Last updated: November 9, 2025

This GDPR Privacy Policy explains how Sienna’s Meals (“we”, “us”, “our”) collects, uses, stores, shares, and protects Personal Data about visitors and users (collectively, “you”) of www.siennasmeals.com (the “Site”) in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy applies to all EU/EEA visitors and any processing of personal data related to offering goods or services to, or monitoring the behavior of, individuals in the EU/EEA.

Note: If you are located outside the EU/EEA, our Privacy Policy also applies and may provide additional information relevant to your jurisdiction.

1. Definitions
   Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”).
   Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, erasure, etc.).
   Data Controller: The entity that determines the purposes and means of Processing Personal Data.
   Data Processor: A third party that Processes Personal Data on behalf of the Data Controller.
2. Data Controller
   Sienna’s Meals is the Data Controller for Personal Data processed via this Site.

Contact details:
Email: [email protected]

3. Categories of Personal Data We Collect

Identification Data	Name, username	Consent, Contract
Contact Data	Email address, social media handle	Consent, Legitimate Interest
Technical Data	IP address, browser type, device ID, cookies	Legitimate Interest, Consent
Usage Data	Pages viewed, time on page, click paths	Legitimate Interest
Marketing Preferences	Newsletter opt ins, cookie choices	Consent
User Generated Content	Comments, recipe reviews	Consent, Legitimate Interest

*See section 4 for details of Legal Bases.

Special Categories of Data: We do not intentionally collect sensitive Personal Data (e.g., health, religious beliefs). If you choose to share such data in comments or messages, you do so voluntarily.

4. Legal Bases for Processing
   We rely on one or more of the following legal bases under Article 6 GDPR:

• Consent (Art. 6 (1)(a)): When you subscribe to our newsletter or accept non essential cookies.
• Contract (Art. 6 (1)(b)): To provide services you request, such as delivering email course content.
• Legitimate Interests (Art. 6 (1)(f)): For Site security, analytics, and minor direct marketing, provided those interests are not overridden by your rights.
• Legal Obligation (Art. 6 (1)(c)): To comply with applicable laws (e.g., bookkeeping, tax).

5. Purposes of Processing
   We process Personal Data to:

• Operate and maintain the Site and deliver its content.
• Respond to comments, questions, and support requests.
• Send newsletters, recipe updates, and promotional communications (with consent).
• Analyze traffic and usage trends to improve your experience.
• Detect, prevent, and address technical issues or malicious activity.
• Comply with legal obligations and protect our legal rights.

6. Cookies and Similar Technologies
   We use essential, functionality, analytics, and advertising cookies. For full details, see our Cookie Policy. Non essential cookies are placed only after you provide explicit consent via our cookie banner.
7. Data Retention
   We retain Personal Data only for as long as necessary for the purposes set out in this policy, or as required by law. Typical retention periods:

• Newsletter subscription data: until you unsubscribe, plus 30 days.
• Analytics data: 26 months (Google Analytics default) unless anonymized sooner.
• Comments: indefinitely, unless you request deletion.

8. Data Sharing and Processors
   We share Personal Data with trusted third parties who help us operate the Site and provide services (e.g., email delivery, web hosting, analytics). These parties process data only under written contracts and only on our instructions.

Third party processors currently include:

• SiteGround (hosting)
• Google LLC (Google Analytics, email services)
• Mailchimp (newsletter delivery)
• Cloudflare, Inc. (CDN and security)

We may also disclose data to comply with legal obligations or legitimate law enforcement requests.

9. International Transfers
   Because we operate from Morocco and use global service providers, Personal Data may be transferred outside the EU/EEA. When we do, we ensure adequate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Service providers’ Binding Corporate Rules (BCRs)
• Adequacy decisions by the European Commission

10. Your GDPR Rights
    Under the GDPR, you have the following rights (subject to conditions):

• Right of Access: Obtain confirmation whether we process your data and receive a copy.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion (“right to be forgotten”).
• Right to Restrict Processing: Request temporary suspension of processing.
• Right to Data Portability: Receive data in a structured, machine readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right not to be subject to Automated Decision Making: We do not use automated decisions that produce legal or significant effects.
• Right to Withdraw Consent: You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected] . We will respond within one month. If you believe we have not complied with your request, you may lodge a complaint with your local supervisory authority. Our lead supervisory authority is the Commission Nationale de l’Informatique et des Libertés (CNIL), France.

11. Data Security
    We employ appropriate technical and organisational measures to protect Personal Data, including HTTPS encryption, secure server configurations, regular vulnerability scanning, and restricted access controls.
12. Children’s Privacy
    The Site is not directed to children under 16. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data, please contact us, and we will delete it promptly.
13. Changes to This GDPR Policy
    We may update this policy from time to time to reflect changes to our practices or legal requirements. We will post the revised policy on this page and update the “Last updated” date. Significant changes will be announced via a banner or email (if applicable).

© 2025 Sienna’s Meals. All rights reserved.