Last updated: 4 July 2025
This General Data Protection Regulation (“GDPR”) Policy explains how FoodishTalk (the “Site”), operated by Ava Williams (“we,” “our,” or “us”), processes the personal data of individuals located in the European Economic Area (“EEA”) and the United Kingdom (“UK”) in accordance with Regulation (EU) 2016/679 and the UK GDPR.
1. Who We Are
Data Controller: Ava Williams
Postal Address: 155 N 1st Ave, Hillsboro, OR 97124, USA
Email: contact@foodishtalk.com
We have not appointed an EU/UK representative or Data Protection Officer because we qualify for the “occasional processing” exemption under GDPR Art. 27. Nonetheless, you can contact us at the details above with any privacy questions.
2. What Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identification | Name, social-media handle | User-submitted comments, contact forms |
| Contact Details | Email address, mailing address | Newsletter sign-ups, giveaways |
| Technical Data | IP address, browser type, device IDs | Cookies, server logs |
| Usage Data | Page visits, clicked recipes, scroll depth | Google Analytics, Jetpack |
| Marketing Data | Preferences for newsletter frequency | Mailchimp signup forms |
We do not intentionally collect special-category data (GDPR Art. 9) or data relating to children under 16.
3. Legal Bases for Processing
| Legal Basis (GDPR Art.) | Typical Processing |
|---|---|
| Consent (6 §1 a) | Sending recipe newsletters; placing non-essential cookies |
| Contract (6 §1 b) | Responding to your emailed recipe request |
| Legal Obligation (6 §1 c) | Complying with accounting and tax laws |
| Legitimate Interests (6 §1 f) | Analytics to improve Site performance; preventing spam |
Where we rely on legitimate interests, we have balanced those interests against your fundamental rights.
4. How We Use Personal Data
Publish & moderate comments on recipes
Send newsletters and promotional emails (with opt-out)
Analyze traffic patterns to refine content and improve Site speed
Serve contextual or personalized ads via Google AdSense and affiliate programs
Detect and prevent fraud or abuse
5. International Data Transfers
Your data is stored on servers located in the United States. We rely on:
European Commission Standard Contractual Clauses (SCCs) for transfers by our processors (e.g., Google LLC, The Rocket Science Group LLC d/b/a Mailchimp).
Adequacy Decisions where available.
We implement additional safeguards such as encryption in transit and at rest.
6. Third-Party Processors
| Processor | Purpose | Safeguards |
|---|---|---|
| Google Analytics / Google AdSense | Analytics & advertising | SCCs + data minimization |
| Mailchimp | Email marketing | SCCs |
| WordPress.com / Jetpack | Site hosting & stats | SCCs |
| Amazon Services LLC | Affiliate linking | SCCs |
Each processor is contractually bound to process data only on our instructions.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Newsletter subscriber details | Until you unsubscribe or after 24 months of inactivity |
| Comments & metadata | Indefinitely (to preserve discussion context) unless removal is requested |
| Analytics records | 26 months (Google Analytics default) |
| Server logs | 12 months |
We periodically review and securely delete or anonymize data that we no longer need.
8. Your GDPR Rights
Subject to verification of your identity, you have the right to:
Access your personal data (Art. 15)
Rectify inaccurate or incomplete data (Art. 16)
Erase your data (“right to be forgotten,” Art. 17)
Restrict processing (Art. 18)
Data portability (Art. 20)
Object to processing based on legitimate interests or direct marketing (Art. 21)
Withdraw consent at any time, without affecting prior lawful processing (Art. 7 §3)
Lodge a complaint with a supervisory authority (see §9)
How to exercise: Email contact@foodishtalk.com with your request. We will respond within 30 days.
9. Supervisory Authority
You may lodge a complaint with your local data-protection authority. If you are in the EEA, you can find contact details at https://edpb.europa.eu/about-edpb/board/members. If you are in the UK, contact the Information Commissioner’s Office (ICO).
10. Data Security
HTTPS encryption
Firewalls and automated malware scanning
Strong access controls with two-factor authentication for admin accounts
Regular backups with encrypted storage
We promptly assess and, where necessary, report any personal-data breaches as required by GDPR Arts. 33–34.
11. Automated Decision-Making
FoodishTalk does not use personal data for automated decision-making or profiling that produces legal effects concerning you.
12. Changes to This GDPR Policy
We may update this Policy periodically. We will post any changes on this page with an updated “Last updated” date and, where appropriate, notify subscribers via email.
13. Contact Us
Questions about this Policy or your rights?
Email: contact@foodishtalk.com
Postal: 155 N 1st Ave, Hillsboro, OR 97124, USA
