Introduction At CulinVow, we understand that your personal data is a valuable asset and must be handled with care. This Data Protection Policy outlines our responsibilities and your rights concerning the collection, use, storage, and disclosure of your personal data. We are fully committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy regulations. What Personal Data We Collect We may collect the following categories of personal data from you through our website, services, communications, or interactions: Identity information: such as your full name, date of birth, and user ID Contact details: including email address, postal address, and phone number Transactional data: including payment method, order history, billing, and delivery information Technical data: such as your IP address, browser type, time zone settings, and operating system Behavioral data: including website navigation patterns, referring pages, and interactions Marketing preferences: your communication preferences and responses to campaigns We ensure that we only collect information that is relevant, adequate, and limited to what is necessary in relation to the purposes for which it is processed. How We Use Your Personal Data Your personal data may be used for the following purposes: To fulfill and manage your purchases, bookings, or requests To provide tailored customer service and technical support To send updates about services, products, and company announcements To provide personalized experiences based on your usage behavior To comply with legal obligations and resolve disputes To improve our digital services, website navigation, and user interface To detect fraudulent activities and maintain secure environments We never use your personal data in a way that is incompatible with these purposes, and we maintain full transparency regarding how and why your data is processed. Legal Grounds for Processing We rely on several legal bases to process your data lawfully: Consent: When you voluntarily provide your data or agree to marketing communications Contractual necessity: When processing is required to fulfill a contract with you Legal compliance: When data processing is mandated by law Legitimate interest: Where necessary to operate our business and improve services, without overriding your rights Disclosure of Personal Information We may share your data with selected third parties, only as needed and under strict confidentiality agreements: IT and software service providers that support our systems Payment gateways and financial institutions Third-party marketing service providers (only if you opt in) Legal authorities, when compelled by law Analytics and performance tools that help us understand how users engage with our content No third party is authorized to use your personal data for purposes other than those outlined in this policy. Data Retention Policy We retain personal data only for as long as required to meet the purposes for which it was collected or as legally required. When the data is no longer needed, it is securely erased, destroyed, or anonymized. Retention periods may vary depending on data type and legal considerations. Your Data Protection Rights You are entitled to the following rights concerning your personal information: The right to access your personal data The right to request correction or update of inaccurate data The right to request erasure ("right to be forgotten") The right to restrict or object to processing The right to receive your data in a portable format (data portability) The right to withdraw consent at any time where processing is based on consent The right to lodge a complaint with a data protection authority To exercise any of these rights, please contact us at [email protected]. We take all requests seriously and will respond within the timeframe required by law. Data Security We apply a wide range of security measures to protect your data from unauthorized access, accidental loss, misuse, or alteration. These include: Secure servers and encrypted communication protocols (SSL/TLS) Role-based access controls and authentication mechanisms Regular security reviews and penetration testing Data backups and disaster recovery plans Staff training on data protection best practices While we do our best to protect your data, please be aware that no digital transmission or storage method is ever entirely secure. Cookies and Analytics Our website uses cookies and similar technologies to enhance your browsing experience, analyze traffic, and customize content. You may choose to accept or decline cookies through our cookie banner or your browser settings. For more detailed information, refer to our Cookie Policy. Children’s Privacy We do not knowingly collect or process data relating to individuals under the age of 16. If you believe we may have inadvertently collected such data, please contact us so we can delete it immediately. Updates to This Policy We reserve the right to amend this Data Protection Policy at any time to reflect changes in legal obligations or business practices. Updates will be posted on this page, and significant modifications may be communicated to you directly. We encourage you to review this policy regularly.