1. Who We Are (Controller Identity)
TheGravyGuy.com (“Site,” “we,” “us”) is a food blog focused on Italian-American cooking, operated by its creator based in the United States.
2. What Data We Collect and Why
| Category | Data Collected | Legal Basis (GDPR) | Purpose |
|---|---|---|---|
| Usage / Analytics | IP address (anonymized), pages visited, time on site, browser/device type, referral source | Consent (Art. 6(1)(a)) | Google Analytics — understanding traffic and content performance |
| Advertising | Cookies, device identifiers, browsing behavior on our site | Consent (Art. 6(1)(a)) | Google AdSense — displaying relevant ads, measuring ad performance |
| Comments | Name, email, website URL, comment text, IP address | Consent (Art. 6(1)(a)) | Facilitating user comments on posts |
| Newsletter | Email address, first name, subscription date, IP | Consent (Art. 6(1)(a)) | Sending recipe/blog newsletters |
| Contact Forms | Name, email, message content | Legitimate interest / Contract (Art. 6(1)(b/f)) | Responding to inquiries |
| Technical logs | Server logs: IP, timestamps, URLs requested | Legitimate interest (Art. 6(1)(f)) | Security, preventing abuse |
3. Cookies
This Site uses cookies — small text files stored on your device. You can manage your cookie preferences through the Cookie Consent Banner that appears on your first visit, or by adjusting your browser settings directly.
| Cookie Name / Provider | Type | Duration | Purpose |
|---|---|---|---|
| _ga, _ga_XXXXXXXX | Analytics (Google) | 2 years | Google Analytics visitor tracking |
| _gid | Analytics (Google) | 24 hours | Google Analytics session distinction |
| _gat | Analytics (Google) | 1 minute | Throttle request rate |
| google_adsense, IDE, NID, DSID | Advertising (Google) | Up to 2 years | AdSense ad personalization |
| cookieconsent_status | Functional (First party) | 1 year | Storing your consent choice |
| wordpress_*, wp-settings-* | Functional (First party) | Session / 1 year | WordPress CMS functionality (admin only) |
| comment_author_* | Functional (First party) | 1 year | Remembering commenter info |
Non-essential cookies are only activated after you provide explicit consent, in accordance with the Polish Telecommunications Act (Art. 173 Prawo telekomunikacyjne) and the EU ePrivacy Directive.
4. Google Analytics
We run Google Analytics 4 (GA4), a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. IP anonymization is turned on, which means your IP address is shortened before any data processing takes place. A Data Processing Amendment is in place with Google. Transfers of data to the United States are handled through Google’s Standard Contractual Clauses.
To stop Google Analytics from tracking you, install the Google Analytics Opt-out Browser Add-on.
5. Google AdSense
Advertisements on this Site are served through Google AdSense, operated by Google LLC. AdSense relies on cookies and related technologies to deliver ads tailored to your browsing interests. We comply with the Google EU User Consent Policy and obtain consent through a Certified CMP (Consent Management Platform) before any personalized ads are shown to visitors in the EU/EEA.
Review Google’s privacy policy at policies.google.com/privacy. Adjust your ad personalization preferences at adssettings.google.com.
6. Third-Party Services
Certain pages on this Site may feature embedded content from or links to external services, including YouTube (video embeds), Pinterest (sharing tools), and various social media platforms. Each of these services maintains its own privacy policy and may independently gather data when you engage with their content on our pages.
7. Data Retention
- Google Analytics data: 14 months (configured in GA4 settings)
- Comments: kept for as long as the associated post remains published; removed upon request
- Newsletter subscribers: retained until you choose to unsubscribe
- Contact form submissions: 12 months following the last exchange
- Server logs: 30 days
8. Data Transfers Outside the EEA
Certain third-party services we use (such as Google and Mailchimp) are headquartered in or route data through the United States. These transfers rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses, as required under GDPR Chapter V.
9. Your Rights (EU/EEA / Poland — GDPR)
Under the GDPR and the Polish Act on Personal Data Protection (UODO), you are entitled to:
- Access — obtain a copy of your personal data (Art. 15)
- Rectification — correct any inaccurate information (Art. 16)
- Erasure (“right to be forgotten”) — request deletion of your data (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing carried out under legitimate interest (Art. 21)
- Withdraw consent at any point (Art. 7(3)) — without affecting the legality of earlier processing
- Lodge a complaint with the Polish supervisory authority: UODO (Urząd Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl
To exercise any of these rights, reach out through our contact page. We will respond within 30 days.
10. California Residents — CCPA/CPRA Rights
If you reside in California, the California Consumer Privacy Act (CCPA), as amended by the CPRA, grants you the following:
- Right to Know — which personal information is collected, used, disclosed, or sold
- Right to Delete — request removal of your personal information
- Right to Correct — request that inaccurate data be fixed
- Right to Opt-Out — we do not sell personal information; however, Google may use cookies for advertising purposes (refer to the “Do Not Sell or Share My Personal Information” link in the footer)
- Right to Non-Discrimination — exercising your rights will not result in different treatment
To submit a California privacy request, use our contact page and include “CCPA Request” in the subject.
11. Children’s Privacy (COPPA)
TheGravyGuy.com is not intended for children under 13 years of age. We do not knowingly gather personal information from anyone under 13. Should we discover that such data has been collected inadvertently, we will promptly delete it. We operate in compliance with the U.S. Children’s Online Privacy Protection Act (COPPA).
12. Security
We employ suitable technical and organizational safeguards to protect your data, including SSL/TLS encryption, restricted access controls, and periodic security audits. That said, no method of internet transmission can be guaranteed to be completely secure.
13. Changes to This Policy
This policy may be revised from time to time. The “Last updated” date shown at the top indicates the most recent version. We recommend checking back periodically for updates.
