Dishmum GDPR Compliance Policy

Last Updated: November 30, 2025

1. Introduction

Dishmum (accessible at https://dishmum.com) is committed to protecting the personal data of its users and complying with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we collect it, how we protect it, the legal bases for processing, and the rights you have under the GDPR. If you have any questions or wish to exercise any of your rights, please contact us at [email protected].

2. Personal Data We Collect

Email addresses: collected when you sign up for newsletters, create an account, or contact support.
Cookies and similar technologies: used to remember your preferences, analyse site usage, and deliver personalised content.
Analytics data: aggregated information such as page views, device type, and referral source, collected via third‑party analytics services.

We only collect data that is necessary for the purposes described in this policy and never sell personal data to third parties.

3. How We Use Your Data

Your data is processed for the following legitimate purposes:

Providing and improving the service: to deliver recipes, cooking tips, and personalised recommendations.
Communications: to send newsletters, order confirmations, and important service updates.
Analytics & research: to understand how users interact with the site and to enhance user experience.
Security: to detect, prevent, and address fraudulent activity or technical issues.

4. Legal Basis for Processing

Dishmum relies on the following legal bases under the GDPR:

Consent (Article 6(1)(a)): when you voluntarily provide your email address or accept cookies, you give explicit consent for the specific purposes described.
Legitimate Interests (Article 6(1)(f)): for activities such as improving site functionality, security, and analytics, where our interests do not override your fundamental rights.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Email addresses: retained until you unsubscribe or request deletion.
Cookies: session cookies expire at the end of your browsing session; persistent cookies are stored for a maximum of 12 months unless you delete them earlier.
Analytics data: aggregated and anonymised after 24 months.

6. Security Measures

Protecting your data is a top priority. Dishmum implements the following technical and organisational safeguards:

SSL/TLS encryption: all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure servers: hosted in data centres that comply with ISO 27001 and employ firewalls, intrusion detection, and regular security patches.
Access controls: only authorised personnel with a legitimate need can access personal data, protected by strong passwords and two‑factor authentication.
Limited retention: automated scripts delete or anonymise data once the retention period expires.

7. Your GDPR Rights

Under the GDPR you have the following rights. Each right is accompanied by a Bootstrap Icon for quick reference.

Right to Access

You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you can ask us to correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.

Right to Restrict Processing

You can ask us to limit the processing of your data while we verify the accuracy of the data or the legality of the processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller.

Right to Object

You may object to processing based on legitimate interests or direct marketing. Upon objection, we will cease the processing unless we demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Whenever you have given consent, you may withdraw it at any time, free of charge. Withdrawal does not affect the lawfulness of processing based on consent before the withdrawal.

How to exercise these rights: Send a written request to [email protected] including your full name, contact details, and a clear description of the right you wish to invoke. We may ask for additional information to verify your identity before fulfilling the request.

Response time: Dishmum will respond to all verified requests within thirty (30) calendar days, in accordance with GDPR Article 12(3). If additional time is required, we will inform you of the extension and its reasons within the initial 30‑day period.

8. International Transfers

Dishmum does not transfer personal data outside the European Economic Area (EEA). If a future transfer becomes necessary, we will ensure an adequate level of protection through Standard Contractual Clauses or an equivalent mechanism.

9. Changes to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be posted on this page with an updated “Last Updated” date. Continued use of the site after such changes constitutes acceptance of the revised policy.

10. Contact Information

If you have any questions about this policy, your data, or wish to exercise any of your GDPR rights, please contact our Data Protection Officer at:

Dishmum – Data Protection Officer
Email: [email protected]