• Free Returns
  • Safe delivery
  • 90 Years of MONA

Privacy Policy

Table of Contents

1 We are responsible for your data
2 How secure is your data ?
3 Our data protection officer
4 What information is required or mandatory ?
5 For what purposes do we process your data ?
5.1 Enquiries
5.2 Quality assurance
5.3 Personal customer account
5.4 Orders and catalogue requests
5.5 Payment service providers
5.6 Credit checks
5.7 Advertising
5.7.1 E-mail advertising & newsletters
5.7.2 Telephone advertising
5.7.3 Postal advertising and customer analyses
5.7.4 Customer surveys to determine customer satisfaction
5.7.5 Competitions
5.7.6 Documentation of consent
5.7.7 Storage period for advertising
5.7.8 Change of purpose
5.8 Extended storage periods
6 Right to object and right to withdraw
6.1 Your right to object
6.2 Right to withdraw
6.3 Address for objection and withdrawal
7 What are your rights?
7.1 Right to confirmation & right of access
7.2 Right to rectification
7.3 Right to erasure (“right to be forgotten”)
7.3.1 Conditions for erasure
7.3.2 More extensive right to be forgotten
7.3.3 Exceptions to the right to erasure
7.4 Right to restriction of processing
7.5 Right to data portability
7.6 Asserting your rights
8 What are cookies and what are they used for?
8.1 Cookies
9 Log files

1 We are responsible for your data

We believe that the protection and security of your personal data is extremely important. We process your personal data in strict compliance with the statutory requirements, so that you can rest assured that we protect your personal data. Personal data is data that can or could be used to identify you. We only process your personal data if we are permitted to do so by law or you have given your prior consent. We, i.e. Mail Order Finance GmbH, Mail Order Finance UK, C/O Stokoe Roger, 15 Bankside, The Watermark, Gateshead, NE11 9SY, UK and our service providers, process your data on our behalf for the purposes stated below (hereafter referred to as Mail Order Finance or we/us).
Our service providers include, for example, printers, lettershops, call centres, address service providers, Internet service providers, data centres and payment service providers. You can write to the address above or you can also contact us by e-mail at customercare@mona.co.uk We believe it is important to allow you to find out what personal data is collected during your visit to our website and when using our services and products and how we process this data after your visit.

2 How secure is your data?

We take technical and organisational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany (Article 32 GDPR).
The implemented measures are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of the systems and services for the processing of your data, at all times. They are also designed to restore the availability of and access to data rapidly in the event of a physical or technical incident.
Our security measures also include encrypting your data. When your data is sent to us, your data is encrypted using Transport Layer Security (TLSv1.2, RSA2048 Bit), depending on the browser used.
All the information that you enter online is encrypted before it is sent. This means that this information cannot be viewed by unauthorised third parties at any time.
Our data processing and security measures are continuously improved in line with developments in technology.
As a matter of course, our employees undertake in writing to comply with confidentiality and with the data protection requirements.

3 Our data protection officer

If you have a question about data protection or data security, you can contact our data protection officer by e-mail at privacy@mona.co.uk or by post to Data Protection Officer Mail Order Finance GmbH, C/O Stokoe Roger, 15 Bankside, The Watermark, Gateshead, NE11 9SY, UK.

4 What information is required or mandatory?

If, when we are collecting data, specific fields are mandatory or required fields and/or are highlighted with an asterisk (*), this data is required either by law or by contract or we need this data to enter into the contract, for the service that has been requested or for the stated purpose. Of course, you can still choose whether or not to provide required information. Failure to provide such information may mean that the contract cannot be fulfilled by us or that the requested service cannot be provided or the stated purpose cannot be achieved.

5 For what purposes do we process your data?

5.1 Enquiries

If you contact us via our contact methods (e.g. via e-mail, contact form, service reviews and product reviews), we will save your name and contact details (e-mail address and/or customer number) as well as your message. The data is used to process your enquiry and to communicate with you. We use your e-mail address to reply to you by e-mail (on the legal basis of Article 6(1)(a) and (b) GDPR). If you have questions about specific orders or if you want us to do something that relates specifically to you, we require your real name. If you have any other questions, you can also use a pseudonym. If the reason you have contacted us has been completely resolved and there are no other obligations to retain records, the data will be deleted again.

For telephone enquiries, we use our own employees to support communication, as well as service providers who will answer your call and deal with your request (see section 5.2). These service providers are obliged by contract with us to comply with data protection regulations in accordance with the statutory requirements.

5.2 Quality assurance

We also use your data to ensure the quality of the service providers and internal employees who support our communication with customers. Real customer data and cases are used to perform tests for this purpose. For example, we use a written order we have received to process the written order by phone as part of a test call. The tester simulates a customer conversation in this process. We base this type of data processing on the basis of our legitimate interest in ensuring quality when handling phone enquiries from our customers (Article 6(1)(f) GDPR).

You may object to the use of your data for this purpose at any time with effect in the future. For details regarding your right to object, see section 6.1 below.

5.3 Personal customer account

We process the registration data from you that is required to set up and use your customer account, which you can use, for example, to check the delivery status of your orders, cancel an item or check that we have received your payments. You can only access your customer account by entering your personal password. Please treat your login details as confidential.
If you no longer wish to use the account, we can delete online access within 4 weeks. To have your account deleted, please send a message to privacy@mona.co.uk.
You can delete your customer account at any time. However, please note that this does not mean that the data you can see in your customer account will be deleted, if you have ever placed an order with us. Your data is then deleted automatically after the statutory retention periods under commercial and tax law that apply to us have expired. The legal basis for this further processing of data is Article 6(1)(c) and (f) GDPR.

5.4 Orders and catalogue requests

We process your personal data from your orders and your catalogue requests initially for the purpose of processing the order or catalogue request and for delivery and invoicing (Article 6(1)(b) GDPR). To ensure that the goods reach you quickly, we instruct the manufacturer, a wholesaler or a collection point (known as drop shipping) to send the goods directly to you and we send them your address details for shipping. The legal basis for the transfer of data is Article 6(1)(b) GDPR.
After completion of the order or catalogue request, we will store the data that is relevant to your order or catalogue request and the associated documents (e.g. business letters and invoices) in accordance with the statutory requirements.
We also process the information from your orders or catalogue requests for postal advertising and customer analyses (see 5.8.3 below).

5.5 Payment service providers

We use payment service providers to make as many secure payment methods available to you as possible. If we have the data available and you have not already made the data available to the provider as a result of registration or provided the data in the course of the payment process, the payment service providers receive the following data for the purpose of checking and processing your payment request, depending on the service provider:
First name, last name, e-mail address, phone number, delivery address, billing address, customer number, order number, payment amount.
Depending on the payment method you select during the order process, we share this data with the following payment service providers:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A. - 22-24 Boulevard Royal, 2449 Luxembourg (Luxembourg)

    • If you use PayPal to pay, we do not receive any account or credit card data. You add any account or credit card data to PayPal directly. We only receive your PayPal e-mail address. Otherwise, data is entered for PayPal in accordance with their security policies.
    • Computop is our payment service provider and is the interface to our credit card acquirer, Concardis, and to PayPal.
  • Concardis GmbH, Helfmann-Park , 65760 Eschborn, Germany

  • Computop GmbH, Schwarzenbergstraße 4, 96050 Bamberg, Germany

The data that we transfer is sent with encryption. Data regarding the payment method and the payment data itself is also sent with encryption via the applicable interfaces. During this process, we do not gain any knowledge of the payment data.

  • The following data is processed when you transfer money from Concardis to us:

    • For credit card purchase => customer number
    • For PayPal => Transaction ID
  • For transfers directly from customers to us:

    • Payment reference, IBAN, payer

5.6 Credit checks

We send personal data that is collected in the course of our contractual relationship regarding the application, execution and termination of this commercial relationship as well as data regarding breach of contract and fraudulent behaviour to CRIF Bürgel GmbH, Leopoldstrasse. 244, 80807 Munich, Germany. The legal basis for transferring this data is Article 6(1)(b) and (f) of the General Data Protection Regulation (GDPR). The exchange of data with CRIF Bürgel GmbH also serves to fulfil statutory obligations to carry out credit checks. CRIF Bürgel GmbH processes the data that it receives and also uses it for the purpose of creating profiles (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland as well as, if applicable, in other third countries (provided that there is an adequacy decision of the European Commission in respect of such countries) with information, among other things, on the credit rating of individuals. For more detailed information about the activities of CRIF Bürgel GmbH, see online at https://www.crifbuergel.de/en/privacy.

5.7 Advertising

5.7.1 E-mail advertising & newsletters
With your consent, which you may withdraw at any time, we will send you information by e­mail about special offers, free gifts, discounts and promotions and about the universal range of products and services that we offer (Mail Order Finance GmbH) (e.g. women’s clothing, accessories, jewellery, bags and shoes). We analyse when you open and read our e-mails and the linked online documents that you select by clicking on them to target future e-mails to your areas of interest. This also includes analysing incomplete orders (on the basis of Article 6(1)(a) GDPR).
We process the mandatory information you provide when you give your consent, both for documentation purposes and so that we can contact you personally.
If you provide your e-mail address when you place your order, we will also inform you by e­mail about our own products and services that are similar to those you have purchased, on the basis of our legitimate interest (Article 6(1)(f) GDPR).
You may object to such use of your data at any time by sending an e-mail to privacy@mona.co.uk or by clicking on link provided for this purpose in the advertising e­mail you receive, without incurring any costs other than the basic rates for sending data. See the section “Right to object and right to withdraw”.

5.7.2 Telephone advertising
You will only receive telephone offers and information from us about new trends, personal product recommendations, discounts and promotions (e.g. women’s clothing, accessories, jewellery, bags and shoes) with your consent, which you may withdraw at any time (and Article 6(1)(a) GDPR). You may object to such use of your data at any time by sending an e­mail to privacy@mona.co.uk without incurring any costs other than the basic rates for sending data. See the section “Right to object and right to withdraw”.

5.7.3 Postal advertising and customer analyses
We process your data from enquiries, orders and catalogue requests to the extent permitted by law for our advertising by post and for our customer analyses so that we can present you with offers from our company (Mail Order Finance GmbH) relating to new trends, personal product recommendations, discounts and promotions (e.g. for women’s clothing, but also from other product categories supplied by our company, such as accessories, jewellery, bags and shoes) and with information about our company. The processing is carried out in pursuit of our legitimate interest in maintaining the customer relationship with you, attracting you to new product groups and services supplied by our brands, generating new customers, reactivating old customers and providing our customers with relevant information and offers (Article 6(1)(f) GDPR). We run our analyses regularly with pseudonymised data using a customer number.
Your data will also occasionally be used for advertising by carefully selected companies for advertising purposes, who in turn are interested in informing you about offers that are in their legitimate interest. To protect interests, at no time is the data disclosed to these companies. Instead, the data is processed using the lettershop procedure. This procedure involves your data being printed on the advertising material from our advertising partner, which is used by a processor (the “lettershop”), who we appoint on our behalf for the purpose of delivering and personalising the advertising material, and is then sent. The advertising partner cannot view any of the data. Our advertising partner only receives your data if you respond to the advertising. You alone decide whether our advertising partners receive data from you.
You may, of course, also object to such data processing. For details, see the section 6 “Right to object and right to withdraw”.

5.7.4 Customer surveys to determine customer satisfaction
We carry out customer surveys to determine customer satisfaction.
In the case of a written customer survey, the data is already collected anonymously by default so that it cannot be used to identify you.
If you have given us your consent to a telephone customer survey, our service provider will receive your name, your contact details and the information required to conduct the customer survey. This personal data is stored by our service provider for 90 days for checking purposes and is then deleted. The results of the survey are only used anonymously, for statistical purposes.
The same applies if you are invited to a customer workshop.
If you take part in a customer survey on the Internet, further processing is done without using personal data, unless otherwise stated.
Further information about data protection is provided for each of the customer survey campaigns.

5.7.5 Competitions
If you take part in our competitions, we use your data to run the competition, in particular to notify winners and, if applicable, to send prizes (the legal basis is Article 6(1)(b) GDPR). If you have given us separate consent to use a specific contact method (e.g. phone or e-mail), we will use your data to the extent of your consent (the legal basis is Article 6(1)(a) GDPR).
The data from participants in the competition is deleted from our active systems after the competition. The data is archived by us solely for purposes of legal defence, for no longer than the period of limitation for potential claims (typically, three years). The legal basis is Article 6(1)(f) in conjunction with Article 17(3)(e) GDPR. Winners’ data is archived for the duration of the statutory retention period for commercial and tax reasons and to avoid any disadvantages to the winner (e.g. product recall) (the legal basis Article 6(1)(c) GDPR).
You may withdraw from participation at any time and object to use of the associated data for the purposes of the competition. Any withdrawal from the use of data for advertising purposes associated with the competition until receipt of notice of the prize shall be treated as withdrawal from participation in the competition. Please see the further information provided in section 6 regarding withdrawal of consent and objection to the use of data for advertising purposes.

5.7.6 Documentation of consent
To obtain your consent to receive newsletters, we use the double opt-in procedure online to prevent our email advertising being sent to the email addresses of people who have not requested our newsletter. The information required for the double opt-in procedure is recorded in accordance with the requirements of data protection supervisory authorities and is stored for documentation purposes (Article 7(1) and Article 5(2) GDPR).
If you send us your consent by post, we will save it as a scan or as the original, which is also for documentation purposes.

5.7.7 Storage period for advertising
We will store your data that is collected for advertising purposes until we receive your withdrawal of consent or your objection to the processing of your data for advertising purposes (see section 6).

5.7.8 Change of purpose
If we intend to process your personal data in the future for a different or additional purpose than the one for which the data was collected, we will provide you with the relevant information about this new purpose and any other relevant information prior to such further processing.

5.8 Extended storage periods

The specified storage periods may be extended where applicable in individual cases, in particular if the data is processed for various purposes, there is a longer statutory or contractual retention period.

6 Right to object and right to withdraw

6.1 Your right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on a balancing of the interests under Article 6(1)(f) GDPR, including profiling based on those provisions. In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object at any time to the processing of your personal data for direct marketing purposes, with the consequence that the data will no longer be processed for such purposes.

6.2 Right to withdraw

You have the right to withdraw any consent you may have given, at any time. Withdrawing consent does not affect the lawfulness of the processing carried out based on the consent up until you withdraw consent.

6.3 Address for objection and withdrawal

Please send your objection or withdrawal to:
Mail Order Finance GmbH
C/O Stokoe Roger
15 Bankside, The Watermark, Gateshead, NE11 9SY, UK
E-mail: privacy@mona.co.uk

7 What are your rights?

As a data subject, you can legally exercise certain rights.

7.1 Right to confirmation & right of access

Under Article 15 GDPR, you have the right to request confirmation from us as to whether or not personal data concerning you is being processed. Where that is the case, you have the right to access your stored personal data free of charge. This includes access to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject also has a right to be informed as to whether personal data has been transferred to a third country or to an international organisation. Where that is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. If you have any questions regarding the collection, processing or use of personal data, for access requests and to exercise your rights in any other way, please contact us using the contact details at the end of this policy.

7.2 Right to rectification

You have the right to obtain from the data controller the rectification and/or the completion of any personal data that is processed concerning you, if it is inaccurate or incomplete. The controller shall carry out rectification without delay.

7.3 Right to erasure (“right to be forgotten”)

7.3.1 Conditions for erasure

You have the right to obtain the erasure of personal data concerning you. Please note that there is only a right to erasure without undue delay (Article 17 GDPR) (“right to be forgotten”) where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
  • the personal data concerning you has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

7.3.2 More extensive right to be forgotten

If we have made the personal data concerning you public and we are obliged pursuant to Article 17(1) GDPR to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

7.3.3 Exceptions to the right to erasure

In addition to the above conditions, please note that the following exceptions may justify a rejection of your request for erasure, to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR ;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.
    The right to erasure does not apply to the extent that processing is necessary:

7.4 Right to restriction of processing

You have the right to restriction of processing: where you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; and where the processing is unlawful and you oppose the erasure and request the restriction of use of the data instead. You also have the right if we no longer need the data, but you require the data for the establishment, exercise or defence of legal claims. Finally, you may exercise this right if you have objected to processing pursuant to Article 21(1) GDPR pending verification clear whether our legitimate grounds override your legitimate grounds.
Where processing has been restricted, such data shall only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. This does not apply to storage. If you have obtained restriction of processing under the above conditions, we shall inform you before the restriction is lifted.

The right applies only insofar as the rights and freedoms of others are not adversely affected.

7.5 Right to data portability

You also have the right to data portability for the data which you have provided to us, which we have processed on the basis of effective consent or the processing of which was necessary to take pre-contractual steps or to perform a valid contract, in a structured, commonly used and machine-readable format. You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right applies only insofar as the rights and freedoms of others are not adversely affected.

7.6 Asserting your rights

You may contact our data protection officer for this purpose. You can contact our data protection officer at:
Data Protection Officer
Mail Order Finance GmbH
C/O Stokoe Roger
15 Bankside, The Watermark, Gateshead, NE11 9SY, UK
E-mail: privacy@mona.co.uk

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR).

8 What are cookies and what are they used for?

8.1 Cookies

Cookies and similar technologies are used on this website. Cookies are small text files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.
The cookie is used to store information in each case relating to the specific device that you use. This does not mean, however, that we obtain direct knowledge of your identity.
Some cookies are necessary for the website to function properly, e.g. to save the contents of your shopping basket or watch list, or to enable you to log in.
Other cookies are used to recognise you when you next visit. These cookies are used, for example, to make our website more attractive to you.
When you access our website, you can view a detailed list of the cookies that we use. At this point, we also ask you for your consent to use these cookies and the technologies on which they are based.
You can click on the “Cookie” icon, which you can see at the bottom left, at any time to see the cookies we are using and the consents you have given. You can also withdraw your consent here by unchecking the applicable checkbox. As soon as you uncheck the checkbox, data is no longer processed using the corresponding cookies. Please note that we do not have access to your browser or hard drive. This means that the cookies remain stored on your computer even after you uncheck the checkbox, although they are no longer used by our website. In such cases, we recommend that you manually delete the cookies from your computer via the browser settings.

9 Log files

Every time a visitor accesses this website, the web browser transfer data about this process, which is temporarily stored in a log file (server log files) and processed (Article 6(1)(b), (c) and (f) GDPR). The following data is stored and processed:

  • A description of the type and version of the web browser you are using
  • The operating system you are using
  • The referrer URL category
  • The host name of the device accessing the website
  • The date and time of the server request
  • The IP address
    Processing this server log data is necessary for technical reasons to ensure system security and for documentation purposes. If the website did not collect the IP address of the accessing computer and the name of the file that is retrieved, it is impossible to establish a connection to the server and use the applicable web content. Data that is processed for technical purposes and to ensure system security is anonymised at the latest after 60 days by truncating the IP address, unless further storage of the IP address is necessary for documentation purposes. (Article 6(1)(c), Article 5(2), Article 7(1) GDPR). This data is then only analysed anonymously for statistical purposes. In some cases, longer storage periods may apply on suspicion of fraud. The data is then deleted after the process or procedure has been completed.

Last updated: 22/09/2020


waiting...

Contact
CUSTOMER ENQUIRIES: 0344 482 8888 Lines are open Monday to Friday, 9am to 5:30pm. ORDER BY PHONE: 0844 482 2345* Lines are open 7 days a week, 8am to 8pm.*Calls to this number cost 7p per minute plus your company’s access charge.
Secure Payments
  • PayPal
  • Visa
  • Mastercard
Follow us
Secure Shopping
  • Safe And Secure
All prices including VAT. Delivery cost is £5.99 per order.