Who we are

Our website address is: https://marketplace.monsteramania.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements

 

Schedule: Data Protection Act 2018 Compliance

  • Definitions

In this Schedule, the following words shall have the following meanings:

“Act”

means the Data Protection Act 2018.

“Associate”

means any corporate or other form of organisation or any individual person with whom you have an association which does, or could, entail the transfer of personal data to us for processing.

“Directive”

means Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.

“DPC”

means the Data Protection Commission

“the Data Protection Regulations”

means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

“the Law”

means all or any of:

(a) the Data Protection Regulations,

(b) the Act,

(c) the Data Protection Act 1988,

(d) the Data Protection Act 2003,

(e) regulations made under the Act,

(f) Directive.

“data controller”, “data processor”, “sub-processor”, “data subjects”, “personal data”, “process”, “processed” and “processing” shall have the meanings respectively, as defined in the Act.

In this agreement, “personal data”, is limited to data which comes into our hands in some way connected to this agreement.

  • Data Protection

      1. The obligations described in this Schedule are in addition to our obligations under the Law.
      2. To enable us to provide the Services under this agreement, you authorise us to process personal data on your behalf.
      3. We both agree that you and your Associates are data controllers, and we are your data processor in relation to personal data.
      4. Details of the anticipated processing activities are set out at Appendix 1 to this Schedule.
  • How we shall process data

We shall at all times comply with the provisions and obligations imposed by the Law and, in particular, shall:

      1. process personal data only to the extent necessary to provide the Services;
      2. ensure that every person processing personal data under this agreement does so strictly on a need-to-know basis, has received training on their obligations relating to handling of personal data and is bound by confidentiality obligations no less stringent than our confidentiality obligations under this agreement;
      3. in order to use commonly accepted international communications and money transfer protocols, it will be necessary to use sub-contractors for certain service provision. We shall not necessarily be aware of the identity of every organisation involved in the train of communications. When that happens, we accept full responsibility for our compliance with the Law.
      4. subject to the exceptions mentioned in the last previous sub-paragraph, we will not use subcontractors for personal data processing under this agreement without your prior written consent.
      5. wherever possible, enter into a written contract with each such sub-processor, which includes the same obligations on the sub-processor as those imposed on us by You under this agreement.
      6. subject to the other provisions of this Schedule, not process personal data or permit any third party to process personal data outside of the European Economic Area (EEA) unless:
        1. EU standard contractual clauses approved by the European Commission or the DPC are entered into between you or your relevant Associate as data exporter, and the relevant recipient of the personal data as data importer; or
        2. the recipient of the personal data has entered into a data processing agreement with you; or
        3. the recipient of the personal data is regulated within the United States of America solely by the U.S. Department of Commerce, is certified under the EU/US Privacy Shield framework, and continues to be certified for the period within which it processes the personal data; or
        4. the recipient of the personal data has entered into binding corporate rules, which are valid in respect of the processing of personal data under this agreement and have been approved by the European Commission or the DPC; or
        5. the transfer is to a recipient located within a jurisdiction whose law relating to the processing of personal data has been approved by the European Commission or the DPC (subject to any applicable restrictions).
      7. have in place at all times appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by processing the personal data, to prevent accidental, unauthorised or unlawful destruction, loss, alteration, or access to personal data, including as a minimum whatever security measures you notify and instruct us to use. Examples of such measures are:
        1. the pseudonymisation and encryption of personal data;
        2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
        3. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing;
      8. maintain a written record of all categories of processing activities carried out on your behalf and when you ask, copy it to you. The record shall contain:
        1. Our name and contact details and (where applicable) those of our approved sub-processors and details of their respective data protection officers;
        2. the categories of personal data, data subjects and processing activities carried out on behalf of you and your Associates;
        3. where applicable, transfers of personal data to a third country (i.e. non-EU Member State) or an international organisation, including identification of that third country and documentation evidencing implementation of suitable safeguards; and
        4. a general description of the technical and organisational security measures we have installed as referred to in Article 32(1) of the Data Protection Regulations;
      9. when you ask, give to you or to the DPC, access to our employees, data processing facilities, procedures, and records to inspect and audit compliance with the Law and the terms of this agreement. We shall (and shall ensure any sub-processor shall) give all reasonable cooperation and assistance.
      10. immediately tell you (and in any event within 24 hours) after becoming aware of any actual or suspected unlawful destruction, loss, alteration, disclosure of, or access to, personal data transmitted, stored or otherwise processed by you or any sub-processor under this agreement;
      11. provide reasonable assistance to you in:
        1. responding to data subject’s requests to exercise their rights under the Act;
        2. responding to communications received from the DPC relating to the processing of personal data under this agreement, including notifying You immediately of any such communication;
        3. taking measures to address data security incidents, including, where appropriate, measures to mitigate their possible adverse effects;
        4. promptly upon your request, transfer personal data to a third party in compliance with a request from a data subject to exercise their right to data portability;
        5. make available to you on request all information necessary to demonstrate compliance with the obligations set out in this Schedule; and
        6. at your request (no more than once in every calendar year) complete and return without delay your information security and data protection questionnaires.
  • Post termination

      1. Upon termination of this agreement, we and any sub-processor shall:
        1. physically destroy all copies of media upon which any personal data was supplied and any further copies made by us;
        2. return all personal data stored in hard copy to you;
        3. delete all personal data stored in soft copy, by some method which prevents future re-activation of that data;
      2. Where we or our sub-processor is required to retain personal data in order to comply with applicable law, we will tell you and will retain such personal data only in our capacity as a data processor and shall comply with our obligations as a data processor, as far as applicable law permits.
  • Warranty and acceptance of liability

    1. We represent and warrant that the information provided in any response to any request by you shall be complete, true and accurate, and will not misrepresent our business or practices in respect of our ability to comply with the Law and our obligations under this agreement.
    2. If any act or omission of ours or our sub-processors results in data transmitted or processed under this agreement being lost or degraded so as to be unusable, then we shall be liable to you for the cost of reconstituting the data and/or yours and your Associate’s costs in recreating such data.

Appendix 1 to Schedule

Data Processing Activities

What we or you may process in each category

  • We shall process this basic personal data
      1. Name
      2. Address
      3. Email address
      4. Phone number
      5. Date of birth
      6. Technical information relating to electronic communication, which is personal information only when associated with the name or identity of the data subject
      7.  [list all other depending on whether data passes]
  • We shall process the data of these data subjects

Data of buyers, so far as their data is required in order to satisfy our obligations under this contract and comply with the Law.

  • This is why and how we shall process personal data
      1. Our processing of personal data will be limited to such activity as is reasonably required to satisfy our obligations under this contract.
      2. We shall not make contact with any data subject nor seek additional data from any other source.
  • Retention period
    1. We may retain personal data, along with much other data, for six years, for these reasons:
      1. for accounting and taxation purposes;
      2. to provide evidence if required in connection with a legal claim;
      3. for any other reason where the law provides a six years limitation period;
    2. If any event occurs which requires us lawfully to continue to retain data beyond that period, then we may do so.

Main Menu