MomDishes GDPR Compliance Policy

1. Introduction

MomDishes (https://momdishes.com) is committed to protecting the personal data of its users in accordance with the European Union’s General Data Protection Regulation (GDPR). This policy explains what personal data we collect, how we use it, the legal bases for processing, the security measures we have in place, and the rights you enjoy under the GDPR. If you have any questions or wish to exercise any of your rights, please contact us at gdpr@momdishes.com.

2. Data We Collect

MomDishes processes the following categories of personal data:

• Email address: collected when you subscribe to our newsletter, create an account, or request support.
• Cookies and similar technologies: used to remember your preferences, analyse site traffic, and deliver personalised content.
• Analytics data: aggregated information such as IP address, device type, browser version, and pages visited, collected through third‑party analytics services.

We do not collect sensitive data (e.g., health, racial or religious information) unless you voluntarily provide it in a support request, in which case it is treated with the same level of protection.

3. Legal Basis for Processing

MomDishes relies on the following lawful bases to process your personal data:

• Consent: when you voluntarily sign up for newsletters or accept cookies, you give explicit consent for those specific purposes.
• Legitimate Interests: we process analytics data and use cookies to improve site performance, enhance user experience, and protect the security of our platform. These interests are balanced against your fundamental rights and freedoms.

If you withdraw consent, we will cease processing the data that relies solely on that consent, while still retaining data that is necessary for the performance of a contract or for compliance with legal obligations.

4. How We Protect Your Data

We employ a layered security approach to safeguard personal data:

• Transport Layer Security (TLS/SSL): all data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers: our hosting environment is hardened, regularly patched, and monitored 24/7 for suspicious activity.
• Limited Retention: personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, after which it is securely deleted or anonymised.
• Access Controls: strict role‑based access ensures that only authorised personnel can view or process personal data.

While we strive to protect your data, no transmission over the Internet can be guaranteed 100 % secure. We encourage you to use strong, unique passwords and to keep your devices up to date.

5. Your GDPR Rights

Under the GDPR, you have the following rights concerning your personal data. Each right is accompanied by a brief description of how you can exercise it with MomDishes.

• Right to Access

  You may request a copy of the personal data we hold about you, along with information about the purposes of processing, categories of data, and recipients. Submit your request via gdpr@momdishes.com.

• Right to Rectification

  If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it. Provide the correct information in your email request, and we will update our records promptly.

• Right to Erasure (“Right to be Forgotten”)

  You can request the deletion of your personal data where there is no compelling reason for us to retain it (e.g., when you unsubscribe from newsletters or close your account). Exceptions apply if the data is required for legal compliance or contractual obligations.

• Right to Restrict Processing

  You may ask us to limit the processing of your data while we verify its accuracy or while a dispute is resolved. During restriction, the data will be stored but not further processed.

• Right to Data Portability

  You have the right to receive your personal data in a structured, commonly used, and machine‑readable format, and to transmit that data to another controller. Requests should specify the preferred format (e.g., CSV or JSON).

• Right to Object

  You may object to the processing of your data for direct marketing, profiling, or where processing is based on legitimate interests. Upon receipt of an objection, we will cease the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests.

• Right to Withdraw Consent

  Where processing is based on your consent (e.g., newsletter subscriptions or cookie consent), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. Unsubscribe links in emails and the cookie‑banner provide an easy way to withdraw consent.

How to Exercise Your Rights: Send a written request to gdpr@momdishes.com with a clear description of the right you wish to invoke. Include any information that helps us verify your identity (e.g., the email address used on our platform). We will acknowledge receipt of your request within five (5) business days and provide a substantive response no later than thirty (30) calendar days, unless a longer period is required by law.

6. Data Retention Periods

- Email addresses: retained for the duration of the subscription or until a deletion request is received.
- Cookies: session cookies expire when the browser is closed; persistent cookies are set for a maximum of 12 months unless you delete them.
- Analytics data: aggregated logs are retained for 24 months for trend analysis and then anonymised.

7. International Transfers

MomDishes may transfer personal data to service providers located outside the European Economic Area (EEA). All such transfers are protected by standard contractual clauses approved by the European Commission, ensuring an adequate level of protection.

8. Changes to This Policy

We review this policy regularly and may update it to reflect changes in law, technology, or our business practices. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of MomDishes after a change constitutes acceptance of the revised policy.