GDPR Compliance Policy

At simplymomcooks (https://simplymomcooks.com) we respect your privacy and are committed to protecting the personal data we process in accordance with the European Union’s General Data Protection Regulation (GDPR). This policy explains what personal data we collect, why we collect it, how we protect it, the legal bases for processing, and how you can exercise your GDPR rights.

1. Data We Collect

We only collect personal data that is necessary for the legitimate operation of our website and the services we provide. The categories of data we collect include:

• Email addresses – collected when you subscribe to our newsletter, submit a contact form, or request a recipe download.
• Cookies and similar technologies – used to remember your preferences, keep you logged in, and analyse how you interact with the site.
• Analytics data – aggregated information such as page views, referral sources, device type, and browsing behaviour collected via Google Analytics and other similar services.

2. How We Protect Your Data

We employ a layered security approach to ensure the confidentiality, integrity, and availability of your personal data:

• SSL/TLS encryption – All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure servers – Our hosting environment is regularly patched, monitored, and protected by firewalls and intrusion‑detection systems.
• Limited retention periods – Email addresses are retained only as long as you remain subscribed or until you request deletion. Cookies are automatically cleared after 12 months, and analytics data is anonymised after 24 months.
• Access controls – Only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.

3. Legal Basis for Processing

Our processing activities are grounded in the following lawful bases under the GDPR:

• Consent (Article 6(1)(a)) – When you voluntarily sign up for our newsletter or accept cookie settings, you give explicit consent for us to process your email address and tracking data.
• Legitimate interest (Article 6(1)(f)) – We process analytics data and use essential cookies to improve site performance, security, and user experience. This interest is balanced against your rights and freedoms.

4. Your GDPR Rights

Under the GDPR you have a set of fundamental rights regarding your personal data. Each right is listed below with a brief description and an icon for quick reference.

• Right to Access – You may request confirmation that we process your data and obtain a copy of the personal data we hold about you.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.
• Right to Erasure (Right to be Forgotten) – You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
• Right to Restrict Processing – You can ask us to limit the way we use your data while a dispute about its accuracy or legality is resolved.
• Right to Data Portability – You may receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller.
• Right to Object – You can object to the processing of your data for direct marketing, scientific research, or any other legitimate‑interest‑based activity.
• Right to Withdraw Consent – At any time you may withdraw the consent you previously gave, without affecting the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at [email protected]. Include your full name, the email address you use on our site, and a clear description of the right you wish to invoke.
2. Provide any additional information that helps us verify your identity (e.g., a copy of a government‑issued ID). This is required only to protect your data from unauthorised access.
3. We will acknowledge receipt of your request within 5 business days and will endeavour to fulfil it within the statutory period of 30 calendar days.
4. If we need more time (e.g., due to the complexity of the request), we will inform you of the extension and the reasons for it, but never beyond an additional 60 days.

6. Response Time

Our standard response time for all GDPR‑related requests is 30 days from the date we receive a verifiable request. In exceptional cases where the request is complex or we receive a large number of requests, we may extend this period by up to an additional 60 days, but we will always keep you informed.

7. Contact Information

If you have any questions about this policy, need clarification on how we process your data, or wish to lodge a complaint, please contact our Data Protection Officer directly:

Email: [email protected]

8. Changes to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices, legal requirements, or technology. Any revisions will be posted on this page with a new “Last Updated” date.

Last Updated: November 27, 2025