GDPR Compliance Policy
At Tastysprig (https://tastysprig.com), we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR). This policy explains what data we collect, how we use it, and your rights under the GDPR.
1. Data We Collect
When you interact with Tastysprig, we collect the following types of personal data:
- Email addresses: Collected when you subscribe to our newsletter, create an account, or request support.
- Cookies and similar technologies: We use first‑party cookies to store session data and preferences, and third‑party cookies for analytics and advertising.
- Web analytics data: We collect anonymised data via Google Analytics (or similar services) to understand how visitors use our site and to improve our services.
2. How We Protect Your Data
We employ a range of security measures to protect your personal data against accidental loss, unauthorized access, and other risks:
- All data transmission between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).
- Our servers are hosted on secure, monitored infrastructure with regular vulnerability scans.
- Access to personal data is limited to employees and contractors who require it for legitimate business purposes and who have signed confidentiality agreements.
- We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law (e.g., retention of email communications for 12 months).
3. Legal Basis for Processing
We process your personal data based on the following lawful bases:
- Consent: When you explicitly opt‑in to receive marketing emails or newsletters.
- Legitimate interest: To improve our website, provide personalized content, and for internal analytics. We conduct a balancing test to ensure that our interests do not override your fundamental rights.
- Contractual necessity: When processing is necessary to fulfil a contract you have entered with us (e.g., account registration).
4. Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data. Click the icons for a quick visual reference:
Right to Access
You may request a copy of the personal data we hold about you.
Right to Rectification
You can ask us to correct inaccurate or incomplete information.
Right to Erasure
You may request deletion of your data where no legal obligation requires us to keep it.
Right to Restrict Processing
You can limit how we use your data, for instance during a dispute.
Right to Data Portability
Receive your data in a structured, commonly used format for transfer to another controller.
Right to Object
You may object to processing for direct marketing or profiling.
Right to Withdraw Consent
Withdraw any consent you have given at any time, without affecting the lawfulness of processing based on prior consent.
5. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us at [email protected]. In your request, include:
- Your full name and contact details.
- A description of the request (e.g., “I would like to request a copy of all personal data we hold about me”).
- Any additional information that will help us verify your identity (e.g., the email address you used to register).
We will respond to your request within 30 days of receipt. If the request is complex or requires additional time, we will inform you within 10 days and provide a clear explanation of any extensions.
6. Contact Us
For any questions, concerns, or to exercise your rights, please reach out to our Data Protection Officer:
Tastysprig GDPR Officer
Email: [email protected]
Phone: +44 20 7946 0958 (UK)
Address: 12 Foodie Lane, London, UK
7. Updates to This Policy
This policy was last updated on April 03, 2026. We may revise this document from time to time to reflect changes in our practices or legal requirements. Updated versions will be posted on this page, and the “Last Updated” date will be amended accordingly.