GDPR Compliance Policy

Last Updated: April 03, 2026

At tastymum, we respect the privacy and data protection rights of all users. This policy explains how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

What Personal Data We Collect

Email Addresses – Used for account creation, order confirmations, newsletters, and promotional communications.
Cookies and Similar Technologies – We set first‑party cookies to remember your preferences, shopping cart contents, and to analyze site usage. Third‑party cookies from partners such as Google Analytics track anonymised traffic patterns.
Analytics Data – We use tools like Google Analytics and Hotjar to collect aggregated data about user interactions, device type, and traffic sources. No personally identifying information is stored unless you voluntarily provide it.

How We Protect Your Data

Your security is our priority. We employ multiple safeguards:

SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted.
Secure Servers – We host data on hardened, geographically redundant servers with regular security audits.
Limited Retention – Personal data is retained only as long as necessary for the purpose it was collected, or as required by law. For example, order information is kept for 7 years to comply with tax regulations.
Access Controls – Only authorized staff with a legitimate need can access personal data. All staff receive regular privacy training.
Data Backups & Encryption at Rest – Regular encrypted backups protect against accidental loss.

Legal Basis for Processing

We process personal data on the following lawful bases:

Consent – For marketing emails, newsletter subscriptions, and cookie usage. Consent is freely given, specific, informed, and unambiguous.
Legitimate Interest – To provide, maintain, and improve our services, detect fraud, and comply with legal obligations. We conduct a balancing test to ensure interests are not outweighed by your rights.

Your GDPR Rights

You have the following rights under the GDPR. We are committed to respecting and facilitating each right within the statutory timeframes.

Right to Access

You may request a copy of any personal data we hold about you, along with information on how it is processed.

Right to Rectification

If your data is inaccurate or incomplete, you can ask us to correct or update it.

Right to Erasure

You may ask us to delete your personal data, subject to legal retention obligations.

Right to Restrict Processing

You can request that we limit the use of your data, for example while we verify its accuracy.

Right to Data Portability

You may receive your data in a structured, commonly used format and transfer it to another controller.

Right to Object

You can object to processing for direct marketing or profiling purposes.

Right to Withdraw Consent

You may withdraw consent at any time, and we will cease processing your data for that purpose.

How to Exercise Your Rights

To exercise any of the rights above, please contact us at [email protected]. Provide the following information to help us verify your identity:

Your full name and contact details (email, phone).
Proof of identity (e.g., a scanned copy of a passport or ID card) if required.
Specific request (e.g., “I want a copy of all data I provided” or “Please delete my account data”).

We will respond within 30 days of receiving your request, unless the request is complex or we need additional information. In such cases, we may extend the response time by a further 30 days and will inform you accordingly.

Data Retention Policy

Personal data is stored only as long as necessary to fulfill the purpose it was collected for or to comply with legal obligations. Typical retention periods are:

Order data: 7 years (for tax and audit purposes).
Newsletter subscription data: Until you unsubscribe or request deletion.
Cookie and analytics data: 2 years (anonymised).

Contact Us

If you have any questions about this policy, your data, or how we handle personal information, please reach out:

GDPR Compliance Team
Email: [email protected]
Address: 123 Tasty Street, Flavor City, FL 12345

We reserve the right to update this policy. Any changes will be posted on our website and the “Last Updated” date will be revised accordingly.