Data protection information

1. Privacy policy

We look forward to your visit to our website. In the following, we would like to inform you about the handling of your data.

2. Controller

Responsible for the following data processing is:

Mondu UK Ltd.
Cannon Place
78 Cannon Street
EC4N 6AF London
United Kingdom

3. Usage

When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites. This record consists of

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser used and the operating system,
  • the referral link indicating from which page you came to ours,
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The mentioned log data is only evaluated anonymously.

4. Storage of the IP address for security purposes

In addition, we store the complete IP address transmitted by your web browser strictly for a period of seven days, in the interest of detecting, limiting and eliminating attacks on our websites. At the end of this period, we delete or anonymize the IP address. The processing is based on a balancing of interests (Article 6(1)(f) UK GDPR)

5. Data integrity

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption method on our websites. Your data will be transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address bar begins with https://.

6. Necessary cookies

We use cookies on our websites that are necessary for the use of our websites.

Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.

The processing is based on a balancing of interests (Article 6(1)(f) UK GDPR).

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

7. Book contact form and demo

You have the option to contact us via our contact form to book a product demonstration. In order to address you personally and to provide you with access to the demo, we need your surname and first name as well as your e-mail address and the name of your company. Optionally, you can tell us your position as well as the turnover of your company.

The processing is based on a balancing of interests (Article 6(1)(f) UK GDPR) to answer your request.

Your data will only be processed to answer your request. We delete your data, provided that they are no longer required and there are no legal retention obligations to the contrary, at the latest after 6 months.

With regard to processing pursuant to Article 6(1)(f) UK GDPR, you have the right to object at any time. Please use the corresponding link in our e-mails or contact the e-mail address stated in the imprint.

8. Third-party tracking technologies for analytics and advertising purposes

We use the web analysis tool to design our websites according to your needs. We also use cross-device tracking technologies so that you can see targeted advertising on other websites based on your visit to our websites and we can see how effective our advertising efforts have been.

The data processing takes place on the basis of your consent (Article 6(1)(a) and Article 9(2)(a) UK GDPR), provided that you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49(1)(a) UK GDPR. Your consent is voluntary and can be revoked at any time.

How does tracking work?

When you visit our websites, it is possible that the third-party providers mentioned below retrieve recognition features for your browser or device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your device (e.g. cookies) or gain access to individual tracking pixels.

The individual features can be used by the third-party providers to recognize your device on other websites. We may commission the corresponding third-party providers to place advertising based on the pages we visit.

What does cross-device tracking mean?

If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked together. If, for example, the third-party provider has created its own characteristic for the laptop, desktop PC or smartphone or tablet you are using, these individual features can be assigned to each other as soon as you use a third-party service with your login data. In this way, the third-party provider can also control our advertising campaigns across different devices in a targeted manner.

Which third-party providers do we use in this context?

Below we will tell you the third-party providers with whom we work for advertising purposes. If the data is processed outside the United Kingdom in this context, please note that there is a risk that authorities will access the data for security and surveillance purposes without you being informed or able to appeal. If we use providers in insecure third countries and you consent, the transfer to a third country takes place on the basis of Art. 49(1)(a) UK GDPR.

Provider Adequate level of data protection Revocation of consent
Meta Platforms Ireland Ltd. (formerly Facebook) Facebook Custom Audiences.
No adequate level of data protection. The transfer takes place on the basis of Art. 49 para. 1 lit. a UK GDPR.
If you want to revoke your consent, please click here and make the appropriate setting via our banner.
Google Ireland Ltd Google LLC. (USA) Google Analytics,Google Tag Manager, Google Ads
No adequate level of data protection. The transfer takes place on the basis of Art. 49 para. 1 lit. a UK GDPR.
HubSpot, HubSpot Forms HubSpot Inc. (USA)
No adequate level of data protection. The transfer takes place on the basis of Art. 49 para. 1 lit. a UK GDPR.
LinkedIn Inc. (USA)LinkedIn Pixel, Linkedin Ads Conversion Tracking, Linkedin Insight-Tag
No adequate level of data protection. The transfer takes place on the basis of Art. 49 para. 1 lit. a UK GDPR.

9. Application

You can apply for vacancies at Mondu by post, e-mail and via the application form on our website. Your application data will be forwarded to the persons responsible for the application process. All parties involved treat your application documents with due care and confidentiality. We process the data that you disclose to us in the context of your application for the selection of applicants.

The legal basis for this data processing is Article 6(1)(b) UK GDPR (steps necessary to enter into a contract).. After completion of the selection process, the information provided by you for the specific selection procedure and the documents sent will be deleted after six months at the latest, unless we have concluded an employment contract with you. In the event that we are also allowed to consider your application in other or future job advertisements, we ask for a corresponding note in your application. With your express consent, we will then process your data on the basis of Article 6(1)(a) and Article 9(2)(a) UK GDPR (consent). You can revoke your consent at any time with effect for the future. The data processing carried out until the revocation remains lawful. Regardless of a possible revocation, we will delete your data no later than one year after inclusion in the applicant pool.

10. Storage period

Unless we have already informed in detail about the storage period, we delete personal data if they are no longer required for the aforementioned processing purposes and there are no statutory retention obligations to prevent deletion.

11. Other processors

As part of order processing in accordance with Art. 28 UK GDPR, we pass on your data to service providers who support us in the operation of our websites and the associated processes. Our service providers are strictly bound by instructions to us and are contractually bound accordingly. These are service providers of the following categories:

  • Hosting service provider/cloud service provider for the operation of our servers
  • Service providers to ensure IT security/IT support
  • Service provider for the delivery and performance measurement of our website
  • E-mail sending service providers for sending e-mails in connection with our contractual services or marketing e-mails
  • Credit agencies for credit scores
  • Dunning & collection agencies (registered) for dunning and collection services in the context of overdue receivables

The servers of some of the service providers we use are located in the USA and other countries outside the United Kingdom. Companies in these countries are subject to a data protection law that generally does not protect personal data to the same extent as is the case in the United Kingdom. If your data is processed in a country that does not have a recognized high level of data protection such as the United Kingdom, we ensure that the level of data protection is largely secured by means of contractual regulations or other recognized instruments. With data recipients in third countries, we conclude the standard data protection clauses specified in regulations made by the Secretary of State under section 17C of the 2018 Act for the processing of personal data in third countries in accordance with Art. 46(2)(c) UK GDPR.

12. Your rights as a data subject

When processing your personal data, the UK GDPR grants you as a data subject certain rights:

Right to information (Art. 15 UK GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 UK GDPR.

Right to rectification (Art. 16 UK GDPR)

You have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data without undue delay.

Right to erasure (Art. 17 UK GDPR)

You have the right to request that personal data concerning you be deleted without undue delay if one of the reasons listed in detail in Article 17 UK GDPR applies.

Right to restriction of processing (Art. 18 UK GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 UK GDPR is met, e.B. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 UK GDPR)

In certain cases, which are listed in detail in Art. 20 UK GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right of withdrawal (Art. 7 UK GDPR)

If the processing of data is based on your consent, you are entitled under Article 7 (3) UK GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right to object (Art. 21 UK GDPR)

If data is collected on the basis of Art. 6(1)(f)UK GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6(1)(e) UK GDPR (data processing for the protection of public interest or in the exercise of official authority), you have the right, for reasons arising from your particular situation, object to the processing at any time. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 UK GDPR)

In accordance with Article 77 UK GDPR, you may lodge a complaint with your supervisory data protection authority, the Information Commissioner, which can be reached using this link:

Assertion of your rights

To assert your rights as a data subject, please complete and submit our contact form with “Request regarding my personal data” selected under the “Which department would you like to contact?” field.

13. ICO Registration

Registration reference: ZB573853
Mondu UK Ltd.
Cannon Place
78 Cannon Street