GDPR Compliance Policy – Dinnerlyx
Dinnerlyx (the “Company”) is committed to protecting your privacy and ensuring that your personal data is processed in full compliance with the European Union’s General Data Protection Regulation (GDPR) and related data‑protection laws. This policy explains what personal data we collect, how it is processed, your rights under the GDPR, and how you can exercise those rights.
Last Updated: April 03, 2026
1. Personal Data We Collect
- Email addresses: We collect email addresses when you register for an account, sign up for newsletters, or contact us through the website.
- Cookies and tracking pixels: We use HTTP cookies, web beacons, and similar technologies to store session identifiers, remember your preferences, and analyse traffic patterns.
- Analytics data: We use third‑party analytics services (e.g., Google Analytics) to collect information such as page views, device type, operating system, and IP addresses.
2. Legal Basis for Processing
We process personal data on the following lawful bases:
- Consent: When you explicitly agree to receive marketing communications or to the use of cookies. Consent is freely given, specific, informed and unambiguous.
- Legitimate interest: When processing is necessary for the legitimate interests pursued by Dinnerlyx, such as improving our services, ensuring website security, and providing a personalised user experience. We conduct a balancing test to ensure that your interests are not overridden.
- Contractual necessity: When processing is necessary to fulfil a contract with you (e.g., account creation, subscription management).
- Legal obligation: When we are required to retain certain data to comply with applicable laws and regulations.
3. Data Protection Measures
- Encryption: All data transmitted between your browser and our servers is protected by TLS/SSL (HTTPS). Sensitive data at rest is encrypted using industry‑standard algorithms.
- Secure servers: We host our services on secure, regularly audited servers with multi‑factor authentication, intrusion detection, and strict access controls.
- Limited retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. We regularly purge data that is no longer needed.
- Staff training: All employees and contractors receive ongoing training on GDPR compliance, data handling, and privacy best practices.
4. Your GDPR Rights
Under the GDPR you have the following rights regarding your personal data. Use the icons below to identify each right quickly.
Right to Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Right to Withdraw Consent
5. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us at [email protected]. Your request should include:
- Identification: A copy of a valid ID (e.g., passport or driver’s licence) to verify your identity.
- Details of your request: Specify which right you are invoking and the data you wish to be accessed, corrected, deleted, etc.
- Additional information: Any other information that will help us locate the relevant data (e.g., account ID, email address, date of registration).
Upon receiving your request, we will acknowledge it within 30 days and, if necessary, take additional steps to verify your identity. We will respond to your request within the statutory 30‑day period, and in certain cases, an extension of up to 2 additional months may be granted if the request is complex or numerous. In such circumstances, we will inform you of the extension within the first 30 days and provide a revised deadline.
6. Contact Information
If you have any questions, concerns, or wish to exercise your rights, please reach out to our Data Protection Officer:
- Email: [email protected]
- Address: 123 Dinnerlyx Lane, Food City, FC 12345, United Kingdom
- Phone: +44 20 7946 0997 (optional)
7. Retention and Deletion of Data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the retention period expires, data is securely deleted or anonymised. If you request erasure under the GDPR, we will comply unless a legal obligation requires us to keep the data (e.g., tax records, contractual obligations).
8. Updates to This Policy
We may update this GDPR Compliance Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any changes will be posted on this page and, where appropriate, communicated to you via email. The date of the latest update is indicated at the top of this page.