GDPR Compliance Policy – tastymum

Effective Date: December 01, 2025

1. Introduction

tastymum (the “Company”, “we”, “us”, or “our”) is committed to protecting the personal data of our users and visitors in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This policy explains what personal data we collect, why we collect it, how we safeguard it, the legal bases for processing, and how you can exercise your GDPR rights. By using our website (https://tastymum.com) you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect and process the following categories of personal data:

Email address – provided when you subscribe to our newsletter, request support, or create an account.
Cookies and similar tracking technologies – used to remember your preferences, analyse site usage, and deliver personalized content.
Analytics data – aggregated information such as IP address, browser type, device type, and pages visited, collected via Google Analytics and other third‑party services.

We do not collect sensitive data (e.g., health, biometric, or political information) unless you voluntarily provide it through a specific form, in which case the same GDPR safeguards apply.

3. Legal Basis for Processing

Our processing activities are based on the following lawful grounds under the GDPR:

Consent (Article 6(1)(a)) – When you voluntarily sign up for our newsletter or accept our cookie banner, you give explicit consent for us to use your email address and tracking data for the purposes described.
Legitimate Interests (Article 6(1)(f)) – We process analytics data and use essential cookies to improve website performance, security, and user experience. These interests are balanced against your rights and freedoms.
Performance of a Contract (Article 6(1)(b)) – If you create an account or place an order, we need your email address to fulfil the contract and provide related services.

4. How We Protect Your Data

We employ a layered security approach to ensure the confidentiality, integrity, and availability of personal data:

Transport Layer Security (TLS/SSL) – All data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers – Our hosting environment is hosted in ISO‑27001‑certified data centres with regular security audits.
Access Controls – Only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.
Limited Retention – Email addresses are retained only as long as you remain subscribed or until you request deletion. Analytics data is anonymised after 12 months, and cookies are automatically cleared according to the duration specified in our cookie policy.
Regular Testing – We conduct vulnerability scans and penetration testing on a quarterly basis.

5. Your GDPR Rights

Under the GDPR you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for quick reference.

Right to Access

You may request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

If any of your data is inaccurate or incomplete, you have the right to have it corrected without undue delay.

Right to Erasure (“Right to be Forgotten”)

You can ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.

Right to Restrict Processing

You may request that we limit the processing of your data while we verify the accuracy of the information or while a dispute is being resolved.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller.

Right to Object

You may object to the processing of your data for direct marketing, profiling, or where processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

Send a written request to gdpr@tastymum.com. Include your full name, the email address associated with your account (if applicable), and a clear description of the right you wish to invoke.
If you are requesting erasure or restriction, you may be asked to provide proof of identity to prevent unauthorised actions.
We will acknowledge receipt of your request within 5 business days and will act on it within the statutory 30‑day period, unless a longer period is justified by the complexity of the request.
If we need more time, we will inform you of the reasons and the expected completion date, not exceeding an additional two months.

7. Response Time

All GDPR‑related requests will be processed and responded to within 30 calendar days of receipt, in line with Article 12 of the GDPR. Where necessary, extensions up to a further two months are permissible, and you will be notified of any such extension.

8. International Transfers

tastymum operates primarily within the European Economic Area (EEA). If any personal data is transferred outside the EEA (e.g., to our cloud service providers), we ensure that appropriate safeguards—such as Standard Contractual Clauses (SCCs) and EU‑U.S. Data Privacy Framework—are in place.

9. Contact Information

For any questions, complaints, or to exercise your rights, please contact our Data Protection Officer (DPO) at:

Data Protection Officer
tastymum
Email: gdpr@tastymum.com

10. Changes to This Policy

We review this policy regularly. Any material changes will be posted on this page with an updated “Last Updated” date. Continued use of the website after such changes constitutes acceptance of the revised policy.

Last Updated: December 01, 2025