GDPR Compliance Policy

At Kitchenmealworks (the “Company”), we are committed to protecting the privacy and personal data of all individuals who interact with our website, services, and products. This policy explains how we collect, use, share, and safeguard your data in full compliance with the General Data Protection Regulation (GDPR) and related European data‑protection laws.

1. Who We Are

Kitchenmealworks is a UK‑based online food service that delivers fresh, ready‑to‑cook meals to customers across the United Kingdom. Our legal entity is registered as Kitchenmealworks Ltd, registered number 12345678, and our registered office is located at 10 Food Lane, London, UK.

2. Data We Collect

We collect the following categories of personal data, primarily for the purpose of providing, improving, and marketing our services:

• Email addresses: used for account creation, order confirmation, newsletters, and promotional offers.
• Cookies and tracking pixels: used to remember user preferences, analyze site usage, and personalize content.
• Analytics data: aggregated information collected via Google Analytics, Matomo, or similar tools to understand traffic patterns and improve user experience.

3. Legal Basis for Processing

We rely on two primary lawful bases under Article 6 of the GDPR:

• Consent: when you opt‑in to receive marketing communications or when we use non‑essential cookies that require prior permission.
• Legitimate interest: for the purposes of maintaining and improving our services, ensuring secure transactions, and providing customer support.

4. Data Protection Measures

We take the security of your personal data seriously. The following safeguards are in place:

• SSL/TLS Encryption: all data transmitted between your browser and our servers is encrypted via HTTPS.
• Secure Servers: our hosting infrastructure is managed by reputable providers with regular security audits and intrusion detection systems.
• Access Controls: only authorized personnel with a legitimate business need can access personal data, and all staff undergo data‑protection training.
• Limited Retention: personal data is stored only as long as necessary to fulfill the purposes for which it was collected, after which it is securely deleted or anonymised.

5. Your GDPR Rights

Under the GDPR, you have the following rights with respect to your personal data. Each right is illustrated with an icon for quick reference.

• Right to Access: You may request a copy of the personal data we hold about you. We will provide this information in a structured, machine‑readable format within 30 days of receipt.
• Right to Rectification: If any of your personal data is inaccurate or incomplete, you can ask us to correct it. We will update the records promptly and confirm the changes to you.
• Right to Erasure: Also known as the “right to be forgotten,” you can request the deletion of your personal data when it is no longer necessary for the purposes we collected it, or if you withdraw consent and no other legal basis applies.
• Right to Restrict Processing: You may ask us to suspend the processing of your personal data in certain circumstances, such as when you contest its accuracy or when the processing is unlawful.
• Right to Data Portability: You can receive your personal data in a structured, commonly used format, and transfer it to another controller if desired.
• Right to Object: You may object to the processing of your data for direct marketing or profiling purposes. Upon receipt of an objection, we will cease such processing unless we can demonstrate compelling legitimate interests.
• Right to Withdraw Consent: If you have given us consent to process your data, you can withdraw it at any time. Withdrawal will not affect the lawfulness of any processing carried out before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact our Data Protection Officer (DPO) using one of the following methods:

• Email: [email protected]
• Mail: Kitchenmealworks Ltd, 10 Food Lane, London, UK.
• Online Form: Visit our privacy request page (requires login).

When contacting us, please provide sufficient information for us to verify your identity, such as your full name, email address associated with the account, and a brief description of the request. We will respond to all legitimate requests within 30 days, and in cases where more time is needed, we will inform you of the reason and provide a new deadline.

7. Retention of Personal Data

Personal data is retained only for as long as necessary to fulfil the purposes stated in this policy, or as required by law. Typical retention periods are:

• Order and payment data: 7 years for accounting and tax purposes.
• Email marketing preferences: until the user opts out or the data becomes obsolete.
• Analytics data: aggregated and anonymised after 12 months.

8. Data Transfers

We may transfer personal data to service providers located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in line with GDPR requirements.

9. Changes to This Policy

We reserve the right to update this policy at any time. Any changes will be posted on our website with a new “Last Updated” date. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

10. Contact Information

If you have any questions about this policy, your data, or any privacy concerns, please contact our Data Protection Officer at:

[email protected]
Kitchenmealworks Ltd, 10 Food Lane, London, UK

Last Updated: April 03, 2026