Privacy Policy

tl;dr You can visit this website completely anonymously. If you decide to submit personal information to us, you understand this happens on a strictly voluntary basis. Here’s what we collect, why and for how long.

Definitions

Provider (also we, us and our)
Mononox.com is operated by Sven Tolle, Nicolaistr. 18, 28195 Bremen, Germany.

Users (also you, your and yours)
All people visiting, requesting quotes, contacting us, accepting offers as well as placing orders and managing services.

  • Visitors: Just browsing, no interaction
  • Contacts: Submitted forms, registered
  • Clients: Placed order (logged in only)

Personal Data
Any Data that can be used to personally identify a person, such as..

  • Name
  • Company name
  • Email address (Professional email at company)
  • Billing address (Company billing address)
  • Payment data (Processed externally only, we don’t ever see your full payment data)
  • IP address (Full IP’s are processed by our firewall and during online purchases only, otherwise it’s anonymised)

Web browsing data

  • No third-party or other user-level analytics are used on our website, all we use is a general statistic.
  • All server and error log files are anonymised.

Visitors: Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
Contacts:  Anonymised IP, Device type, OS, Browser, Screen resolution, Referrer, Access time and target
Clients:
IP (VAT regulations), Device type, OS, Browser, Screen resolution, Referrer, Access time and target

Cookies

Our website uses cookies. Cookies are small text files, saved by our web server to your web browser’s storage. They can contain text or numbers, such as session identifiers or site settings you may have applied. We use them to make your browsing expierience more secure, stable and to allow our Contacts and Clients to log into their accounts. None of these cookies are used to track users and they are only valid for one session. You can disable cookies for this site through your browser’s options. Please note that you may not be able to log in or submit forms without cookies.

Forms

We treat all Visitor, Contact and Client data as strictly confidential. Information submitted to us via the Quote or Contact forms will not be shared to any outside party. Our system stores this data only as long as it takes to submit the message and automatically purges it from the server after that. From there, your information enters into our encrypted email archive where it’s stored for as long as the law requires us to and it will be automatically deleted after that.

Visitors: No data
Contacts: All submitted form data
Clients: All submitted form data

Accounts

We don’t allow public accounts. Contacts looking to become Customers can request an account by using the contact for quote request forms. We may reject or create new accounts at our own discretion. If an account is being denied, all of the data you’ve submitted will be deleted rightaway. Otherwise the account will be available for the client until our services seize or the client wishes to delete the account.

Purchases

If we accept business customers to purchase our services online, we require the following information to process the payments and to fulfill legal obligations, such as recording the customer’s IP address for VAT purposes.

  • Name
  • Company name
  • Email address (Professional email at company)
  • Billing address (Company billing address)
  • Payment data (Processed externally only, we don’t ever see your full payment data)
  • IP address

Our Services On Client’s Websites

While conducting administrative Services on our client’s websites we don’t collect any visitor data. If we’re asked to fix something and we happen to see any personal data stored on that site, we’re instructed and have personally signed an agreement not to copy, store or share this information in any way.

When we take website backups, we make sure they’re encrypted first so even if our file storage was comprimised, it wouldn’t give an attacker anything of value.

We deploy a web application firewall on all websites we manage. It sits locally on the client’s server and scans all traffic against a defined set of security rules. Only when breaking one of these rules, which wouldn’t happen to regular visitors, we share this IP address and other (non-personal) data with our firewall vendor (see: Third-Party Processors) so they may protect other people from known malicious IP addresses. In general, all data sent to this vendor will be deleted by them (and us) after 90 days. However, since IP addresses don’t stop being malicious on a schedule, this period may be extended in some cases. We firmly believe this is in any way to be considered legitimate interest for us, our clients and all of their website’s visitors as security is simply not optional. We understand the impact of this and we’re doing everything we can to minimise the effect on regular users, it should be next to none. Should anyone come into contact with our firewall for no apparent reason, we will gladly file a request to remove their IP address from the blocking lists.

Here’s our Legitimate Interest Assessment for this purpose: Download PDF

Purpose and deletion

We only collect and process data that’s absolutely required to provide our services and to manage people’s (including your own) enquiries to us.

  • We collect only the minimum required data to conduct our services, it’s never shared without your consent (if applicable).
  • We collect web browsing data to maintain the security and performance of our website. This data will be deleted after 30 days.
  • Applicable law requires us to maintain permanent record (6-10 years) of all mission-critical communications, such as project emails and financial transaction records, deletion occurs automatically.

Access to your Data

Every EU data subject (user) has the right to enquire about the information we may have stored about them by using our contact form (or emailing info@mononox.com), providing the email address or account name in question. We will ask users to verify the email/ID before sending out any private data. We will also delete or anonymise any publicly visible personal information upon request. All Privacy Requests will be completed within 30 days.

You may revoke your consent to process your personal data at any time. To do so, simply use our contact form or email address.

How your Data is protected

The key component in dealing with sensitive data is encryption. We use TLS encryption exclusively on the website, form submissions are sent to us using secure connections and our data storage is also encrypted. We use Two-Factor Authentication where ever possible. Our systems are checked for malware several times a day and our backups are also securely encrpyted. We’re destined to continue our efforts to protect user and usage data in order to comply with legal requirements (GDPR) and industry standards at all times. However, we’re unable to guarantee 100% security (as that simply doesn’t exist). We advise users to evaluate their risks and proceed at their own discretion.

If a Data breach occurs

Should all preventative measures fail and a data breach occurs, we will take the following actions.

– Detailed notification (within 72 hours) of the authorities, insurance companies and all users affected.
– In-depth security assessment, finding and and fixing the security hole.
– Distributing new encryption keys and passwords as well as new TLS certificates for the website.

Third-Party Processors

We keep our third party dependency to a minimum. All of the companies listed below delare full compliance with the EU-GDPR guidelines and we have agreements with them to form a legal base for collecting and processing such data.

Our web hoster is All-inkl.com (Neue Medien Münnich) DE – Privacy policy
Our firewall vendor is WordFence (Defiant Inc.) USA –  Privacy policy (Privacy Shield application pending, currently compliant via SCC’s)
Our external payment gateway is Stripe (Stripe Inc.) USA/DE – Privacy policyPrivacy Shield Policy
Our billing system is debitoor (debitoor GmbH) DE – Privacy policy

Changes

We reserve the right to change details of this policy at any time and without further notice. Users are advised to check it for changes when a new enquiry or purchase is to be made.

Changelog


Also see our Terms & Conditions