Effective Date: April 11, 2025
This GDPR Privacy Policy Addendum (“Addendum”) supplements the Privacy Policy of Tasty Tinkerer (“we,” “us,” or “our”) and applies specifically to individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland (collectively referred to as “European Users”). It explains how we collect, use, disclose, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.
1. Data Controller
For the purposes of the GDPR, Tasty Tinkerer is the data controller responsible for your personal data when you use our website (www.tastytinkerer.com) and related services.
Contact information:
- Email: [email protected]
2. Personal Data We Collect
We may collect and process the following categories of personal data from European Users:
- Contact Information: Email address and, if provided, your name
- Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
- Usage Data: Information about how you use our website, including which pages you visit, the time and date of your visit, the time spent on those pages, and which links you click
- Cookie Data: Information collected through cookies and similar tracking technologies (see our Cookie Policy for more details)
3. Legal Basis for Processing
Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases, depending on the circumstances:
- Consent: Where you have given us explicit consent to process your personal data for a specific purpose.
- Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
- Legitimate Interests: Where processing is necessary for our legitimate interests, provided that these interests are not overridden by your interests or fundamental rights and freedoms.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
The following table outlines the legal bases for specific processing activities:
| Processing Activity | Legal Basis | Legitimate Interest (if applicable) |
|---|---|---|
| Providing our services | Contractual Necessity | N/A |
| Responding to your inquiries | Contractual Necessity | N/A |
| Sending newsletters | Consent | N/A |
| Analyzing website usage | Legitimate Interest | To improve our website and services |
| Complying with legal requirements | Legal Obligation | N/A |
| Marketing our services | Consent or Legitimate Interest | To promote our services to potential users |
4. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process the data and whether we can achieve those purposes through other means
- The applicable legal requirements
5. Your Rights Under GDPR
As a European User, you have the following rights regarding your personal data:
- Right to Access: You have the right to request a copy of the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to Data Portability: You have the right to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data in certain circumstances, particularly where we rely on legitimate interests or where we process your data for direct marketing purposes.
- Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month (which may be extended by up to two further months if necessary due to the complexity of the request).
6. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the EEA, UK, or Switzerland. These countries may not have data protection laws equivalent to those in your country of residence.
Whenever we transfer your personal data out of the EEA, UK, or Switzerland, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- We may transfer data to countries that have been deemed to provide an adequate level of protection by the European Commission or applicable data protection authorities.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses).
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield certification (where applicable) or if other appropriate safeguards are in place.
7. Cookies and Similar Technologies
Like many websites, we use cookies and similar technologies to collect information about your browsing activities. Please refer to our Cookie Policy for more information about how we use these technologies and how you can control them.
For European Users, we will obtain your consent before placing non-essential cookies on your device in accordance with applicable laws.
8. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
9. Changes to This Addendum
We may update this GDPR Addendum from time to time in response to changing legal, technical, or business developments. When we update this Addendum, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
10. How to Complain
If you have a concern about our processing of your personal data, please contact us first at [email protected], and we will do our best to resolve your concern.
You also have the right to lodge a complaint with the data protection authority in the EU member state where you reside, where you work, or where the alleged infringement of data protection laws occurred.