Data protection

1) Introduction and contact details of the responsible party

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any data that can be used to identify you personally.

1.2 The responsible party for data processing on this website in the sense of the General Data Protection Regulation (GDPR) is MonsterShack UG (limited liability), Sandkamp 1, 22111 Hamburg, Germany, Tel.: +4915256087751, E-Mail: hello@itchy-monsters.de. The responsible party for data processing is the natural or legal person who determines the purposes and means of processing personal data, either alone or jointly with others.

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, meaning when you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, the following data is collected, which is technically necessary for us to display the website:

- Our visited website

- Date and time of access

- Amount of data transmitted in bytes

- Source/reference from which you reached the page

- Browser used

- Operating system used

- IP address used (if applicable: in anonymised form)

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. No transfer or other use of the data takes place. However, we reserve the right to review the server log files retrospectively if specific indications suggest illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible party). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser's address bar.

3) Hosting & Content Delivery Network

3.1 For hosting our website and displaying the page content, we use a provider that performs its services exclusively on servers within the European Union, either directly or through selected subcontractors.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

3.2 AWS-CloudFront

We use a content delivery network from the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

This service allows us to deliver large media files such as graphics, page content, or scripts faster via a network of regionally distributed servers. The processing takes place to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

4) Contacting us

In the context of contacting us (e.g. via contact form or email), personal data is collected. The data collected when using a contact form is outlined in the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been conclusively processed. This is the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

5) Use of customer data for direct advertising

5.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. For the dispatch of the newsletter, we use the so-called double opt-in procedure. This means that we will only send you an email newsletter once you have explicitly confirmed that you wish to receive the newsletter. We will then send you a confirmation email, asking you to confirm that you want to receive the newsletter in the future by clicking a corresponding link.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When subscribing to the newsletter, we store your IP address registered by the internet service provider (ISP) as well as the date and time of subscription to trace possible misuse of your email address at a later date. The data we collect when subscribing to the newsletter is used exclusively for the purpose of advertising engagement via the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a corresponding notification to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve a further data use that is legally permitted and which we inform you about in this declaration.

5.2 MailChimp

The dispatch of our email newsletter is carried out by this provider: The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we provide the data you provided when subscribing to the newsletter in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that it can take care of the newsletter dispatch on our behalf.

Subject to your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletter. Device information (e.g. time of access, IP address, browser type, and operating system) is also collected and evaluated, but is not merged with other data sets.

You can withdraw your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects our visitors' data and prohibits disclosure to third parties.

6) Web analytics services

6.1 Microsoft Clarity

This website uses the web analytics service of the following provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA

Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymised visitor data, including information on the device used such as IP address and browser information, to evaluate them for statistical analyses of usage behavior on our website and to create pseudonymised usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps) showing the duration of page visits as well as interactions with page content (e.g., text inputs, scrolling, clicks, and mouse overs). The pseudonymisation fundamentally excludes direct personal reference. No merging takes place with personal data collected in other ways.

All the processing described above, particularly reading or storing information on the used device, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your granted consent at any time with effect for the future by disabling this service in the "cookie consent tool" provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

6.2 Simple Analytics

This website uses the web analytics service of the following provider: Adriaan van Rossum, Korteweegje 49, 3247BH Dirksland, Netherlands

Using cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymised visitor data, including information about the device used such as IP address and browser information, to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymised usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps) showing the duration of page visits as well as interactions with page content (e.g., text inputs, scrolling, clicks, and mouse overs). The pseudonymisation fundamentally excludes direct personal reference. No merging takes place with personal data collected in other ways.

We have concluded a data processing agreement with the provider that ensures the protection of our visitors' data and prohibits unauthorized disclosure to third parties.

7) Page functionalities

Google Web Fonts

This site uses web fonts from the following provider for a uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

When you call up a page, your browser loads the necessary web fonts into its browser cache to correctly display texts and fonts and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in connection with the connection to the provider of the fonts will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your granted consent at any time with effect for the future by disabling this service through the "cookie consent tool" provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

8) Tools and Miscellaneous

- Lexoffice

For handling the accounting, we use the service of the cloud-based accounting software from the following provider: Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany

The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our business, to automatically record invoices, match them to transactions and create the financial accounting in a semi-automated process.

If personal data is processed in this context, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in efficient organization and documentation of our business processes.

9) Rights of the data subject

9.1 The applicable data protection law grants you the following rights (rights of access and intervention) regarding the processing of your personal data against the responsible party, whereby the respective conditions for exercise refer to the referenced legal basis:

- Right of access pursuant to Art. 15 GDPR;

- Right to rectification pursuant to Art. 16 GDPR;

- Right to deletion pursuant to Art. 17 GDPR;

- Right to restriction of processing pursuant to Art. 18 GDPR;

- Right to notification pursuant to Art. 19 GDPR;

- Right to data portability pursuant to Art. 20 GDPR;

- Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR;

- Right to complain pursuant to Art. 77 GDPR.

9.2 RIGHT TO OBJECT

WHEN WE PROCESS YOUR PERSONAL DATA UNDER AN INTEREST BALANCE DUE TO OUR PREVAILING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THIS PROCESSING WITH FUTURE EFFECT.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. CONTINUED PROCESSING REMAINS SUBJECT TO THE CONDITION THAT WE CAN DEMONSTRATE COMPELLING PROTECTABLE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ASSERTION, EXERCISE, OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

10) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and - where applicable - additionally by the applicable statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, the affected data will be stored until you withdraw your consent.

If statutory retention periods exist for data processed on the basis of legal or legally similar obligations pursuant to Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiration of the retention periods unless it is no longer required for contract fulfilment or initiation and/or we do not have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 1 GDPR unless we can demonstrate compelling protectable grounds for processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 para. 2 GDPR.

Unless other specific processing situations are indicated in the other information of this declaration, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise

SOCIALS