Monsta

PRIVACY POLICY

Last updated: 16 March 2026

1. Introduction

Monsta Media ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, services, or interact with us.

We are a digital marketing agency registered in England and Wales. Our registered office is located at Unit 12 Stratford Business Centre, Stratford E15 4QZ, United Kingdom.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our Services, you consent to the collection and use of your personal data as described in this policy.

2. Data Controller

Monsta Media is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided at the end of this policy.

3. Information We Collect

We collect and process the following categories of personal data:

3.1. Information You Provide to Us

  • Contact Information: Name, email address, phone number, postal address
  • Business Information: Company name, job title, website URL, business type
  • Service Information: Details about the services you're interested in, budget, timeline, project requirements
  • Communication Data: Messages, inquiries, feedback, and correspondence you send to us
  • Account Information: Username, password (encrypted), and account preferences if you create an account

3.2. Information We Collect Automatically

  • Technical Data: IP address, browser type and version, device information, operating system
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources
  • Cookies and Tracking Technologies: See our Cookie Policy for detailed information
  • Analytics Data: Website performance metrics, user behavior analytics

3.3. Information from Third Parties

  • Social media platforms (if you interact with us on social media)
  • Business partners and service providers
  • Publicly available sources (for business development purposes)

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, manage, and improve our digital marketing services
  • Communication: To respond to your inquiries, send service updates, and provide customer support
  • Business Operations: To process payments, manage accounts, and fulfill contractual obligations
  • Marketing: To send you marketing communications (with your consent) about our services, promotions, and industry insights
  • Legal Compliance: To comply with legal obligations, including tax and accounting requirements
  • Website Improvement: To analyze website usage, improve user experience, and optimize our services
  • Security: To protect against fraud, unauthorized access, and other security threats

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for us to process your data for specific purposes (e.g., marketing communications)
  • Contract Performance: When processing is necessary to perform a contract with you or take steps before entering into a contract
  • Legal Obligation: When we need to comply with a legal obligation (e.g., tax reporting, regulatory compliance)
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided these don't override your rights and freedoms

6. Data Sharing and Disclosure

We may share your personal data with:

  • Service Providers: Third-party vendors who help us operate our business (e.g., hosting providers, payment processors, email service providers, analytics platforms)
  • Business Partners: Trusted partners who assist in delivering our services (e.g., advertising platforms, marketing tools)
  • Legal Authorities: When required by law, court order, or regulatory request
  • Professional Advisors: Lawyers, accountants, and consultants who provide professional services
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity

We ensure all third parties with whom we share data are contractually obligated to protect your personal data and use it only for specified purposes.

7. International Data Transfers

Some of our service providers may be located outside the UK/EEA. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or adequacy decisions. We will only transfer your data to countries that provide an adequate level of data protection.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for data transmission
  • Secure servers and databases with restricted access
  • Regular security assessments and updates
  • Employee training on data protection
  • Access controls and authentication measures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Client Data: Retained for the duration of our business relationship plus 7 years for legal and accounting purposes
  • Marketing Data: Retained until you withdraw consent or opt-out
  • Website Analytics: Retained for up to 26 months
  • Legal Requirements: Some data may be retained longer if required by law (e.g., tax records)

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details provided at the end of this policy. We will respond to your request within one month.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about our use of cookies, please refer to our Cookie Policy.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or wish to exercise your rights regarding this Privacy Policy, please contact us:

stratford@monstagroup.com