In order to operate our business and provide our services to you, it can sometimes be necessary to collect or process information about you. In general terms, this information may take one or more of the following forms:
- Information you provide directly to us. For example, where you send a message via the website or complete an online form.
- Information that your computer automatically send us. For example, your computer’s ‘IP address’ or information about the internet browser you are using etc;
- Information about how you use our website. For example, how often your visit, or which pages you look at.
Cooking with my kids’ committment to data privacy
We are fully committed to maintaining the privacy of any information or ‘personal data’ you provide to us. We are commited to ensuring your data is held securely, used appropriately and only retained for as long as is necessary.
Our systems and services are designed with privacy in mind, and we will only ever ask you for the minimum amount of information required to provide our services efficiently. We have no desire to retain any more information than is necessary. We aspire to comply to the fullest extent possible with applicable data protection regulations, in particular the European Union’s General Data Protection Regulation (‘GDPR’) and ePrivacy Directive, where applicable.
Who we are
In terms of your use of this website, Cooking with my kids, acts in the capacity of Data Controller, and should you have any questions or concerns about our data use you can contact us at:
Data controller: Cooking with my kids
Email correspondence: email@example.com
Definition of personal data
Your ‘personal data’ means any information that could allow us to personally identify you. Obvious examples include your name or email address, etc. We will endevour to gain your explicit consent to providing this information before we collect it from you.
Other types of information, (for example, your computer’s ‘IP’ address or broad location) don’t, generally, allow us to identify you directly. However, because in their current form, the GDPR regulations are a little vague in this regard, we’ll also cover the use of that kind of data here.
Who do we share the data with?
Cooking with my kids operates on a strict ‘need to know’ basis for all data that we work with, and that is particularly true for any personal data. The only people or companies that are allowed access to personal data are:
- Our web hosting suppliers (currently WordPress and Siteground) who provide the physical server infrastructures that Cooking with my kids operates on. We ensure that all servers in use reside physically either in the UK or EU, and that no customer data is transferred to data centres outside the EU.
In any case where 3rd party service providers have an establishment outside of the European Economic Area (EEA), we have ensured there is adequate protection of any personal data via the accepted EU Model Contract Clauses or EU-US Privacy Shield framework.
How is your data protected?
We take the security of any and all personal data really seriously. We protect your data in several ways:
- Access control: access to personal data is strictly limited in line with our policy, as detailed in the ‘who do we share data with?’ section above. We control access with individual use accounts where we have strong passwords.
- Dedicated security software: There is access control software as well as security scanning on our website. This limits login attempts to the website, and blocks potentially malicious attempts to access our websites
- Data encryption: where data is stored in a cloud facility (for example, storing website backup files), data is encrypted both ‘in transit’ and ‘at rest’. Cooking with my kids is also secured with SSL encryption, which means that all traffic to and from our servers is encrypted.
- Selection of third party service providers: we use a very limited number of third party service providers, but some are essential for the provision of physical hosting environments and cloud services. One of the main factors in the choosing such providers is their ability to provide secure systems and processes.
Where you directly provide personal information to us (for example, completing an online comment form or contacting me for further information), you have a number of rights regarding the information about you that we hold:
- You have the right to obtain details about whether any such data is being held;
- You have the right to ask us to provide you with any data we are holding about you, including the right for that data to be transferred to another data controller;
- You have the right to withdraw permission for us to hold your personal data at any time;
- You have the right to make us to rectify any incomplete or incorrect information we hold about you;
- You have the right to require us to delete the data we hold about you (this is known as the ‘right to be forgotten’);
Access to your personal data
This specifially refers to the personal data we automatically collect about you (for example, from your internet browser or via internet Cookies or other similar technologies):
- You have the right to object to the legal basis upon which we are collecting this data, and We have an obligation to consider and respond to that objection;
- You have the right to request the us to stop any further processing of your data while your objection is considered;
- You have the right to make a complaint to the relevant data protection authority (which, in the UK, is the Information Commissioner’s Office or ‘ICO’)
- In most circumstances, you can exercise these rights without paying a fee to us.
What types of data do we collect?
Website contact forms
When you complete one of the contact forms on our website, we ask you for a few pieces of personal information, such as your name, and email address. This is obviously required for us to respond to your request.
If you do not use or submit an online form on the website, no data will be collected.
Intent to contract (GDPR Art 6(1)(b)): Additionally, the information that you provide to us here is necessary for us to fulfil your request prior to entering into a contract.
Types of processing
- We will store the information you provide to us in our website database. This storage allows us to efficiently access your data and respond to your requests;
- We will NOT use this data for any further purpose without your express further consent;
- We will NEVER sell your information to any 3rd party.
We will only ask you for the minimum amount of information required to appropriately fulfil your request. This will usually be your name, one or more contact details, and any specific information about your request.
If we do not enter into a further contract or agreement with you, we will retain this data for a maximum of 12 months.
Technical data (such as an IP address)
When you visit our website, our systems will log a record of your visit in our server logs, and typically this record will include the technical ‘IP’ address that is associated with your device and the browser type and version that you are using.
Server logs like these are extremely common practice, and are used to monitor technical resources, monitor high-level server activity, and importantly to detect and prevent fraudulent or malicious activity on our systems. The storage of IP addresses, allows us to identify patterns of behaviour (for example repeated malicious attempts to access a system).
IP addresses, in themselves, do not allow us to identify you as an individual, especially given that it is very common for IP addresses to be dynamically allocated by your service provider, and will therefore often routinely change.
Furthermore, we do not and will not use the content of server access logs to attempt to determine an identifiable individual. We therefore do not consider that data held within server logs falls within the scope of ‘personal data’, and accordingly we do not seek your consent to collect it.
In the event that such anonymous data is considered to fall within the scope of the applicable data protection regulations, the legal basis for processing such data is:
Our Legitimate interest (GDPR Art 6(1)(f)): The integrity, security and performance of our systems and infrastructure is a vital part of the services that we offer. We consider that it is in our legitimate interest to maintain and protect our systems to this end.
Types of processing
- We will store the information you provide to us in our website server logs
- We will NOT use this data to attempt to identify an individual person
Server logs are automatically rotated on our systems, and are retained for a maximum of 12 months following the closure of the relevant log file.
We have included cookies, web beacons and similar technologies into this section because they all perform similar functions.
These common technologies allow us to better understand how people are using our website. They are all small data files placed on your computer (or other device) that allow us to tell when you have visited a particular page, or performed a particular action (for example clicking a particular menu) on our Cooking with my kids.
These technologies are used by most websites as they give really useful insights into how websites are being used, as well as improving speed, performance and security.
These are small text files placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser. There are several types of cookies:
- Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
- Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.
- First-party cookies are set by the site you are visiting.
- Third-party cookies are set by a third party site separate from the site you are visiting.
There are a number of ways that you can influence how cookies are used on your particular device. Most commercial browsers (eg Chrome, Safari, Microsoft Edge, Internet Explorer, Firefox etc) allow you to set preferences as to whether you want to allow or block website cookies.
They will also provide tools that allow you to remove any cookies that have already been set. Using the ‘Help’ functionality of your browser, or an internet search, will help you to understand how to use these features for your particular browser.
We have also incorporated specific cookie functionality on our website that allows you to easily indicate when you first visit the site whether or not you are happy for cookies to be set on your device. For our site to remember your preference for whether to allow cookies or not, it is necessary for us to set cookies for this specific purpose.
When you first visit our site, a Cookie Control box will be displayed allowing you to choose whether to allow cookies or not. Only Essential cookies and those that do not contain/track any personal data will be set when you first visit our site.
You can change your choice at any time by clicking on the persistent cookie icon at the bottom of the screen.
– Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our website that typically work in conjunction with cookies to identify our users and user behaviour.
Our uses of such technologies fall into the following general categories:
- Marketing Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our site. This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you, such as whether you have clicked on an advertisement.
We use Google Analytics to better understand what people look at on our website.
When people visit our site, information about their visit (such as which pages they look at, how long they spend on the site and so on) is sent in an anonymous form to Google Analytics (which is controlled by Google).
The data contains information about anyone who uses our website from your computer, and there is no way to identify individuals from the data.
We ensure that no personally identifiable information is ever contained within the data sent to our analytics providers, and we also perform a process which partially obscures your IP address information.
As analytics information is not personal data, we do not specifically ask for your prior consent.