Dishyday GDPR Compliance Policy

This policy explains how Dishyday (the “Company”) collects, uses, protects, and shares your personal data in compliance with the European Union’s General Data Protection Regulation (GDPR). By using our services, you acknowledge that you have read, understood, and agree to the terms outlined below.

1. Data We Collect

Dishyday collects the following types of personal data:

Email Addresses: Used for account creation, newsletter subscription, and communication regarding your orders.
Cookies and Similar Technologies: We place cookies on your device to remember login status, preferences, and to personalize your experience.
Analytics Data: We use third‑party analytics services (e.g., Google Analytics) to gather anonymised usage statistics and improve our website.

2. How We Protect Your Data

We employ a comprehensive set of technical and organisational measures to safeguard your personal data:

All data transmission is protected by HTTPS (SSL/TLS) to prevent interception.
Our servers are hosted on secure, geographically redundant data centres with strict access controls.
We store personal data only for the period necessary to fulfil the purposes described in this policy or to comply with legal obligations. After that, data is securely deleted or anonymised.
Regular security audits and penetration testing are performed to detect and mitigate vulnerabilities.

3. Legal Basis for Processing

Dishyday processes your personal data under the following lawful bases:

Consent: Where you explicitly agree to receive newsletters or marketing communications.
Legitimate Interest: To provide and improve our services, to ensure the security of our platform, and to comply with legal obligations.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with an icon for quick reference.

Right to Access

You may request a copy of the personal data we hold about you, including the purposes of processing, categories of data, recipients, and any transfers to third parties. We will provide this information within 30 days of your request.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can request correction. We will update or correct the data promptly and confirm the changes to you.

Right to Erasure (Right to be Forgotten)

Under certain circumstances, you may request the deletion of your personal data. We will remove your data unless we are required by law to retain it (e.g., for tax or legal records).

Right to Restrict Processing

You may ask us to temporarily limit how we use your data (e.g., while verifying its accuracy). We will comply as long as the restriction is valid and inform you of any impact on services.

Right to Data Portability

You can request a structured, commonly used, machine‑readable format of your data. We will provide it in a timely manner, typically within 30 days.

Right to Object

At any time, you may object to the processing of your data for direct marketing or profiling purposes. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

If you have given us consent to process your data, you can withdraw it at any time. Withdrawal will not affect the lawfulness of any processing performed before the withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. Include the following information in your request:

Your full name and contact details.
A description of the specific request (e.g., “I request all personal data we hold about me”).
Any supporting documentation that verifies your identity, if required.

We will respond within 30 days of receiving your request. If the request is complex or requires additional time, we will inform you of the delay and provide a reasonable extension.

6. Retention Periods

We retain personal data for no longer than necessary to achieve the purposes for which it was collected or to comply with statutory obligations. Typical retention periods are:

Email addresses: up to 2 years after last interaction, unless you opt‑in to keep them.
Cookies: session cookies expire when the browser is closed; persistent cookies have a lifespan of up to 12 months.
Analytics data: anonymised data is retained for 6 months to analyse trends.

7. Changes to This Policy

We may update this policy from time to time. The revised policy will be posted on our website with a new effective date. Your continued use of Dishyday after any changes constitutes acceptance of the updated policy.

8. Contact Information

If you have any questions or concerns about our data processing practices, please reach out to our Data Protection Officer:

Dishyday
Email: [email protected]
Last Updated: April 03, 2026