LGPD Policy – Noor Recipes | Lei Geral de Proteção de Dados

LGPD Policy – Noor Recipes

Last Updated: September 23, 2025
Effective Date: October 15, 2024

🇧🇷 Brazilian Data Protection Law (LGPD) Compliance Policy

Olá! If you’re visiting from Brazil, this page explains how Noor Recipes complies with the Lei Geral de Proteção de Dados (LGPD) – Brazil’s General Data Protection Law. I respect your privacy rights under Brazilian law and want you to understand exactly how your personal data is handled when you visit our website.

About LGPD (Lei Geral de Proteção de Dados)

The LGPD is Brazil’s data protection law (Law No. 13,709/2018) that came into effect in September 2020. It’s similar to Europe’s GDPR and gives you important rights about how your personal data is collected, used, and protected.

LGPD Core Principles We Follow:

Purpose: We have specific, legitimate reasons for collecting your data
Adequacy: Processing matches the purposes we’ve told you about
Necessity: We only collect data that’s actually needed
Free Access: You can easily see what data we have about you
Transparency: Clear, accurate information about data processing
Security: Technical measures to protect your data
Prevention: Measures to prevent harm from data processing
Non-discrimination: No illegal or abusive discrimination
Accountability: We can demonstrate LGPD compliance

Data Controller Information (Controlador)

Under LGPD, I am the “controlador” (data controller) responsible for your personal data:

Data Controller (Controlador): Noor Bennett
Business Name: Noor Recipes
Location: New York, NY, United States
LGPD Contact Email: Contact@noorrecipes.com

As a small food blog operated by one person, I don’t have a separate Data Protection Officer (Encarregado de Proteção de Dados), but I personally handle all data protection responsibilities with the same care and attention required by LGPD.

Legal Bases for Data Processing (Base Legal)

Under LGPD Article 7, I can only process your data with a valid legal basis. Here’s what I rely on:

Processing Activity	Legal Basis (Article 7)	Explanation
Email Newsletter Subscription	Consent (Article 7, I)	You explicitly sign up and can withdraw anytime
Website Analytics	Legitimate Interest (Article 7, IX)	Understanding website performance to improve user experience
Recipe Comment Responses	Consent (Article 7, I)	You voluntarily contact us with questions
Email Communication	Legitimate Interest (Article 7, IX)	Providing customer support and answering questions
Security & Fraud Prevention	Legitimate Interest (Article 7, IX)	Protecting website and users from spam and abuse
Legal Compliance	Legal Obligation (Article 7, II)	When required by Brazilian or US law

Personal Data We Collect (Dados Pessoais)

Here’s exactly what personal data we collect from Brazilian visitors:

Data You Provide Directly (Fornecidos Diretamente):

Email Address (Endereço de E-mail): When you subscribe to our newsletter
Name (Nome): Optional when signing up or contacting us
Messages (Mensagens): Content of emails you send us with questions or feedback
Recipe Reviews (Avaliações): Comments or feedback you share about recipes
Photos (Fotos): If you email pictures of your cooking results

Data Collected Automatically (Coletados Automaticamente):

IP Address (Endereço IP): For security and basic analytics (anonymized)
Browser Information (Informações do Navegador): Type and version
Device Type (Tipo de Dispositivo): Mobile, tablet, or computer
Usage Data (Dados de Uso): Pages visited, time spent, interactions
Location Data (Dados de Localização): General location only (city/state level, not precise)
Cookies (Cookies): Small text files for website functionality

Sensitive Data (Dados Sensíveis):

We DO NOT collect sensitive personal data as defined by LGPD Article 5, II, including:

Racial or ethnic origin
Religious beliefs
Political opinions
Health data
Genetic or biometric data
Sexual orientation

Note: While recipes may relate to health and diet, we don’t collect medical information or health conditions from users.

How We Use Your Personal Data

Your data is used only for specific, legitimate purposes that we’ve told you about:

Newsletter Services:

Send recipe updates and cooking tips (2-3 times per week)
Share new content that matches your interests
Provide updates about website improvements
Track email delivery to ensure you receive content

Website Improvement & Analytics:

Understand which recipes are most helpful to Brazilian visitors
Improve website navigation and user experience
Identify and fix technical problems
Create content that serves your needs
Optimize for devices commonly used in Brazil

Communication & Support:

Respond to your recipe questions and cooking advice requests
Handle technical support issues
Process LGPD rights requests
Address privacy concerns

What We Will NEVER Do:

Sell your data: Your information is never sold to third parties
Share for marketing: No sharing with advertisers or marketing companies
Automated decisions: No automated decision-making that affects you
Discriminate: No discriminatory processing of your data
Track across web: No cross-site tracking or behavioral profiling

Your Rights Under LGPD (Seus Direitos)

LGPD Article 18 gives you comprehensive rights over your personal data. Here’s each right explained clearly:

1. Confirmation & Access (Confirmação e Acesso) – Article 18, I & II

What it means: You can confirm if we process your data and request access to all your personal data.

How to exercise: Email contact@noorrecipes.com with “Access Request” or “Solicitação de Acesso”

What you’ll receive: Complete export of all your data in readable format

Timeline: Within 15 days (LGPD standard)

2. Correction (Correção) – Article 18, III

What it means: You can correct incomplete, inaccurate, or outdated data.

How to exercise: Email us the correct information

Timeline: Corrections made within 24-48 hours

3. Anonymization, Blocking, or Deletion (Anonimização, Bloqueio ou Eliminação) – Article 18, IV

What it means: You can request that we anonymize, block, or delete unnecessary or excessive data, or data processed in violation of LGPD.

How to exercise: Email contact@noorrecipes.com with “Delete My Data” or “Deletar Meus Dados”

Timeline: Completed within 15 days

Exceptions: May retain data if required by law (we’ll explain)

4. Data Portability (Portabilidade) – Article 18, V

What it means: You can receive your data in a structured, commonly used format to transfer to another service provider.

How to exercise: Request data export in CSV or JSON format

Timeline: Within 15 days

5. Deletion After Consent Withdrawal (Eliminação após Revogação) – Article 18, VI

What it means: When you withdraw consent, we delete data processed based on that consent (except where another legal basis applies).

How to exercise: Unsubscribe from newsletters or email withdrawal request

Effect: Immediate stop of processing, deletion within 15 days

6. Information About Sharing (Informação sobre Compartilhamento) – Article 18, VII

What it means: You can know which public and private entities we share your data with.

Current sharing: ConvertKit (email), Google Analytics (anonymized analytics)

How to confirm: Email us anytime for current third-party list

7. Refuse Processing (Recusa) – Article 18, § 2°

What it means: You can refuse unnecessary or excessive data processing, or processing not compliant with LGPD.

How to exercise: Email with specific processing you object to

Our response: We’ll stop or explain why it’s necessary

8. Revoke Consent (Revogação do Consentimento) – Article 18, IX

What it means: You can withdraw consent for any processing based on consent.

How to exercise: Unsubscribe link in emails or direct email request

Effect: Immediate cessation of that processing

Response Timelines (Prazos de Resposta):

Standard Response: 15 days from receiving request (LGPD requirement)

My Goal: Most requests handled within 1-7 days

Complex Requests: May extend to 30 days with explanation

Always Free: No charge for exercising LGPD rights

Who We Share Data With (Com Quem Compartilhamos):

Third Party	Purpose	Data Shared	Location
ConvertKit	Email newsletter management	Email address, engagement data	United States
Google Analytics	Website analytics (anonymized)	Usage data, anonymized IP	United States
Web Hosting Provider	Website infrastructure	Technical server logs	United States

International Data Transfers (Transferência Internacional):

Since I’m based in the United States, your data will be transferred from Brazil to the US. Here’s how I protect it:

Adequate Level of Protection: We implement safeguards equivalent to LGPD requirements
Contractual Clauses: Service providers are bound by data protection agreements
Technical Security: Encryption in transit (SSL/TLS) and at rest
Your Rights: LGPD rights apply regardless of where data is stored
ANPD Compliance: Following Brazilian National Data Protection Authority guidelines

Important: Your Rights Don’t Change

Even though your data is processed in the United States, you maintain all your rights under LGPD. I remain accountable under Brazilian law for protecting your data.

Security Measures (Medidas de Segurança)

I implement technical and administrative measures to protect your data as required by LGPD Article 46:

Technical Safeguards (Medidas Técnicas):

Encryption (Criptografia): SSL/TLS encryption for all data transmission
Secure Storage (Armazenamento Seguro): Protected servers with access controls
Regular Backups (Backups Regulares): Encrypted and geographically distributed
Access Controls (Controles de Acesso): Limited to essential personnel only
Software Updates (Atualizações): Regular security patches
Anonymization (Anonimização): IP addresses anonymized in analytics

Administrative Safeguards (Medidas Administrativas):

Privacy by Design: Data protection considered in all processes
Data Minimization: Collect only necessary information
Regular Reviews: Quarterly assessment of security practices
Incident Response Plan: Procedures for potential breaches
Staff Training: Regular privacy and security education

Security Incident Protocol (Incidente de Segurança):

If a data security incident occurs that may pose risk to your rights:

ANPD Notification: Report to Brazilian authority within reasonable timeframe
User Notification: Inform affected individuals promptly
Clear Information: Explain what happened and steps being taken
Support Offered: Guidance on protecting yourself
Preventive Measures: Actions to prevent future incidents

Data Retention (Retenção de Dados)

We keep your data only as long as necessary for the purposes we collected it:

Data Type	Retention Period	Reason
Newsletter Email	Until unsubscribe or 3 years inactive	Service provision
Website Analytics	26 months (anonymized)	Usage trends
Email Correspondence	3 years	Customer service history
IP Addresses	14 months (anonymized)	Security
Cookies	13 months maximum	Technical functionality

After Retention Period: Data is permanently deleted or anonymized so it can’t identify you.

Children’s Data (Dados de Crianças e Adolescentes)

Under LGPD Article 14, processing data of children and adolescents requires special care:

Age Requirement: Newsletter requires confirmation you’re 18+ or have parental consent
Parental Consent: Required for anyone under 18 in Brazil
Best Interests: Any processing considers child’s best interests
No Targeting: We don’t specifically target or market to minors
Immediate Action: If we discover a minor’s data without proper consent, we delete it immediately

Right to Complain to ANPD (Direito de Reclamação)

If you’re not satisfied with how I handle your data or LGPD requests, you have the right to file a complaint:

Brazilian National Data Protection Authority (ANPD):
Autoridade Nacional de Proteção de Dados
Website: www.gov.br/anpd
Contact: Available through their website

Before Filing a Complaint (Antes de Reclamar):

I encourage you to contact me first at contact@noorrecipes.com. I’m committed to resolving concerns directly and quickly. Most issues can be resolved within days through open communication.

Contact for LGPD Matters (Contato para Questões LGPD)

LGPD & Data Protection Contact:
Noor Bennett (Data Controller)
Email: contact@noorrecipes.com

Response Times (Prazos de Resposta):
* Simple requests: 1-7 days
* Standard LGPD requests: Within 15 days
* Complex requests: Up to 30 days with explanation
* Emergency concerns: Within 24 hours

Languages (Idiomas):
* English (primary)
* Portuguese (with translation assistance if needed)

What to Include in Your Request:

Your email address associated with our services
Specific LGPD right you want to exercise
Any relevant details or context
Preferred language for response

Updates to This LGPD Policy (Atualizações)

This policy will be updated when:

LGPD regulations or ANPD guidance changes
Our data processing practices change
We add new features affecting privacy
We find clearer ways to explain our practices

Update Notification (Notificação de Mudanças):

Minor Changes: Updated date on this page

Significant Changes: Email notification to Brazilian subscribers

Major Changes: 30-day notice before implementation

Your Options: Withdraw consent or object to changes

The Bottom Line for Brazilian Visitors

Your privacy rights under LGPD are important, and I respect them fully. Even though I’m a small food blog operated from the United States, I take Brazilian data protection law seriously and implement the same careful practices I’d want for my own data.

I’m here to share recipes and cooking advice, not to complicate your life with data concerns. Your information is protected, your rights are respected, and you’re always in control.

If you have questions about LGPD, your rights, or how I handle your data, please reach out. I’d much rather have a conversation than leave you with any uncertainty about privacy.

Obrigado for visiting from Brazil, and I hope you find recipes that bring joy to your kitchen!

This LGPD policy was created with genuine respect for Brazilian privacy rights.
Seu direito à privacidade é importante, não importa onde você esteja.