Notice
Read this Privacy Notice to understand how we treat your Personal Data.
Last updated: November 20, 2024
S4 Capital Group (Monks) operates worldwide through subsidiary and affiliate companies. A list of the Monks group entities (collectively, “Monks,” “we” or “us”) can be viewed here. Monks is committed to protecting the Personal Data (defined below under the “What Personal Data do we process?” section) of our clients and prospective clients, as well as other users of our website and services. It is important to us that you understand how we treat your Personal Data and we encourage you to read this Notice carefully.
When Monks collects and processes Personal Data of our clients, we will only process such Personal Data on behalf of the particular client in order to provide our services to that client.
To the extent we collect, use, store, disclose or otherwise process Personal Data on behalf of our clients or in any circumstances in which we are the processor and the client is the controller, it will be done subject to the privacy policies and notices of our respective clients.
Please read this Privacy Notice (“Notice”) carefully to understand our policies and practices regarding our collection and use of your information. If you do not agree with our policies and practices, you should not use our sites, products, or services. By accessing or using the Site (defined below) or using or accepting any of our Services (defined below), you agree to this Privacy Notice. Also, please note that we may revise this Notice from time to time, You acknowledge and agree that your continued use or our Site or our Services after we have made such revisions is deemed to be your acceptance of any such revisions. Thus, please check this Notice periodically and be mindful of the “Last updated” date, which will inform you as the date this Notice was last revised.
**Please note that, because your security and privacy is so important to us, no one at Monks will ever request your passwords, usernames, credit card information, or other Personal Data through unsolicited emails, telephone calls, or other communications! If you receive an email, telephone call or other communication purportedly from us that requests Personal Data from you (including passwords, usernames, or credit card information), please let us know. Also, you should delete the email or end the communication without responding to it!**
Overview
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by reviewing the Notice in full.
What Personal Data do we process? When you visit, use, or navigate our Site (defined below under “What is the Scope of this Privacy Notice?”), communicate with us, and/or use our on-line or off-line Services (defined below under “Client Data and Services”) we may process Personal Data depending on how you interact with us, the Site, and the Services, the choices you make, and the products and features you use. In this Notice, our use of the term “Personal Data” includes other similar terms under applicable privacy laws—such as “personal data”, “personal information”,“personally identifiable information, and “PII”. In general, Personal Data includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual and/or, under applicable laws, a household. Learn more about what types of Personal Data we collect in the “Information We Collect” section.
How do we process your information? We process your Personal Data and other information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your Personal Data for other purposes with your consent. We process your Personal Data only when we have a valid legal reason to do so. Learn more in the “Lawful Bases We Rely on to Process Your Personal Data” and the “Purposes for Using Personal Data” sections.
In what situations and with which types of parties do we share Personal Data? We may share Personal Data in specific situations and with specific categories of third parties. Learn more in the “Disclosure of Personal Data” section.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your Personal Data. Please see the “Your Choices and Rights” section below for a description of the choices we provide and the rights you have regarding your Personal Data. If you are a California resident, a resident of other states in the United States, or an individual in the EU/ EEA/ UK please be sure to review the relevant section “Additional Information for Individuals in Certain Jurisdictions” below for important information about the categories of Personal Data we collect and disclose and your rights under the respective applicable privacy laws.
What is the Scope of this Privacy Notice? This Privacy Notice (“Notice”) explains how we process information that we collect from users of our website www.monks.com and on any other website, mobile applications or other online services that display or link to this Notice (together, the “Site”), as well as from our former, current and prospective clients and other individuals that use our Services or communicate with us. Please note, that this Notice only governs our own processing of Personal Data and other information, and does not extend to any third-party website and providers that may process, share, or distribute such information. This Privacy Notice is intended to describe our overall privacy and data protection practices. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain Personal Data.
Client Data and Services. Monks provides Marketing services and Technology services, including digital experience services in the areas of creative and content ideation, development, and management; data consulting; digital marketing campaign management and consulting; access and management of third-party technology services; and technology (collectively, our “Services”). While this Notice governs our privacy policies and practices with regard to Personal Data, if we receive, access or otherwise process on behalf of our clients the Personal Data of their customers in order to provide our Services to the client or otherwise in circumstances in which the client were the controller and we were the processor (in such circumstances, the “Personal Data” is “Client Data”), Monks will only process Client Data on behalf of and under the instructions of our clients and as set out in our client agreements, or where otherwise required by applicable laws.
Who is the Controller and Responsible Party? This Notice applies to all circumstances in which we are the controller of the Personal Data. In that case, S4 Capital, plc is the parent company of our Monks group entities and the controller of your Personal Data. In addition, where you have a direct business relationship with another Monks group entity, they are a controller for the Personal Data they used to manage their direct business relationship with you, such as name and contact details.
We may also receive, access or otherwise process Personal Data in order to provide our Services to our clients as a processor, rather than as a controller. In such cases, when we are the processor of Client Data, Monks will only process Client Data on behalf of and under the instructions of our clients and as set out in our client agreements, or where otherwise required by applicable laws. With respect to any such Client Data, our clients are the data controllers or businesses for their respective Client Data, and we are a data processor or service provider with respect to Client Data. If your relationship with us is governed by a separate agreement with a specific Monks entity, the specifications of that agreement shall apply.
Want to learn more about what we do with any Personal Data we collect? Review the Monks Privacy Notice in full:
Table of Contents
-
Information We Collect
-
Lawful Bases We Rely On To Process Your Personal Data
-
Purposes For Using Personal Data
-
Disclosure Of Personal Data
-
Cookies And Similar Devices
-
International Transfers
-
Your Choices And Rights
-
Security
-
Retention
-
Information About Children
-
Changes To Our Privacy Notice
-
Contact Us
-
Additional Information For Individuals In Certain Jurisdictions
-
A. Important Information For California Residents And Residents Of Other U.S. States
-
B. Important Information For Individuals In The EU / European Economic Area / UK
1. Information We Collect
The Personal Data that we collect and process will vary depending upon the circumstances. We collect Personal Data that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us. You do not have to provide us with your Personal Data to access much of our Site. However, if you choose not to disclose certain information, we may not be able to provide certain Services to you or we may be unable to fully respond to your inquiry, such as when using the “Connect/Get in Touch” form.
Categories of Personal Data We Collect. Certain laws, including the EU General Data Protection Regulation and the United Kingdom’s Data Protection Act 2018 (here collectively referred to as “GDPR”), the California Consumer Privacy Act of 2018, as amended (the “CCPA”), and other applicable privacy and data protection laws, require that we disclose certain information about the categories of Personal Data that we collect about individuals. While the information we collect varies depending upon the circumstances, such as our interactions with you, we may collect the following categories of Personal Data (subject to applicable legal requirements and restrictions):
- Name, contact information and other identifiers: identifiers such as a name, username, account name, address, phone number, email address, online identifier, IP address, government-issued identification numbers or other similar identifiers.
- Customer records: customer records containing Personal Data, such as name, signature, contact information, employment history, government identifiers, and financial or payment information.
- Protected classifications: characteristics of protected classifications under GDPR, California or federal law such as race, sex, age, religion, national origin, disability and citizenship.
- Commercial information: such as products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Internet or other electronic network activity information: such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Geolocation data: precise location information about a particular individual or device.
- Audio, video and other electronic data: such as photographs, videos, audio, electronic, visual, or similar information.
- Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Sources of Personal Data. We may collect Personal Data directly from individuals, automatically related to the use of our Site or Services, survey participation, email and social media communication, and any other online/offline communication and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third-party services that we use). We may also collect Personal Data from our subsidiary and affiliate companies, business partners and/or service providers.
Information collected directly. We may collect Personal Data about you (such as your name, address, and contact details) directly from you. For example, when you fill out a ‘Contact Us’ form, signup for our mailing lists, register for events we host or sponsor, or otherwise provide us information through the Site, we may collect Personal Data such as:
- name, company name, and title/position
- email address, phone number, mailing address and contact details
- contact preferences and interests
- business affiliations
- for events, it may include dietary restrictions, requested accommodations and other event-related preferences
- other information related to your request or inquiry
Automatically-collected information. We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the Services or visit our Site, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (“ISP”), referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information. For more information, see the “Cookies and similar devices” section below.
Information collected from third parties. We may collect Personal Data from third party sources, such as public databases, joint marketing partners, social media platforms or other third party platforms. For example, if you choose to link, create, or log in to your Services account with a third-party account (e.g., Google), or if you post information or engage with us on third party platforms we may collect Personal Data about you related to that third party platform or account. In many cases you can control what Personal Data you share with us through privacy settings available on those third-party social media services.
2. Lawful Bases We Rely On To Process Your Personal Data
Certain laws, including GDPR, require that we inform you of the “Lawful Bases” for our processing of your Personal Data. Pursuant to the GDPR (and other similar laws) we process Personal Data for the following Lawful Bases:
Performance of a contract: as necessary to enter into or carry out the performance of our contract with you.
Compliance with laws: for compliance with legal obligations and/or defense against legal claims, including those in the area of labor and employment law, social security, and data protection, tax, and corporate compliance laws.
Our legitimate interests: in furtherance of our legitimate business interests, which are not overridden by your interests and fundamental rights, including:
- Performance of contracts with clients and other parties
- Implementation and operation of global support (e.g., IT) services for our business operations
- Improving our Site and Services, developing trend and benchmark reports, and similar purposes
- Customer relationship management and improving our Site and Services, including other forms of marketing and analytics
- Fraud detection and prevention, including misuse of Services or money laundering
- Physical, IT, and network perimeter security
- Internal investigation
- Mergers, acquisitions, and reorganization, and other business transactions
With your consent: where we have your consent, the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent, which you can do at any time by contacting us using the details at the end of this privacy notice. In some jurisdictions, your use of the Services may be taken as implied consent to the collection and processing of Personal Data as outlined in this privacy notice.
In addition, we may process your Personal Data where necessary to protect the vital interests of any individual or other user.
3. Purposes For Using Personal Data
The purposes for which we may process Personal Data will vary depending upon the circumstances. In general we use Personal Data for the purposes set forth below, and where relevant laws apply, we have set forth the Lawful Bases for such processing in parenthesis (see above for a further explanation of our Lawful Bases):
- Operating Services and our Site and providing related support: to provide and operate our Site and Services, communicate with you about your use of the Site and Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes. (Lawful Bases: performance of our contract with you; and/or our legitimate interests)
- Responding to requests: to respond to your inquiries, fulfill your orders and requests, and consider your request or application (e.g., if you have submitted a query online or by email, we will use this information to reply and address the query). (Lawful Basis: performance of our contract with you)
- Analyzing and improving our Services, Site and our business: to better understand how users access and use the Site, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop services and features. (Lawful Basis: our legitimate interests)
- Personalizing experiences: to tailor content we may send or display on the Site, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences. (Lawful Basis: our legitimate interests)
- Advertising and marketing: to promote Monks’s products and Services on third-party Site, as well as for direct marketing purposes, including to send you newsletters, client alerts and information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. (Lawful Bases: our legitimate interests; and/or with your consent)
- Protecting our legal rights and preventing misuse: to protect the Site and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use or this Privacy Notice. (Lawful Bases: our legitimate interests; and/or compliance with laws)
- Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. (Lawful Bases: our legitimate interests; and/or compliance with laws)
- Related to our general business operations: to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping and legal functions. (Lawful Bases: our legitimate interests; and/or compliance with laws)
Aggregate, De-identified or Anonymous Data. We also create and use aggregate, anonymous and de-identified data to assess, improve and develop our business, products and Services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Notice, provided it does not identify and could not be used to identify a particular individual, or, where applicable, a household.
4. Disclosure Of Personal Data
In general, we disclose the Personal Data we collect as follows:
- Affiliates. Your Personal Data may be shared with our affiliated companies, whose handling of Personal Data is subject to this Notice.
- Service providers. We may share your information with third party service providers who use this information to perform services for us, such as hosting providers, cloud computing services, data analytics services, data storage service providers, performance monitoring tools, user account registration & authentication services auditors, advisors, consultants, and customer service and support providers.
- Enterprise users. If you use the Services on behalf of your company (the organization you work for, our client), we may share Personal Data about your access to the Services and your communications or requests to us, with that organization.
- Business transfers. We may disclose or transfer information, including Personal Data, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.
- Legally required. We may disclose your information if we are required to do so by law (e.g., to law enforcement, courts or others, in response to a subpoena or court order).
- Protect our rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and protect the rights, property or safety of us, our clients, and others.
Aggregate and De-identified or Anonymous Data. We may share aggregate, anonymous or de-identified data with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
5. Cookies And Similar Devices
Like many websites, we use certain technologies that collect information about you automatically as you interact with our Site and Services. For example, we use cookies to recognize you when you return to our Site so that we can provide you with a customized experience. We may also use pixels, JavaScript, log files and other technologies to gather information about your use of our Site. For more information about the use of cookies and other technologies on our Site and how you can manage your cookie preferences, you can review our Cookie Policy found here.
The information we collect automatically may only be statistical data and does not include Personal Data[, but we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Site and to deliver better and more personalized Services, including by enabling us to: estimate our audience size and usage patterns; store information about your preferences, allowing us to customize our Site according to your individual interests; speed up your searches; and recognize you when you return to our Site.
The technologies we use for this automatic data collection may include the following:
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities while using our Site. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. See our Cookie Policy for more information.
Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.
Third-Party Analytics. We also use automated devices and applications, such as Google Analytics (more info here) to evaluate the use of our Services. We use these tools to gather non-Personal Data about users to help us improve our Services and user experiences, such as aggregated and/or anonymized data. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Site with other information they have collected for their own purposes. This Notice does not cover such uses of data by third parties.
Do-Not-Track Signals. Our Site does not respond to do-not-track signals. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and set out in our Cookie Policy.
Interest-based Advertising
We work with third-party ad networks, analytics companies, measurement services and others (“third party ad companies”) to manage our advertising on third-party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third-party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information. This information is used to provide you more relevant ads and content and to evaluate the success of such ads and content.
See our Cookie Policy for information on the third parties that we work with, and how you can opt out of ads from them. For more information about third-party ad networks and to opt out of interest-based ads from many ad networks go to:
- Canada: http://youradchoices.ca
- EU: http://youronlinechoices.eu
- US: http://aboutads.info
6. International Transfers
Monks is headquartered in the United Kingdom and has operations and service providers in the United Kingdom and throughout the world. As such, we and our service providers may transfer your Personal Data to, or access it in, jurisdictions (including the United Kingdom) that may not provide equivalent levels of data protection as your home jurisdiction. The data we collect from you may also be transferred to, and stored at, a destination outside the UK and/or European Economic Area (“EEA”). It may also be processed by staff that operate outside the UK and/or EEA and work for us or our suppliers. These staff may be engaged, for example, in the fulfillment of the provision of our services to you, the processing of your Personal Data, the maintenance of our website and our services, and the provision of support services. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements. Monks has an Intra Group Data Transfer Agreement that allows the transfer of Personal Data within the Monks group entities.
If you are in the European Economic Area and/or UK, and we process your Personal Data in a jurisdiction that the European Commission and/or the UK Government has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your Personal Data, such as putting in place standard contractual clauses adopted by the relevant data protection regulator and approved by the European Commission and/or the UK Government or another measure that has been approved by these regulatory bodies as adducing adequate safeguards for the protection of Personal Data when transferred to a third country. You have a right to obtain details of the mechanism under which your Personal Data is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.
7. Your Choice And Rights
Access, Amend and Correct. If you wish to access Personal Data that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, to request deletion of or object to processing of your information, please send your request to privacy@monks.com. We may ask you for additional information so that we can confirm your identity.
Direct Marketing. You may always opt-out of direct marketing emails from us by following the instructions in such emails or emailing privacy@monks.com. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your Personal Data. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
Additional Information for Certain Jurisdictions. We are committed to respecting the privacy rights of individuals under all privacy laws applicable to us. Some privacy and data protection laws require that we provide specific information about individual rights to applicable consumers, which we have set forth at the end of this privacy notice:
- California: if you are a California resident, you have certain rights, under California privacy laws, regarding your Personal Data as set forth below, under the “IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS AND RESIDENTS OF OTHER U.S. STATES” section.
- EU/EEA/UK: if you are in the European Union / European Economic Area / UK, below we provide further details about your rights under the General Data Protection Regulation and the United Kingdom’s Data Protection Act 2018 (collectively referred to as GDPR in this Notice), under the “IMPORTANT INFORMATION FOR INDIVIDUALS IN THE EUROPEAN / EUROPEAN ECONOMIC AREA / UK” section.
8. Security
We have implemented safeguards and technical measures to protect the Personal Data that we have under our control from unauthorized access, use or disclosure in alignment with the ISO27001:2022 standard. More information about security controls can be found in the "Information Security & Compliance" section. However, no data security measures can guarantee 100% security.
9. Retention
As a general rule, we retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. We may retain Personal Data for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others. Our clients instruct us on how long to retain Client Data, which we handle as a data processor.
10. Information About Children
The Monks Site is not intended for minors under the age of 18. We do not knowingly or specifically collect information about minors under the age of 18. If you believe we have unintentionally collected such information, please notify us at privacy@monks.com, so that we can delete this information from our servers.
If you are accessing or using this Site or using or accessing any of our Services, you represent to us that you are 18 or older and that you agree to the terms of use of this Site, including the privacy policy.
11. Changes To Our Privacy Notice
From time to time, we may update this Notice to reflect new or different privacy practices or to reflect changes in industry standards or legal requirements. We will place a notice online when we make material changes to this Notice. Additionally, if the changes will materially affect the way we use or disclose Information, we will notify you in advance of the change by sending a notice to the primary email address associated with your account or by posting a notice on our Site. You should refer back to this page, and please pay particular attention to our “Last updated” date. It indicates the date the Notice was last revised. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Privacy Notice to check for any changes.
12. Contact Us
If you have questions or concerns regarding the way in which your Personal Data is being processed or this Notice, please email us at privacy@monks.com or reach out to Monks using the contact information below: Monks, 15 Bonhill Street, London, England, EC2A 4DN
13. Additional Information For Individuals In Certain Jurisdictions
A. Important Information For California Residents And Residents Of Other U.S. States
Consumer privacy laws in various states of the United States may provide their residents with additional rights regarding our use of their Personal Data. Thus, U.S. Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nevada, Oregon, Tennessee, Texas, Utah, and Virginia may have Personal Data rights and choices that are addressed below:
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. These states provide (now or in the future) their state residents with rights to:
- Confirm whether we process their Personal Data.
- Access and delete certain Personal Data.
- Correct inaccuracies in their Personal Data, taking into account the information’s nature processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of Personal Data processing for: targeted advertising (excluding Iowa); sales; or profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Either limit (opt-out of) or require consent to process sensitive personal data.
Nevada. Nevada provides its residents with a limited right to opt out of certain Personal Data sales. Nevada residents who wish to exercise the sale opt-out rights may submit a request by sending an email to privacy@monks.com. However, please know that we do not currently sell data triggering that statute’s opt-out requirements.
The exact scope of these rights may vary by state. To exercise any of these rights or to appeal an adverse decision, please contact us at gdpr@representclo.com.
Additional Information for California Residents.
(i) “Shine the Light Law.” In addition to the rights set out above in this Privacy Notice, California's "Shine the Light" law (Civil Code Section § 1798.83) permits users who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@monks.com.
(ii) CalOPPA. Also, pursuant to the California Online Privacy Protection Act (CalOPPA), at Cal. Business & Professions Code §§22575-79, to the extent we collect any personal data from any California residents, we are required to disclose to those California residents whether we respond to their “do not track” requests. More specifically, certain web browsers may allow a user to enable a “do not track” option that sends signals to the websites the user visits indicating that the user does not want the user’s online activities tracked. This is different than blocking cookies, and browsers with the “do not track” option selected may still accept cookies. There is currently no universally-accepted technology standard for recognizing and implementing “do not track” signals. Furthermore, our website and apps currently do not have the functionality to recognize or honor “do not track” browser signaling. Thus, we do not respond to “do not track” signals. If a standard for online tracking is adopted in the future that we must follow, or if we otherwise are able to respond to such signals, we will modify this Privacy Notice accordingly.
(iii) CCPA. Additionally, if you are a California resident, California law may provide you with additional rights regarding a business’ use of your Personal Data under the California Consumer Privacy Act (CCPA). To learn more about your California privacy rights under the CCPA, see below and also see the California Consumer Privacy Act of 2018, California Civil Code § 1798.100, et seq. or visit the California Attorney General FAQs about the CCPA at https://oag.ca.gov/privacy/ccpa.
In this sub-section, we provide information for California residents, as required under the CCPA.
Categories of Personal Data We Collect. The CCPA requires that we disclose certain information about the categories of Personal Data that we collect about California residents. In the preceding 12 months, we may have collected the following categories of Personal Data relating to California residents. These categories are defined by California law. We may not gather all the information listed within a specific category, and we may not collect all categories of information for every individual. All categories of personal information under CCPA may be shared among Monks group entities. However, we do not sell your personal data to any third parties, and we have not done so in the last 12 months. For details about the precise data points we collect, the categories of sources of such collection, and the Retention Period, please see the “Information We Collect” and the “Retention” sections above. We collect Personal Data for the business and commercial purposes described in the “Purposes for Using Personal Data” section above. While the information we collect varies depending upon the circumstances, such as our interactions with you, we may collect the following categories of Personal Data (subject to applicable legal requirements and restrictions):
- Identifiers: Name, contact information and other identifiers, such as a name, username, account name, address, phone number, email address, online identifier, IP address, government-issued identification numbers or other similar identifiers.
- Customer records: paper and electronic customer records containing Personal Data, such as name, signature, contact information, employment history, government identifiers (e.g., Social Security number), physical characteristics or descriptions, address, telephone number, passport number, driver’s license number, insurance policy number, education, medical information or health insurance information, and financial or payment information.
- Protected classifications: characteristics of protected classifications under California or federal law such as race, sex, age, religion, national origin, disability, sex (including gender, gender identity, gender expression, pregnancy status, sexual orientation), military or veteran status, genetic information, and citizenship.
- Commercial information: such as records of real or personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Internet or other electronic network activity information: such as information regarding a consumer’s interaction with an Internet website, application, or advertisement.
- Geolocation data: precise location information about a particular individual or device.
- Sensory data: audio, video and other electronic data: such as photographs, video, audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information: such as current or past job history or performance evaluations.
- Non-public education information: this may include education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, student disciplinary records.
- Profiles and inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Sensitive personal information is a subtype of Personal Data consisting of specific information categories. We do not collect sensitive personal information.
Categories of Personal Data Disclosed. In the preceding 12 months, we may have disclosed the following categories of Personal Data in support of our business purposes identified in the “Purposes for Using Personal Data” above:
Identifiers
- Customer records
- Protected classifications
- Internet or other electronic network activity information
- Geolocation data
- Audio, video and other electronic data
- Profiles and inferences
Categories of Personal Data Sold. The CCPA defines a “sale” as disclosing or making available to a third-party Personal Data in exchange for monetary or other valuable consideration. We do not disclose Personal Data to third parties in exchange for monetary compensation from such third parties.
However, we may disclose or make available certain categories of Personal Data to third parties, in order to receive certain services or benefits from them (such as when we allow third party tags to collect browsing history and other information on our Site to improve and measure our ad campaigns), including:
- Name, contact information and other identifiers
- Internet or other electronic network activity information
- Profiles and inferences
California Residents’ Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
- Do-Not-Sell: California residents have the right to opt-out of our sale of their Personal Data. Opt-out rights can be exercised by submitting a request to us online at privacy@monks.com. We do not currently sell any personal data about you to any third party.
- Notice before collection: We are required to notify California residents, at or before the point of collection of their Personal Data, the categories of Personal Data collected and the purposes for which such information is used.
- Request to delete: California residents have the right to request, at no charge, deletion of their Personal Data that we have collected about them and to have such Personal Data deleted, except where an exemption applies. We will respond to verifiable requests received from California residents as required by law.
- Request to know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of Personal Data that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their Personal Data in the prior 12 months, including: categories of Personal Data collected; categories of sources of Personal Data; business and/or commercial purposes for collecting and selling their Personal Data; categories of third parties/with whom we have disclosed or shared their Personal Data; categories of Personal Data that we have disclosed or shared with a third party for a business purpose; and categories of third parties to whom the residents’ Personal Data has been sold and the specific categories of Personal Data sold to each category of third party.
- California residents may make a Request to Know up to twice every 12 months, at no charge. We will respond to verifiable requests received from California residents as required by law.
- Request to Correct: California residents have the right to request the correction or update of any incomplete or inaccurate personal data that we may have about them.
- Discrimination and financial incentives: The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. A business may offer financial incentives for the collection, sale or deletion of California residents’ Personal Data, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offered and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent.
Submitting Verifiable Requests. Requests to know and requests to delete may be submitted:
- By email at privacy@monks.com
- Online via Google Forms
We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.
B. Important Information For Individuals In The EU / European Economic Area / UK
This section explains the rights that data subjects in the European Union / European Economic Area (“EEA”) / United Kingdom have. More specifically, pursuant to the GDPR, individuals in the EU and UK are granted specific rights concerning their Personal Data.
Rights under the GDPR. Individuals in the EU/EEA/UK have the below rights with respect to their Personal Data.
- Right of access: You can ask us to: confirm whether we are processing your Personal Data; give you a copy of that information; provide you with other information about your Personal Data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your information from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Notice.
- Right to rectify and complete Personal Data: You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Right of erasure: You can ask us to erase your Personal Data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your Personal Data if the processing of your Personal Data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Right of restriction: You can ask us to restrict (i.e. keep but not use) your Personal Data, but only where: its accuracy is contested, to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your Personal Data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Right to object to our use of your Personal Data for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your Personal Data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
- Right to object for other purposes: You have the right to object at any time to any processing of your Personal Data which has our legitimate interests as its Lawful Basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your Personal Data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to (data) portability: You can ask us to provide your Personal Data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Right to withdraw consent: You can withdraw your consent in respect of any processing of Personal Data which is based upon a consent which you have previously provided.
- Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your Personal Data is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
- Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your Personal Data. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time. If you are located in the EEA or UK and you believe we are unlawfully processing your Personal Data, you have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Submitting a GDPR Data Subject Access Request. Please contact us at privacy@monks.com to exercise one of these rights.