GDPR Compliance Policy

Last Updated: April 03, 2026

1. Introduction

mealmum (the “Company”) respects your privacy and is committed to protecting the personal data you provide to us. This GDPR Compliance Policy explains how we collect, use, and safeguard your data, and how you can exercise your rights under the General Data Protection Regulation (EU) 2016/679.

2. Personal Data We Collect

• Email addresses: We store the email addresses you provide when you sign up for newsletters, create an account, or contact us.
• Cookies: We use first‑party and third‑party cookies to remember your preferences, enable site functionality, and analyze traffic.
• Analytics data: We employ analytics tools (e.g., Google Analytics, Plausible) to collect IP addresses, device information, and browsing behavior to improve our services.
• Optional profile data: When you create an account, we may store your name, location, and dietary preferences to personalize your experience.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: For newsletters, marketing communications, and certain cookies, we rely on your explicit consent.
• Legitimate interest: For improving site performance, security, and user experience, we rely on a legitimate interest assessment that balances our interests with your rights.

4. Data Protection Measures

mealmum employs industry‑standard technical and organisational measures to protect your data:

• SSL/TLS encryption for all data transmitted between your browser and our servers.
• Secure, dedicated servers with regular vulnerability scans and penetration testing.
• Role‑based access controls and two‑factor authentication for staff handling personal data.
• Limited data retention: email addresses are kept for as long as you remain subscribed; analytics data is retained for 12 months and then anonymised.

5. Your GDPR Rights

Under the GDPR, you have the following rights with respect to your personal data:

Right to Access

You may request a copy of the personal data we hold about you, including the purposes of processing and the categories of data.

Right to Rectification

If your data is inaccurate or incomplete, you can ask us to correct it.

Right to Erasure

Also known as the “right to be forgotten,” you may request deletion of your personal data unless we have a legal obligation to retain it.

Right to Restrict Processing

Under certain circumstances, you can ask us to limit how we use your data (e.g., if you contest its accuracy).

Right to Data Portability

You can receive your personal data in a structured, machine‑readable format and transfer it to another controller.

Right to Object

You may object to processing for direct marketing or profiling purposes, and we will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

At any time, you can withdraw consent for any processing that relies on it; this will not affect the lawfulness of processing based on other grounds.

6. Exercising Your Rights

To exercise any of the rights above, please contact us at:

Email: [email protected]

When you contact us, provide the following information to help us identify your request quickly:

• Your full name and email address.
• A clear statement of the right you wish to exercise.
• Any supporting documentation (e.g., a copy of your ID) if required for verification.

Response Time

We will respond to your request within 30 calendar days of receipt. If we need additional information, we may extend this period by a further 30 days and will inform you accordingly.

7. Data Sharing and Transfers

We do not sell your personal data. We may share data with third‑party service providers (e.g., email marketing platforms, analytics vendors) strictly for the purposes outlined in this policy and under data processing agreements that enforce GDPR‑compliant safeguards.

8. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Your continued use of our services after any changes constitutes acceptance of the revised policy.

9. Contact Information

For any questions, concerns, or complaints regarding this GDPR Compliance Policy or our data practices, please reach out to:

mealmum Data Protection Officer

Email: [email protected]

We are committed to addressing your inquiries promptly and transparently.