Everyday Mum Recipes – GDPR Compliance Policy

1. Introduction

Everyday Mum Recipes (the “Website”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of our visitors, subscribers, and users in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This GDPR Compliance Policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have under the GDPR. By using our site you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We only process data that is necessary for the purposes described below. The categories of personal data we collect include:

• Email address – collected when you subscribe to our newsletter, comment on a recipe, or contact us via the contact form.
• Cookies & similar technologies – used to remember your preferences, analyse traffic, and improve user experience. This includes session cookies, analytics cookies, and marketing cookies.
• Analytics data – aggregated information such as page views, device type, browser, and referral source, collected through Google Analytics and other similar services.

3. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

• Consent (Article 6(1)(a)) – When you voluntarily provide your email address to receive newsletters or promotional material, you give explicit consent for us to process that data.
• Legitimate Interests (Article 6(1)(f)) – The use of cookies and analytics data is necessary for the legitimate interest of improving the website’s performance, security, and user experience.

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

4. How We Protect Your Data

We employ a range of technical and organisational measures to safeguard your personal data:

• SSL Encryption – All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).
• Secure Servers – Our hosting provider employs firewalls, intrusion detection systems, and regular security patches.
• Limited Retention – Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is stored in an aggregated, anonymised form for a maximum of 24 months.
• Access Controls – Only authorised personnel have access to personal data, and they are required to follow strict confidentiality agreements.

5. Your GDPR Rights

Under the GDPR you enjoy a set of rights that give you control over your personal data. Each right is illustrated with a Bootstrap icon for easy reference.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at gdpr@everydaymumrecipes.com. Include your full name, the email address you use on our site, and a clear description of the right you wish to invoke.
2. Provide proof of identity (e.g., a scanned government‑issued ID) to help us verify that the request is legitimate. This step is required only when the request involves personal data that could identify you.
3. We will acknowledge receipt of your request within 5 business days and will endeavour to complete the action within 30 calendar days, unless an extension is justified by the complexity of the request.
4. If we need additional information to locate or verify your data, we will contact you promptly. Failure to provide the required information may result in a delay or inability to fulfil the request.

7. Response Time

In accordance with Article 12 of the GDPR, we aim to respond to all lawful requests within 30 days. If we are unable to meet this deadline due to the complexity or number of requests, we will inform you of the extension and the expected completion date within the initial 30‑day period.

8. Data Retention

We retain personal data only for as long as necessary:

• Email addresses – retained until you unsubscribe or request erasure.
• Cookies & analytics – retained in an anonymised form for up to 24 months; raw data is deleted after 12 months unless a longer period is required for security or legal purposes.

When the retention period expires, the data is securely destroyed or anonymised.

9. International Data Transfers

All data processing takes place within the European Economic Area (EEA). If a transfer outside the EEA becomes necessary (e.g., using a third‑party service hosted in the United States), we will ensure that appropriate safeguards—such as Standard Contractual Clauses—are in place to guarantee an equivalent level of protection.

10. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any revisions will be posted on this page with a new “Last Updated” date. Continued use of the website after changes constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions, concerns, or wish to exercise any of your GDPR rights, please contact our Data Protection Officer: