MealMum GDPR Compliance Policy

Effective Date: December 01, 2025

1. Introduction

MealMum (the “Company”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of its users, customers, and visitors in accordance with the European Union General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, how we process it, the legal bases for processing, the security measures we employ, and the rights you have under the GDPR. By using the MealMum website (https://mealmum.com), you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect and process the following categories of personal data:

• Email address: Provided when you sign up for newsletters, create an account, or contact us.
• Cookies & similar technologies: Used to remember your preferences, analyse site usage, and deliver personalised content.
• Analytics data: Includes IP address, device type, browser information, and pages visited, collected via Google Analytics and other analytics tools.

3. Legal Basis for Processing

We rely on the following lawful bases to process your personal data:

• Consent (Article 6(1)(a)): When you voluntarily subscribe to our newsletter or accept cookies, you provide explicit consent.
• Legitimate Interests (Article 6(1)(f)): Processing for site security, fraud prevention, and improving user experience is necessary for our legitimate business interests, provided it does not override your fundamental rights.

4. How We Protect Your Data

The security of your personal data is a top priority. We implement a combination of technical and organisational measures, including:

• SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS.
• Secure Servers: Our hosting environment is hardened, regularly patched, and monitored for unauthorised access.
• Limited Retention: Personal data is retained only for as long as necessary to fulfil the purposes described in this policy or as required by law. Email addresses are deleted after 24 months of inactivity unless you have an active subscription.
• Access Controls: Only authorised personnel with a legitimate need can access personal data, and they are bound by confidentiality obligations.

5. Your GDPR Rights

Under the GDPR, you have the following rights concerning your personal data. Each right is accompanied by a Bootstrap icon for quick reference.

• Right to Access – You may request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to Rectification – If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it.
• Right to Erasure (Right to be Forgotten) – You may request the deletion of your personal data where there is no compelling reason for us to retain it.
• Right to Restrict Processing – You can ask us to limit the way we use your data while we verify its accuracy or while a dispute is resolved.
• Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller.
• Right to Object – You may object to the processing of your data for direct marketing, scientific/historical research, or legitimate interest grounds.
• Right to Withdraw Consent – Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us using the details provided in Section 9. In your request, please include:

• Your full name and, if applicable, the account email address.
• A clear description of the right you wish to invoke (e.g., “I would like to exercise my Right to Access”).
• Any additional information that will help us verify your identity (e.g., a recent order number).

We will acknowledge receipt of your request within 5 business days and aim to complete the action within the statutory period of 30 calendar days. If more time is required due to complexity, we will inform you of the extension and its reasons, not exceeding an additional 60 days.

7. Response Time

All GDPR‑related requests will be responded to within 30 days of receipt, unless an extension is justified as described above. We will communicate any delays promptly and transparently.

8. Contact Information

If you have any questions about this policy, wish to exercise your GDPR rights, or have concerns about how we handle your personal data, please contact our Data Protection Officer at:

MealMum GDPR Team
Email: gdpr@mealmum.com

9. Changes to This Policy

We review this policy regularly and may update it to reflect changes in our practices, legal requirements, or technological developments. Any material changes will be posted on this page with a new “Last Updated” date. We encourage you to review the policy periodically.

10. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to guarantee an equivalent level of protection.

11. Complaints

If you believe that we have not complied with the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred. In the United Kingdom, you may contact the Information Commissioner’s Office (ICO); in other EU states, contact the relevant national data protection authority.

MealMum respects your privacy and is dedicated to protecting your personal data in line with the highest European standards.