GDPR Compliance Policy

1. Introduction

MomHomeRecipes (the “Website”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of our visitors, users, and customers in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This policy explains how we collect, use, store, and protect personal data, the legal bases for processing that data, and the rights you have under the GDPR. By accessing or using our website, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We only collect personal data that is necessary for the legitimate purposes described below. The categories of data we process include:

• Email address – collected when you subscribe to our newsletter, request a recipe, or contact us via the contact form.
• Cookies and similar tracking technologies – used to remember your preferences, analyse site usage, and improve user experience. This includes first‑party session cookies, analytics cookies, and consent‑management cookies.
• Analytics data – aggregated, non‑identifiable information such as page views, referral sources, and device type collected through Google Analytics and similar services.

We do not collect sensitive personal data (e.g., health information, racial or ethnic origin) and we never sell or trade your personal data to third parties.

3. How We Protect Your Data

Security is a core component of our data‑handling practices. We employ a layered approach that includes:

• SSL/TLS encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure servers – our hosting environment is protected by firewalls, intrusion‑detection systems, and regular security patches.
• Limited retention periods – personal data is retained only for as long as it is necessary to fulfil the purposes for which it was collected, after which it is securely deleted or anonymised.
• Access controls – only authorised personnel with a legitimate business need can access personal data, and they are bound by confidentiality obligations.

While we strive to protect your data, no transmission over the Internet can be guaranteed as 100 % secure. In the unlikely event of a breach, we will follow the GDPR‑mandated breach‑notification procedures.

4. Legal Basis for Processing

Under the GDPR, we must have a lawful basis for each type of processing. Our primary bases are:

• Consent (Article 6 (1)(a)) – when you voluntarily subscribe to newsletters or opt‑in to receive marketing communications.
• Legitimate interests (Article 6 (1)(f)) – for activities such as website analytics, security monitoring, and improving the user experience, provided that your fundamental rights do not override these interests.

If we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Your GDPR Rights

The GDPR grants you a set of robust rights concerning your personal data. Each right is listed below with a corresponding Bootstrap icon for quick reference.

• Right to Access – You may request confirmation that we are processing your data and obtain a copy of the personal data we hold about you.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.
• Right to Erasure (“Right to be Forgotten”) – You may request the deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to Restrict Processing – You can ask us to limit the way we use your data while we verify the accuracy of the information or the legality of the processing.
• Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller.
• Right to Object – You may object to processing based on legitimate interests, direct marketing, or scientific/historical research, and we must stop unless we demonstrate compelling legitimate grounds.
• Right to Withdraw Consent – Where processing is based on consent, you may withdraw that consent at any time, and it will not affect the lawfulness of processing prior to withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to our Data Protection Officer at the email address provided below. Your request should include:

1. A clear description of the right you wish to invoke (e.g., “I would like to access my personal data”).
2. Any information that can help us identify your records (e.g., the email address you used to subscribe).
3. Proof of identity if we deem it necessary to protect your data from unauthorised access.

We will acknowledge receipt of your request within three (3) business days and will endeavour to provide a substantive response within thirty (30) calendar days, as required by the GDPR. If additional time is needed, we will inform you of the reasons and the expected completion date.

7. Response Time

All GDPR‑related requests are handled in accordance with the statutory deadline of 30 days. In exceptional circumstances—such as a complex request or a high volume of requests—we may extend the period by an additional two months, provided we communicate the extension to you within the original 30‑day timeframe and explain the reasons for the delay.

8. Contact Information

If you have any questions, concerns, or wish to exercise your rights, please contact our Data Protection Officer at:

You also have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred.

9. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices, legal requirements, or technology. Any material changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy periodically.

10. Summary

MomHomeRecipes respects your privacy and strives to be transparent about how we handle personal data. By providing clear information on the data we collect, our security measures, the lawful bases for processing, and the full suite of GDPR rights, we aim to empower you to make informed decisions about your personal information. Should you need assistance, our Data Protection Officer is ready to help.