GDPR Compliance Policy

Mommealmagic (“we”, “our”, “us”) is committed to protecting your personal data in accordance with the European Union General Data Protection Regulation (GDPR) and related data‑protection laws. This policy explains how we collect, use, store, and protect your information, and outlines your rights under the GDPR. By using our website mommealmagic.com, you agree to the practices described herein.

Last Updated: April 03, 2026

1. Types of Personal Data We Collect

Email addresses: When you sign up for our newsletter, register for an account, or make a purchase, we collect the email address you provide to communicate with you, send order confirmations, and offer relevant promotions.
Cookies and similar tracking technologies: Our site uses cookies to remember your preferences, analyze traffic patterns, and improve user experience. These include first‑party cookies (e.g., session identifiers) and third‑party cookies from analytics providers.
Website analytics data: We use Google Analytics and Matomo to collect aggregated information such as page views, time spent on pages, and referral sources. This data is anonymized and does not identify individuals directly.

2. Legal Basis for Processing

We process personal data under the following lawful bases:

Consent: When you voluntarily provide your email address or opt‑in to newsletters, you give us explicit consent to process that data for marketing and communication purposes. Consent is freely given, specific, informed, and unambiguous.
Legitimate interest: We process data that is necessary for the legitimate interests of Mommealmagic, such as improving website functionality, analyzing user behaviour, and preventing fraud. We conduct a balancing test to ensure that your interests and fundamental rights are not overridden.

3. How We Protect Your Data

Mommealmagic employs a range of technical and organisational measures to safeguard your personal data:

SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry‑standard SSL/TLS protocols, ensuring confidentiality and integrity.
Secure servers and infrastructure: We host our website and databases on secure, cloud‑based servers with regular security audits, intrusion detection systems, and access controls.
Limited retention: Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected or as required by law. For example, email addresses are stored until you unsubscribe or request deletion.
Access controls and staff training: Only authorised personnel have access to personal data. All staff undergo data‑protection training and sign confidentiality agreements.

4. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data. Each right is illustrated with a Bootstrap icon for easy reference.

Right to Access

You may request a copy of the personal data we hold about you, including the purposes for which it is processed and the categories of data involved.

Right to Rectification

Should any of your data be inaccurate or incomplete, you can request us to correct or complete it.

Right to Erasure

Also known as the “right to be forgotten,” you can ask us to delete your personal data where no lawful basis for continued processing exists.

Right to Restrict Processing

When you contest the accuracy of your data or request that we limit its use, we can temporarily suspend processing while we verify the information.

Right to Data Portability

You may receive your personal data in a structured, commonly used format (e.g., CSV, JSON) and transfer it to another controller if you wish.

Right to Object

If you have consented to marketing communications, you can object at any time and request that we cease sending such messages.

Right to Withdraw Consent

Consent can be withdrawn at any time, and we will stop processing your data for the purpose for which it was given. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.

5. How to Exercise Your Rights

To exercise any of the rights above, please contact us at:

Email: [email protected]
Address: 12 Maple Lane, London, UK

When you contact us, please provide sufficient details to verify your identity and specify the request you are making. For example, if you wish to delete your data, include the email address associated with your account. We will respond within 30 days of receiving your request. If you need a response sooner, we will make reasonable efforts to expedite the process.

6. Retention of Personal Data

We retain personal data only for as long as necessary to achieve the purposes for which it was collected, or as required by applicable law. Typical retention periods include:

Email addresses: until you unsubscribe or we no longer have a legitimate interest in sending marketing communications.
Analytics data: aggregated and anonymised data is retained for up to 12 months for trend analysis.
Cookies: session cookies expire once you close your browser; persistent cookies last up to 12 months unless you delete them.

7. International Data Transfers

Mommealmagic processes personal data within the European Economic Area (EEA). When transferring data outside the EEA (e.g., to third‑party analytics providers), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data.

8. Data Breach Response

In the unlikely event of a data breach, we will take immediate steps to mitigate the breach, assess its impact, and notify the relevant supervisory authority within 72 hours if the breach is likely to result in a risk to your rights and freedoms. We will also inform affected individuals if the breach poses a high risk to their personal data.

9. Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with a revised “Last Updated” date. We encourage you to review the policy periodically to stay informed about how we protect your personal data.

10. Contact Information

If you have any questions about this GDPR Compliance Policy, your personal data, or our data‑processing practices, please contact us at: