identifiable natural person (data subject); an identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an online identifier
or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural
or social identity.
For the avoidance of doubt, personal data does not include data from which you cannot be identified
(which is referred to simply as data, non-personal data, anonymous data, or de-identified data).
personal data or on sets of personal data, whether or not by automated means, such as collection,
recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction.
How do we collect personal data and for what purposes?
MonadPlug collects the personal data on the moment the customer sign-ups in the Website, with the
customer’s consent. Subsequently, you may enter into an agreement or contract with MonadPlug, and where
this is the case, personal data will be processed only as is necessary for the performance of that
agreement or contract or in order to take steps at your request prior to entering into that contract or
agreement. By submitting your information to us, you agree to the processing set out in this Privacy
After that, your personal data is stored while your partnership with MonadPlug is ongoing and once said
the relationship is terminated for whatever cause, unless you oppose to it. Once the relationship is
terminated, your personal data will be processed solely to the effects of demonstrating compliance with
the legal obligations of the Company or only as is necessary for the purposes of any legitimate
interests pursued by MonadPlug or by a third party (and in the latter case, only to such extent as those
legitimate interests are not overridden by your interests or fundamental rights and freedoms).
As a data subject, you have rights under applicable legislation to access, change/ rectify, request
deletion or restriction, object of processing, or requesting to receive or for us to transfer (port)
your personal data free of costs at any time, according to the law in force. Further information on
MonadPlug collects and processes personal data needed for the provision of products & services. We may
collect and process the following data about you, depending on your relationship with MonadPlug:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital
status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details (where applicable).
- Transaction Data includes details about payments to and from you and other details of
products/ services/ transactions you have purchased or obtained from us or from one of our business
- Technical Data includes internet protocol (IP) address, your login data, browser type and version,
time zone setting and location, browser plug-in types and versions, operating system and platform
and other technology on the devices you use to access the Website. This data also includes
information about how you use our website, products and services, and navigate through the website,
and may not necessarily comprise personal data. It may for example include information about your
visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our
Website (including date and time), products you viewed or searched for’, page response times,
download errors, length of visits to certain pages, page interaction information (such as scrolling,
clicks, and mouse-overs), methods used to browse away from the page, any phone number used to call
our customer service number, and other information.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your
- With the exception of Technical Data and certain Transaction Data, most of the personal data
collected is the information you give us by filling in forms on our Website or by corresponding with
us by phone, e-mail or otherwise.
We may also collect personal data about you from information we receive from other sources. This may
occur if you use any of the other websites we operate or the other services we provide. We are working
closely with third parties (including, for example, business partners, sub-contractors in technical,
payment and delivery services, advertising networks, analytics providers, search information providers,
credit reference agencies). We may notify you when we receive information about you from them and the
purposes for which we intend to use that information.
If you fail to provide personal data: Where we need to collect personal data by law, or under the terms
of a contract we have with you and you fail to provide that data when requested, we may not be able to
perform the contract we have or are trying to enter into with you, and we may not be able to provide our
services. In this case, we may have to cancel a product or service you have with us but we will notify
you if this is the case at the time.
Use of Personal Data
When visiting our website
We may collect and process personal data about your use of our website. This data may include Technical
Data as described above.
This data may be processed in order to deliver the content of our website correctly, to optimize the
content of our website to ensure the long-term viability of our information technology systems and
website technology, and to provide law enforcement authorities with the information necessary for
criminal prosecution in case of a cyber-attack.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data
may be derived from your personal data but is not considered personal data in law provided it has been
de-identified and anonymised. For example, we may aggregate your usage data to calculate the percentage
of users accessing a specific website feature. If we combine or connect Aggregated Data with your
personal data so that it can directly or indirectly identify you, we treat the combined data as personal
The legal basis for this processing is our legitimate business interests, namely monitoring and improving
our website and the proper protection of our business against risks and your consent when agreeing to
Personal Data will be stored in accordance with the time limits of such cookies and how they are set to
expire and will be deleted automatically afterwards (normally no more than one year), or de-identified
for statistical purposes, and in this latter case shall be kept indefinitely.
In certain cases, some of the above data is collected using cookies, and includes data from which you
cannot be identified. Such data will be retained in accordance with our Cookies Policy, which can be
KYC and AML/CFT checks
We and other organizations may also access and use your personal data to conduct ‘know your client’
(“KYC”) checks, credit checks and checks to prevent fraud, money laundering and terrorist financing
(“AML/CFT”). If false or inaccurate information is provided and fraud is identified or suspected,
details may be passed to the relevant authorities including credit reference agencies and fraud
prevention agencies. We will also record this. Law enforcement agencies may access and use this
information. We, and other organizations that may access and use information recorded by such agencies,
may do so from other countries.
Other uses of your personal data
We may process any of your personal data where it is necessary to establish, exercise, or defend legal
claims. the legal basis for this processing is our legitimate interests, namely the protection and
assertion of our legal rights, your legal rights and the legal rights of others.
Further, we may process your personal data where such processing is necessary in order for us to comply
with a legal obligation to which we are subject.
Confidentiality and Security
MonadPlug commits to taking all the necessary measures to prevent and secure the data that’s collected and treated,
preventing them from being damaged, destroyed or even stolen. However, we don’t control every risk associated with internet
usage, so there’re always risks associated with the usage of internet and data sharing online.
No data transmission over the Internet or website can be guaranteed to be secure from intrusion; any transmission is at
your own risk. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your
personal information in accordance with data protection legislative requirements.
All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject
to our security policies and standards. Where we have given you (or where you have chosen) a password which enables
you to access certain parts of our Website, you are responsible for keeping this password confidential and for
complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
Third parties access
Your data may be transferred to third parties for compliance with legal obligations to which the Company is subject
based on its activity, or as may be required in order to provide the services that those third parties were hired for.
Providers with whom MonadPlug has subscribed will need to enter into confidentiality and data processing agreements that
are necessary and mandatory under any applicable privacy legislation. We may permit selected third parties such as business
partners, suppliers, service providers, agents and contractors who will be subject to obligations to process such
information in compliance with the same safeguards that we deploy, to use your personal information.
We may also use third party applications and software for the purposes of creation and maintenance of mailing lists,
webform collection, and transmission of social media links. We are not responsible for the privacy practices and policies
of such third-party service providers and you are strongly encouraged to review such policies in order to ensure you agree
to the processing of your personal data by third parties in the manner described therein. We will however, to such extent
as reasonably possible, ensure that third parties we use keep your information secure and agree not to use it for their
own direct marketing purposes.
In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our
business and assets or as part of any business restructuring or reorganization, or if we are under a duty to disclose or
share your Personal Data in order to comply with any legal obligation. However, we will take steps to ensure that your
privacy rights continue to be protected.
Finally, as described in the previous section, relevant authorities including credit reference agencies and fraud
prevention agencies may be given access to your personal data in connection with our relevant KYC and AML/CFT obligations.
Existance of Automated Decision-making
We do not use automatic decision-making or profiling when processing personal data. This means decisions are not made
by robots or computers, and therefore not ‘automated’. However, certain third parties may use certain automated
decision-making tools or software. We are not responsible for the privacy practices of others and will take
reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become
familiar with the privacy practices of any third parties you enter into any agreements with.
Storage limits and retention
We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected
and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until
the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements
regarding the retention of such data). So, if information is used for two purposes, we will retain it until the purpose
with the latest period expires, but we will stop using it for the purpose with a shorter period one that period expires.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention
periods are based on business needs and your information that is no longer needed is either irreversibly anonymized
(and the anonymized information may be retained) or securely destroyed.
(and/or Cookies Policy) may change at any time in the future. We, therefore, encourage you to review it
from time to time to stay informed of how we are using personal information.
Policy (the same applies to our Cookies Policy). Any amended policy will be effective immediately after the date it is
posted. If you do not agree to the revised policy, you should discontinue your use of the Website. By continuing to
access or use the Website after the effective date, you confirm your acceptance of the revised policy and all of the
terms incorporated therein by reference.
Any social media channels connected to the Website and third-party applications will be subject to the privacy
and cookies policies and practices of the relevant platform providers which, unless otherwise indicated, are
not affiliated or associated with us.
Your rights as a data subject
To exercise any of the below rights please contact us in the first instance on the above contact details.
Requests are free of charge, unless manifestly unfounded or excessive in which case we may charge a reasonable fee.
Alternatively, we may refuse to comply with your request in these circumstances.
Requests will be processed within one month of receipt but this might be extended to two months in case of a
complex request, where you have made a number of requests, or if the identity of the requestor cannot be verified.
In such cases, we will notify you and keep you updated, and may seek additional information to allow us to
understand your request.
Please note that the Company may be subject to legal and regulatory obligations which may limit or restrict
the enforcement of your rights on some occasions.
Right to information
You have a right to be informed about the processing of your personal data (and if you did not give it to us,
if you have any further questions you can contact us on the above details.
Right to access
You have a right to obtain confirmation from us as to whether or not your personal data are being processed and,
where this is the case, a right of access to your personal data. We have an obligation to provide additional
information when complying with an access request, and we have endeavored to capture this information within this
our customers personal information, we follow strict storage and disclosure procedures, which means that we will
require proof of identity from you prior to disclosing such information. This is a security measure to ensure that
personal data is not disclosed to any person who has no right to receive it.
Right to rectification
You have the right to have any inaccurate personal data rectified and to have any incomplete personal
information about you completed.
It is important that the personal data we hold about you is accurate and current. Please keep us informed
if your personal data changes during your relationship with us. If we do hold personal data and you believe
it is incorrect, you may submit a request to us to correct any alleged mistakes.
We shall communicate any rectification of personal data to each recipient to whom the personal data have been
disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such
recipients if you request it.
Right to reasure
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information;
- and/or erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes,
under certain circumstances; and/or
- The establishment, exercise, or defense of legal claims.
We shall communicate any erasure of personal data to each recipient to whom the personal data have been disclosed,
unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request it.
Right to restrict processing
Instead of requesting erasure, you also have the right to right to restrict processing of your personal information where:
- you contest the accuracy of the personal information;/li>
- processing is unlawful, but you do not want us to erase it;
- we no longer need to process your personal information but you need us to retain your information as you need it for the
establishment, exercise, or defense of legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
We shall communicate any restriction of personal data to each recipient to whom the personal data have been disclosed,
unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request it.
Right to object to processing
You also have the right to object to processing of your personal information under certain circumstances, such as:
- where the processing is based on your consent and you withdraw that consent;
- where we are relying on a legitimate interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms; or
- where we are processing your personal data for direct marketing purposes
Exercise of this right may impact the services we can provide and we will explain this to you if you decide to exercise it.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your
rights and freedoms, and this may allow us to continue to (wholly or partly) process your personal information.
Right to data portability
With respect to automated information which you initially provided consent for us to use, or where the processing is necessary
for the performance of a contract to which you are party (or in order to take steps at your request prior to entering into a contract),
you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format,
or ask us to send it to another person.
Right to object
You have a right to object at any time to processing of personal data (including profiling) concerning you which is based on:
- the performance of a task carried out in the public interest or in the exercise of official authority vested in a controller; or
- the legitimate interests pursued by a controller.
We do not process personal data on grounds of public interest or exercise of official authority. We do however rely on our legitimate
in the context of directly marketing to you.
We will only send you marketing information where you have agreed to opt-in to receive it. You have a choice about whether or not
you wish to receive direct marketing information from us. We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above); or
- ou have otherwise given your prior consent.
We will only use your preferred communication channels to contact you, and on each and every marketing communication, we will always provide the
option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by
clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data.
You can change your marketing preferences and/or opt-out at any time by contacting us on the above details.
terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe
as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional
materials does not change our right to contact you regarding your use of our website or as part of a contractual relationship we may have with you.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time. However, this will
not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide
certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to withdraw consent
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled
to make a complaint to the Office of the Commissioner for Personal Data Protection Commissioner.
You may contact the Office on the below details: Muse Cazima Catica 6, Sarajevo 71000, Bosnia and Herzegovina. Website: http://www.dataprotection.gov.cy
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you
allege an infringement of one or more of our rights has taken place, if that is based in the EEA.