GDPR Policy

Last updated: 4 July 2025

This General Data Protection Regulation (“GDPR”) Policy explains how FoodishTalk (the “Site”), operated by Ava Williams (“we,” “our,” or “us”), processes the personal data of individuals located in the European Economic Area (“EEA”) and the United Kingdom (“UK”) in accordance with Regulation (EU) 2016/679 and the UK GDPR.


1. Who We Are

We have not appointed an EU/UK representative or Data Protection Officer because we qualify for the “occasional processing” exemption under GDPR Art. 27. Nonetheless, you can contact us at the details above with any privacy questions.


2. What Personal Data We Collect

CategoryExamplesSource
IdentificationName, social-media handleUser-submitted comments, contact forms
Contact DetailsEmail address, mailing addressNewsletter sign-ups, giveaways
Technical DataIP address, browser type, device IDsCookies, server logs
Usage DataPage visits, clicked recipes, scroll depthGoogle Analytics, Jetpack
Marketing DataPreferences for newsletter frequencyMailchimp signup forms

We do not intentionally collect special-category data (GDPR Art. 9) or data relating to children under 16.


3. Legal Bases for Processing

Legal Basis (GDPR Art.)Typical Processing
Consent (6 §1 a)Sending recipe newsletters; placing non-essential cookies
Contract (6 §1 b)Responding to your emailed recipe request
Legal Obligation (6 §1 c)Complying with accounting and tax laws
Legitimate Interests (6 §1 f)Analytics to improve Site performance; preventing spam

Where we rely on legitimate interests, we have balanced those interests against your fundamental rights.


4. How We Use Personal Data

  1. Publish & moderate comments on recipes

  2. Send newsletters and promotional emails (with opt-out)

  3. Analyze traffic patterns to refine content and improve Site speed

  4. Serve contextual or personalized ads via Google AdSense and affiliate programs

  5. Detect and prevent fraud or abuse


5. International Data Transfers

Your data is stored on servers located in the United States. We rely on:

  • European Commission Standard Contractual Clauses (SCCs) for transfers by our processors (e.g., Google LLC, The Rocket Science Group LLC d/b/a Mailchimp).

  • Adequacy Decisions where available.

We implement additional safeguards such as encryption in transit and at rest.


6. Third-Party Processors

ProcessorPurposeSafeguards
Google Analytics / Google AdSenseAnalytics & advertisingSCCs + data minimization
MailchimpEmail marketingSCCs
WordPress.com / JetpackSite hosting & statsSCCs
Amazon Services LLCAffiliate linkingSCCs

Each processor is contractually bound to process data only on our instructions.


7. Data Retention

Data TypeRetention Period
Newsletter subscriber detailsUntil you unsubscribe or after 24 months of inactivity
Comments & metadataIndefinitely (to preserve discussion context) unless removal is requested
Analytics records26 months (Google Analytics default)
Server logs12 months

We periodically review and securely delete or anonymize data that we no longer need.


8. Your GDPR Rights

Subject to verification of your identity, you have the right to:

  1. Access your personal data (Art. 15)

  2. Rectify inaccurate or incomplete data (Art. 16)

  3. Erase your data (“right to be forgotten,” Art. 17)

  4. Restrict processing (Art. 18)

  5. Data portability (Art. 20)

  6. Object to processing based on legitimate interests or direct marketing (Art. 21)

  7. Withdraw consent at any time, without affecting prior lawful processing (Art. 7 §3)

  8. Lodge a complaint with a supervisory authority (see §9)

How to exercise: Email contact@foodishtalk.com with your request. We will respond within 30 days.


9. Supervisory Authority

You may lodge a complaint with your local data-protection authority. If you are in the EEA, you can find contact details at https://edpb.europa.eu/about-edpb/board/members. If you are in the UK, contact the Information Commissioner’s Office (ICO).


10. Data Security

  • HTTPS encryption

  • Firewalls and automated malware scanning

  • Strong access controls with two-factor authentication for admin accounts

  • Regular backups with encrypted storage

We promptly assess and, where necessary, report any personal-data breaches as required by GDPR Arts. 33–34.


11. Automated Decision-Making

FoodishTalk does not use personal data for automated decision-making or profiling that produces legal effects concerning you.


12. Changes to This GDPR Policy

We may update this Policy periodically. We will post any changes on this page with an updated “Last updated” date and, where appropriate, notify subscribers via email.


13. Contact Us

Questions about this Policy or your rights?
Email: contact@foodishtalk.com
Postal: 155 N 1st Ave, Hillsboro, OR 97124, USA