GDPR & CCPA Privacy Policy

Last Updated: June 5, 2025

1. Introduction

Delishy.site (“we,” “our,” or “us”) is committed to protecting the privacy and rights of our users, including those in the European Economic Area (EEA) and California. This Policy describes how we collect, use, store, and disclose personal data in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By accessing or using Delishy.site, you agree to the terms outlined in this Policy.

2. Data Controller

For the purposes of GDPR and CCPA, Delishy.site is the data controller (and “business” under CCPA) of personal data collected through our website. You may contact us at:

  • Email: [email protected]
  • Phone: +1 (816) 478-6958
  • Address: 16506 E US Highway 40, Independence, Missouri, USA

3. Personal Data We Collect

We may collect and process the following categories of personal data from users of Delishy.site:

  1. Identity Data: First name, last name, username, or similar identifiers.
  2. Contact Data: Email address; if you choose to provide additional contact information (e.g., postal address, phone number), we collect that too.
  3. Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  4. Usage Data: Information about how you use our website, content, products, and services (e.g., pages visited, recipes viewed).
  5. Profile Data: Your username and password (if you register), preferences, interests, and feedback or survey responses.
  6. Marketing & Communications Data: Your preferences for receiving marketing materials and your communication preferences (e.g., newsletter subscriptions).

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data on one or more of the following bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., subscribing to our newsletter).
  • Contract: Where processing is necessary for the performance of a contract with you (e.g., delivering digital products you’ve purchased, or managing your user account).
  • Legitimate Interests: Where processing is required for our legitimate interests (e.g., improving our website, defending legal claims), provided those interests do not override your rights and freedoms.
  • Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation (e.g., record-keeping, tax reporting).

5. Your Rights Under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

  1. Right of Access: Request copies of the personal data we hold about you.
  2. Right to Rectification: Request correction of any inaccurate or incomplete personal data.
  3. Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data if there is no compelling reason for us to continue processing it.
  4. Right to Restrict Processing: Request that we limit how we use your personal data.
  5. Right to Data Portability: Request that we transfer your personal data to another controller or to you, in a structured, commonly used, machine-readable format.
  6. Right to Object: Object to our processing of your personal data for direct marketing or on grounds relating to your particular situation.
  7. Rights Related to Automated Decision Making & Profiling: If we engage in any automated decision making (including profiling), you have the right to request human intervention, express your point of view, and contest the decision.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request, unless we require an extension (in which case we will inform you of the delay).

6. Your Rights Under CCPA (California Residents)

If you are a California resident, the following rights apply in addition to any rights you have under GDPR (if applicable):

  1. Right to Know / Access: You may request disclosure of the categories and specific pieces of personal data we have collected about you.
  2. Right to Delete: You have the right to request deletion of personal data that we have collected from you, subject to certain exceptions (e.g., if we need the data to complete a transaction, comply with a legal obligation, or maintain security).
  3. Right to Opt-Out of Sale: We do not “sell” personal data as defined under CCPA. However, if we ever engage in data sharing that constitutes a “sale,” you will have the right to opt out.
  4. Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

To submit a request under CCPA, please email us at [email protected] or call +1 (816) 478-6958. We may need to verify your identity before fulfilling your request.

7. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To operate, maintain, and improve Delishy.site (e.g., tailoring content, troubleshooting technical issues, performing analytics).
  • To create and manage user accounts and deliver services you request (e.g., saving favorite recipes, posting comments).
  • To communicate with you regarding updates, newsletters, promotions, or account notifications (with your consent, where required).
  • To personalize and enhance user experience (e.g., displaying relevant recipes).
  • To process transactions, including payment and delivery of digital goods, if applicable.
  • To comply with legal obligations (e.g., tax, accounting, or regulatory requirements).
  • To protect Delishy.site, our users, and our rights—preventing fraud or abusive behavior.

8. Data Retention

We will retain your personal data only as long as necessary to fulfill the purposes for which we collected it, including for legal, accounting, or reporting requirements. When determining retention periods, we consider:

  • The amount, nature, and sensitivity of the personal data.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for which we process the data and whether we can achieve those purposes using other means.
  • Applicable legal or regulatory requirements (e.g., tax laws, statutes of limitation).

After the retention period expires, we will delete or anonymize your personal data in a secure manner.

9. Data Security

We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit (e.g., HTTPS/TLS).
  • Access controls limiting data to employees, contractors, or agents who need it to perform their jobs.
  • Regular security assessments to identify and address vulnerabilities.
  • Secure disposal or anonymization of data when it is no longer required.

However, no method of data transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. International Data Transfers

Delishy.site is based in the United States, and your information may be stored, processed, or accessed in countries outside the EEA and California. Whenever we transfer your personal data outside the EEA or to third parties that require adequate protections, we ensure appropriate safeguards, such as:

  • Adequacy Decisions: Transferring to countries the European Commission deems to have adequate data protection laws.
  • Standard Contractual Clauses (SCCs): Entering into EU-approved data transfer agreements with our service providers.
  • Binding Corporate Rules (BCRs): If applicable, using internal rules approved by an EU supervisory authority.

For transfers from California, we rely on standard contractual provisions or other legally recognized mechanisms to ensure data remains protected.

11. Data Breach Notification

In the event of a personal data breach that affects personal data under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to user rights and freedoms. If the breach poses a high risk to your rights and freedoms, we will also notify you without undue delay.

Under CCPA, if a data breach affects residents of California and involves unencrypted personal information, we will comply with applicable California notification laws and notify affected individuals as required by law.

12. Children’s Privacy

Delishy.site is not directed to children under 13 years old, nor do we knowingly collect personal data from children under 13. If we learn that we have collected personal data from a child under 13 without valid parental consent, we will promptly delete that information. If you believe we might have any information from a child under 13, please contact us at [email protected].

13. Changes to This Policy

We may update this GDPR & CCPA Privacy Policy from time to time. When we make changes, we will post the revised Policy on this page with the “Last Updated” date. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our processing practices, please contact us:

  • Email: [email protected]
  • Phone: +1 (816) 478-6958
  • Address: 16506 E US Highway 40, Independence, Missouri, USA

You also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable law.