MonkMantra Logo

Data Processing

Last updated: December 15, 2024

1. Data Controller Information

MonkMantra acts as the data controller for personal information collected through our website and services. We are committed to protecting your privacy and ensuring full GDPR compliance.

Data Controller: MonkMantra Digital Marketing
Business Address: [Your Business Address]
Registration Number: [Your Business Registration]
Data Protection Officer: dpo@monkmantra.com
Contact: [Your Phone Number]

2. Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR Article 6:

Legitimate Interest (Article 6(1)(f))

  • • Website analytics and performance optimization
  • • Security monitoring and fraud prevention
  • • Business development and improvement of services

Contractual Necessity (Article 6(1)(b))

  • • Service delivery and account management
  • • Payment processing and billing
  • • Customer support and communication

Consent (Article 6(1)(a))

  • • Marketing communications and newsletters
  • • Optional cookies and tracking
  • • Testimonials and case study usage

Legal Obligation (Article 6(1)(c))

  • • Tax records and financial reporting
  • • Anti-money laundering compliance
  • • Regulatory requirements

3. Categories of Personal Data

We process the following categories of personal data:

Identity Data

Name, business title, company name, professional credentials

Contact Data

Email address, telephone number, business address, website URL

Financial Data

Payment information, billing address, transaction history

Technical Data

IP address, browser type, device information, usage analytics

Marketing Data

Campaign preferences, engagement data, communication history

Business Data

Industry information, business needs, project requirements

4. Data Processing Activities

We process personal data for the following purposes:

  • Service Delivery: Providing marketing services and campaign management
  • Customer Support: Responding to inquiries and providing technical assistance
  • Marketing Communications: Sending newsletters, updates, and promotional content (with consent)
  • Website Analytics: Understanding user behavior and improving website performance
  • Payment Processing: Handling billing and payment transactions
  • Legal Compliance: Meeting regulatory requirements and maintaining business records
  • Security: Protecting against fraud, unauthorized access, and cyber threats
  • Business Development: Improving services and developing new offerings

5. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

Request access to your personal data and information about how we process it

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data

Right to Erasure (Article 17)

Request deletion of your personal data (right to be forgotten)

Right to Restrict Processing (Article 18)

Request limitation of how we process your personal data

Right to Data Portability (Article 20)

Request your personal data in a portable, machine-readable format

Right to Object (Article 21)

Object to processing of your personal data for specific purposes

Right to Withdraw Consent

Withdraw consent for processing based on consent at any time

To exercise any of these rights, please contact our Data Protection Officer at dpo@monkmantra.com. We will respond within 30 days of receiving your request.

6. Data Retention

We retain personal data for the following periods:

  • Client Data: During active service period plus 7 years for legal/tax purposes
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • Financial Records: 7 years as required by tax and accounting regulations
  • Website Analytics: 26 months (Google Analytics default)
  • Security Logs: 12 months for security monitoring purposes
  • Communication Records: 3 years for business continuity and support

Data is securely deleted or anonymized when no longer needed for legitimate purposes.

7. International Data Transfers

We may transfer personal data outside the European Economic Area (EEA) in the following circumstances:

  • Third-party Services: Cloud providers and software tools with appropriate safeguards
  • Client Requirements: When clients request services in specific jurisdictions
  • Business Operations: For technical support and system maintenance

All international transfers are protected by appropriate safeguards including:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission
  • • Adequacy decisions for countries with adequate data protection
  • • Binding Corporate Rules for multinational organizations
  • • Certification schemes and codes of conduct

8. Data Security Measures

We implement comprehensive technical and organizational measures to protect personal data:

Technical Measures

  • • End-to-end encryption for data transmission
  • • Advanced encryption standards for data storage
  • • Multi-factor authentication for system access
  • • Regular security updates and patches
  • • Firewall and intrusion detection systems
  • • Regular security audits and penetration testing

Organizational Measures

  • • Staff training on data protection and privacy
  • • Access controls and role-based permissions
  • • Data processing agreements with third parties
  • • Incident response and breach notification procedures
  • • Regular privacy impact assessments
  • • Confidentiality agreements for all staff

9. Data Breach Procedures

In the event of a data breach, we will:

  • • Assess the severity and scope of the breach within 24 hours
  • • Notify the relevant supervisory authority within 72 hours if required
  • • Inform affected individuals without undue delay if high risk to rights and freedoms
  • • Take immediate steps to contain and mitigate the breach
  • • Document the breach and our response for regulatory purposes
  • • Implement additional safeguards to prevent future breaches

10. Third-Party Data Processors

We work with carefully selected third-party processors who help us deliver our services:

  • Cloud Hosting: AWS, Google Cloud Platform (with appropriate safeguards)
  • Email Services: Mailchimp, SendGrid (for marketing communications)
  • Analytics: Google Analytics, Hotjar (for website performance)
  • CRM Systems: HubSpot, Salesforce (for client management)
  • Payment Processing: Stripe, PayPal (for secure payments)

All third-party processors are bound by data processing agreements that ensure GDPR compliance.

11. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with data protection law.

Lead Supervisory Authority:
[Your Local Data Protection Authority]
Contact: [Authority Contact Information]
Website: [Authority Website URL]

12. Contact Our Data Protection Officer

For any data protection inquiries, to exercise your rights, or to report concerns, please contact our Data Protection Officer:

Data Protection Officer
Email: dpo@monkmantra.com
Phone: [DPO Phone Number]
Address: MonkMantra Digital Marketing
Data Protection Officer
[Your Business Address]
Response Time: Within 30 days of request