Economic Area (EEA) or the UK, the GDPR grants you additional rights regarding your personal data. Below, we outline how morganrecipes.com complies with these requirements:

1. Lawful Basis for Processing Data 

We process your data only when we have a lawful basis, including:

  • Consent: For newsletters, comments, or cookies (you may withdraw consent at any time).
  • Legitimate Interest: For analytics, security, and improving our services.
  • Contractual Necessity: If you engage in a service (e.g., submitting a recipe request).

2. Your GDPR Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Ask us to delete your data (e.g., unsubscribe from newsletters).
  • Restrict Processing: Limit how we use your data in certain circumstances.
  • Data Portability: Receive your data in a machine-readable format.
  • Object: Object to processing based on legitimate interests (e.g., direct marketing).

To exercise these rights, email [[email protected]]. We will respond within 30 days.

3. Data Protection Measures

  • SSL Encryption: All data transmissions are secured via HTTPS.
  • Minimization: We only collect data necessary for stated purposes.
  • Storage: Data is retained only as long as needed (e.g., newsletter emails until you unsubscribe).

4. Third-Party GDPR Compliance

We use GDPR-compliant vendors, including:

  • Google Analytics: Anonymizes IP addresses and offers data retention controls.
  • Email Providers (e.g., Mailchimp): Include GDPR-friendly features like double opt-ins and easy unsubscribes.
  • Ad Networks: Require partners to comply with GDPR consent standards (e.g., using TCF 2.0 frameworks).

5. International Data Transfers

If data is transferred outside the EEA (e.g., to US-based servers), we ensure safeguards such as:

  • Standard Contractual Clauses (SCCs).
  • Privacy Shield-certified partners (where applicable).

6. Data Breach Notification

In the unlikely event of a breach that risks your rights, we will notify you and relevant authorities within 72 hours, as required by GDPR.

7. Consent Management

  • Cookies: We use a cookie consent banner (e.g., “Accept/Reject”) to request permission before placing non-essential cookies.
  • Newsletters: Use double opt-in confirmation for subscribers.

8. Updates to GDPR Compliance

We will revise this section as regulations evolve. Significant changes will be communicated via email or a site notice.

Contact Us for GDPR Requests

For questions or to exercise your GDPR rights, contact:
Email: [email protected]

Additional Steps for Full Compliance

  1. Appoint a Representative: If you target EU users but are based outside the EU, appoint a GDPR representative in the EU.
  2. Cookie Consent Tool: Implement a GDPR-compliant plugin (e.g., CookieYes, Osano).
  3. Data Processing Agreement (DPA): Sign DPAs with third-party vendors (e.g., Google Analytics).
  4. Audit Data Flows: Map how data is collected, stored, and shared.