GDPR Compliance Policy

Effective Website: mumdishes.com

Contact for Data‑Protection Queries: gdpr@mumdishes.com

Last Updated: December 01, 2025

---

What Personal Data We Collect

When you interact with mumdishes.com we may collect the following categories of personal data:

• Email address – provided when you sign up for newsletters, create an account, or contact us.
• Cookies & similar tracking technologies – used to remember your preferences, analyse site usage and improve your experience.
• Analytics data – aggregated information such as page views, device type, IP address (in a pseudonymised form) collected via Google Analytics and other services.

How We Protect Your Data

We take the security of your personal data seriously and have implemented a layered approach:

• Transport Layer Security (TLS/SSL) – All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure hosting environment – Our servers are hosted in data centres with ISO‑27001 certification, firewalls, intrusion‑detection systems and regular vulnerability scans.
• Access controls – Only authorised personnel with a legitimate business need can access personal data, and they must do so using strong passwords and two‑factor authentication.
• Limited retention periods – Email addresses are retained for as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, pseudonymised form for a maximum of 24 months.
• Data‑processing agreements – All third‑party processors (e.g., email service providers, analytics platforms) are bound by GDPR‑compliant contracts.

Legal Basis for Processing

Our processing activities are based on the following lawful grounds under Article 6 of the GDPR:

• Consent (Article 6(1)(a)) – When you voluntarily subscribe to our newsletter or accept cookies, you give explicit consent for the specific purpose.
• Legitimate interests (Article 6(1)(f)) – We process analytics data and use cookies to improve site performance, security and user experience. Your interests, fundamental rights and freedoms have been carefully balanced against our legitimate business needs.

Your GDPR Rights

As a data subject, you enjoy the following rights under the General Data Protection Regulation. Each right is accompanied by a Bootstrap icon for quick visual reference.

Right to Access

You may request confirmation that we are processing your personal data and obtain a copy of that data, together with information about the purposes of processing, categories of data, recipients, and retention periods.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data where the processing is no longer necessary, you have withdrawn consent, or you object to the processing and there are no overriding legitimate grounds.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data, or while we consider the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller where technically feasible.

Right to Object

You may object, on grounds relating to your particular situation, to the processing of your data for direct marketing, profiling or any other purpose based on legitimate interests.

Right to Withdraw Consent

Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to gdpr@mumdishes.com. Include your full name, the email address you used on mumdishes.com, and a clear description of the right you wish to invoke.
2. If you are requesting access, rectification, erasure, restriction, or data portability, please specify the exact data or the format you prefer to receive it in.
3. For objections or withdrawal of consent, indicate the specific processing activity (e.g., marketing emails, analytics cookies) you are objecting to.
4. We may ask for additional information to verify your identity, but we will keep any additional data you provide strictly for verification purposes and delete it afterwards.
5. We will acknowledge receipt of your request within 5 business days and provide a substantive response within 30 calendar days, in line with GDPR Article 12(3).

Response Time

All requests will be dealt with as promptly as possible and, in any case, no later than 30 days from the date we receive the request. If a request is particularly complex or numerous, we may extend the period by an additional two months, but we will inform you of any such extension within the original 30‑day period.

Updates to This Policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of mumdishes.com after such updates constitutes acceptance of the revised policy.

Contact Us

If you have any questions about this policy, your personal data, or how we process it, please contact our Data Protection Officer at gdpr@mumdishes.com. We are committed to responding to all inquiries in a transparent and timely manner.