GDPR Policy - dishesbymum

1. Introduction

dishesbymum (accessible at https://dishesbymum.com) is committed to protecting the privacy and personal data of its users, customers, and visitors. This GDPR Compliance Policy explains how we collect, use, store, and safeguard personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR). By using our website, you acknowledge that you have read and understood the terms set out below.

2. Personal Data We Collect

We process only the data that is necessary for the provision of our services and the improvement of user experience. The categories of personal data we collect include:

Email addresses – collected when you subscribe to our newsletter, request a recipe, or contact us via the contact form.
Cookies and similar tracking technologies – used to remember your preferences, analyse site traffic, and deliver personalised content. We employ both first‑party and third‑party cookies (e.g., Google Analytics).
Analytics data – aggregated information such as page views, bounce rates, and device type, which helps us understand how visitors interact with the site.

We do not collect sensitive personal data (e.g., health information, political opinions) nor do we process data about minors without verifiable parental consent.

3. Legal Basis for Processing

Under GDPR, every processing activity must have a lawful basis. dishesbymum relies on the following grounds:

Consent – when you voluntarily provide your email address for newsletters or promotional offers, you give explicit consent for us to send you communications.
Legitimate Interests – we use cookies and analytics to improve site performance, security, and user experience. These interests are balanced against your rights and freedoms, and you may object at any time (see Section 5).

If we ever need to rely on a different legal basis (e.g., contractual necessity), we will inform you at the point of collection.

4. How We Protect Your Data

The security of your personal data is a top priority. We have implemented technical and organisational measures that include:

SSL/TLS Encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers – our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
Limited Retention – email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 24 months.
Access Controls – only authorised personnel with a legitimate need can access personal data, and they are required to sign confidentiality agreements.

While we strive to protect your data, no transmission over the internet can be guaranteed as 100 % secure. We encourage you to use strong passwords and to keep your devices up‑to‑date.

5. Your GDPR Rights

You enjoy a set of rights under GDPR. Each right is described below, together with a Bootstrap 5 icon for quick visual reference.

Right to Access

You may request a copy of the personal data we hold about you. This includes the source of the data, the purposes for processing, and any recipients to whom the data has been disclosed.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to have it corrected without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data where there is no compelling reason for its continued processing, such as when you withdraw consent or when the data is no longer needed for the original purpose.

Right to Restrict Processing

In certain circumstances (e.g., while we verify the accuracy of your data), you can request that we limit the way we process your information.

Right to Data Portability

When processing is based on consent or a contract, you may receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller.

Right to Object

You can object to the processing of your data for direct marketing, scientific research, or legitimate‑interest purposes. Upon objection, we will halt processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on your consent (e.g., newsletter subscriptions), you may withdraw that consent at any time, free of charge. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details below. Your request must be in writing (email is acceptable) and should contain enough information for us to verify your identity.

Email: gdpr@dishesbymum.com
Subject line: “GDPR Request – [Your Right]” (e.g., “GDPR Request – Right to Access”)
Required details: full name, email address used on the site, and a clear description of the right you wish to invoke.

We will acknowledge receipt of your request within 5 business days and will provide a substantive response within the statutory period of 30 calendar days. In complex cases, we may extend the deadline by an additional 2 months, but we will inform you of the extension and the reasons for it before the original deadline expires.

7. Data Retention Periods

The length of time we retain personal data depends on the purpose for which it was collected:

Email subscriptions: retained until you unsubscribe or request deletion.
Cookie identifiers: session cookies expire at the end of the browsing session; persistent cookies are retained for up to 12 months unless you delete them.
Analytics data: aggregated and anonymised after 24 months; raw data is deleted after that period.

When the retention period expires, the data is securely destroyed or anonymised in a manner that prevents re‑identification.

8. International Transfers

All personal data processed by dishesbymum is stored on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for third‑party analytics), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place to protect your data in compliance with GDPR.

9. Changes to This Policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the site after such changes constitutes acceptance of the revised policy.

10. Contact Information

For any questions, concerns, or complaints regarding this policy or our data‑processing practices, please reach out to our Data Protection Officer:

Data Protection Officer – dishesbymum
Email: gdpr@dishesbymum.com
Website: https://dishesbymum.com

GDPR Compliance Policy