Dishbyma GDPR Compliance Policy

Effective Date: December 01, 2025

Dishbyma (https://dishbyma.com) respects the privacy of its users and is committed to protecting personal data in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we process it, how we safeguard it, and how you can exercise your GDPR‑related rights.

1. Personal Data We Collect

When you interact with Dishbyma, we may collect the following categories of personal data:

Email address: Provided when you subscribe to newsletters, request support, or create an account.
Cookies and similar technologies: Used to remember your preferences, analyse site traffic, and deliver personalised content.
Analytics data: Includes IP address, device type, browser information, and pages visited, collected via Google Analytics and other lawful analytics services.

2. Legal Basis for Processing

Dishbyma processes personal data only when at least one of the following legal bases applies:

Consent (Article 6(1)(a)): When you voluntarily opt‑in to receive marketing communications or accept our cookie policy.
Legitimate Interests (Article 6(1)(f)): For purposes such as improving site performance, preventing fraud, and conducting legitimate business analytics, provided that your fundamental rights and freedoms are not overridden.
Performance of a Contract (Article 6(1)(b)): When processing is necessary to fulfil an agreement you have entered into with us, such as providing support services.

3. How We Protect Your Data

Dishbyma employs a comprehensive security framework to protect personal data against unauthorised access, loss, or alteration:

Transport Layer Security (TLS/SSL): All data transmitted between your browser and our servers is encrypted using industry‑standard SSL certificates.
Secure Servers: Our hosting environment is hardened with firewalls, intrusion detection systems, and regular security patches.
Limited Retention: Personal data is retained only for as long as necessary to fulfil the purposes described in this policy. Email addresses are deleted 24 months after the last interaction unless you have opted to remain subscribed. Analytics data is anonymised after 12 months.
Access Controls: Only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.

4. Your GDPR Rights

Under the GDPR, you enjoy a set of rights that give you control over your personal data. Dishbyma has put in place processes to facilitate the exercise of each right.

Right to Access

You may request confirmation that we are processing your personal data and obtain a copy of the data, the purposes of processing, the categories of data, and the recipients of that data. This information will be provided in a structured, commonly used, and machine‑readable format.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to have it corrected without undue delay. You may submit corrected information via the contact details below.

Right to Erasure (Right to be Forgotten)

You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, or the processing is unlawful. Certain data required for legal compliance may be retained in accordance with statutory obligations.

Right to Restrict Processing

You may ask us to limit the processing of your data while we verify the accuracy of the data, assess a legal claim, or protect your rights. During restriction, we may store the data but will not use it for any other purpose.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format (e.g., CSV, JSON) and to transmit that data to another controller without hindrance, provided the processing is based on consent or a contract and is carried out by automated means.

Right to Object

You may object to the processing of your personal data for direct marketing, profiling, or when processing is based on legitimate interests. Upon receipt of a valid objection, we will cease the relevant processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Withdraw Consent

Where processing is based on your consent, you can withdraw that consent at any time, free of charge. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details below. Your request should include:

Full name and any account identifier you use on Dishbyma.
Specific right you wish to invoke (e.g., “Right to Access – request a copy of my data”).
Proof of identity (e.g., a scanned ID) to verify that the request is legitimate. We will only request the minimum information necessary.

All requests will be acknowledged within 5 business days and fully addressed within 30 calendar days, as required by Article 12 of the GDPR. If additional time is needed, we will inform you of the reasons and the expected completion date.

6. Contact Information

If you have any questions about this policy, wish to lodge a complaint, or need assistance exercising your rights, please reach out to our DPO:

Dishbyma Data Protection Officer
Email: gdpr@dishbyma.com

7. Changes to This Policy

Dishbyma may update this GDPR Compliance Policy to reflect changes in legal requirements, our data practices, or operational needs. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review the policy periodically.

Last Updated: December 01, 2025