GDPR Compliance Policy

Last Updated: December 01, 2025

1. Introduction

SimpleMeals (the “Company”, “we”, “us”, or “our”) operates the website https://simplemeals.us. We are committed to protecting the privacy and security of personal data that we process in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This GDPR Compliance Policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have under the GDPR.

2. Data We Collect

We collect and process the following categories of personal data:

Email address – required for newsletter subscriptions, order confirmations, and customer support.
Cookies and similar tracking technologies – used to remember your preferences, analyse site usage, and improve the user experience.
Analytics data – aggregated information about page views, click‑through rates, and device types, collected via third‑party analytics services.

3. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

Consent (Article 6(1)(a)) – when you voluntarily subscribe to our newsletter or agree to the use of non‑essential cookies.
Legitimate Interests (Article 6(1)(f)) – for fraud prevention, improving site performance, and providing a personalized service that is reasonably expected by users.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal.

4. How We Protect Your Data

We implement appropriate technical and organisational measures to safeguard personal data, including:

SSL/TLS encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers – our hosting environment is protected by firewalls, intrusion‑detection systems, and regular security patches.
Limited retention periods – email addresses are retained only as long as you remain subscribed or until you request deletion; analytics data is anonymised after 12 months.
Access controls – only authorised personnel have access to personal data, and they are required to sign confidentiality agreements.

5. Your GDPR Rights

Under the GDPR, you enjoy a series of rights concerning your personal data. Each right is described below, accompanied by a Bootstrap icon for quick reference.

Right to Access

You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of the data we hold about you.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You can request that we limit the way we process your data while we verify the accuracy of the data or while a dispute is being resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller.

Right to Object

You may object to the processing of your personal data for direct marketing, scientific or historical research, or legitimate‑interest processing.

Right to Withdraw Consent

Whenever we rely on your consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing based on consent before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details below. We will acknowledge receipt of your request within five (5) business days and will provide a substantive response within thirty (30) calendar days, unless a longer period is required by law.

Email: gdpr@simplemeals.us
Address: SimpleMeals, 123 Foodie Lane, Austin, TX 78701, USA

When contacting us, please include:

Your full name and contact details (so we can verify your identity).
A clear description of the right you wish to invoke.
Any supporting documentation that may help us locate your data (e.g., the email address used for registration).

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, as outlined in this policy:

Email addresses – retained until you unsubscribe or request erasure.
Cookies – session cookies expire at the end of your browsing session; persistent cookies are set for a maximum of 12 months.
Analytics data – aggregated and anonymised after 12 months; raw data is deleted after 24 months.

8. International Data Transfers

All personal data is stored on servers located within the United States. When data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or applicable law. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the SimpleMeals website after such changes constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions, concerns, or complaints about how we handle your personal data, please reach out to our Data Protection Officer:

Email: gdpr@simplemeals.us

We are committed to responding promptly and transparently, in line with the GDPR’s accountability principles.