Last updated — July 1, 2025
This General Data Protection Regulation (“GDPR”) Policy explains how EatAroundIt.com (“Site,” “we,” “our,” “us”) collects, uses, shares, and safeguards the personal data of individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland (“EEA/UK Users”). It also describes the rights EEA/UK Users have under Regulation (EU) 2016/679 and corresponding UK legislation.
Quick note: This Policy supplements—rather than replaces—our main Privacy Policy. Where a conflict exists, the stricter protection for data subjects applies.
1. Data Controller
| Role | Details |
|---|---|
| Controller | Hannah Moore / Eat Around It |
| Address | 155 N 1st Ave, Hillsboro, OR 97124, USA |
| contact@eataroundit.com | |
| Website | https://eataroundit.com |
We currently do not meet thresholds requiring an EU representative under Art. 27 GDPR. If this changes, we will update this Policy and appoint one.
2. Categories of Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identification | Name, username, social-media handle | Directly from you |
| Contact | Email address, postal address | Directly from you |
| Technical | IP address, device type, browser, operating-system data, log files | Automatically via cookies & similar tech |
| Usage / Analytics | Pages viewed, links clicked, time on page, referring URL | Google Analytics, Jetpack, etc. |
| Marketing | Newsletter open/click rates, preferences | MailerLite or similar provider |
| Recipe Interactions | Favorite lists, saved recipes, comments, star ratings | Directly from you |
We do not intentionally collect “special category” data (e.g., health, ethnicity) or data on children under 16.
3. Purposes & Lawful Bases
| Purpose | Lawful Basis (Art. 6 GDPR) |
|---|---|
| Provide and operate the Site; publish recipes | Contract (Art. 6 (1)(b)) where you create an account; otherwise Legitimate Interest (Art. 6 (1)(f)) |
| Respond to comments, emails, or support requests | Legitimate Interest |
| Send newsletters and marketing updates | Consent (Art. 6 (1)(a))—you may withdraw anytime |
| Analyze traffic and improve content | Consent for non-essential cookies; Legitimate Interest for aggregate analytics essential to service quality |
| Comply with legal obligations (e.g., tax, fraud prevention) | Legal Obligation (Art. 6 (1)(c)) |
| Display personalized ads (where enabled) | Consent (ePrivacy + Art. 6 (1)(a)) |
4. International Transfers
Your data is processed in the United States. When we transfer EEA/UK data to U.S.-based tools (e.g., Google, MailerLite), we rely on:
Adequacy regulations (if a provider is certified under the EU–U.S. Data Privacy Framework or UK Extension), or
Standard Contractual Clauses (SCCs) executed with the provider, plus supplemental safeguards such as encryption in transit and at rest.
Copies of SCCs are available upon request.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete the account or 24 months of inactivity |
| Newsletter subscription | Until you unsubscribe or 12 months of inactivity |
| Comments | Indefinitely (to preserve discussion context) unless you request erasure |
| Analytics logs | 26 months (Google Analytics default) |
| Legal/financial records | 7 years (statutory requirements) |
We periodically review data and either anonymize or securely delete anything no longer needed.
6. Your GDPR Rights
EEA/UK Users may, at no cost:
Access their personal data (Art. 15)
Rectify inaccurate or incomplete data (Art. 16)
Erase data (“right to be forgotten”) in certain cases (Art. 17)
Restrict processing (Art. 18)
Port data to another controller (Art. 20)
Object to processing carried out on legitimate-interest grounds, including profiling (Art. 21)
Withdraw consent at any time (affects future processing only)
Lodge a complaint with a supervisory authority—typically in your habitual residence or place of work. A full list of EU supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
To exercise any right, email contact@eataroundit.com with the subject line “GDPR Request.” We will respond within one (1) month, extensible by two (2) additional months for complex requests (Art. 12 (3)).
7. Security Measures
We employ administrative, technical, and physical safeguards such as:
TLS encryption for data-in-transit
Firewall-protected hosting with automatic security patches
Two-factor authentication for admin accounts
Regular backups and vulnerability scans
Principle of least privilege for staff access
Despite these measures, no system is 100% secure. Use the Site at your own risk.
8. Automated Decision-Making / Profiling
We do not engage in automated decision-making that produces legal or similarly significant effects on individuals (Art. 22 GDPR).
9. Updates to This Policy
We may revise this GDPR Policy from time to time. Significant changes will be announced via a banner on the Site or by email (if you are subscribed). The “Last updated” date will always reflect the latest version.
10. Contact
If you have questions about this Policy or our data-protection practices, please reach out:
Data Protection Officer (acting)
Hannah Moore
Email: contact@eataroundit.com
Postal: 155 N 1st Ave, Hillsboro, OR 97124, USA
