GDPR Compliance Policy

Effective Date: December 01, 2025

1. Introduction

simplymommeals (the “Company”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal data that we collect from our customers, visitors, and users of our website https://simplymommeals.com. This GDPR Compliance Policy explains how we process personal data in accordance with the General Data Protection Regulation (EU) Regulation 2016/679 (“GDPR”). By using our services, you acknowledge that you have read, understood, and agree to the terms set out in this policy.

2. Data We Collect

We only collect data that is necessary for the provision of our services and the improvement of your experience. The categories of personal data we process include:

• Email address – used for order confirmations, newsletters, promotional offers, and customer support.
• Cookies & similar tracking technologies – to remember your preferences, analyse site usage, and improve functionality.
• Analytics data – aggregated information such as page views, device type, IP address (anonymised where possible), and navigation paths, collected via third‑party analytics services.

3. How We Protect Your Data

We employ a range of technical and organisational measures to safeguard personal data against unauthorised access, accidental loss, or unlawful processing:

• SSL/TLS Encryption – All data transmitted between your browser and our servers is encrypted using industry‑standard HTTPS.
• Secure Servers – Our hosting environment is protected by firewalls, intrusion detection systems, and regular security patches.
• Limited Retention – Personal data is retained only for as long as necessary to fulfil the purposes described in this policy, after which it is securely deleted or anonymised.
• Access Controls – Only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.

4. Legal Basis for Processing

Under the GDPR, we must have a lawful basis for each type of processing we carry out. Our lawful bases include:

• Consent – When you voluntarily sign up for newsletters, promotional emails, or accept cookies, you give explicit consent for us to process your data for those specific purposes.
• Legitimate Interests – We process analytics data and use cookies to improve site performance, security, and user experience. These activities are necessary for the legitimate interests of the Company, provided they do not override your fundamental rights and freedoms.

5. Your GDPR Rights

You enjoy a number of rights under the GDPR. Each right is illustrated with a Bootstrap Icon for quick reference.

• Right to Access

  You have the right to obtain confirmation that we are processing your personal data and, where applicable, a copy of that data in a structured, commonly used format.

• Right to Rectification

  If any of your personal data is inaccurate or incomplete, you may request that we correct or complete it without undue delay.

• Right to Erasure (“Right to be Forgotten”)

  You may ask us to delete your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis for processing exists.

• Right to Restrict Processing

  You can request that we limit the way we use your data while we verify the accuracy of the information or while we consider your objection to the processing.

• Right to Data Portability

  You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit that data to another controller without hindrance.

• Right to Object

  You may object to the processing of your personal data for direct marketing, profiling, or where the processing is based on legitimate interests. Upon objection, we will cease the processing unless we demonstrate compelling legitimate grounds that outweigh your interests.

• Right to Withdraw Consent

  Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please follow these steps:

1. Send a written request to our Data Protection Officer at gdpr@simplymommeals.com. Include your full name, contact details, and a clear description of the right you wish to invoke.
2. If you are requesting access, rectification, erasure, or restriction, please specify the exact data or processing activity you are concerned about.
3. We may ask for additional information to verify your identity before fulfilling the request, in order to protect your privacy.
4. We will respond to all valid requests within 30 calendar days. In exceptional cases where the request is complex or numerous, we may extend the period by an additional two months, but you will be informed of the extension and its reasons.

7. Data Retention

Personal data is retained only for the duration necessary to achieve the purposes described in this policy:

• Email addresses – retained until you unsubscribe or request deletion.
• Cookies & analytics – retained for a maximum of 12 months, after which they are automatically purged or anonymised.

8. Contact Information

If you have any questions, concerns, or wish to lodge a complaint regarding our data‑processing practices, please contact us at:

Data Protection Officer
simplymommeals
Email: gdpr@simplymommeals.com

9. Changes to This Policy

We review this GDPR Compliance Policy regularly. Any material changes will be posted on our website with an updated “Last Updated” date. Continued use of our services after such changes constitutes acceptance of the revised policy.

Last Updated: December 01, 2025