Last updated: June 14, 2025

This GDPR Privacy Policy explains how Liily Kitchen (“we,” “us,” “our”) collects, uses, stores, shares, and protects Personal Data about visitors and users (collectively, “you”) of www.liilykitchen.com (the “Site”) in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy applies to all EU/EEA visitors and any processing of personal data related to offering goods or services to, or monitoring the behavior of, individuals in the EU/EEA.

Note: If you are located outside the EU/EEA, our Privacy Policy also applies and may provide additional information relevant to your jurisdiction.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”).
  • Processing: Any operation performed on Personal Data (collection, storage, use, disclosure, erasure, etc.).
  • Data Controller: The entity that determines the purposes and means of Processing Personal Data.
  • Data Processor: A third party that Processes Personal Data on behalf of the Data Controller.

2. Data Controller

Liily Kitchen is the Data Controller for Personal Data processed via this Site.

Contact Details:

3. Categories of Personal Data We Collect

Category Examples Legal Basis*
Identification Data Name, username Consent, Contract
Contact Data Email address, social media handle Consent, Legitimate Interest
Technical Data IP address, browser type, device ID, cookies Legitimate Interest, Consent
Usage Data Pages viewed, time on page, click paths Legitimate Interest
Marketing Preferences Newsletter opt‑ins, cookie choices Consent
User‑Generated Content Comments, recipe reviews Consent, Legitimate Interest

*See section 4 for details of Legal Bases.

Special Categories of Data: We do not intentionally collect sensitive Personal Data (e.g., health, religious beliefs). If you choose to share such data in comments or messages, you do so voluntarily.

4. Legal Bases for Processing

We rely on one or more of the following legal bases under Article 6 GDPR:

  1. Consent (Art. 6 (1)(a)) – When you subscribe to our newsletter or accept non‑essential cookies.
  2. Contract (Art. 6 (1)(b)) – To provide services you request, such as delivering e‑mail course content.
  3. Legitimate Interests (Art. 6 (1)(f)) – For Site security, analytics, and minor direct marketing, provided those interests are not overridden by your rights.
  4. Legal Obligation (Art. 6 (1)(c)) – To comply with applicable laws (e.g., bookkeeping, tax).

5. Purposes of Processing

We process Personal Data to:

  • Operate and maintain the Site and deliver its content.
  • Respond to comments, questions, and support requests.
  • Send newsletters, recipe updates, and promotional communications (with consent).
  • Analyze traffic and usage trends to improve user experience.
  • Detect, prevent, and address technical issues or malicious activity.
  • Comply with legal obligations and protect our legal rights.

6. Cookies & Similar Technologies

We use essential, functionality, analytics, and advertising cookies. For full details, see our Cookie Policy. Non‑essential cookies are placed only after you provide explicit consent via our cookie banner.

7. Data Retention

We retain Personal Data only for as long as necessary for the purposes set out in this policy, or as required by law. Typical retention periods:

  • Newsletter subscription data: until you unsubscribe + 30 days.
  • Analytics data: 26 months (Google Analytics default) unless anonymized sooner.
  • Comments: indefinitely, unless you request deletion.

8. Data Sharing & Processors

We share Personal Data with trusted third parties who help us operate the Site and provide services (e.g., email delivery services, web‑hosting providers, analytics platforms). These parties process data only under written contracts and only on our instructions.

Third‑party processors currently include:

  • SiteGround (hosting)
  • Google LLC (Google Analytics, email services)
  • Mailchimp (newsletter delivery)
  • Cloudflare, Inc. (CDN & security)

We may also disclose data to comply with legal obligations or legitimate law‑enforcement requests.

9. International Transfers

Because we operate from Morocco and use global service providers, Personal Data may be transferred outside the EU/EEA. When we do, we ensure adequate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Service providers’ Binding Corporate Rules (BCRs)
  • Adequacy decisions by the European Commission

10. Your GDPR Rights

Under the GDPR, you have the following rights (subject to conditions):

  1. Right of Access – Obtain confirmation whether we process your data and receive a copy.
  2. Right to Rectification – Correct inaccurate or incomplete data.
  3. Right to Erasure – Request deletion (“right to be forgotten”).
  4. Right to Restrict Processing – Request temporary suspension of processing.
  5. Right to Data Portability – Receive data in a structured, machine‑readable format.
  6. Right to Object – Object to processing based on legitimate interests or direct marketing.
  7. Right not to be subject to Automated Decision‑Making – We do not use automated decisions that produce legal or significant effects.
  8. Right to Withdraw Consent – You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. If you believe we have not complied with your request, you may lodge a complaint with your local supervisory authority. Our lead supervisory authority is the Commission Nationale de l’Informatique et des Libertés (CNIL), France.

11. Data Security

We employ appropriate technical and organisational measures to protect Personal Data, including HTTPS encryption, secure server configurations, regular vulnerability scanning, and restricted access controls.

12. Children’s Privacy

The Site is not directed to children under 16. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data, please contact us, and we will delete it promptly.

13. Changes to This GDPR Policy

We may update this policy from time to time to reflect changes to our practices or legal requirements. We will post the revised policy on this page and update the “Last updated” date. Significant changes will be announced via a banner or email (if applicable).

© 2025 Liily Kitchen. All rights reserved.