GDPR Compliance Policy – recipebymum

1. Introduction

At recipebymum (https://recipebymum.com) we are committed to protecting the personal data of our visitors, subscribers, and users. This GDPR Compliance Policy explains how we collect, use, store, and protect personal data in accordance with the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679). By accessing or using our website you acknowledge that you have read and understood this policy.

2. Personal data we collect

We process only the data that is necessary for the legitimate purposes described below. The categories of personal data we collect include:

• Email address – provided when you subscribe to our newsletter, comment on a recipe, or contact us.
• Cookies and similar tracking technologies – used to remember your preferences, analyse site traffic and improve user experience. This includes first‑party session cookies, analytics cookies, and optional marketing cookies.
• Analytics data – aggregated information such as IP address, browser type, operating system, pages visited, and time spent on each page. This data is collected via Google Analytics (or an equivalent service) and is anonymised wherever possible.

3. Legal basis for processing

Our processing activities are based on the following lawful grounds under Article 6 of the GDPR:

• Consent (Article 6(1)(a)) – When you voluntarily provide your email address or accept optional cookies, you give us explicit consent to process that data for the purposes indicated (e.g., sending newsletters, personalising content).
• Legitimate interests (Article 6(1)(f)) – We process analytics data and essential cookies to improve the functionality, security, and performance of the website. This interest is balanced against your rights and freedoms, and you may object at any time (see Section 5).

4. How we protect your data

We employ a range of technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data:

• SSL encryption – All data transmitted between your browser and our servers is protected by HTTPS (TLS 1.2 or higher).
• Secure servers – Our hosting environment is hosted in GDPR‑compliant data centres that implement firewalls, intrusion detection, and regular security patches.
• Limited retention periods – Email addresses are retained only for as long as you remain subscribed or until you request deletion. Analytics data is retained for a maximum of 24 months in an aggregated, pseudonymised form.
• Access controls – Only authorised personnel have access to personal data, and they are required to sign confidentiality agreements.
• Regular audits – We conduct periodic security assessments and vulnerability scans to identify and remediate potential risks.

5. Your GDPR rights

Under the GDPR you enjoy a series of rights concerning your personal data. Each right is presented with a Bootstrap Icon for quick visual reference.

6. How to exercise your rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at gdpr@recipebymum.com. Include your full name, the email address you used with us, and a clear description of the right you wish to invoke.
2. We may ask for additional information to verify your identity before fulfilling the request. This step is necessary to protect your data from unauthorised access.
3. Once verified, we will act on your request without undue delay and, in any case, within 30 calendar days. In complex cases, we may extend this period by a further two months, but we will inform you of the extension and the reasons for it.
4. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority in the EU Member State where you reside, work, or where the alleged infringement occurred.

7. Data retention periods

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected, as outlined below:

• Email addresses – retained until you unsubscribe or request erasure. If you remain subscribed, we keep the address for the duration of the subscription plus a 12‑month archive for backup purposes.
• Cookies – session cookies are deleted when you close your browser. Persistent cookies are set with a maximum lifespan of 12 months and are automatically cleared thereafter unless you renew consent.
• Analytics data – stored in an aggregated, pseudonymised form for up to 24 months. Raw IP addresses are truncated after 30 days.

8. International data transfers

All processing takes place on servers located within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., for a third‑party service), we will ensure an adequate level of protection through standard contractual clauses or other approved mechanisms.

9. Contact information

If you have any questions about this policy, the data we hold about you, or wish to exercise any of your GDPR rights, please contact our Data Protection Officer:

10. Changes to this policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such changes constitutes acceptance of the revised policy.