GDPR Compliance Policy for Mumeasycooking

Mumeasycooking (the “Site”) is committed to protecting your personal data and respecting your privacy rights in accordance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). This policy explains how we collect, use, store, and share your personal information, and outlines the rights you have as a data subject. By using the Site, you acknowledge that you have read, understood, and agreed to the terms of this policy.

1. What Data We Collect

• Email addresses: We collect your email address when you subscribe to newsletters, create an account, or contact us. This allows us to communicate updates, promotional offers, and support information.
• Cookies and similar technologies: The Site uses cookies to enhance your browsing experience, remember your preferences, and analyse traffic patterns. Cookies include session identifiers, analytics cookies (e.g., Google Analytics), and marketing cookies.
• Analytics data: We use third‑party analytics services (Google Analytics, Matomo, etc.) to collect aggregated data such as page views, session duration, and referral sources. This data is processed anonymously and used solely to improve Site performance and content relevance.

2. Legal Basis for Processing

We process personal data on the following lawful bases:

• Consent: For activities such as email marketing, we obtain explicit consent before sending any communications. You may withdraw consent at any time via the unsubscribe link or by contacting us.
• Legitimate interest: We rely on legitimate interest to process data necessary for website functionality (e.g., session cookies), to improve Site performance, and to provide personalized content. This interest is balanced against your privacy rights through our privacy impact assessment.

3. How We Protect Your Data

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard SSL/TLS protocols.
• Secure Servers: Personal data is stored on secure, access‑controlled servers hosted in the European Economic Area. We employ firewalls, intrusion detection systems, and regular vulnerability scans.
• Limited Retention: Personal data is retained only for as long as necessary to fulfil its purpose (e.g., 12 months after last contact for email subscribers). After that, data is securely deleted or anonymised.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is represented with an icon for quick reference.

• Right to Access: You can request a copy of all personal data we hold about you, including the source, purpose, and recipients of the data.
• Right to Rectification: You may ask us to correct inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data, subject to legal obligations or legitimate interests that may override this right.
• Right to Restrict Processing: You can ask us to limit the processing of your data, for instance while we verify the accuracy of the information.
• Right to Data Portability: You can obtain your personal data in a structured, machine‑readable format and transfer it to another controller.
• Right to Object: You may object to processing based on legitimate interests, direct marketing, or profiling.
• Right to Withdraw Consent: If you have consented to data processing, you can withdraw that consent at any time, and we will stop processing your data accordingly.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at [email protected]. When you reach out, kindly provide the following details to help us process your request efficiently:

• Your full name and contact details.
• A clear statement of the right you wish to exercise.
• Any supporting evidence or documentation that may be required (e.g., proof of identity).

We will respond to your request within 30 days of receipt, as mandated by the GDPR. If we need additional time to verify your identity or to assess the request, we will inform you of the delay and provide a new deadline. In cases where a request is partially or wholly denied, we will provide a written explanation detailing the legal basis for the decision and your right to lodge a complaint with a supervisory authority or seek judicial remedy.

6. Data Sharing and Transfers

We do not sell or trade your personal data to third parties. Data may be shared with service providers (e.g., email delivery services, analytics platforms) that assist us in operating the Site. All such providers are bound by confidentiality agreements and are required to implement appropriate technical and organisational measures to protect your data. We ensure that any cross‑border data transfers comply with GDPR safeguards, such as Standard Contractual Clauses or adequacy decisions.

7. Changes to This Policy

We reserve the right to update this policy at any time. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this policy regularly to stay informed about how we protect your personal data.

Last Updated: April 03, 2026