GDPR Compliance Policy for MumDishDelights

Last Updated: April 03, 2026
Contact Email: [email protected]

1. Introduction

MumDishDelights (the “Website”, “we”, “us” or “our”) respects your privacy and is committed to protecting the personal data you provide to us. This GDPR Compliance Policy explains how we collect, use, store and share your personal data in accordance with the General Data Protection Regulation (EU) 2016/679. By accessing or using our Website, you acknowledge that you have read and understood this policy.

2. Types of Personal Data We Collect

We collect the following categories of personal data:

Email addresses: When you sign up for newsletters, create an account or place an order.
Cookies and similar tracking technologies: We use first‑party cookies to remember your preferences, analyze traffic and improve user experience.
Analytics data: We employ Google Analytics and other analytics tools to track website usage. This data is anonymised but may include IP addresses and device identifiers.

3. Legal Basis for Processing

Our processing activities are based on the following lawful bases:

Consent: For newsletters, marketing communications and certain optional features, we obtain your explicit consent. You may withdraw consent at any time.
Legitimate interest: We process data necessary for website operation, fraud prevention, customer support, and to improve our services.

4. How We Protect Your Data

Encryption: All data transmitted between your browser and our servers is protected by TLS/SSL (HTTPS). Secure Servers: We host our infrastructure on reputable cloud providers that comply with ISO/IEC 27001 and SOC 2. Access Controls: Only authorised staff with a legitimate need can access personal data. Retention: Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Email addresses are kept for 12 months after the last interaction, cookies for 30 days, and analytics data is aggregated and anonymised within 90 days. Backups: Regular backups are stored encrypted and are protected by the same security measures as our live environment.

5. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with an icon for quick reference.

Right to Access

You can request a copy of the personal data we hold about you. This includes the purposes of processing, categories of data, recipients, and the period for which data will be stored.

Right to Rectification

If your personal data is inaccurate or incomplete, you can ask us to correct or complete it. We will update the data within 30 days of receiving your request.

Right to Erasure

Also known as the “right to be forgotten”, you may request that we delete your personal data. We will comply unless we have a legal obligation to retain it (e.g., tax records).

Right to Restrict Processing

You may ask us to suspend processing of your data (e.g., if you contest its accuracy). During restriction, we will store but not use the data.

Right to Data Portability

You can obtain your personal data in a structured, commonly used format (e.g., CSV) and transfer it to another controller. We will provide the data within 30 days.

Right to Object

You may object to the processing of your data for direct marketing or profiling purposes. Once an objection is raised, we will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Consent can be withdrawn at any time. You can also disable cookies or unsubscribe from newsletters. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at [email protected]. Provide a brief description of your request, the personal data concerned, and any supporting documentation. We will respond within 30 days, or within 30 days plus one month if the request is complex or numerous.

7. Data Retention Periods

We retain personal data for the period necessary to fulfil the purposes outlined in this policy. Typical retention periods are:

Email addresses: 12 months after last interaction.
Cookies: 30 days.
Analytics: aggregated and anonymised for 90 days.

8. Data Transfers

We do not transfer personal data outside the European Economic Area. If future services require data sharing with third‑party partners, we will ensure that appropriate safeguards (Standard Contractual Clauses, adequacy decisions, or explicit user consent) are in place.

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time. The updated version will be posted on our Website with a new “Last Updated” date. We encourage you to review the policy periodically.

10. Contact Us

If you have any questions about this policy, or if you wish to exercise your GDPR rights, please contact:

Address: MumDishDelights, 123 Kitchen Lane, Culinary City, 45678, UK
Email: [email protected]
Phone: +44 20 1234 5678

We appreciate your trust and are committed to safeguarding your personal data with the highest standards of security and respect for your privacy rights.