tldr; You can visit this website completely anonymously. If you decide to submit personal information to us, you understand this happens on a strictly voluntary basis. Here’s what we collect, why and for how long.
Provider (also we, us and our)
Mononox.com is operated by Sven Tolle, Nicolaistr. 18, 28195 Bremen, Germany.
Users (also you, your and yours)
All people visiting, requesting quotes, contacting us, accepting offers as well as placing orders and managing services.
- Visitors: Just browsing, no interaction
- Contacts: Submitted forms, registered
- Clients: Placed order (logged in only)
- Email address
- Billing address
- Payment data
- IP address
Web browsing data
- No third-party or other user-level analytics are used on our website, all we use is a general statistic.
- All server and error log files are anonymised.
Visitors: Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
Contacts: Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
Clients: IP (VAT regulations), Device type, OS, Browser, Screen resolution, Referrer, Access time and target
We treat all Visitor, Contact and Client data as strictly confidential. Information submitted to us via the Quote or Contact forms will not be shared to any outside party. Our system stores this data only as long as it takes to submit the message and automatically purges it from the server after that. From there, your information enters into our encrypted email archive where it’s stored for as long as the law requires us to and it will be automatically deleted after that.
Visitors: No data
Contacts: All submitted form data
Clients: All submitted form data
We don’t allow public accounts. Contacts looking to become Customers can register an account by submitting the Quote request form and adding an account username and email address under “Create an Account”. We may reject or create new accounts at our own discretion. If an account is being denied, all of the data you’ve submitted will be deleted rightaway. Otherwise the account will be available for the client until our services seize or the client wishes to delete the account.
If we accept business customers to purchase our services online, we require certain information to process the payments.
- Company name
- Payment data (Never stored on our system!)
- Company email address
- Company billing address
- Purchase history
Our Services On Client’s Websites
While conducting administrative Services on our client’s websites we don’t collect any visitor data. If we’re asked to fix something and we happen to see any personal data stored on that site, we’re instructed and have personally signed an agreement not to copy, store or share this information in any way. Our very existence is bound to the integrity of your data and we wouldn’t risk it for the world.
When we take website backups, we make sure they’re encrypted first so even if our file storage was comprimised, it wouldn’t give an attacker anything of value.
We deploy a web application firewall on all websites we manage. It sits locally on the server and scans all traffic against a defined set of security rules. Only when breaking one of these rules, which wouldn’t happen to normal visitors, we share this IP address and other (non-personal) data with our firewall vendor (see: Third-Party Processors) so they may protect other people from known malicious IP addresses. In general, all data sent to this vendor will be deleted by them (and us) after 90 days. However, since IP addresses don’t stop being malicious on a schedule, this period may be extended in some cases. We firmly believe this is in any way to be considered legitimate interest for us, our clients and all of their website’s visitors as security is simply not optional. We understand the impact of this and we’re doing everything we can to minimise the effect on regular users, it should be next to none. Should anyone come into contact with our firewall for no apparent reason, we will gladly file a request to remove their IP address from the blocking lists.
Purpose and deletion
We only collect and process data that’s absolutely required to provide our services and to manage people’s (including your own) enquiries to us.
- We collect only the minimum required data to conduct our services, it’s never shared without your consent.
- We collect web browsing data to maintain the security and performance of our website. This data will be deleted after 30 days.
- Applicable law requires us to maintain permanent record (6-10 years) of all mission-critical communications, such as project emails and financial transaction records, deletion occurs automatically.
Access to your Data
Every EU data subject (user) has the right to enquire about the information we may have stored about them by using our contact form (or emailing email@example.com), providing the email address or account name in question. We will ask users to verify the email/ID before sending out any private data. We will also delete or anonymise any publicly visible personal information upon request. All Privacy Requests will be completed within 30 days.
How your Data is protected
The key component in dealing with sensitive data is encryption. We use TLS encryption exclusively on the website, form submissions are sent to us using secure connections and our data storage is also encrypted. We use Two-Factor Authentication where ever possible. Our systems are checked for malware several times a day and our backups are also securely encrpyted. We’re destined to continue our efforts to protect user and usage data in order to comply with legal requirements (GDPR) and industry standards at all times. However, we’re unable to guarantee 100% security (as that simply doesn’t exist). We advise users to evaluate their risks and proceed at their own discretion.
If a Data breach occurs
Should all preventative measures fail and a data breach occurs, we will take the following actions.
– Detailed notification (within 72 hours) of the authorities, insurance companies and all users affected.
– In-depth security assessment, finding and and fixing the security hole.
– Distributing new encryption keys and passwords as well as new TLS certificates for the website.
We keep our third party dependency to a minimum. All of the companies listed below delare full compliance with the EU-GDPR guidelines and we have agreements with them to form a legal base for collecting and processing such data.
We reserve the right to change details of this policy at any time and without further notice. Users are advised to check it for changes when a new enquiry or purchase is to be made.
See our Terms & Conditions