Privacy Policy

Privacy Policy – CA-MasterChef Kitchen
Last Updated: September 14, 2025

1) Data Controller
CA-MasterChef Kitchen (“we” / “us”)
6595 Roswell Rd Ste G
Atlanta, GA 30328 USA

Email: info@ca-masterchef.com
Phone: +1 661-425-4988

We are the data controller within the meaning of the GDPR.

2) Data We Process

We process the following categories of personal data:

Basic data: First name, last name, email address, and billing address (if provided)
Contract / purchase data: Purchased products, invoices, transaction numbers
Usage data: Pages visited, clicks, device and browser information, approximate location data
Communication data: Email replies, support inquiries
Optional: Profile picture / avatar, if uploaded by you

3) Purposes & Legal Bases (Art. 6 GDPR)

We process personal data for the following purposes and on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR):
Providing courses, downloads, account management, processing orders, and customer support.

Consent (Art. 6(1)(a) GDPR):
Newsletters, marketing emails, optional cookies.

Legitimate interests (Art. 6(1)(f) GDPR):
Security, fraud prevention, internal statistics, product improvement.

Legal obligation (Art. 6(1)(c) GDPR):
Tax and retention requirements.

4) Newsletter & Marketing

With your consent, we send you updates, product news, and offers via email.
You may withdraw your consent at any time—for example, by using the unsubscribe link in any email or by contacting us directly.

5) Cookies & Analytics

We use cookies and similar technologies to provide website functions and to analyze how our website is used.
Non-essential cookies are only set with your consent via our cookie banner/consent tool.

You may delete or block cookies at any time through your browser settings.
Please note that this may limit certain website functions.

6) Payment Processing

Payments are processed through third-party providers such as Stripe and PayPal.
These service providers receive only the data that is absolutely necessary to complete the transaction
(e.g., name, email, billing information, payment amount).

Legal bases:
• Performance of a contract (Art. 6(1)(b) GDPR)
• Legal obligations (Art. 6(1)(c) GDPR)

We do not store complete payment information such as credit card or bank account details.

7) Processors & Recipients

We use various service providers who process personal data on our behalf
(e.g., hosting, email delivery, analytics tools, forms, cloud services).

These service providers act solely according to our instructions
and are contractually obligated under Art. 28 GDPR to maintain confidentiality and protect your data.

An up-to-date list of our processors is available upon request at any time.

8) Transfers to Third Countries

Personal data may be processed in countries outside the EU/EEA
(e.g., by hosting providers, email services, or payment processors).

In such cases, we ensure that appropriate safeguards are implemented in accordance with Art. 44 et seq. GDPR, in particular:

  • EU Standard Contractual Clauses (SCC)

  • Adequacy decisions issued by the EU Commission

  • Additional technical and organizational measures

Details about the safeguards we use are available upon request.

9) Storage Period

We store personal data only for as long as necessary for the respective purposes.
The most important retention periods are:

Contract and tax-relevant data:
Retention periods according to legal requirements (generally 6–10 years).

Marketing data:
Until you withdraw your consent.

Log and usage data:
Short- to medium-term, depending on technical necessity.

10) Your Rights

Under the GDPR, you have the following rights:
• Access to the data we process about you (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure (“right to be forgotten,” Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)

To exercise these rights, please contact us using the details provided in the Imprint.

11) Withdrawal of Your Consent

You may withdraw any consent you have given at any time with effect for the future.
The lawfulness of the processing carried out prior to your withdrawal remains unaffected.

12) Right to Object

If we process data on the basis of Art. 6(1)(f) GDPR (legitimate interests),
you have the right to object to this processing at any time for reasons arising from your particular situation.

13) Right to Lodge a Complaint

You have the right to file a complaint with a data protection supervisory authority
if you believe that the processing of your personal data violates the GDPR.

14) Data Security

We use technical and organizational measures to protect your data
from loss, misuse, and unauthorized access.
Our security measures are reviewed regularly and adjusted to reflect the current state of technology.

15) Changes to This Privacy Policy

We reserve the right to update this Privacy Policy
to ensure it always complies with current legal requirements
or to reflect changes in our services within this policy.