GDPR Compliance Policy for Flavormoon

Last Updated: April 03, 2026

1. Introduction

Flavormoon (“we”, “our”, “us”) is committed to safeguarding the privacy and personal data of everyone who interacts with our website, flavormoon.com. This GDPR Compliance Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (EU) 2016/679. If you have any questions, please contact us at [email protected].

2. Personal Data We Collect

• Email addresses – collected when you subscribe to our newsletter, create an account, or place an order.
• Cookies – small text files stored on your device that help us remember your preferences, analyze traffic, and provide a personalized experience.
• Analytics data – aggregated information from Google Analytics and other third‑party services that tracks page views, session duration, and referral sources.

3. How We Protect Your Data

We employ a multi‑layered security strategy to protect your personal data:

• Transport Layer Security (TLS) – All data transmitted between your browser and our servers is encrypted using TLS 1.3.
• Secure servers – Our hosting provider uses hardened, ISO 27001‑certified data centers with redundant power, fire suppression, and 24/7 monitoring.
• Access controls – Only authorized staff with a legitimate business need can access personal data. Access is logged and reviewed quarterly.
• Limited retention – Personal data is retained only as long as necessary for the purposes for which it was collected, or as required by law. Email addresses are deleted after 12 months of inactivity unless you opt‑in to future communications.

4. Legal Basis for Processing

We process personal data on one or more of the following lawful bases:

• Consent – When you explicitly opt‑in to receive marketing emails or use a cookie that tracks behavioral data. Your consent can be withdrawn at any time.
• Legitimate interest – For improving our services, analyzing usage patterns, and ensuring website security. We perform a proportionality assessment to confirm that our interests do not override your fundamental rights.
• Contractual necessity – When you place an order, we process your email and payment information to fulfill the transaction.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with an icon for quick reference.

Right to Access

You may request a copy of the personal data we hold about you, along with the source of that data and the purposes for which it is processed. We will provide this information in a concise, structured, and commonly used format within 30 days of your request.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can ask us to correct it. We will update the data promptly and notify any third parties that have received the incorrect data.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data, provided no legal obligations prevent it. We will erase the data from all active systems and, where feasible, from backups within 30 days, unless we must retain it for compliance with legal obligations or legitimate interests.

Right to Restrict Processing

Under certain circumstances, you can request that we limit how we process your data. For example, if you challenge the accuracy of the data or if the processing is unlawful, we will stop processing it except for the purposes of legal compliance, exercising or defending legal claims, or protecting the rights of others.

Right to Data Portability

You can receive your personal data in a structured, machine‑readable format (e.g., CSV or JSON) and transfer it to another controller. We will provide the data within 30 days, provided the request is clear and we can verify your identity.

Right to Object

You may object to the processing of your personal data for direct marketing or profiling purposes. Once we receive your objection, we will cease processing the data unless we can demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

If you have provided consent, you can withdraw it at any time. Withdrawal will not affect the legality of any processing conducted before the withdrawal. We will immediately stop sending marketing emails and remove your data from our marketing lists.

6. How to Exercise Your Rights

To exercise any of the rights above, please contact our Data Protection Officer (DPO) at [email protected]. Your request should include:

• A clear statement of the right you wish to exercise.
• Any relevant personal data (e.g., email address) that helps us identify your records.
• Proof of identity if required (e.g., a scanned copy of a passport or driver’s licence).

We will respond to your request within 30 days, or longer if the request is complex or numerous. We may ask for additional information to confirm your identity or to clarify your request.

7. Retention and Deletion

Personal data is retained only for as long as necessary to achieve the purposes for which it was collected, or as required by applicable law. Email addresses are deleted after 12 months of inactivity unless you opt‑in to future communications. Cookies and analytics data are retained for 30 days unless you delete them manually.

8. Contact Information

If you have any concerns about our data handling practices or wish to file a complaint, you may contact our DPO at [email protected] or write to us at:

Flavormoon
123 Flavor Avenue
Taste City, 45678
United Kingdom

9. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with a new “Last Updated” date. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

This policy has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 and the UK GDPR. By using our website, you acknowledge that you have read, understood, and agreed to the terms of this policy.