Reading a Food and Market Website Privacy Notice: What Data May Be Collected and What Choices You May Have

Why privacy notices matter on food and market sites

When you visit a website for recipes, dining inspiration, or market updates, the experience is usually practical and immediate: you want ideas for dinner, details about a visit, or a quick way to sign up for updates. Behind the scenes, however, many sites collect and process information so they can function properly, measure performance, communicate with visitors, and support features such as newsletters, social media widgets, and advertising.

An online privacy notice is the document that organizes these practices in one place. It typically explains what personal data may be collected, how it may be used, who may receive it, and what rights or choices you may have depending on where you live. The notice summarized in this article applies to personal data collected on two related sites and also describes a separate, in-person scenario: logging on to Wi‑Fi at a market location.

This guide translates what the notice says into plain language. It is not legal advice. Its purpose is to help visitors understand the kinds of information a food and market website may handle and what controls the notice says are available.

Who is responsible for your data: the “data controller”

A central concept in the notice is the “data controller,” meaning the organization responsible for processing personal information collected through the site. The notice emphasizes that the identity of the data controller depends on your location, and it lists multiple entities that can act as controllers tied to different territories.

The notice also highlights that there are situations that can affect who controls your data. In addition, it asks visitors to review the site’s Conditions of Use, which govern visits to the site and are described as containing important limitations.

Information you may provide directly

The notice states that personal data may be collected when you choose to provide it through the site. This typically happens when you interact with forms or sign up for services. Examples of the types of information that may be collected include:

• First and last name
• Physical address
• E-mail address
• Telephone number

Not every page or form collects the same information. The notice says each form varies in what it requires and collects, and that an asterisk (*) typically indicates required fields. You may also choose to provide additional information in fields that are not required.

Marketing messages: how to stop them

If you receive direct marketing communications and later decide you no longer want them, the notice provides two ways to stop them:

• Use an unsubscribe link in the footer of every email.
• Email the privacy address listed in the notice.

In practice, this means the notice anticipates that email communications may be part of the site experience, and it spells out the opt-out methods it supports.

Information collected automatically: cookies, logs, and similar tools

Beyond what you type into a form, the notice describes information that may be collected by automated means. It lists several technologies used for this purpose, including:

• Cookies
• Non-cookie-based tokens
• Web server logs
• Tracking pixels
• Web beacons

The notice also states that information from your browser—such as browsing history—may be collected and used together with data gathered from forms and emails to help understand and respond to your needs.

It also draws a line between information that is completely anonymised and information that is personal data. Where information gathered is completely anonymised, the notice states it will not constitute personal data.

Why the site says it processes data: “legitimate interest” and legal obligations

Where personal data is not anonymous, the notice describes the legal basis for certain processing activities as legitimate interest. It frames this as an interest in continually evaluating personal data while operating and improving the business, ensuring products and services are relevant to the market, and doing so in a way that is not overridden by your interests, rights, and freedoms.

The notice also notes that some processing may be necessary to protect, exercise, or defend legal rights, or to comply with laws that apply. In other words, the notice describes multiple reasons data might be used, including operational improvement and compliance-related needs.

Social media widgets: what they may collect

The notice states that the site includes social media functions such as widgets from Google, Twitter, and Facebook. According to the notice, these widgets may collect information about which pages you visit and the IP address of the device you use to connect to the internet. The widgets may also set a cookie to ensure the features function properly.

These social media functions may be hosted by a third party or hosted directly on the site. The notice says your interactions with these features are governed by the privacy policies of the companies that provide them, and it suggests reviewing those policies if you use the features.

Data from third parties: what the notice says may be obtained

Where permitted by law, the notice states personal data may be acquired from third parties. Examples listed include:

• Personal data shared between affiliated entities and business partners
• Publicly available profile information on third-party social media sites (such as preferences and interests)
• Marketing lists acquired from third-party marketing agencies

The notice also adds that personal data may be collected in other contexts and that you will be notified at the time if that occurs.

An in-person example: logging on to Wi‑Fi at a market location

Privacy notices sometimes cover more than just what happens on a website. Here, the notice includes a specific example related to an in-person visit. When you log on to Wi‑Fi at a market location, you may be asked to provide your email address to access the service.

The notice states that this email address may be used to send details of events and information that may be of interest to you. It also indicates that this may be done with your consent or based on legitimate interest where allowed under applicable laws.

How personal data may be used, including Google services and consent choices

The notice describes multiple purposes for using personal data. It also notes that the website/app uses one or more Google services and may gather and store information including, but not limited to, visit or usage behavior.

Importantly for visitors who want more control, the notice says visitors may be able to grant or deny consent to Google and its third-party tags for specified purposes. This is presented as a choice mechanism tied to particular uses rather than a single all-or-nothing decision.

Analytics and measurement: Google Analytics and opt-outs

To understand how people use the site, the notice states that third-party web analytics services are used, including Google Analytics. It explains that service providers administering these services may use cookies and web beacons to analyze how users use the site.

According to the notice, the information collected (including IP address) is available to those service providers, which use it to evaluate site usage.

The notice includes an opt-out link for Google Analytics. It also references an industry opt-out page for controlling the collection and use of web viewing data for interest-based advertising and other applicable uses by some or all participating companies. For more detail on cookies used and how to control cookie settings on the site, the notice points readers to a Cookie Policy.

Advertising identity tools: the LiveRamp scenario described in the notice

The notice describes a scenario involving LiveRamp. When you use the website and enter your email address (for example, to log in or sign up for a newsletter), the notice states that information collected from you—such as your email (in hashed, pseudonymous form), IP address, or information about your browser or operating system—may be shared with LiveRamp and its group companies.

It adds that certain parties may act as “joint controllers” as applicable under the GDPR.

According to the notice, LiveRamp uses this information to create an online identification code that may be stored in a first-party cookie for use in online, in-app, and cross-channel advertising. The notice states this code may be shared with advertising companies to enable interest-based and targeted advertising.

The notice also states that the code does not contain directly identifiable personal data and will not be used by LiveRamp to re-identify you. It references LiveRamp’s privacy policy and provides an opt-out link.

An alternative option: ad-free and tracking-free access via contentpass

The notice describes an optional service called contentpass that provides ad-free and tracking-free access to the website. It states that the service is provided by Content Pass GmbH, and that if you subscribe, your contract is directly with contentpass.

To show the contentpass option when you visit the site, the notice states that contentpass is asked to process your IP address at the start of your visit. It specifies that this is the only information shared with contentpass for that purpose, and that the site remains responsible for this IP address processing.

If you sign up, contentpass is described as the data controller for all data needed to register, manage, and deliver the subscription, with a reference to contentpass’s privacy policy for details. The notice states that the legal basis for processing the IP address in this context is legitimate interest in offering an ad-free and tracking-free version of the site and helping meet a legal obligation to obtain valid consent where required.

When personal data may be shared, and what the notice says about selling

The notice states that personal data is not sold or otherwise disclosed except as described. It then outlines categories of recipients and circumstances in which sharing may occur.

It also states that personal data may be transferred to recipients in countries other than the country where it was originally collected, and that those countries may not have the same data protection laws. When transfers occur (including to the U.S.), the notice states the data will be protected as described in the notice.

For individuals located in the EEA or Switzerland, the notice states that applicable legal requirements for adequate protection for transfers outside the EEA and Switzerland will be followed. It also notes that you may request a copy of the safeguards in place by contacting the organization as described in the “How To Contact Us” section.

How long data may be kept

The notice explains that retention depends on the purpose for which personal data was collected. In general, it states personal data is kept as long as necessary to fulfill the purposes for which it was collected, then deleted unless there is a legal requirement to retain it or it must be retained to comply with legal obligations (including tax and accounting purposes).

It also states that, subject to applicable legal requirements, personal data is typically retained according to the practices described in the notice.

Your rights and options may depend on where you live

The notice makes clear that rights and options can vary depending on where you are located. It includes region-specific sections that outline additional rights and processes.

EEA and Switzerland: rights and complaints

If you are located in the EEA or Switzerland, the notice states you may have rights in relation to personal data held about you. It indicates you can contact the organization by email or as described in the “How to Contact Us” section to exercise those rights.

It also states you have the right to lodge a complaint with the data protection supervisory authority in your country.

California: CCPA rights, “Do Not Sell,” and request procedures

The notice includes a dedicated section for California residents under the California Consumer Privacy Act (CCPA). It states that the CCPA provides additional rights to know, delete, and opt out, and requires businesses to provide notices and means to exercise those rights.

It lists categories of personal information collected in the past 12 months as described by the CCPA and explains that information may be obtained directly from you (for example, from forms you complete or products and services you purchase) or indirectly (for example, by observing actions on the website).

The notice also states that personal information may be disclosed to certain third parties for a business purpose, with contracts requiring confidentiality and limiting use to performing the contract.

On selling, the notice states it does not generally sell personal information as the term is traditionally understood. However, it adds that to the extent advertising technology activities (including programmatic advertising) are considered a sale under the CCPA, categories of personal information may have been sold in the preceding 12 months to business partners such as programmatic advertisers and data aggregators.

It states an option appears when you click “Do Not Sell My Information,” which restricts data from being sold. It also states the personal information of minors known to be under 16 is not sold without affirmative authorization.

For California residents, the notice describes the right to request deletion and the right to know certain information about data practices in the preceding 12 months. To exercise these rights, the notice provides a request link and an email address, and it explains that you must specify which right you are exercising and provide proof of California residency and identity.

The notice outlines identity verification steps, response timelines (endeavoring to respond within 45 days, with a possible extension), and circumstances under which requests may be denied.

It also states that certain sensitive information will not be disclosed even if collected, including Social Security number, driver’s license number, certain financial account numbers, and account passwords or security questions and answers.

The notice describes the right to opt out of the sale of personal information and indicates requests can be made via “Do Not Sell My Information” or by email. It notes requests may be submitted through a designated agent with appropriate documentation.

Finally, it states visitors will not be discriminated against for exercising CCPA rights, while also noting that certain financial incentives (such as discounts or deals for newsletter sign-up) may be offered under the CCPA with terms and opt-in consent, which can be revoked.

California’s “Shine the Light” law is also addressed, describing a process for requesting details about certain information sharing for direct marketing purposes, including what to include in the request and where to send it.

Nevada: a separate opt-out right

The notice states that Nevada residents have the right to opt out of the sale of certain personal data to third parties who intend to license or sell that personal data. It provides instructions to exercise this right by email with a specific subject line and required identifying details.

Updates and how to contact the organization

The notice states it may be updated periodically and without prior notice to reflect changes in personal data practices or relevant laws. Updated versions will be posted, and the notice indicates it will show when it was most recently updated.

For questions, comments, or requests related to how personal data is collected, used, or disclosed—or to update information or preferences—the notice provides contact options by email and postal mail addresses for customer care and data protection officer contacts. It also notes that for European citizens, an appointed nominated representative for EU personal data can be contacted via the same privacy email address.

Putting it in context for everyday visitors

For people who come mainly for recipes, market updates, or dining inspiration, privacy notices can feel far removed from the content they came to read. But the notice is also the clearest place to learn what information may be collected, how it may be used, and what controls the website says it offers—especially when features like shopping carts, newsletters, social widgets, analytics, and on-site Wi‑Fi are part of the broader food and market ecosystem.

In practical terms, the notice describes a mix of information you may choose to provide (such as contact details), information collected automatically (such as via cookies and logs), and data that may be obtained from third parties where permitted. It also lays out opt-outs and contact routes that can help you make choices aligned with your preferences.