GDPR Privacy Policy

Last Updated: December 2025

1. Introduction

If you're in the European Economic Area (EEA), this section is for you. The GDPR gives you specific rights when it comes to your personal data, and we want to make sure you know what those are and how we handle things.

This policy explains how Eat With Me processes your personal data in line with the General Data Protection Regulation (GDPR). We're not lawyers, but we've done our best to make this clear and accurate.

2. Who's Responsible for Your Data

Eat With Me is what's called the "data controller"—that means we're the ones responsible for deciding how and why your personal data is processed. If you have questions or want to exercise your rights, we're the ones to talk to.

Email: [email protected]

Drop us a line anytime. We'll respond within a month (usually faster), as required by GDPR.

3. Why We Process Your Data

Under GDPR, we need a legal reason to process your personal data. Here are the ones we use:

  • You said it's okay: When you give us clear consent—like signing up for something or agreeing to cookies
  • We need it to do something: If you've asked us to do something (like respond to an email), we need your info to do it
  • We have to by law: Sometimes laws require us to keep or share certain information
  • It's in our legitimate interest: Things like keeping the site secure, preventing fraud, or improving how it works. But we only do this when it doesn't override your rights and interests

We don't process your data just because we can. We have a reason, and it's one of these.

4. Your Rights (This is the Important Part)

GDPR gives you several rights when it comes to your personal data. Here's what they mean in plain English:

4.1 Right to Know What We Have

You can ask us what personal data we have about you and how we're using it. We'll give you a copy within a month (usually faster). Just email us and ask.

4.2 Right to Fix Mistakes

If something we have about you is wrong, tell us and we'll correct it. Simple as that.

4.3 Right to Be Forgotten

You can ask us to delete your personal data. We'll do it if:

  • We don't need it anymore for the reason we collected it
  • You withdraw your consent and we don't have another legal reason to keep it
  • It was processed unlawfully
  • We're legally required to delete it

There are some exceptions—like if we need to keep it for legal reasons—but we'll explain if that's the case.

4.4 Right to Restrict Processing

You can ask us to stop processing your data in certain situations—like if you think the data is wrong and we're checking it, or if you've objected to processing. We'll still store it, but we won't do much with it until we sort things out.

4.5 Right to Take Your Data

Want your data in a format you can use elsewhere? We can provide it in a common, machine-readable format. This is called "data portability."

4.6 Right to Object

If we're processing your data based on "legitimate interests" or for direct marketing, you can object. We'll stop unless we have compelling legitimate grounds that override your interests.

4.7 Right Not to Be Subject to Automated Decisions

We don't make automated decisions about you that have legal effects (like whether to give you credit or something). But if we ever do, you have the right to human review of that decision.

To exercise any of these rights, just email us at [email protected]. We'll respond within a month, as required by GDPR.

5. How Long We Keep Your Data

We only keep your personal data for as long as we need it. Once we don't need it anymore—maybe you deleted your account, or we finished responding to your question—we'll delete it. Unless we're legally required to keep it longer (like for tax records), in which case we'll keep it as long as the law requires, then delete it.

We're not in the business of hoarding data. If we don't need it, we don't keep it.

6. Sending Data Outside the EEA

If we need to transfer your data outside the European Economic Area (maybe our servers are in another country, or we use a service provider there), we'll make sure there are proper safeguards in place. This might include:

  • Standard contractual clauses (legal agreements that protect your data)
  • Countries that the EU has decided have adequate data protection
  • Other GDPR-approved methods

We won't just ship your data anywhere without protection. That's not how this works.

7. If Something Goes Wrong

If there's a data breach that could put your rights at risk, we'll let you know as soon as possible—within 72 hours if we can. We'll also report it to the relevant supervisory authority.

Hopefully this never happens, but if it does, we'll be transparent about it and do what we can to fix it.

8. If You Have a Complaint

If you think we're not handling your data correctly under GDPR, you can complain to your local data protection authority. They're the ones who enforce GDPR, and they can investigate and take action if needed.

You can find your local authority here. But we'd appreciate it if you'd contact us first—maybe we can sort it out without getting the authorities involved.

9. Changes to This Policy

We might update this policy from time to time. If we make significant changes that affect your rights, we'll let you know. Otherwise, we'll just update the "Last Updated" date at the top. It's worth checking back occasionally.

10. Questions or Want to Exercise Your Rights?

If you have questions about this policy, or if you want to exercise any of your GDPR rights, just email us:

Email: [email protected]

We'll respond within a month (usually faster). We're required to respond within that timeframe, and we take it seriously. If your request is complex or we get a lot of requests at once, it might take the full month, but we'll keep you updated.

Thanks for taking the time to read this. We know privacy policies can be dry, but we wanted to make this as clear and honest as possible.