GDPR Compliance Policy

1. Introduction

Welcome to mymumdish (https://mymumdish.com). We are committed to protecting the personal data of our users and complying with the European Union’s General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, the legal bases for processing, the security measures we employ, and how you can exercise your GDPR rights.

2. Data We Collect

We collect and process the following categories of personal data:

• Email address – used for newsletter subscription, order confirmations, and customer support.
• Cookies and similar tracking technologies – to remember your preferences, analyse site usage, and improve the user experience.
• Analytics data – aggregated information such as page views, device type, and referral source, collected through third‑party services (e.g., Google Analytics).

We only collect data that is necessary for the purposes described in this policy and we do so in a transparent manner.

3. How We Use Your Data

The personal data listed above is used for the following purposes:

1. Sending transactional emails (order confirmations, shipping updates).
2. Providing newsletters, promotional offers, and product updates (where you have given consent).
3. Maintaining and improving the functionality, security, and performance of the website.
4. Analyzing traffic patterns to understand how visitors interact with the site and to optimise content.

All processing activities are carried out in accordance with the legal bases described in the next section.

4. Legal Basis for Processing

We rely on the following lawful bases under GDPR:

• Consent – when you voluntarily subscribe to our newsletter or accept optional cookies, you provide explicit consent for those specific purposes.
• Legitimate Interests – for activities such as fraud prevention, network security, and improving the website’s usability, which are necessary for the legitimate interests of mymumdish and do not override your fundamental rights.

5. Data Security and Retention

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL Encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers – data is stored on servers that are regularly patched, monitored, and protected by firewalls.
• Limited Retention – email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months, and cookie identifiers are cleared after 30 days unless you renew consent.

Access to personal data is restricted to authorised personnel who require it to perform their duties. We also conduct periodic security audits and staff training to maintain a high level of data protection.

6. Your GDPR Rights

Under GDPR, you are entitled to the following rights. Each right is accompanied by an icon for quick reference.

• Right to Access

  You may request a copy of the personal data we hold about you, together with information about how we process it.

• Right to Rectification

  If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.

• Right to Erasure (Right to be Forgotten)

  You may request that we delete your personal data where there is no legitimate reason for us to continue processing it.

• Right to Restrict Processing

  You can ask us to limit the way we use your data while we verify the accuracy of the information or assess the necessity of processing.

• Right to Data Portability

  You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller.

• Right to Object

  You may object to the processing of your data for direct marketing, scientific/historical research, or legitimate interests, unless we demonstrate compelling legitimate grounds.

• Right to Withdraw Consent

  If we rely on your consent for processing, you can withdraw that consent at any time, and it will not affect the lawfulness of processing based on consent before its withdrawal.

7. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) via the following channel:

Email: gdpr@mymumdish.com

When you contact us, please include:

• Your full name and contact details (so we can verify your identity).
• A clear description of the right you wish to exercise.
• Any relevant information that will help us locate your data (e.g., the email address you used to register).

We will acknowledge receipt of your request within five (5) business days and will aim to provide a full response no later than thirty (30) calendar days, in line with GDPR Article 12‑15. If additional time is required due to the complexity of the request, we will inform you of the extension and its reasons within the initial 30‑day period.

8. International Transfers

All personal data is processed within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary, we will ensure an adequate level of protection through standard contractual clauses or other approved mechanisms.

9. Changes to This Policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such changes constitutes acceptance of the revised policy.

10. Contact Information

For any questions, concerns, or complaints regarding our data practices, please reach out to:

Data Protection Officer – mymumdish

Email: gdpr@mymumdish.com

You also have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred.