GDPR

This GDPR page explains what personal data is collected on bakemysweet.com, why it is processed, on what legal bases, for how long, who it is shared with, and the rights available under GDPR, including access, deletion, and objection, plus how to control cookies and lodge complaints. It also sets expectations for cookie consent with equal accept/reject options and granular controls for analytics and marketing cookies as required by GDPR and the ePrivacy rules.

Who we are

  • Controller: Bake My Sweet (bakemysweet.com) — a recipe and baking website operated by Sarah, sharing cake, cookie, and ice cream recipes and related content.
  • Contact: hello@bakemysweet.com (privacy inquiries).
  • If an EU/UK representative or DPO is appointed in future, this page will be updated with their contact details.

What data is collected

  • Data provided directly: name, email address, and message content via contact forms or comments; newsletter sign-up email; optional profile info if creating an account (if enabled).
  • Usage and device data: IP address, country/region, device/browser type, pages viewed, time on page, referral source, and similar analytics data via cookies or SDKs; pseudonymous identifiers like cookie IDs.
  • Cookies and similar tech: strictly necessary cookies (site functionality), preference cookies (e.g., remembering choices), analytics cookies (traffic/engagement), and marketing cookies (ads/pixels) where used; details appear in the Cookie Policy/Consent banner with granular toggles.
  • Site operation and security: to load pages, balance traffic, prevent fraud/abuse, and diagnose issues — legal basis: legitimate interests Article6(1)(f)Article6(1)(f).
  • Responding to messages and managing comments: to reply to inquiries, moderate comments, and handle requests — legal basis: legitimate interests Article6(1)(f)Article6(1)(f) or contract if applicable Article6(1)(b)Article6(1)(b).
  • Email newsletters: to send recipe updates and promotions after opt‑in — legal basis: consent Article6(1)(a)Article6(1)(a); withdrawal anytime via unsubscribe link.
  • Analytics: to understand content performance and improve the site — legal basis: consent Article6(1)(a)Article6(1)(a) obtained via cookie banner before setting non‑essential cookies.
  • Marketing/retargeting (if implemented): to measure campaigns and show relevant content/ads — legal basis: consent Article6(1)(a)Article6(1)(a) via cookie banner.
  • Non‑essential cookies (analytics/marketing) are not set until consent is given by a clear affirmative action; pre‑ticked boxes are not used, and users are provided equally prominent Accept and Reject choices with granular category controls.
  • Consent can be withdrawn as easily as it was given at any time via the Consent Preferences link in the footer or banner; withdrawal does not affect prior lawful processing.

Data sharing and processors

  • Service providers acting as processors may handle personal data under contracts that require confidentiality and GDPR‑level safeguards. Typical categories:
    • Web hosting/CDN and security services (site delivery, uptime, DDoS mitigation).
    • Email marketing platforms for newsletters (subscription management and delivery).
    • Analytics providers configured for GDPR compliance, loaded only on consent (e.g., anonymization/consent mode where applicable).
    • Comment management/anti‑spam tools if comments are enabled.

International transfers

  • If processors or sub‑processors are located outside the EEA/UK (e.g., in the US), transfers occur under appropriate safeguards such as adequacy decisions or Standard Contractual Clauses, with supplementary measures where needed.
  • Details of specific transfer mechanisms can be provided upon request via the contact above.

Retention

  • Contact and inquiry data: retained for up to 24 months after resolution to manage follow‑ups and audit trails, unless required longer for legal purposes.
  • Newsletter data: retained until unsubscribe/withdrawal of consent and for a short period thereafter to maintain suppression lists.
  • Analytics data: retained per provider settings, minimized and periodically reviewed; non‑essential analytics retained only while consent remains valid.

Data subject rights

  • Rights under GDPR include: access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent at any time.
  • Automated decision‑making: No decisions producing legal or similarly significant effects are made solely by automated means; any profiling via analytics/marketing cookies occurs only with consent and can be disabled via preferences.

Exercising rights

  • Submit requests via hello@bakemysweet.com with sufficient detail to verify identity; responses will be provided within one month as required by GDPR, extendable by two months for complex requests.
  • For cookie preferences, use the Consent Preferences link to change settings or withdraw consent instantly.

Complaints

  • Concerns can be raised directly via the contact above; individuals in the EEA/UK have the right to lodge a complaint with a supervisory authority, such as their national data protection authority.
  • Guidance on the right to be informed and lodging complaints is outlined by regulators and is available from national DPAs.

Security

  • Technical and organizational measures are employed proportionate to risks, including encryption in transit (HTTPS), access controls, and data minimization; processor due diligence is conducted for vendors.
  • Despite safeguards, no online transmission is entirely secure; incidents will be handled per legal obligations including notifications where required.

Children

  • Content targets general audiences; the site does not knowingly collect children’s personal data without appropriate consent where required. Parents/guardians may contact the controller to request deletion of such data if collected inadvertently.

Cookies and similar technologies

  • A dedicated Cookie Policy describes cookie categories, purposes, providers, duration, and legal bases; consent records are maintained to demonstrate compliance.
  • Non‑essential cookies are blocked until consent; consent is refreshed periodically (at least annually) or when settings materially change, and upon clearing browser storage.

Changes to this notice

  • This notice may be updated to reflect changes in practices, services, or legal requirements; the “Last updated” date will be revised and material changes will be communicated appropriately.
  • Continued use of the site after updates signifies acknowledgment of the updated notice; cookie settings can be revisited at any time.

Contact

  • Controller: Bake My Sweet (bakemysweet.com) — recipe and baking content site.
  • Email: hello@bakemysweet.com for privacy, cookies, or data rights requests.

Implementation notes for the site owner:

  • Add a cookie banner with equal Accept/Reject buttons, granular category toggles, and a persistent “Consent Preferences” link in the footer, ensuring prior blocking of non‑essential cookies until consent.
  • Maintain a cookie list in the Cookie Policy, verify processor DPAs/SCCs, and ensure unsubscribe and rights‑request workflows are functional and documented.

Last updated: [8/31/2025].