This GDPR Privacy Policy explains how NoraFoodie.com processes personal data of visitors in the EEA and UK, and describes your rights under the GDPR and UK GDPR. It is provided to meet the GDPR transparency requirements (the “right to be informed”).
Who we are
- Website: norafoodie.com
- Controller: Nora Hayes
- Contact (privacy): support@norafoodie.com
What data we collect
We may collect the following categories of personal data:
- Contact data: name, email address, and information you submit via forms or email.
- Technical data: IP address, device type, operating system, browser, and approximate location (derived from IP).
- Usage data: pages visited, time on page, clicks, referrers, and campaign parameters (for example UTM tags).
- Transactional data (if applicable): order details, billing or shipping information, and payment metadata (payment details are typically handled by the payment processor).
- User content: comments, messages, reviews, and support requests.
- Cookies and similar technologies: preference data, analytics identifiers, and advertising identifiers (with consent where required).
How we collect data
We collect data:
- Directly from you when you submit forms, subscribe, comment, email us, or make a purchase (if available).
- Automatically through cookies, pixels, tags, and server logs when you use the site.
- From third parties such as analytics providers, advertising networks, payment processors, and hosting or CDN providers (when used).
Why we process your data (lawful bases)
We process personal data under one or more lawful bases, depending on the activity:
- To provide, operate, and improve the site (contract where applicable; legitimate interests).
- To communicate with you and respond to inquiries (contract or legitimate interests).
- To personalize content and measure performance (consent for non essential cookies in the EEA and UK; legitimate interests for strictly necessary processing).
- Marketing where permitted (consent where required; otherwise legitimate interests with an opt out).
- Compliance, security, and fraud prevention (legal obligation and or legitimate interests).
Where we rely on consent, you can withdraw consent at any time. Withdrawal does not affect processing carried out before you withdrew it.
Cookies and tracking
We use the following cookie categories:
- Essential cookies: required for core functionality and security.
- Functional cookies: remember preferences (consent may be required in the EEA and UK).
- Analytics cookies: measure traffic and performance (prior consent required in the EEA and UK).
- Advertising cookies: ad personalization and measurement (prior consent required in the EEA and UK).
Manage your choices via: Cookie Settings link (add your link here) and your browser settings. In the EEA and UK, non essential scripts should be blocked until you opt in.
Data sharing and recipients
We may share data with:
- Hosting and CDN providers to run and deliver the website.
- Analytics providers (loaded only after consent in the EEA and UK, if applicable).
- Email and CRM tools used for support and service messages.
- Payment processors (if applicable); payment details are handled by the processor.
- Advertising and social platforms (if used) after consent where required.
- Professional advisers and authorities when necessary for legal compliance or to protect rights and security.
We do not sell personal data.
International transfers
If personal data is transferred outside the EEA and UK, we use appropriate safeguards such as adequacy decisions or Standard Contractual Clauses with supplementary measures where required.
Data retention
We keep personal data only as long as needed for the purposes described:
- Support and communications: typically up to 24 months after the last interaction.
- Transactional or account records (if applicable): retained as required by tax and accounting laws (often several years).
- Analytics: based on tool settings and business needs, commonly 14 to 26 months.
- Cookies: as disclosed in your cookie settings.
When data is no longer needed, it is deleted or irreversibly anonymized.
Your rights
You may have the right to:
- Access, rectify, and erase your personal data.
- Restrict processing and request data portability.
- Object to processing based on legitimate interests and object to direct marketing.
- Withdraw consent at any time where processing relies on consent.
- Lodge a complaint with your local data protection authority.
Children’s data
NoraFoodie.com is not directed to children under 16, and we do not knowingly collect children’s personal data. If you believe a child provided data, contact us to request deletion.
Security
We apply administrative, technical, and physical safeguards designed to protect personal data (for example HTTPS, access controls, and least privilege practices). No system is 100 percent secure, but we work to reduce the risk of unauthorized access, alteration, or loss.
Automated decision making
Limited profiling may occur for analytics or personalized content or ads after consent. We do not make decisions with legal or similarly significant effects solely by automated means. If this changes, we will inform you and explain your rights.
Social media and external links
Links to third party sites (for example Pinterest, Facebook, Instagram) are governed by their own privacy policies. Review their notices and settings. External links may open in a new tab.
Third party plugins and embeds
Embedded content may behave as if you visited the third party site and may set cookies after consent. Their privacy policies apply.
How to exercise your rights
Email support@norafoodie.com (replace) with the subject Privacy Request. Include enough information to verify your identity and specify which right you want to exercise. We respond within one month where applicable.
Changes to this policy
We may update this GDPR Privacy Policy to reflect changes in law or our practices. Material changes will be highlighted here and the “Last updated” date will change. Continued use of the site after changes means you acknowledge the updated policy.