MumsDishes GDPR Compliance Policy

Our Commitment to Data Protection

At MumsDishes (https://mumsdishes.com) we respect the privacy of our users and are committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This policy explains what personal data we collect, how we process it, the legal bases for processing, the security measures we have in place, and how you can exercise your GDPR rights.

If you have any questions or wish to exercise any of your rights, please contact our Data Protection Officer at gdpr@mumsdishes.com.

Data We Collect

We collect and process the following categories of personal data:

• Email address – provided voluntarily when you subscribe to newsletters, create an account, or contact us.
• Cookies and similar tracking technologies – used to remember your preferences, analyse site usage and improve functionality. This includes first‑party session cookies, analytics cookies, and marketing cookies.
• Analytics data – aggregated information such as page views, referral sources, device type, and IP address collected through Google Analytics and other web‑analysis tools.

We do not collect sensitive data (e.g., health information, racial or ethnic origin) unless you explicitly provide it in a support request, in which case it will be handled with the same level of protection.

How We Protect Your Data

We employ a range of technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data:

• SSL/TLS encryption – All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure servers – Our hosting environment is hosted on ISO‑27001 certified data centres with regular security patches and firewalls.
• Limited retention – Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 14 months, and cookie data is automatically cleared according to the cookie lifespan set in the browser.
• Access controls – Only authorised personnel with a legitimate need to process personal data have access, protected by strong passwords and two‑factor authentication.
• Regular audits – We conduct periodic security assessments and vulnerability scans to identify and remediate potential risks.

Legal Basis for Processing

Our processing activities are based on the following lawful bases under GDPR:

• Consent (Article 6(1)(a)) – When you voluntarily sign up for newsletters or accept cookies, you give explicit consent for us to process your email address and tracking data.
• Legitimate interest (Article 6(1)(f)) – We process analytics data and use cookies to improve website performance, user experience, and to protect against fraud. Your interests and fundamental rights are balanced against our legitimate business needs.

If you withdraw consent, the processing based on consent will cease immediately, while processing based on legitimate interest will continue only if it remains necessary and proportionate.

Your GDPR Rights

Under GDPR you have the following rights. Each right is accompanied by a Bootstrap icon for quick reference.

• Right to Access – You may request a copy of the personal data we hold about you, together with information about how we process it.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.
• Right to Erasure (“Right to be Forgotten”) – You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
• Right to Restrict Processing – You can ask us to limit the way we use your data, for example while we verify the accuracy of the data or the legality of the processing.
• Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller.
• Right to Object – You may object to the processing of your data for direct marketing, profiling, or where processing is based on legitimate interests.
• Right to Withdraw Consent – Where processing is based on consent, you can withdraw that consent at any time, free of charge. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

How to Exercise Your Rights

1. Send a written request to gdpr@mumsdishes.com. Include your full name, the email address associated with your account (if applicable), and a clear description of the right you wish to invoke.
2. We may ask for additional information to verify your identity, ensuring that we protect your data from unauthorised access.
3. We will respond to your request within 30 calendar days. In complex cases, we may extend the period by up to an additional 60 days, but we will inform you of any extension and the reasons for it.
4. If your request is denied, we will provide a concise explanation and inform you of your right to lodge a complaint with a supervisory authority.

Data Retention Periods

We retain personal data only for as long as necessary:

• Email addresses – retained while you remain subscribed or until you request deletion. If you become inactive for 24 months, we will automatically purge the address.
• Cookies – session cookies expire at the end of the browsing session; persistent cookies are set with a maximum lifespan of 12 months unless you delete them earlier via your browser settings.
• Analytics data – stored in an anonymised form for 14 months, after which it is automatically aggregated and the raw IP addresses are deleted.

International Transfers

All personal data is processed within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for a third‑party service), we will ensure that appropriate safeguards such as Standard Contractual Clauses are in place, guaranteeing an equivalent level of protection.

Updates to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in legislation, our services, or data‑processing practices. Any significant changes will be posted on this page with an updated “Last Updated” date.

Contact Information

For any inquiries regarding privacy, data protection, or to exercise your rights, please contact our Data Protection Officer: