This GDPR Data Protection Policy (“Policy”) explains how Mom Dish Magic (“we,” “us,” “our”) collects, processes, and safeguards personal data of individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland when they visit or interact with momsdishmagic.com (the “Site”). It is intended to satisfy the transparency requirements of the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and applicable Swiss privacy law.
1. Who We Are
-
Data Controller: Emma Davies, Mom Dish Magic
-
Address: 155 N 1st Ave, Hillsboro, OR 97124, USA
-
Email: contact@momsdishmagic.com
We do not currently appoint an EU/UK representative under Article 27 because we qualify for the “occasional processing” exemption; however, we continuously monitor traffic volumes and will designate a representative if required.
2. Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identification | Name, email address | Directly from you (newsletter sign-up, comments) |
| Usage | IP address, browser type, pages viewed, clicks | Automatically via cookies & analytics tools |
| Marketing Preferences | Newsletter opt-in status, cookie consent choices | Directly from you |
| E-commerce (if/when applicable) | Billing/shipping details, transaction ID | Directly from you & payment processor |
We do not intentionally collect “special category” data (e.g., health, religion) or information about children under 16.
3. Purposes & Legal Bases
| Purpose | GDPR Legal Basis | Explanation |
|---|---|---|
| Delivering the Site & its core features | Art. 6(1)(b) – Contract | Necessary to provide pages, recipes, and services you request. |
| Analytics & performance measurement | Art. 6(1)(f) – Legitimate Interest | We pursue the legitimate interest of improving our content while respecting your privacy. |
| Sending newsletters & marketing emails | Art. 6(1)(a) – Consent | You can withdraw consent at any time via the “unsubscribe” link. |
| Responding to inquiries or DMCA notices | Art. 6(1)(c) – Legal Obligation | Required to comply with U.S. copyright law & other regulations. |
| Affiliate-link tracking | Art. 6(1)(f) – Legitimate Interest | Legitimate interest in monetizing the Site without intrusive profiling. |
4. How We Share Your Data
-
Service Providers: Hosting (e.g., DigitalOcean or equivalent), email marketing (e.g., MailerLite), analytics (e.g., Google Analytics 4), and payment processors (if e-commerce launches). All providers are vetted for GDPR compliance and bound by data-processing agreements.
-
Legal & Safety: Authorities or legal counsel when required to meet obligations, enforce our terms, or protect rights.
-
Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred subject to confidentiality safeguards.
We never sell or rent your personal data.
5. International Transfers
Because our servers and many service providers are located in the United States, your data is transferred outside the EEA/UK/Switzerland. Transfers rely on:
-
Adequacy Mechanisms (e.g., UK Extension to the EU–US Data Privacy Framework, once finalized).
-
Standard Contractual Clauses (SCCs) with additional safeguards (encryption in transit/rest, limited retention).
You may request a copy of relevant SCCs by emailing us.
6. Data Retention
| Data Type | Typical Retention | Rationale |
|---|---|---|
| Account/comments & identity data | Until you request deletion or 5 years after last interaction | Ongoing community management, fraud prevention |
| Newsletter subscriber lists | Until you unsubscribe | Consent-based marketing |
| Analytics data (IP address truncated) | 26 months | Industry-standard period for trend analysis |
| Legal records (DMCA notices, tax receipts) | 7 years | Statutory requirements |
We routinely review and securely delete data that is no longer needed.
7. Your GDPR Rights
You have the right to:
-
Access – Obtain confirmation and a copy of your personal data.
-
Rectification – Correct incomplete or inaccurate data.
-
Erasure (“Right to be Forgotten”) – Request deletion in certain circumstances.
-
Restriction of Processing – Ask us to suspend processing under limited conditions.
-
Data Portability – Receive your data in a structured, machine-readable format.
-
Objection – Object to processing based on legitimate interests or direct marketing.
-
Withdraw Consent – At any time, without affecting prior processing.
-
Lodge a Complaint – With your local supervisory authority.
8. Exercising Your Rights
Email privacy@momsdishmagic.com (or contact@momsdishmagic.com) with:
-
“GDPR Request” in the subject line
-
Your name and the request type
-
Information to help verify your identity (we may request additional proof to prevent unauthorized disclosures)
We respond within 30 days (extendable by 2 months for complex requests, per Art. 12 GDPR).
9. Automated Decision-Making
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
10. Security Measures
-
SSL/TLS encryption
-
Least-privilege administrator access
-
Regular software updates & vulnerability scanning
-
Secure password hashing (BCrypt)
-
Cloud-provider firewalls and DDoS mitigation
No system is 100% secure, but we strive to protect your data using industry best practices.
11. Children’s Privacy
The Site is not directed to children under 16. We do not knowingly collect their data. If you believe a minor has provided personal information, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Policy to reflect legal, technical, or business changes. The “Effective Date” at the top indicates the latest revision. If changes materially affect your rights, we will post a prominent notice and (where legally required) request your renewed consent.
13. Contact & Complaints
Data Controller: Emma Davies
Mom Dish Magic
155 N 1st Ave, Hillsboro, OR 97124, USA
📧 privacy@momsdishmagic.com
EEA/UK residents may also lodge a complaint with their local data-protection authority. A list of EU authorities is available at edpb.europa.eu/about-edpb/board/members_en. UK residents may contact the ICO.
