GDPR Compliance Policy

Effective date: December 01, 2025

1. Introduction

MomMealIdeas (the “Website”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of its users in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, the legal bases for processing that data, how we safeguard it, and the rights you have under the GDPR. By using the Website, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect and process the following categories of personal data:

Email address: Provided voluntarily when you subscribe to our newsletter, request a recipe, or contact us.
Cookies and similar tracking technologies: Used to remember your preferences, analyse traffic, and improve user experience. This includes first‑party session cookies, analytics cookies (e.g., Google Analytics), and optional marketing cookies.
Analytics data: Aggregated information such as page views, device type, browser, and referral source. This data is anonymised wherever possible.

3. Legal Basis for Processing

We rely on the following lawful grounds to process your personal data:

Consent (Article 6(1)(a)): When you voluntarily provide your email address or accept optional cookies, you give explicit consent for the specific purposes described at the point of collection.
Legitimate interests (Article 6(1)(f)): The processing of anonymised analytics data and essential functional cookies is necessary for the legitimate interest of improving the Website’s performance, security, and user experience.

4. How We Protect Your Data

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk:

SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers: Our hosting environment is protected by firewalls, intrusion‑detection systems, and regular security patches.
Limited retention: Email addresses are retained only for as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, pseudonymised form for a maximum of 24 months.
Access controls: Only authorised personnel with a legitimate need to access personal data are granted permissions, and they are required to sign confidentiality agreements.

5. Your GDPR Rights

Under the GDPR you enjoy a set of rights concerning your personal data. Each right is illustrated with a Bootstrap Icon for quick reference.

Right to Access

You may request confirmation that we process your data and obtain a copy of the personal data we hold about you, together with information about the purposes of processing, categories of data, and recipients.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to have it corrected without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data where there is no overriding legitimate reason for continued processing, such as when you withdraw consent or the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data, or when you contest the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller without hindrance.

Right to Object

You may object, on grounds relating to your particular situation, to the processing of your data for direct marketing, scientific/historical research, or statistical purposes.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

Send a written request to our Data Protection Officer at gdpr@mommealideas.com. Include your full name, a clear description of the right you wish to invoke, and any information that will help us identify your data (e.g., the email address you used to subscribe).
If you are requesting erasure or restriction, you may also provide a brief justification to help us assess any competing legitimate interests.
We will acknowledge receipt of your request within 5 business days and will provide a substantive response within 30 calendar days, as required by the GDPR.
If your request is complex or involves multiple data subjects, we may extend the response time by an additional two months, but we will inform you of the extension within the initial 30‑day period.

7. Response Time

All legitimate requests will be addressed within 30 days from the date we receive your request. In cases where additional verification or consultation with third‑party processors is required, we will notify you of any extension and provide an estimated completion date.

8. Contact Information

If you have questions about this policy, wish to lodge a complaint, or need assistance exercising your GDPR rights, please contact our Data Protection Officer:

Email: gdpr@mommealideas.com
Website: https://mommealideas.com

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices, legal requirements, or technological developments. The “Last Updated” date at the top of the document indicates the most recent revision. Continued use of the Website after any such changes constitutes acceptance of the updated policy.

Last Updated: December 01, 2025