GDPR Compliance Policy

At Mumdishideas (the “Website”), we are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. By using our Website, you acknowledge that you have read and understood this policy.

Last Updated: April 03, 2026

1. Data We Collect

We gather the following types of personal data when you interact with the Website:

Email addresses: Collected when you subscribe to our newsletter, create an account, or contact us.
Cookies and similar technologies: We use first‑party and third‑party cookies to personalize content, analyze traffic, and improve user experience.
Analytics data: Through services such as Google Analytics, we collect IP addresses, device information, and browsing behaviour to monitor usage patterns.

2. Legal Basis for Processing

Our processing activities are based on the following lawful bases:

Consent: For activities such as newsletter subscriptions, cookie usage, and marketing communications. Consent is freely given, specific, informed, and unambiguous.
Legitimate interest: For purposes such as improving the Website, ensuring security, and analyzing traffic to enhance user experience. We conduct a legitimate interest assessment to balance our interests against your rights.

3. How We Protect Your Data

We implement robust technical and organisational measures to safeguard your personal data:

Secure Sockets Layer (SSL) encryption for all data transmitted between your browser and our servers.
Hosted on secure, GDPR‑compliant servers with regular vulnerability assessments.
Access controls and authentication to limit data exposure to authorised personnel only.
Data retention policies that limit the storage period to the minimum necessary for each purpose.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Please see the icons for a quick visual reference.

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Ask us to correct any inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data, subject to legal obligations.

Right to Restrict Processing

Ask us to limit the use of your data while we verify its accuracy.

Right to Data Portability

Obtain your data in a structured, commonly used format.

Right to Object

Object to processing for direct marketing or profiling purposes.

Right to Withdraw Consent

Withdraw consent at any time without affecting the lawfulness of processing that relied on consent before withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights listed above, please contact us at:

Email: [email protected]
Address: Mumdishideas, 123 Kitchen Lane, London, UK

When contacting us, please provide enough information for us to verify your identity (e.g., the email address you used to register). We will respond to your request within 30 calendar days, as required by GDPR. If we need more time, we will inform you of the delay and the reason for it.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or to enforce our agreements. Once the retention period expires, your data will be securely deleted or anonymised.

7. Cookies and Tracking Technologies

Our Website uses cookies to provide a better browsing experience. You can manage cookie preferences in your browser settings or by using the cookie banner that appears when you first visit the site. For detailed information, see our separate Cookies Policy.

8. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

9. Security Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, if necessary, inform affected individuals without undue delay.

10. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review the policy regularly to stay informed about how we handle your data.

11. Contact Us

If you have any questions about this policy, wish to exercise your rights, or have concerns about how we handle your personal data, please email us at [email protected].